 |
|
Dec 09, 2009, 09:16 PM // 21:16
|
#21 | |
|
Jungle Guide
Join Date: Apr 2008
Guild: [bomb]
|
Quote:
Even better they do not need to hack NCsoft website. They can just use random IGNs from sales or gw auction sites. You will hit some logins to NCsoft easily. You can say people are stupid but even if they realized their mistake they cant easily correct it. Try to change login to NCsoft account. Since you are not penalized for incorrect tries you can use botnet and just run password query for every confirmed login. Matter of days even for strong ones I would say... @OP. I will sign everything which will increase security in this game. I hope something will be done. I like Martin Alvito suggestions. I will add that for 3 subsequent incorrect tries IP gets blocked. It will not prevent botnets but will hit smaller hackers. Last edited by Shasgaliel; Dec 09, 2009 at 09:20 PM // 21:20.. |
|
|
|
|
Dec 09, 2009, 09:31 PM // 21:31
|
#22 | |
|
Frost Gate Guardian
Join Date: Jan 2006
Location: California
Guild: TTP
Profession: R/E
|
Quote:
|
|
|
|
|
|
Dec 09, 2009, 09:36 PM // 21:36
|
#23 | |
|
Jungle Guide
Join Date: Apr 2005
Profession: N/A
|
Quote:
/Win |
|
|
|
|
|
Dec 09, 2009, 10:22 PM // 22:22
|
#24 |
|
Krytan Explorer
Join Date: Feb 2009
Guild: your just a meatsheild to me
Profession: N/Mo
|
heres what anet should do make it so you either need a waiting period of one week and at any time during said week if u log on you can end it making said hacker have to restart or make u have to confirm it from your email address
|
|
|
|
|
Dec 09, 2009, 11:23 PM // 23:23
|
#25 |
|
Forge Runner
Join Date: Dec 2005
Guild: Super Fans Of Gaile [ban]
Profession: W/
|
Ban all Chinese IP
hurf derf |
|
|
|
|
Dec 09, 2009, 11:50 PM // 23:50
|
#26 |
|
Furnace Stoker
Join Date: Aug 2006
Location: Canada, B.C. Vancouver. aka.. amazing.
Guild: [Sith]
Profession: W/Me
|
4 Years no hack. People who get "hacked" are mostly people who accidentaly give out tidbits of information. If anyone gets anything of your account info, you just gave them an account. So before you go about spouting "HACKED HACKED!!!" understand sometimes it's your own doing. It's usually just carelessness. Stay away from 3rd party programs in general. Texmod included. Don't give out any information, don't use your email for GW on other websites. Keep your GW password and account name private from all things. If you trust someone with account info, you're asking to lose your things.
4 years of playing a lot.. Pissing a lot of people off.. No 3rd party programs.. No altering of GW at all.. Never using my GW email anywhere else.. Passwords don't have to be too strong either. If they don't have the username you are more or less fine... Also, if someone who knows anything about hacking a computer wants your GW account then they will take it. Not a whole lot you can do to stop someone determined and educated. Hate to break it to you, but if someone wants to hack your computer, and knows how to, the strongest password you can think of doesn't stand a chance. Last edited by carnage-runner; Dec 09, 2009 at 11:52 PM // 23:52.. |
|
|
|
|
Dec 10, 2009, 12:08 AM // 00:08
|
#27 |
|
Grotto Attendant
Join Date: Apr 2007
|
1. A number of suggestions that would significantly improve security have been floating around for a long while now. The fundamental problem is that a-net/NCSoft (I have a feeling it's more NCSoft in this case) just don't seem willing to admit to themselves (much less to us) that THEY have a security problem and it needs to be fixed. Until they accept that security needs to be upgraded, no amount of insightful ideas about how to upgrade security are going to make a difference.
2. I am consistently amazed at how people here are utterly unable to grasp the possibility that accounts are being stolen in multiple ways. Yes, there is a certain baseline of people who get accounts stolen because they did something dumb. Always has been. Always will be. However, IN ADDITION to that, there appears to be a number of accounts being stolen without any interaction between the thief and the user -- account thefts perpetrated solely using a vulnerability in a-net/NCSoft's systems. |
|
|
|
|
Dec 10, 2009, 09:15 AM // 09:15
|
#28 |
|
Desert Nomad
Join Date: Aug 2005
Guild: DVDF(Forums)
Profession: Me/N
|
NCsoft may well be unwilling to do anything about it. BUT it's ANets game. There are things they can do within their own game that can reduce or negate the effects of being hacked.
Yes people screw up sometimes, thats why we put air bags, crumple zones and ABS on cars. So that when we do the effects are greatly reduced. What Anet seem unwilling to do, because it's been one of those hidden unspoken issues for 4 years is to fit the car they made with anything other than a fender to protect their occupants. I am really starting to think they don't give a <insert word> about their customers who have spent so much time, money and effort on their game. if they did they would say 'so what if GW2 is a delayed a month, we want to better protect our customers' and do something about it. And don't give me it's not possible blah blah. Thats what we were told about re-connects, hairdressers and the like. Of course it's possible it's just that they are unwilling to do anything about it. I don't want stupid new hats, dumb ass bosses what I do want better protection for my account and a demonstration that Anet actually do more than pay lip service to valuing a customer. Enough really is enough. |
|
|
|
|
Dec 10, 2009, 01:16 PM // 13:16
|
#29 | |
|
Banned
Join Date: Sep 2009
|
Quote:
There - I guessed it. Now give all your gold, and anything worth salvaging. Oh yeah - delete that Sin with 28 maxed titles. |
|
|
|
|
|
Dec 10, 2009, 02:57 PM // 14:57
|
#30 |
|
Alcoholic
 
Join Date: Mar 2007
Location: Australia
Profession: W/
|
My idea about more security on anets side
They could just send an email to your email account with a Link to click to confirm you actually want the password changed and not just "someone from ip yada yada yada changed the passwrord if not contact us after the fact you just been hacked and we willget back to you oh say in 3 days time. Also put in place a 3 times your out for trying to enter a password and it locks you out for say 1 hour or something with an email to your account so you have an idea someone IS trying to get in. These suggestions have been around for a while by many people. I hope GW2 will have better way of dealing with account security. |
|
|
|
|
Dec 10, 2009, 03:14 PM // 15:14
|
#31 | |
|
Grotto Attendant
Join Date: Jun 2006
Location: Europe
Guild: The German Order [GER]
Profession: N/
|
Quote:
This only works when program asks operating system for DNS resolve, like most browsers. No software is under obligation to do this i am afraid. Not to mention that decent firewall does more than just deny certain hostnames. Like blocking incomming/outgoing traffic and managing application ability to access network. Incoming traffic gets you wormed & compromised. hosts file abused like this is just another abblock. |
|
|
|
|
|
Dec 10, 2009, 03:20 PM // 15:20
|
#32 | |
|
Jungle Guide
Join Date: Jun 2008
Location: Australia, what you want my home address?
Guild: [CAT]
Profession: Mo/
|
Quote:
lol, you brute forced his magic number, how dare you! |
|
|
|
|
|
Dec 10, 2009, 07:01 PM // 19:01
|
#33 |
|
Krytan Explorer
Join Date: Aug 2007
Location: The Netherlands
Profession: W/
|
Speaking of hackers. Lately I have recieved many of these. As you can see my e-mail filter program has no porblem weeding them out. I never leave home without it. By the way; never have I nor will I ever play WoW.
Last edited by isildorbiafra; Dec 10, 2009 at 07:04 PM // 19:04.. |
|
|
|
|
Dec 10, 2009, 09:09 PM // 21:09
|
#34 |
|
Wilds Pathfinder
Join Date: Nov 2007
Guild: Still looking
Profession: Rt/
|
/notsigned
It's only going to help the people that have FoW armor and high-end minis; I doubt gold sellers ignore the people who don't have hundreds of platinum.. Crafting mats, gold, and Miscellaneous items are still up for grabs. It also doesn't help if they delete your characters that you've spend thousands of hours on/ |
|
|
|
|
Dec 10, 2009, 09:48 PM // 21:48
|
#35 |
|
Krytan Explorer
Join Date: Jun 2007
Location: The Desert
Guild: Legions of Engalion [自由]
Profession: Mo/W
|
my domain host has better security than NCSoft. basically i could brute force any GW;s client. anyone could do it, i could write a program in 30 seconds to do it. all ou need is a [email protected] and just start aaaaaaaa, baaaaaaa, caaaaaaa etc etc.
what ANet and NCSoft should do is write some security code into their website and game client that detects this kind of shit. apart from that, i am sure any smart kid can hack into your account. they just need to get all the saved passwords and auto-fills from forms from your webbrowser. maybe just put a backdoor trojan on your computer like backorifice. how do i get your IP? easy, you been playing HA or teaming up on a free Vent channel... easy to get your IP now. shit man, i could even get your ip from any website that i set up. i can view the last 50 ip addresses that have hit my website if i want. its easy to script. even tho its a game and i don;t really care if i lost everythiung tomorrow, i still sign for better security. after all, even tho i don;lt really care if i lost everyting (got nothing to lose really), i woiuld prefer not to. Namaste! Trin EDIT: Speaking of which, i just checked how much info i could get just by looking at this forum. I eventually found out my ABN number and from that all my past postcodes from the last 10 years where my business was located as well as previous business names. i am sure i could peice together more history if i then linked my real name (from my ABN) to facebook.... i am sure its easy enuff for someone to hack you if they want... Last edited by Trinity Fire Angel; Dec 10, 2009 at 10:02 PM // 22:02.. |
|
|
|
|
Dec 11, 2009, 02:58 AM // 02:58
|
#36 |
|
Oak Ridge Boys Fan
Join Date: Jun 2007
Profession: E/P
|
The way I'm reading posters here, there's no ratelimit on login attempts?
Assuming you can only attempt to login 5 times a minute and (say) 30 times a day, bruteforcing would seem impossible. |
|
|
|
|
Dec 11, 2009, 05:13 AM // 05:13
|
#37 |
|
Frost Gate Guardian
Join Date: Dec 2007
Location: Chillin' with my peeps
Guild: Fat Insecure Neurotic Emotional [FINE]
Profession: E/Me
|
Link each guildwars account to the owner's ip. If your ip changes, require a cd key to reset the address.
No more hacking. |
|
|
|
|
Dec 11, 2009, 05:15 AM // 05:15
|
#38 | |
|
Academy Page
Join Date: Jul 2007
Profession: A/
|
Quote:
If you have a 10 digit password that's 53 qunitrillion combinations. If you had 10 powerful computers working together to crack this single 10 digit password it could take up to 6,531,568 days. I really doubt these Chinese hackers are using super computers. P.S. It does suck that GW has no limit on the # of failed passwords attempts. I think that would be ok to program in. I don't really like the idea of making armor not salvageable though. Anyways just make your password a few digits longer, cause it will make it exponentially harder to crack. Last edited by craigrs84; Dec 11, 2009 at 05:26 AM // 05:26.. |
|
|
|
|
|
Dec 11, 2009, 08:34 AM // 08:34
|
#39 |
|
Furnace Stoker
Join Date: Sep 2006
|
I use the same Email address, user name, and a variation of 4 memorable passwords all over the internet and Ive never been hacked.
I used the same password everywhere too for over two years, then with all the account safety boo hoos going around I added a single number, symbol and second word and swap them around from time to time. If I get hacked, you will know about it. I never open emails that I werent expecting or that are not from a known secure website registration. I never download any junk programs or applications that I dont need (only thing I tried for this game was GWX2). If you are worried about security, change your password regularly. |
|
|
|
|
Dec 11, 2009, 12:47 PM // 12:47
|
#40 | |
|
Academy Page
Join Date: May 2009
|
Quote:
|
|
|
|
|
 |
|
«
Previous Thread
|
Next Thread
»
| Thread Tools | |
| Display Modes | |
Linear Mode
|
|
All times are GMT. The time now is 06:05 AM // 06:05.
jQuery(document).ready(checkAds()); function checkAds(){if (document.getElementById('adsense')!=undefined){document.write("_gaq.push(['_trackEvent', 'Adblock', 'Unblocked', 'false',,true]);");}else{document.write("