Runes of Magic US / AU

Ok this is more for Frogster than Runewaker and the game. I am suggseting this due to the rash of hacked accounts that has gone on for over a month now. RoM used to have a lockout that would lock the game account if the wrong password was inputted more than 3 times in a row.
I suggest bringing this to get the hacking under control first. Then when the flood of tickets start coming in look at those specific accounts to see where the login attempts were coming from (these will be in the server database). Also implement a second lockout for the secondary password just in case the first one was compromised.
Yes people will complain about it but for the time beign this solution will stop brute force attacks on peoples accounts.
I also suggest that the lockout be settup in such a way that the IP that gave the wrong passwords be blocked for 24 hours (or permanently if it is found to be a hacker).
The ammout of time the player's account that was attacked should be locked should be no less than 12 hours, more might be a bit overkill. Setting it for that long will make any ahcker give up on the accounts, and possibly move on.

camagic although I am all for an IP block on any other than what the account was registered with that would in itself present some major problems. Here is a list of the problems:

1 Some players use notebooks to play rom at cybercafe's (not exactly safe to do but I know it is done). They may not have the same IP all the time especialy if they go from one cafe to another.

2 Some players (like me) play while at work. I cannot guarantee the same IP from one session to another due to my use of AT+T's wireless network. Mine can even change while playing if we are moving.


Ouch wall of text time. Didn't realize I was writing this much.
3 Some players are still using dial-up (gasp I hope not but had to add this). Each time they dial a connection they ahve a different IP.

4 Some isp's rotate the IP they give you when you sign up for DSL, or Cable internet service unless you pay for a static IP.

5 Some players want to play while on vacation. They may be in a hotel/motel when they log in thus having a different IP than originaly registered with.

Now seeing all those above Frogster cannot in good faith block every IP that logs into an account if it is not the original because it will create some unneeded support tickets attempting to rectify the situation. While there should be a log of what IP logged into an account within the login server then they could find and block the specific IP someone who is not supposed to be on an account has.

I have a server and it runs an old FPS game that some of my friends and I love to play still. So I can safely say I know the IP of anyone that logs into or even attempts to access my server. I am unsure though if Frogster has this option activated within the game servers due to the fact that the log files can get rather large unless pruned every couple days.

Skull this is for you. I am suggseting first: lowering the number of attempts allowed before beign locked out of your account and raising the ammount of time the lockout is in place. Again yes this will make plenty of people mad but I would rather have my account locked and unaccessable by everyone so that I can reset my passwords, than ahve a hacker run rampant and steal all my hard earned junk. Plus this can stop a brute force attacker if that is how they are gaining access to our accounts.
But seeing as the accounts are falling like leaves in the fall I still think there is a security breach in the login server but that is my personal opinion.

aardvark there still should be a log of what IP is on each account, even if they are bypassing the login server. A GM should be able to check the IP of any character online at any time if the system is settup correctly.