Runes of Magic US / AU

ah, this is bad, i assume the authentication servers have no form of crypto or maybe the media is open to telnet and/or packet sniffers, either way this is real bad...ive seen a video once where ppl could be within 80 meters of a bldg and remotely access their network bcuz they left their network wide open (no firewall, crypto, honeypot, etc.) i hope the ia/and security na are competant.

i am sec+ certified, and going for ccna/np real soon, currently na atm, it sounds like the firewall guy has dropped a ball....i hope not.

Quoted from "TunaShake;518958"

I would like a bit more clarification concerning this matter that (in my opinion) seems like a bunch of you are acting overly paranoid.

You guys need to relax and calm down. As far as I know there hasn't been a compromise otherwise we would have noticed a few days ago instead of now.

-TunaShake

oh really... 9+ accounts in 2 days is no biggie? rightttt

also just because you have not detected the "compromise" yet (if one exists) does not mean there isn't one... just means you have not found it yet.

im not a firewall/security guy myself, but i am a network guy. its my job to configure switches, assign vlans, assign devices to vlans, static or dynamic, and troubleshoot network connectivity. so i know how easy it is for me to change alot on the network remotely, and i know the vulnerability of a network if it could be accessed remotely via telnet/snmp.

Sometimes I wonder why I am misunderstood so easily: The single case i was referring to in my last post, was the GM account discussed in this thread.

By no means did I mean to give you the feeling that a hacked account is no biggie. Every hacked account is one hacked account too many, hence why we can only stress the delicate nature of the interwebs and to be careful what you download, which pages you visit and where you enter or use your game login credentials.

This advice still stands, as it is a good one, not only for this game but every action or transaction on the internet using personal data and login credentials. Same goes for using updated security tools such as virusscan or firewalls. And it is no attempt to point the finger away from us and to you as affected player to say "Your fault". It is simply stating what you can do on your side, all the rest will be done by support on our side.

Now for the cases of hacked accounts mentioned here:

There has been no compromise of your game data, is the information I just got and yes I brought this thread to the attention of our other departments. This does of course not calm down those who have been hacked. Everyone who suspects a hacking attempt on his or her account or suffered one, needs to contact our support. We on forums can not help you to fix this, but our support can and will within all means they have.

So what has been said in green and blue in this thread is correct. If you can not change your password, you will need to contact our support as well.

I do understand that waiting on response from support on a matter so urgent is very stressful for affected players. But please give the support the time they need to get back to you and please cooperate with them and follow their instructions, if they provide you with them. In my signature you can find a link with some tips in regards to the support portal.

Now please, lets try to not turn into panic mode. I have forwarded your worries and feedback. We do everything possible on our side to secure your accounts and can only ask you to do the same on your side. If despite all security measures your account was hacked, our support is the address to go to.

Quoted from "Dionaea;519023"

Sometimes I wonder why I am misunderstood so easily: The single case i was referring to in my last post, was the GM account discussed in this thread.

By no means did I mean to give you the feeling that a hacked account is no biggie. Every hacked account is one hacked account too many, hence why we can only stress the delicate nature of the interwebs and to be careful what you download, which pages you visit and where you enter or use your game login credentials.

This advice still stands, as it is a good one, not only for this game but every action or transaction on the internet using personal data and login credentials. Same goes for using updated security tools such as virusscan or firewalls. And it is no attempt to point the finger away from us and to you as affected player to say "Your fault". It is simply stating what you can do on your side, all the rest will be done by support on our side.

Now for the cases of hacked accounts mentioned here:

There has been no compromise of your game data, is the information I just got and yes I brought this thread to the attention of our other departments. This does of course not calm down those who have been hacked. Everyone who suspects a hacking attempt on his or her account or suffered one, needs to contact our support. We on forums can not help you to fix this, but our support can and will within all means they have.

So what has been said in green and blue in this thread is correct. If you can not change your password, you will need to contact our support as well.

I do understand that waiting on response from support on a matter so urgent is very stressful for affected players. But please give the support the time they need to get back to you and please cooperate with them and follow their instructions, if they provide you with them. In my signature you can find a link with some tips in regards to the support portal.

Now please, lets try to not turn into panic mode. I have forwarded your worries and feedback. We do everything possible on our side to secure your accounts and can only ask you to do the same on your side. If despite all security measures your account was hacked, our support is the address to go to.

How much is sometime! Iv been waiting for over a month!. Your support has done nothing!

I wonder if the hacker visits the forum! i mean he could be sitting there watching you all panic and laughing off his spoiled azz.

I don't think its the player's end this time, otherwise, why only Artemis? And I think Artemis was chosen deliberately, ebcause it is the most populated server on the US = most amount of gold.

I was thinking that too Xploid. Good hacker, we love you, so please don't hack us...

I cannot confirm anything else, but he is right. I even remember the GM character's name. On Artemis. A few days back, my guild saw it a few times in world chat, in a deep pink color. It was one of the more simple spams. just 2 or 3 lines repeating the address to a gold-selling website directed at RoM.

I hope you guys are reading the blue message Dionaea just posted.

She has clearly indicated that there has been no compromise of game data.

-TunaShake

Quoted from "TunaShake;519077"

I hope you guys are reading the blue message Dionaea just posted.

She has clearly indicated that there has been no compromise of game data.

-TunaShake

Even if there is a technical department, we may have questions in their competence.

Besides, if there is a legitimate compromise in data, this is going to cost the head of the tech department their job most likely.

Quick follow up on both of my accounts being suspended.

I did receive a response from Frogster Support from the email i sent to them this morning, prompting me to reset my password on my primary account, still awaiting reply on secondary account.

Not able to log in as of yet, Cannot change passwords on either account and I imagine this will take some time to figure out on their end.

Thanks again to Unclemarty for the heads up. I always check forums every morning with my fresh coffee.)

Quick question for you security gurus.


How else can i improve my situation from preventing this?


Here are a few key points sharing my setup based on some of your feedback on security at a localized level.

1. I always log in using virtual keyboard.

2. Only addons i have are WOW map, PBinfo and Monster Card, all manual installed, nothing auto from curse.

3. I am sole owner of both accounts, started in 03/2009, never given my information to anyone.

4. Running on Windows 7, always set to auto update and fire-walled.

5. Also have firewall enabled on my hardwired 10/100 cable router, no wireless connections.

6. Running Kaspersky 2012 Anti Virus, fully updated.


If i am missing something, please shine a light my way.)


Thanks again for the forum, truly a very helpful asset for us players to have a voice.


Roth
P/M 70/70
Artemis

seems as if your definetly doing your part on information security, i personally beleve its a hardware/software security issue on the servers side, due to the information provided in these posts.

I cant believe they are sitting there saying "no compromise of game data" there was just another person on my server that just seemed to get hacked and is spamming in world chat.


Unreal

Hackers are always looking for any way they can to get our accounts. This may be a new backdoor ( or an existing one that noone knew about) that was found that the Devs nor Frogster know about. I do hope they find and fix it soon.

Quoted from "ecarlberg;519089"

6. Running Kaspersky 2012 Anti Virus, fully updated.

Lol.

People and their "Anti-viruses", most things go past undetected to the big anti-virus names.

Some even get past hijackthis nowadays, though I do still like hijackthis as a tool to remove things from the registry.

Quoted

I am sole owner of both accounts, started in 03/2009, never given my information to anyone.

The one thing I have to ask about this is did you use your account password anywhere else? If you did your security is compromised.


I'm not on anyone's side here, but being 100% completely secure is hard.

It's why I have a 'secure' computer.

I don't use it for anything else but secure things, like if I wanted to change my password now, that's where I'd do it, you can't always ensure security on your end if you go to pretty much any website.

Quoted from "TunaShake;519077"

I hope you guys are reading the blue message Dionaea just posted.

She has clearly indicated that there has been no compromise of game data.

-TunaShake

WRONG! That is NOT what she wrote.

She wrote "[COLOR=blue !important]is the information I just got[/COLOR]". That does not make that information true. But at least she is passing along what information she is getting.

And another one bites the dust at 1:03AM PST. Seems like the problem is growing.

Yeh... and employers are asking for FB passwords before they will hire you... lol... right, I'm gonna give my password to someone who would hire someone who voluntarily gives up their passwords in violation of ToS... no thanks! (aka. the easyhack = get pw from somewhere else and compare)


oh, also beware phishing site redirects that claim you have to change your RoM pw.... don't EVER click a link in e-mail, you don't wanna know what even a first year student can do with html.