Runes of Magic US / AU

Quoted from "UncleMart;519761"

Gold buying (some of these people are diamond buyers, some totally free players, not a single person has said they buy gold nor ever have. This would be debatable had I not known some of the people who have been hacked, I trust they would tell me if they had)..

I am not accusing anyone of gold buying but even if they did buy gold, they would never admit it.

-TunaShake

this is not random, nor a coincedence. if you take a step back, and look at the big picture, this is an attack; meditated, procedural, methodical and deliberate.

software may be part of the issue, possibly, possibly others as well, like sql injection where a third party websites basically steals authentication information. this may be a hardware issue as well. IE:

http://en.wikipedia.org/wiki/Vampire_tap
http://en.wikipedia.org/wiki/Packet_sniffer

are two common examples...

one example of what i can do with only network related IP's is:

access and monitor the distro switch's packet/traffic information via SNMP or Telnet (if not protected properly), narrow down the switches/devices which are getting most processed incoming/outgoing traffic. access the targeted switch via snmp or telnet from the distro switch.

access the dhcp server (server which assigns devices and switches IP Address) and getting the vlan information from the distro switch (if its not protected) and kick out (un authenticate) certain devices from the network. can authenticate/connect devices i want to, to the network via telnet, or snmp.

this is just one side to it, the network side. no telling what a software guy could do...

some tips for network security (which i hope are aready in place)
http://en.wikipedia.org/wiki/Network...tection_system
http://en.wikipedia.org/wiki/Honeypot_(computing)

every device on a network has an IP Address, and if it has an IP Address, with the right tools, it can be accessed.

Nevermind...

Compromise or not compromised, I just want to know whether the tech guys are working as hard as they can to fix this, or are they just drinking coffee and doen't know whats going on at all? An update about what they're doing (rescanning for compromise, checking their firewalls, etc.) would be very settling as well.

Also, will our lost gold be refunded if we have screenshot proof? I've taken a screenshot of my gold as soon as Artemis started getting hacked, and I'm hoping we won't simply get a reply of "sux to be you, bro".

TunaShake's responses pisses me more than the "series of accounts compromised" issue

Quoted from "ruisen2000;519815"

Compromise or not compromised, I just want to know whether the tech guys are working as hard as they can to fix this, or are they just drinking coffee and doen't know whats going on at all? An update about what they're doing (rescanning for compromise, checking their firewalls, etc.) would be very settling as well.

Also, will our lost gold be refunded if we have screenshot proof? I've taken a screenshot of my gold as soon as Artemis started getting hacked, and I'm hoping we won't simply get a reply of "sux to be you, bro".

From all the information I am getting the gold spammers are not taking anything from the account except for the gold.

The gold is one of the easiest things to track in the game.

If you submit a support ticket, support can answer those questions to you directly.

@alegre08,

I understand you might feel frustrated and I know for sure a lot of people here are upset that their friend's accounts are getting hacked left and right but everyone needs to remain calm.

@ruisen2000,

The appropriate department was contacted the second this incident popped up and that specific department notified us that the servers were not compromised.

I am pretty sure they know what they are doing as it is their job to handle these things.

I understand that a lot of you are getting upset about this.

However, sitting at your computer and getting even more upset about it isn't going to help anyone.

Take a break, go for a smoke, watch TV. It is Saturday Morning and everyone should be having fun.

-TunaShake

BY the osunds of it the place where u buy dias has been compromised and thats how the hackers ARE getting the info. Everyone that was hacked on Palenque, buys dias. If i see a F2p player get hacked I'll change my mind.

Also this supports the myths of frogster running some of those gold sites, if the site hasnt been compromised how else would they get the pw's? right? heh.. Or they sold em the pw's for extra cash on the side xD

meh jsut joking CM's don't take it seriously >_>

Or liek someone in the forum suggested earlier to where they do an IPthingy and get everyone whouse the same IP. I dunno tho seems fishy... good wayt o bring down the prices ont he servers tho right? less gold? cuz u know they wont refund your gold... just maybe with dias or sumthing.

You know it could be anything, but I won't be buying diamonds till it is resolved. While Frogster can say "not us" the payment company is a third party. Thank god I don't pay with a credit card! Come to think of it I won't be buying diamonds at all till they start appreciating us all for buying diamonds, f2p or not I'm not a fan of "just accept it" with my money.

2 of my guild members have fallen victim to this over the past few days. It's getting worse, not better. Almost every hour on Reni there's a new account that starts spamming world chat.

I would like to suggest a few possibilities in the event that Gameforge has not considered them:

1. There is more than one person currently attacking the accounts. Given the DDOS attack a month ago, it may or may not be the same person/people responsible for that attack.

2. There is more than one exploit being used in order to take these accounts.

3. Thus far, the accounts that have been attacked on Reni have all been high level accounts. The two guildies who fell victim to this were both high level, most active during the evening (which probably made them look like little-used alt accounts) and most likely to contain high levels of gold/megaphones/diamonds. One had JUST retired from the game and passed on his gear, the other was offline due to real life responsibilities.

As the attacks are across all servers, and started with GM Aquila's account, you have an issue on your hands that is not a series of isolated events. I'd suggest you find the people responsible quickly, because your player base WILL abandon the game if the accounts themselves cannot be kept safe utilizing the current system.

Seeing as the spread of accounts is getting larger it looks like this is a backdoor attack. It might be something left over from a previous user of the servers that Frogster now uses. In my opinion Frogster should take down the servers, do a full and complete DoD 12 pass wipe of the servers then watch as the IT people reinstall the main OS and then RoM onto the servers. Doing this may fix the problem. I do hope they can get these perps soon it looks like this might kill RoM if not stopped.

Mouse.. do u really think they'd wipe the servers if they don't even want to half of what we suggest?

Quoted from "Drakkarsdad;519779"

I asked in an earlier response if it could be Moneybookers.. check that one as well

Received this in an email from Moneybookers.com

After a security check we need you to verify your recent payment by providing the following:

- A full colour copy of a valid, official identification document; such as your international passport (double page), national identity card or drivers licence (front and back). This is required in order for us to verify your identity.
- A copy of a paper utility bill (Gas Bill/Electricity Bill) or bank statement issued in the last three months clearly displaying your name and address. This is required in order for us to verify your address.

The required documents/information should be sent via email to security@moneybookers.com.

Please accept our apologies for any possible inconvenience, however Skrill (Moneybookers) must adhere to strict security standards which are there to protect your payment privacy. Please be aware that you will not be able to process further payments via Skrill (Moneybookers) until you comply with this request.

We thank you in advance for your cooperation in this matter.

Kind regards,

Skrill (Moneybookers) Security


My own bank doesnt ask me for this kind of information why would moneybookers?

Quoted from "Vitorrio;519872"

Received this in an email from Moneybookers.com

After a security check we need you to verify your recent payment by providing the following:

- A full colour copy of a valid, official identification document; such as your international passport (double page), national identity card or drivers licence (front and back). This is required in order for us to verify your identity.
- A copy of a paper utility bill (Gas Bill/Electricity Bill) or bank statement issued in the last three months clearly displaying your name and address. This is required in order for us to verify your address.

The required documents/information should be sent via email to security@moneybookers.com.

Please accept our apologies for any possible inconvenience, however Skrill (Moneybookers) must adhere to strict security standards which are there to protect your payment privacy. Please be aware that you will not be able to process further payments via Skrill (Moneybookers) until you comply with this request.

We thank you in advance for your cooperation in this matter.

Kind regards,

Skrill (Moneybookers) Security


My own bank doesnt ask me for this kind of information why would moneybookers?

Do not give that information to ANYONE over the internet. That's a fairly blatant attempt to steal someone's identity.

Quoted from "LadyMacV;519873"

Do not give that information to ANYONE over the internet. That's a fairly blatant attempt to steal someone's identity.

Agreed 110%, just thought I post to see if anybody else had the same thing happen or maybe something similiar?

Two of my own guildies seem to have fallen victim to this in the last day, on Reni. I wont let my character stay logged out anymore

ok Tunasake, your saying to go take a smoke, watch TV and blabla. What if my account gets hacked, send a ticket, maybe get my account back in how long? a day, week, month never? What about my gold? i'll get it back ? maybe, never, we will look into it answer again?

I really hope it doesn't happen, because it is not my problem that you guys are getting attacked and hacked. Sorry to say but it is not my problem. I'm farming TP to level my skills and i don't need this BS. So fix it and fast.

thx

@UncleMarty

Not sure if this will be of any help to you, but the two gold sellers sites listed on the romwiki page are real. Both are registered to someone based in China, and the IP locations for the two sites are in the US - one in California and one in Florida. Not surprisingly, those IPs track back to a hosting company which has been linked to spamming, phishing, and malware attacks.

I know it's rather obvious but in addition to an up-to-date AV scanner and firewall, browser extensions like NoScript, Ghostery, and AdBlock along with a urlfilter / IP blocklist will add another layer of security. Every little bit helps.

Well froggy sure knows how to throw an anniversary party. Crappy sales, lame events and now hacking along with a crappy tp event. This has become a joke and all we get from froggy is to step away and take a break, such a pathetic attempt to calm the masses. FEU needs to come on and say what is being done about this or they are going to lose their players who spend money on this game. I have already chanhed my password but I know if I was to get hacked I would quit this game. You guys are already getting bad PR on facebook. If you don't care about this game anymore just shut it down.

Any chances of getting in-game GM support, especially during the times these hacks all seem to happen?