Curse

Malice Black · May 12, 2008, 03:48 PM // 15:48

Quote:

As for who is doing the hacking. I think its someone no one wants to believe. its someone with access to information, probably an admin to a site or possibly someone involved in a company behind the game. We dont know for sure, we only know what is said, and people can lie and do so often.

Fansite admins/mods have no access to such information. They can only see what information you provide when you sign up.

Bryant Again · May 12, 2008, 03:50 PM // 15:50

Do any fansites require you to enter in an e-mail address?

Malice Black · May 12, 2008, 03:54 PM // 15:54

Yes. But, your internet address used for the game shouldn't be the one used for forums etc.

It's not like e-mail address are hard to get.

Bryant Again · May 12, 2008, 03:58 PM // 15:58

Quote:

Originally Posted by Malice Black

Yes.

Well there you go.

quickmonty · May 12, 2008, 03:58 PM // 15:58

Quote:

Originally Posted by Malice Black

Fansite admins/mods have no access to such information. They can only see what information you provide when you sign up.

I'm not sure how all sites work, but as a super admin of my guild's website I can tell you this:

I can only see your email address if you allow it to be seen.

I cannot see your password.

Bryant Again · May 12, 2008, 04:00 PM // 16:00

An e-mail address is usually all it takes.

quickmonty · May 12, 2008, 04:05 PM // 16:05

Quote:

Originally Posted by Bryant Again

An e-mail address is usually all it takes.

Unless things have changed overnight, you still need a password to get into an account.

Bryant Again · May 12, 2008, 04:07 PM // 16:07

Quote:

Originally Posted by quickmonty

Unless things have changed overnight, you still need a password to get into an account.

How come so many of the scams involve a person simply asking for your e-mail address? See what Lyra mentioned up above, being that passwords aren't locked after failed entries. Getting the e-mail is the hard(er) part.

quickmonty · May 12, 2008, 04:09 PM // 16:09

My email address is [email protected]

Now, hack my account!

lyra_song · May 12, 2008, 04:09 PM // 16:09

my username for GW is no where near related to anything anyone knows of me publically.

my steam entity is also completely different.

i keep my various game accounts seperate so theres nothing to tie together and no one can social engineer to gain access to my account.

Theres only 1 other person who knows my account and i trust her with my life.

Bryant Again · May 12, 2008, 04:15 PM // 16:15

Quote:

Originally Posted by quickmonty

My email address is [email protected]

Now, hack my account!

Unfortunately (or not?) I do not have the means of doing so, nor do I know where I can get a password thingamajigger (dunno what it's called). We can see what Google brings up, though.

Lyra: Is that why you never want to TF2 with me : ( ?

Malice Black · May 12, 2008, 04:25 PM // 16:25

Quote:

Originally Posted by quickmonty

My email address is [email protected]

Now, hack my account!

You Have Mail

lyra_song · May 12, 2008, 04:25 PM // 16:25

Quote:

Originally Posted by Bryant Again

Lyra: Is that why you never want to TF2 with me : ( ?

If you play UK servers, you probably already played me and didnt know it. ;p

Bryant Again · May 12, 2008, 04:29 PM // 16:29

Every fought moi?

(Haven't been on in awhile, thanks college).

But yeah if you're on UK servers I may not have shot at you, since I'm US here.

ANYWAYS! On topic.

snaek · May 12, 2008, 04:35 PM // 16:35

y doesnt anet implement a time lockout for incorrectly inputted passwords?
many other places do this, im sure it wouldnt be hard to do

if someone tries to hack an account thru brute force
anet can prevent this easily by:

after 'x' number of wrong attempts, the account is locked down for 'x' minutes, and needs to wait before trying again

quickmonty · May 12, 2008, 04:37 PM // 16:37

Quote:

Originally Posted by Bryant Again

Unfortunately (or not?) I do not have the means of doing so, nor do I know where I can get a password thingamajigger (dunno what it's called). We can see what Google brings up, though.

I am confident enough in my password. Also, I believe GW has a system where each failed attempt results in a longer time interval before the next attempt is processed. It would take so long to hack my account that it wouldn't be worth the time invested, unless you got extremely lucky.

gone · May 12, 2008, 04:37 PM // 16:37

Quote:

Originally Posted by Aussie Boy

What about that GWLP thing I read about ages ago on server emulation project for Guild Wars.
I'M NOT saying it's anything to do with this project at all but if they are still trying surely someone else thought of it for some other purpose.

Ahh found a linky to ithttp://www.guildwarsguru.com/forum/s...php?t=10205152

bingo. pure and simple. no texmod BS... good luck getting people here to believe it though. and no, i'm not saying it's those specific people, but....I have my beliefs...and i'll leave it at that.

Zahr Dalsk · May 12, 2008, 04:46 PM // 16:46

Quote:

Originally Posted by quickmonty

I'm not sure how all sites work, but as a super admin of my guild's website I can tell you this:

I can only see your email address if you allow it to be seen.

I cannot see your password.

Go to website control panel (not forum admin control panel; the site itself) go to databases, find the forum's database, (default is vbulletin for this forum software, I believe) look around, find encrypted passwords in table, record them, decrypt them (requires knowing what format they're in and finding an online or downloaded decryption tool). Voila, you have passwords. Compare to user ID to find out which is which.

So, yeah, if you enter a password when making an account on most forums, the site admins (NOT forum admins) can get it if they really want it.

fusa · May 12, 2008, 04:53 PM // 16:53

Quote:

Originally Posted by flubber

bingo. pure and simple. no texmod BS... good luck getting people here to believe it though. and no, i'm not saying it's those specific people, but....I have my beliefs...and i'll leave it at that.

I have to agree with flubber and Aussie Boy. Some of the people that were/is part of the project have used exploits to bring stuff to pre, been able to imitate a GM in game and tell people the servers are shutting down, and crash everyone one in a district. After seeing people from this project do so much to hack/ruin the game it wouldn't surprise me if they're involved in this too.

quickmonty · May 12, 2008, 04:54 PM // 16:54

Quote:

Originally Posted by Zahr Dalsk

Go to website control panel (not forum admin control panel; the site itself) go to databases, find the forum's database, (default is vbulletin for this forum software, I believe) look around, find encrypted passwords in table, record them, decrypt them (requires knowing what format they're in and finding an online or downloaded decryption tool). Voila, you have passwords. Compare to user ID to find out which is which.

So, yeah, if you enter a password when making an account on most forums, the site admins (NOT forum admins) can get it if they really want it.

True, but most sites have such a high level of encryption that it becomes a full time job if you want to hack site accounts. Plus, one shouldn't use the same password for multiple uses. Typically, on a site like this I use a simple password, but in game and on my email and other important accounts my passwords are longer and more complex.