You are not logged in.

My Theory on the Hacked Accounts

Applications: [GameMaster: OPEN] | [Volunteer Testers: OPEN]


This forum will be permanently shut down on Friday 13.07.2018
Please copy or save all important information from old forum before they will be deactivated
We have moved to new board. https://forum.runesofmagic.gameforge.com/Come join us.

lexic

Beginner

  • "lexic" started this thread

Posts: 18

  • Send private message

1

Tuesday, April 17th 2012, 2:58pm

My Theory on the Hacked Accounts

This is my 10th time trying to write this, since every time I click "Submit" I am logged out. I tried to copy and paste, But for some reason It wont let me paste.


I started playing again 2 months ago. My wife started 1 month ago. We did those super rewards for free diamonds, and Zeevex for free tokens. We did this for one day only.

1) Keyloggers: About 80% of the "Download This File" Game, Toolbar..Stupid weather bug ect ect, Were blocked and deleted by my anti virus due to a worm in the file or malware. THey offer you 101 Zeevex tokens if you download and install, yet It is a virus and They do not pay. If you are unprotected and do not run real time virus protection, You will in fact fall victim to this. One thing i have noticed is they are all basically cloned websites of one another, just a different game. The file to download is very similar in name. This is a great way for that chinese hacking gold selling company to get your accounts.

2) Key Information: Some of the surveys or news letters required you to create an account, providoing information such as Email, A Username and Password so You can log onto the website. My wife is new to games and Cant gasp her head around the fact someone wants into her account to jack her moneyz. When asked by these Surveys and Newsletter websites, She used the same Email, Username and Password as her rom account, and EVERYTHING else she uses. Some people use the same thing because its easier to remember. I think we are all guilty of this at some point of our lives. We changed her password to her email, facebook and rom. Her rom account was locked due to someone trying to log in with the wrong password to many times. Thank god we changed everything. This happened about a month ago.

Because of the Pay to Win business model rom is equipped with, It forces us to obtain diamonds. Some people just dont have the money buy diamonds and use these free way to obtain them. The one thing in common most of these hacked toons I see spamming is level. 45-55. I hear level 50-55 Is somewhat a little harder, and some people may hope to get an advantage with some free diamonds. Level 70s Can farm very easy and sell some equipment for Millions and Buy diamonds with gold...Doing free surveys would be time consuming and not worth it as someone who can get there own diamonds by farming.

We stopped doing these surveys because of this. I also found some post on google by typing "Zeevex Virus Surveys" that support this Theory.

Its Honestly a Cheap way for Chinese gold hacking company to obtain account information and leads.

This weekend, world chat was filled with spam. So many toons fell victim to these hackers. One of them a friend who I told to stay away from them, but he told me there is no way they can do that and get away with it.

aardvark3

Professional

Posts: 866

Location: reni server

Occupation: retired

  • Send private message

2

Tuesday, April 17th 2012, 3:39pm

You just completely ignored that I never did a survey, I have no addons and my gaming computer is only used on this site and steam and no one else has ever used it and I still got hacked. With both my passwords long and unique and entered through the on screen keyboard it didnt help. I never recieved a lockout for log in attempts. Many of the people who are hacked never did anything you said and none of them ever got a lockout notice.
Yet the hackers are able to identify which accounts have gold, diamonds and megaphones in them before they enter them and they get in on the first try without setting off any alarms or lockouts. There is only one way for that to happen that is for the server to be hacked.

lexic

Beginner

  • "lexic" started this thread

Posts: 18

  • Send private message

3

Tuesday, April 17th 2012, 4:32pm

Again, This is just my Theory on it. This weekend I did not see one 70 spamming romgold. Everyone was in the level range of 45-55, I Seen one 60.

If the servers were hacked, there should be zero level 70s running around....I don't understand why they would let some of the accounts run around untouched. I just don't understand the idea of only grabbing a fraction of account information. I would go all out, not doing something half assed.

Every major system I have worked with that used user names and passwords used encryption on the password. I couldn't even see a password. If a password needed to be reset, It had to be reset via the system. I couldn't just open a text editor and change the password to what I want, due to the encryption. I highly doubt the RoM system uses zero encryption on the account database. If they didn't use some sort of encryption on the account database password, and someone could confirm it...I would work that into my theory.

My friend that was hacked over the weekend, Didn't have a ton of gold. He had some diamonds he had bought but not many. He would be a perfect target for advertising. He had some diamonds to buy more megaphones with for some good ol fashion advertising. To them, getting an account with just a few hundred diamonds is still megaphone advertising for their website. Free advertising is the best advertising.

Im sorry to hear you used long passwords, never did a survey or have gone to a malicious website and used the on screen keyboard every time you logged in, and still got hacked. I dont know how the on screen keyboard works. Does it change where it is located everytime you log in? I have seen keyloggers that track the position of your mouse with X - Y values when you push the left click, So honestly I find the on screen keyboard to be useless.

My theory is based upon my option and personal experiences. Im sure my wife's account wouldn't of thrown up those red flags if we didnt change her passwords...The hacker would have gotten right in.

My theory supports two ways of obtaining account information. Im sure these hackers work in more ways than one. Im just saying, if we could steer people away from these surveys, we may see less people being hacked. My wife and I feel bad when we see someone around our level being hacked. If they have made it this far, they obviously enjoy the game as much as we do. Sucks to see something like that taken away from them.

Nerra1980

Trainee

Posts: 50

  • Send private message

4

Tuesday, April 17th 2012, 8:48pm

Some of the hacked accounts on Palenque are from players that haven't played RoM in months, so I doubt they downloaded any of the files you mentioned.

Perhaps that is one way they're getting account information, but I can't figure out how they're getting account info for these inactive accounts.

Auros

Professional

Posts: 1,360

Mood: Mellow

  • Send private message

5

Tuesday, April 17th 2012, 10:11pm

there are only two ways, one is that they have had this information for a long time and just now are using it, or two, they are doing it from inside the server where an active account looks no different than an inactive one. What goes against one, is that there have been new accounts hacked and accounts hacked that recently changed passwords. Leaving just the second option.

Keyshana

Trainee

Posts: 69

  • Send private message

6

Tuesday, April 17th 2012, 10:20pm

When I see one of the advertisements come up, I do two things. I first right click and hit 'inquire'. then I report as spam. The inquiry tells me that, of all of them that I have seen, it is usually (about 90% of the time) level 60 and up. I've even seen a couple level 70/70 toons used.

I did something simple. I pulled up a notepad, and began randomly typing numbers and letters, hitting caps just as randomly. Into a single long string, wordwrapped. Then I changed the width of my notepad, changed it's location, and randomly selected different strings out of it, then pasted them into another notepad. Those are my passwords for things. Copy/paste, and put into wherever. I can't think of a better way to do this. Can anyone?

Quaffy2

Professional

Posts: 769

  • Send private message

7

Tuesday, April 17th 2012, 10:52pm

I hear using "password" as a password is pretty secure, right up there with 123456789.

I mostly see endgamey players getting hacked and spamming world. Often all of their gold is gone and their diamonds were used to buy megaphones (which were on sale) to advertize the site. I moved most of my gold to a lower lv alt and I don't have any dias on my account, so if i get hacked, hopefully they'll just say forget it, Quaffy doesn't have anything, and move on.
Quaffy - 87 Mage/ 85 Priest/ 70 Scout (formerly one of the much hated P/S in PvP :()
Heavensfury, Govinda
KilledbyBorella February 15, 2012

aardvark3

Professional

Posts: 866

Location: reni server

Occupation: retired

  • Send private message

8

Tuesday, April 17th 2012, 11:14pm

You are also ignoring that the hacking doesn't stop when they get into the account, it isn't just to spam the server they loot the account and the trail that goes with all transfered items and gold in the game isn't there or it would have been followed months ago and the hackers busted but the hacker just goes to another account and it starts again.
This isn't a new event it has been going on for a very very long time now. It doesn't matter how often people changed their passwords or if they never changed them they still got hacked, accounts that have been idle for months before the problem have been hacked GM accounts have been hacked. The only way this could be happening is if the security problem was at the server end not the player's end.
The hackers are not going through the regular log in process they are in the server all the things that were suggested are good but they do not address where the real problem is or protect your account against this wave of hacking.

lexic

Beginner

  • "lexic" started this thread

Posts: 18

  • Send private message

9

Wednesday, April 18th 2012, 4:10am

All of this is rather sad...I would hate to lose my account, I would hate to see my wife lose her account even more. I didn't know it was THIS bad, as i just started 2 months ago.

Murkalael

Intermediate

Posts: 487

Location: Santo Andre - SP - Brazil

Occupation: Computer Fix Technician

  • Send private message

10

Wednesday, April 18th 2012, 6:47am

I've got an idea. Of course isn't in our hands to determine who get hacked or who hacked someone, and I know that there are too many things to be fixed to start a bot hunt on daily basis, but if the staff agrees I would like to propose a public thread where players can post a screenshot only of the text box where a suspect appears like this one:

<deleted image--Kalvan>

By doing that, staff members will be able to compile a list of ips and their range and give back the accounts to the rightful owners in less time, since report span button is just to avoid the annoyance of beeing spammed, I believe it would work better for the staff of RoM and the players as well. Of course you might even double check your AV and firewall status, security issues can prejudice your RL too, so we can do our part protecting ourselves and reporting and staff can ban the ips perhaps (having a little hope) contacting respective ISP to ask for law enforcement.

Please comment.

Kalvan

Super Gamemaster

Posts: 2,053

Location: Lurking Amongst the Forums

  • Send private message

11

Wednesday, April 18th 2012, 7:57am

We--the staff--will not allow chat box images which show the names of hacked characters any more than we'll allow the names themselves be posted on the forums. The reason for this is that in the overwhelming majority of cases, the accounts have been reported, have been suspended, and Support has attempted to notify the account owners.

In essence, it is a security measure. We also are strenuously opposed to players, however well-meaning, publicly posting links to external websites which have lists of characters and accounts that have been hacked. When we find them, they will be deleted. While it may seem unlikely to those players, anyone, and I mean anyone--including the hackers themselves--would be able to gain access to that same information. There is no need for those lists, and Support is quite aware of which accounts and characters have been accessed.

Please don't make the jobs that our GMs and Support staff have to do that much more difficult.
[ New Sig Coming. Watch This Space! ]

MegaMouseSEC

Professional

Posts: 1,240

Location: South Mississippi

Occupation: River Boat Pilot

  • Send private message

12

Wednesday, April 18th 2012, 9:44am

First I agree with Kalvan. Posting the names of players wether in a chat box or even just putting their name in the forums is bad practice.

Now here is something for everyone to think about: Why do most people use their account name as one of their character names? It invites disaster because the only thing that a hacker will need is the passwords for the account. Using your account name for anything other than the login process is again a very bad idea. Maybe Frogster should go and look at each account and the characters associated with them and make anyone that ahs their account name and a character with the same name change one or the other.
By using the same name on your account and a character you invite a hacker to try to get into your account.
Another practice that is shameful is using the same password as your main login and the secondary. This also invites a hacker to get into our accounts. Frogster can only do so much to stop the hackers but if we as the player base are doing stupid things such as what I mention above, then everything Frogster tries to do is wasted energy.