Feb 23, 2009, 07:23 PM // 19:23
|
#81
|
Ascalonian Squire
Join Date: May 2006
Location: Urgoz Warren
Profession: R/Rt
|
Another one here Lost about 750k few ectos, my torment shield and an everlasting searing tonic which I had bought just before I logged off.I'm very careful about using the same password and usernames for other things too.
Two or three times over the weekend I had straight disconnect while playing and not able to reconnect.A few alliance members said it was happening to them too.
Gotta think myself lucky my chars didnt get deleted and all my other good stuff didnt get taken.
|
|
|
Feb 23, 2009, 07:23 PM // 19:23
|
#82
|
So Serious...
Join Date: Jan 2007
Location: London
Guild: Nerfs Are [WHAK]
Profession: E/
|
Quote:
Originally Posted by crazybanshee
I really think it's gonna end up being something like they hacked guru or xunlai or something, got our info, and if the email was the same they either brute forced it or something else.
|
As far as we know: the premises of your statement are improbable (XTH or GWG hacked), the conclusion is almost impossible (login checks take a longer time after each failed attempt?). Don't spread rumours because of an uneducated guess at what's happening. You're right to be mad, but don't turn this into a "I'm looking for someone to blame".
People would be amazed by RL security enquiries, many of them revealing that the user failed to mention something very important (shared account info) or misleading (weak password). This doesn't mean that a piece of software isn't at fault here, but until many pieces of evidence points to this, the single most common security explanation is: the user made a mistake.
Last but not the least: we're talking here, it's just words, nothing can really be trusted. There's been recently a Guru-er claiming his account was banned for reason X, only for Regina to reveal that it was for a different reason. And we've seen after the "119 affair" (I don't remember the number, it was the number of people banned after the Mallyx glitch?) many angry people trolling this forum. I'm convinced a few simply want revenge for Anet taking legitimate actions against their bad behaviour in game (I'm not saying you're that kind of person, only mentioning that so that you can look at this thread and realise it doesn't tell us "facts", even if you know what you know, we don't!).
|
|
|
Feb 23, 2009, 07:31 PM // 19:31
|
#83
|
Forge Runner
Join Date: Oct 2006
Profession: E/Mo
|
I got a nice chuckle out of that Anet response. They essentially said "deal with it dumbasses" but in a little more polite PR way. If I was a hacker I would be foaming at the mouth at the opportunity to hack a game whos creator blames it on the players.
|
|
|
Feb 23, 2009, 07:35 PM // 19:35
|
#84
|
Academy Page
Join Date: Dec 2008
Location: Bananna Dipper
Guild: It Varies
Profession: W/
|
Quote:
Originally Posted by crazybanshee
Wow, are you completely not reading what anyone is saying. Nobody got taken through trading. It has nothing to do with getting scammed or doing bad trades or whatever. People are logging in to gw and finding their characters stripped of zkeys/ectos/rare weps and standing in gtob instead of where they left them, and usually some junk item in their inventory, implying that whoever hacked into their account traded the junk item for their millions of plats worth of stuff so it wouldn't be flagged by anet as a 'suspicious' trade. It's not people being stupid and QQing. It's people being hacked and wondering what anet is going to do to catch the people hacking. I don't expect my stuff back, and in the grand scheme of things I didn't lose as much as other people here. But I do expect anet to trace that trade (I gave them a pretty specific time window of when it happened) and trace the zkeys back and ban every account those zkeys touched. Some of those accounts may be stolen, but at some point they ended up back at the thief's account in some way and that is what I want banned.
|
you cant read... i know what the topic is about.. i dint chage the topic to jell-o did i? if i did then i can see where u coming from. again it's stupidity..get a better anti-virus..uses diff passwords..dont give freinds info.. dont goto 3rd party sites..etc... im not paying attention... im paying more attention than those that claimed they got "hacked".
point is they got hacked for reasons not dumb luck. again why should u expect anet to trace the trade? it's not anet fault u got hacked.
lets say i want a to join a ferry to the consulate docks.. i join a grooup..the person says "pay now" and i do.. thats person grabs everyones money and leaves the group. Is that anets fault? my stupidity not anets. i made the decison give my $ to the person before services rendered, not anet.
if you gonna pick apart and say thats different it's not. somewhere down the line u made a decision to give info out..with or without your consent. it is not anets responsibility that u made a bad decision somewhere down the line.
if i gave you info to my account and you go in and take my ectos and zkeys leave me junk should i blame anet because they shouldnt allow it? sounds like a big QQ.
|
|
|
Feb 23, 2009, 07:40 PM // 19:40
|
#85
|
Academy Page
Join Date: Dec 2008
Location: Bananna Dipper
Guild: It Varies
Profession: W/
|
Quote:
Originally Posted by DreamWind
I got a nice chuckle out of that Anet response. They essentially said "deal with it dumbasses" but in a little more polite PR way. If I was a hacker I would be foaming at the mouth at the opportunity to hack a game whos creator blames it on the players.
|
another great point..
if i was a hacker why hack gw? no money in doing that. although to see these forums and people attack each other is so classic.
|
|
|
Feb 23, 2009, 07:41 PM // 19:41
|
#86
|
Forge Runner
Join Date: Jan 2006
Guild: [HiDe]
Profession: W/
|
I just want to know how it's possible a person is getting into folks' account if they don't know their info. Someone must be doing something wrong, somewhere.
|
|
|
Feb 23, 2009, 07:49 PM // 19:49
|
#87
|
Desert Nomad
Join Date: Jun 2006
Location: IGN: Scarlet Test Ace
Guild: We play Isketch in [HoH]
Profession: E/
|
I've had one of my 5 accounts hacked...lucky it was one of the newer ones. Lost all my gold (800k or so) and all the weapons that weren't customized. All characters safe and stuff. (I wasnt' able to get the account back for about 5 months, thnx gmail and anet for being slow /end sarcasm; thanks for real for getting me my account back)
I'll just say it out right: some hackers are nice enough to not steal and just kill your account. Also the next time you get kicked even if it happens often log back on and change passwords, this might be annoying but just do it.
Also I don't know if anet still generates a random password for you when youwant a reset since they seem to have changed everything but doing that and then making a variation of it is good too since they give very strong passwords.
Quote:
Originally Posted by Wubbies
another great point..
if i was a hacker why hack gw? no money in doing that. although to see these forums and people attack each other is so classic.
|
Oh trst me there is money in it. You can sell off rare items and money for real money..minor as it may be compared to other hacking things its still money no?
I was on a forum earlier and saw a kanaxi mini pet going for 700usd...so...chump change to some but that could pay for an entire year of food for me.
|
|
|
Feb 23, 2009, 07:54 PM // 19:54
|
#88
|
Desert Nomad
Join Date: Jun 2006
Location: Look out!
Profession: E/
|
Quote:
Originally Posted by Wubbies
you cant read... i know what the topic is about.. i dint chage the topic to jell-o did i? if i did then i can see where u coming from. again it's stupidity..get a better anti-virus..uses diff passwords..dont give freinds info.. dont goto 3rd party sites..etc... im not paying attention... im paying more attention than those that claimed they got "hacked".
point is they got hacked for reasons not dumb luck. again why should u expect anet to trace the trade? it's not anet fault u got hacked.
lets say i want a to join a ferry to the consulate docks.. i join a grooup..the person says "pay now" and i do.. thats person grabs everyones money and leaves the group. Is that anets fault? my stupidity not anets. i made the decison give my $ to the person before services rendered, not anet.
if you gonna pick apart and say thats different it's not. somewhere down the line u made a decision to give info out..with or without your consent. it is not anets responsibility that u made a bad decision somewhere down the line.
if i gave you info to my account and you go in and take my ectos and zkeys leave me junk should i blame anet because they shouldnt allow it? sounds like a big QQ.
|
I'm just going to assume you're a troll and put you on my ignore list now, since it's become apparent that's what you are. I'm far from uneducated - I have a bachelor in computer science, although the focus was on programming not on security. I use comodo firewall, avira and avast antivirus, and I use spybot, adaware, superantispyware, spywareblaster, malwarebytes, rogueremover, and ccleaner to look for anything those might have missed. Yes, I do use all of them. I'm careful about security, which not only means I don't store my passwords on my computer anywhere, I always use letters and numbers (not symbols, I'll obviously have to start using them) don't use bots, textmods, cheats, timers, and I don't even visit sites that look like cheat sites or gold buying or anything sites - in fact the only game related sites I visit are guru, wiki, and the forum for my guild where I use a different email and pw. Nobody has my account info - not a roomate or friend or guildy. It really doesn't matter if you believe me or not - you're irrelevant. There's obviously been a spate of thievery - call it hacking, or whatever you like. Anet should look into it - granted it's probably less than 5% of active accounts, but it could be an alarming trend. I'm glad you didn't get hacked, but I don't understand the joy you're taking in seeing other people get hacked. Is that how you feel better about yourself?
|
|
|
Feb 23, 2009, 07:55 PM // 19:55
|
#89
|
Ascalonian Squire
Join Date: Apr 2005
Location: Amerika
Guild: [TofT]
|
This makes me feel better.
I did a scan on thursday and got hacked on sunday.
I found a trojan when i did a scan, after i got hacked.
It makes me feel better about it because its so common, but it still sucks really really bad.
Strong passwords don't help if something else compromises your security
Now if i only knew what!
|
|
|
Feb 23, 2009, 07:58 PM // 19:58
|
#90
|
Furnace Stoker
Join Date: Jun 2005
Location: California
Guild: 15 over 50 [Rare]
Profession: W/Mo
|
Ok guys, I been on this forum long enough. Like Inde say and I'll only repeat this ONCE! (not a mod but I'm tired of peoples constantly attacking each others)
Keep on topic and no flaming or trolling on each other or suffer the consquences!!!
I think there is two side to each stories. Maybe the peoples that got effected didn't tell the complete truth. Not saying you deserved this but it's weird to see 4 to 5 peoples (last I counted on here) to be hacked at once.
|
|
|
Feb 23, 2009, 08:00 PM // 20:00
|
#91
|
So Serious...
Join Date: Jan 2007
Location: London
Guild: Nerfs Are [WHAK]
Profession: E/
|
Quote:
Originally Posted by Loki Seiguro
thnx gmail and anet for being slow
|
Well, gmail is not slow and the support is provided by NCsoft, not Anet. Just want to clarify that in passing.
|
|
|
Feb 23, 2009, 08:08 PM // 20:08
|
#92
|
Furnace Stoker
Join Date: Jun 2005
Location: California
Guild: 15 over 50 [Rare]
Profession: W/Mo
|
Yes, if you got hacked. Contact NCSoft support team and make sure you change your password.
I think it's weird how most of the peoples that claimed they got hacked, lost Zkeys/Gold/Rare items but not one of them had their characters deleted nor banned.
Something is fishy about all this!!
Also the only things I could determine that is common for all the victims. They were placed in GtoB and lost their stuffs. All the items is replaced by junks. Whoever doing this, is clever and quick and seems to not want to delete characters. They just grab and go, very weird indeed!
|
|
|
Feb 23, 2009, 08:17 PM // 20:17
|
#93
|
Wilds Pathfinder
|
At any rate, if this is really happening, it seems to me that it would be due to one of the following.
1. Ye ole' keylogger. Could just be repackaged/recoded so that it's not currently AV recognizable (tho 1 mentioned he did find a trojan).
2. Some session swapping exploit happening on the GW servers, akin to buffer overflow... Imagine the hacker on their account, issuing some sort of unrecognizable string to the server, causing some random logged in player's account to pop up as their own, and disconnecting that player. The hacker could then move items during this session...
I'd bet it's just 1 myself. It's really a shame that every time you log into GW, you have to type the password (perhaps this is where that recommended PWmgr comes into play?). If it was like almost EVERY other game out there, you'd only type it once, then it'd be remembered, so that it would no longer need to be typed (unless on a different PC or you changed it).
2 seems quite a stretch, though not outside the realm of possibility. I didn't get hacked, but I wasn't logged in yesterday either...
|
|
|
Feb 23, 2009, 08:24 PM // 20:24
|
#94
|
Furnace Stoker
Join Date: Jun 2006
Location: Minnesota
Guild: Black Widows of Death
Profession: W/Mo
|
Not surprised that they are not deleting characters (It takes time to do this) and Z-keys are hard to trace since everyone is trading them constantly.
|
|
|
Feb 23, 2009, 08:27 PM // 20:27
|
#95
|
Desert Nomad
Join Date: Jun 2006
Location: IGN: Scarlet Test Ace
Guild: We play Isketch in [HoH]
Profession: E/
|
Quote:
Originally Posted by Sir Skullcrasher
Yes, if you got hacked. Contact NCSoft support team and make sure you change your password.
I think it's weird how most of the peoples that claimed they got hacked, lost Zkeys/Gold/Rare items but not one of them had their characters deleted nor banned.
Something is fishy about all this!!
Also the only things I could determine that is common for all the victims. They were placed in GtoB and lost their stuffs. All the items is replaced by junks. Whoever doing this, is clever and quick and seems to not want to delete characters. They just grab and go, very weird indeed!
|
Back to my first post: yeah it was Ncsoft sry was thinking anet 'cause I'm talking to my friend about Anet right now. And gmail is fast but not at getting your account back really. Took them a while to confirm my information which could be good? as they do checks before just giving account back, but bad when I'm losing things every second.
And when my account was hacked I wasn't in GToB I was still in LA. And I only lost gold and green items. That account was kinda cheap so I only did greens and a few golds I picked up. Only thing I'm cheesed off about is the 800k.
Also why the hell are items being replaced? Hackers don't leave gifts unless its a calling card (wtf why would this even happen) And yes some hackers just go for the gold and uncustomized weapons first as they never know when peope will log back on. So the question is why would they spend so much time stealing things as to delete your characters too (typing names in takes time). So its not that fishy at all, if they are semi-smart enough to hack they do their time limits.
|
|
|
Feb 23, 2009, 08:31 PM // 20:31
|
#96
|
So Serious...
Join Date: Jan 2007
Location: London
Guild: Nerfs Are [WHAK]
Profession: E/
|
Quote:
Originally Posted by Coney
keylogger. Could just be repackaged/recoded so that it's not currently AV recognizable
|
The way most AV work make it so that you need significant rewrite to escape heuristics. And I'm not even mentioning SW profiles and behaviour.
Quote:
Some session swapping exploit happening on the GW servers, akin to buffer overflow...
|
Where did you learn hacking 101? All modern compilers prevent most buffer overflows, and even if you had one on the GW servers, you wouldn't use it to swap sessions...
|
|
|
Feb 23, 2009, 08:41 PM // 20:41
|
#97
|
Wilds Pathfinder
|
Quote:
Originally Posted by Shayne Hawke
- My account name for GW is to an e-mail that I never use. Upon attempting to access it tonight for the first time in two or so years, I couldn't produce the right password.
- I can't remember what my account name is for PlayNC, much less what the password is. I could have a pretty good guess at the password, but I'm sure that if I changed my account e-mail's password in the past, I may have changed my PlayNC password at some point.
- I can't do a "Forgot my password" maneuver, because I can't correctly answer the questions to what I believe may be my PlayNC account name.
|
Get ready for 2-3+ weeks of email hell, going back/forth through support... These guys take anywhere from 3-8 days to respond to each email/request.
Quote:
Originally Posted by Shayne Hawke
At this point, the only thing that I feel can tie me to owning my account is the fact that I've been using it for the past two and a half years, although that alone now looks pretty weak. I'm confused now on what action I should take, what action I possibly can take, and how I can get my password changed for my Guild Wars account.
|
They'll ask for your first/last name first, then if/when that fails, your activation keys for all GW campaigns in that account. At least that's what it took for me to get the Xunlai House account name issues corrected (well, still not quite corrected, but they've had my 4 keys for a while now)...
|
|
|
Feb 23, 2009, 08:58 PM // 20:58
|
#98
|
Academy Page
Join Date: Dec 2008
Location: Bananna Dipper
Guild: It Varies
Profession: W/
|
Quote:
Originally Posted by newbie_of_doom
thats what you get for watching porn
|
lol yeah................
|
|
|
Feb 23, 2009, 09:01 PM // 21:01
|
#99
|
Frost Gate Guardian
Join Date: Jun 2007
Location: Paris, France
Guild: [any]
Profession: W/Me
|
"...I think there is two side to each stories. Maybe the peoples that got effected didn't tell the complete truth. Not saying you deserved this but it's weird to see 4 to 5 peoples (last I counted on here) to be hacked at once...."
QFT. I have the feeling that some of these "supposed" hacked peoples are mythomaniac.
Can they provide us/Anet any proof ???? NO...no & no
They only failed & if its true....then they didnt protect themselves enough.
I play since May 2005 + I have a good AV/firewall (20€/year) = I have never been infected & never been hacked.
I asked a friend of mine who is studying SECURITY to try to hack me (he knows the tricks) HE WAS UNABLE TO DO IT & told me that I cannot be hacked.
So folks don't be greedy & spend few bucks/euros in a good security system = simple & easy.....END OF STORY
Last edited by Zorgy; Feb 23, 2009 at 09:16 PM // 21:16..
|
|
|
Feb 23, 2009, 09:15 PM // 21:15
|
#100
|
Forge Runner
Join Date: Jun 2006
Guild: Hard Mode Legion [HML]
Profession: N/
|
There are several ways this could happen.
The most obvious is a keylogger. Not all of those are discovered, there are some nasty pieces out there. But the really hard to detect ones are used for stealing bank and creditcard stuff, not online game stuff.
I would put my money on this one.
Next would be a 'brute force' on the e-mail account. It is (or was till recently, didn't try) possible to figure out if an account is valid or not for GW. I've seen at least two verify's of that on my secondary account. And a brute force can happen over days, if you have like 10.000 or more valid e-mail accounts and you scan all of them slowly you won't generate many time-outs on the accounts. Once you have access you determine if there is something valuable. If so, rob. If not, just wait till there is something valuable. You have the credentials and as long as those don't change you have access.
Next step is an compromised e-mail account. This one would apply if the account uses the same credentials as the actual login for GW.
The hacker gets into the e-mail account and can log in with the same password on GW.
The same thing could be true for a compromised database from a forum/fansite that didn't encrypt and salt the passwords. Storing MD5 hashes of passwords looks smart, but is vulnerable to dictionary attack. In this case the dictionary is just translating MD5 hashes to their regular counterparts. Or brute-force them, but that could take a long time.
The least obvious hack would be a server hack. It could happen, but it's far easier to target a massive number of end-users with on average low security practices than targetting a limited number of servers which are on a hardened infrastructure.
And even if they got on a server, my guess is that the servers containing the login credentials are even more secured and only used for verifying credentials. And those don't have the passwords in plain text in the database.
Only thing I could check out with a packet-sniffer would be if the client sends out plain text UID/password to the server or that this is hashed/encrypted on client side.
Last but not least there is also the possibility that the entire story is not true.
We have to assume that the OP and others are speaking the truth in this matter but there is no way to verify that.
But it remains guessing what happened but like I said before, I would put my money on a keylogger.
Edit:
Quote:
I asked a friend of mine who is studying SECURITY to try to hack me (he knows the tricks) HE WAS UNABLE TO DO IT & told me that I cannot be hacked.
|
Well, he is still studying
Trying to enter a system from the outside might be hard, but getting you to install this very nice and shiny and very fun game is probably a lot easier. And it's a very nice game indeed, you can even play it online with your friends.
And it was one of your friends that send it.
So you open up your firewall to play with your friends and at the same time you allow other data to flow out as well.
Everyone is vulnerable to social engineering.
Last edited by the_jos; Feb 23, 2009 at 09:20 PM // 21:20..
|
|
|
Thread Tools |
|
Display Modes |
Linear Mode
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
Similar Threads
|
Thread |
Thread Starter |
Forum |
Replies |
Last Post |
Bot Stop! they way to stop gold spammers!
|
bathazard |
Sardelac Sanitarium |
22 |
Feb 14, 2008 09:03 AM // 09:03 |
WTF Hackers on GW...?
|
sunder187 |
The Riverside Inn |
143 |
Feb 12, 2008 01:05 AM // 01:05 |
fujin |
Technician's Corner |
3 |
Nov 12, 2007 01:13 PM // 13:13 |
NowTumi |
The Riverside Inn |
91 |
Dec 12, 2005 10:43 PM // 22:43 |
Hackers
|
Canis Lupus |
The Riverside Inn |
4 |
Jun 03, 2005 08:45 AM // 08:45 |
All times are GMT. The time now is 02:20 AM // 02:20.
|