Curse

Bryant Again · Dec 30, 2007, 12:48 AM // 00:48

Quote:

Originally Posted by fRag_Doll

The scam is actually a link to a fake login page for the forums, which records your username and password.
It's based on the fact that many people use the same info for their forum and game accounts.

At least the same rule applies: Trust your links!

Thankfully, all my passwords are different due to the fact that I bash my face against the keyboard to generate my passwords.

Roo Ella · Dec 30, 2007, 01:00 AM // 01:00

Thanks for the heads up will keep an eye out.
But who is dumb enough to use the same logging info here for GW your only asking for trouble
if you do that.
Play safe.

Malice Black · Dec 30, 2007, 01:02 AM // 01:02

I do! I do!

Steal it..don't care lol I have 3 accounts last time I checked. GW accounts are cheaper then a girl at the local cattle market.

Stormlord Alex · Dec 30, 2007, 01:08 AM // 01:08

Quote:

Originally Posted by Malice Black

Steal it..don't care lol I have 3 accounts last time I checked. GW accounts are cheaper then a girl at the local cattle market.

I'm lonely.
Where do you live?

ensoriki · Dec 30, 2007, 01:35 AM // 01:35

They can phish all they want.

Im an endangered species....and you cant phish endangered species =P

Anyways TY for the heads up

Eviance · Dec 30, 2007, 01:37 AM // 01:37

Yeah Indie our board was hit by some script kiddies about a month ago if even that. Our board was crashed for several hours till Red found the script error. I was highly pissed!

The fact of the matter is, you can BAN them all you want but if they are true script kiddies then they have an IP router, meaning that they will just pop up on different IPs over and over doing the same crap. Just be careful about having too much info in your profiles and such as well.

Bowstring Badass · Dec 30, 2007, 01:46 AM // 01:46

Quote:

Originally Posted by Stormlord Alex

I'm lonely.
Where do you live?

off topic much? lol

acerbity · Dec 30, 2007, 04:13 AM // 04:13

Quote:

Originally Posted by Eviance

Yeah Indie our board was hit by some script kiddies about a month ago if even that. Our board was crashed for several hours till Red found the script error. I was highly pissed!

The fact of the matter is, you can BAN them all you want but if they are true script kiddies then they have an IP router, meaning that they will just pop up on different IPs over and over doing the same crap. Just be careful about having too much info in your profiles and such as well.

if you're smart you can stop that

google is your friend

ThunderStruck · Dec 30, 2007, 04:42 AM // 04:42

Thanks a bunch for the tip!

jaeharys targaryen · Dec 30, 2007, 05:16 AM // 05:16

Quote:

Clearly, it seems GW script kiddies have mastered the fine art of copying page source. Terrible danger, indeed.

possibly the best post ever on this forum. ever.

but in all seriousness... why didnt i think of this?

chowmein69 · Dec 30, 2007, 05:18 AM // 05:18

thanks for letting us know Inde

jaeharys targaryen · Dec 30, 2007, 05:20 AM // 05:20

Quote:

Originally Posted by fRag_Doll

The scam is actually a link to a fake login page for the forums, which records your username and password.
It's based on the fact that many people use the same info for their forum and game accounts.

a.k.a. a keylogger, but not in the highly inacurate sense portrayed by the media.

you dupe a page(i.e. copy paste), and you embed your own script that sends the nice cleartext password to a hard drive somewhere.
host guiidwarsguru.com or soemthing like that... and voila!

its really possibly the most simple scam ever.

Neo Nugget · Dec 30, 2007, 05:24 AM // 05:24

Thanks for the tip Inde

HayesA · Dec 30, 2007, 05:28 AM // 05:28

Quote:

Originally Posted by fRag_Doll

The scam is actually a link to a fake login page for the forums, which records your username and password.
It's based on the fact that many people use the same info for their forum and game accounts.

Still tho, what a LOL idea. Same passwords. I use many different password layers. 2 for forums, and minor sites. 2 layers for business sites like newegg/GWs, 2 layers for high-risk sites like paypal/ebay/bank etc. All ranging from mid-high, to high-extreme-wtf-high-i-cant-remember-my-effing-password

jaeharys targaryen · Dec 30, 2007, 05:46 AM // 05:46

Quote:

Originally Posted by HayesA

Still tho, what a LOL idea. Same passwords. I use many different password layers. 2 for forums, and minor sites. 2 layers for business sites like newegg/GWs, 2 layers for high-risk sites like paypal/ebay/bank etc. All ranging from mid-high, to high-extreme-wtf-high-i-cant-remember-my-effing-password

that whole password strength thing is something to not get totally bought into. alpha-numeric passwords with one symbol:

1example!

are (depending on how many keyboard symbols are allowed) 46(or more) to the power of the password length

46^(1example!=9 characters)=
922190162669056 possibilities

dont go crazy, just remember examples like that show how damn near impossible it is to lose an account to things like brute force password cracking.

Fril Estelin · Dec 30, 2007, 10:22 AM // 10:22

Quote:

Originally Posted by jaeharys targaryen

dont go crazy, just remember examples like that show how damn near impossible it is to lose an account to things like brute force password cracking.

The art of brute force attack escapes you it seems. It's not about stupidly trying all possibilities, but "tree pruning", i.e. guiding the exhaustive exploration of the password space. Even if you don't use for your GW account the same password as for GWG, a cracker will use the second to guess the first. Anyway, don't think that "l33t ub3r" is a good password

.

And don't forget to run an antivirus, a firewall (out if possible) and update your windows every month. Security is a harsh matter, you only learn how bad it can be when you lose something worth. (and if you're rich like Malice Black, give me your money!

)

fenix · Dec 30, 2007, 12:18 PM // 12:18

I feel sorry for people who fall for phishing. It's always so obviously fake. Guru is never going to ask you for your details, hell, they're never gonna ask you to go to a link. And if they were, they'd use a Global Announcement, like the current Phishing one. If you fall for this, you should have Internet lessons...

Squishy ftw · Dec 30, 2007, 12:23 PM // 12:23

Thanks for the warning.

Hobbs · Dec 30, 2007, 01:33 PM // 13:33

Quote:

Originally Posted by fenix

Guru is never going to ask you for your details

Err...I have to give Guru my username and password everytime I login....which from what I understand is how this website works, it looks like guru, you try to login to in and bam your password is whisked away to someones hard drive.

jaeharys targaryen · Dec 30, 2007, 03:12 PM // 15:12

Quote:

Originally Posted by fenix

I feel sorry for people who fall for phishing. It's always so obviously fake. Guru is never going to ask you for your details, hell, they're never gonna ask you to go to a link. And if they were, they'd use a Global Announcement, like the current Phishing one. If you fall for this, you should have Internet lessons...

you miss the point of this totally. guru has already asked you for your details when you registered. i'll quote myself:

Quote:

a.k.a. a keylogger, but not in the highly inacurate sense portrayed by the media.

you dupe a page(i.e. copy paste), and you embed your own script that sends the nice cleartext password to a hard drive somewhere.

host guiidwarsguru.com or soemthing like that... and voila!

its really possibly the most simple scam ever.

it looks the same. and judging from the content of your post, you'll be the first to fall for it.