Runes of Magic US / AU

Quoted from "Dionaea;523639"

Bakken, please read the post again.

We can only warn you and the user's who's names are on said list, that this may raise security issues. We can only give advice as to what you as a player can do to protect your account. We can not force you to listen to our advices.

Our statements in this thread still stand. We will assist every hacked account to the best we can. We will not stop to give advice how players can protect themselves. We will continue to investigate each reported hacked account for all possible reasons leading to the hack, this will always include both sides, ours and the players.

Again, the increase of hacked accounts is taken very seriously by us and should be by you as players as well. It should sensitize you as players for possible security issues on your side and what you can do to prevent them, as well as us to check and double-check and triple-check and then check again for possible issues on our side. This is being done.

All affected players need to contact support. Neither a wiki-page nor a forum thread will get the accounts fixed. Only our support can assist. To this point, no security breach has been found on our side and we will continue to investigate.

Please follow our advices and read the information given by us in this thread to do everything possible on your side to protect the security of your accounts.

Thank you for reading.

You guys probably have an extremely knowledgeable IT staff on board that is working diligently in regards to monitoring/checking/observing assets on your end. So I won't spew out ideas for your team to check as I'm sure most already have been.

I do want to mention one "common" breach. And that is the injection of malicious code into a web page. Now, a noob hacker would crack a web page, inject malicious code, then leave it there to harvest as many usernames and passwords as they can before the hacked page is discovered. A pro hacker would inject the malicious code, farm a few dozen accounts, then remove the malicious code to make things appear as if nothing has been compromised.

All I'm saying is check the 'Date Modified' and 'Date Created' time stamps of the 'Redeem Key' and the 'Login' php page on the forums. Make sure the dates are correct according to your current web masters records. Also check any other pages that require login info.

Good luck!

Quoted from "RoMage;523648"

Why do you need support to change your password?

I do not know. Is there another way? And if there is, could they not ignore me and just tell me the other way?

Guys....the webpage keylogger theory doesn't account for the users that have been hacked that haven't logged in rom in a very long time that are also getting hacked.

Quoted from "Auros;523664"

I do not know. Is there another way? And if there is, could they not ignore me and just tell me the other way?

Yes, there is another way (depending on which password you wish to reset). If you wish to change your secondary password, please get in touch with Customer Support. If you wish to change any of your other passwords, you wiull not need Customer Support.

Here are the steps to change your normal passwords:

• First of all, you have to login on the account management page (https://account.frogster-america.com/)
  
• You have several tabs once you're logged in. In order to change the account management password, you have to go to the Personal Data tab.
  
• If you go to game accounts, you see all active game accounts on your account. Simply click on the 'Change PW' function to change a password for the respective game account.
  
• Below that you can see 'Forum', if you click on the change function on the forumaccount you can also change your forumpassword.
  
• After the passwords are changed, please remember that it can take 15-20 minutes before the new passwords are functional.
  

If you have any further questions, please send me a PM

Any official word/announcement/news press of concrete "Fix" for the security holes in the RoM client and servers??? BTW, the over the counter anti-virus/protection software just ain't gonna cut it IJS

Plug up the security holes...officially announce solid security fix...encourage and insure playerbase of a secure environment....
...

well one of my friends washacked and he refuses to bother with this game anymore,is there a way to retrieve my jugglers throwing knife tier 10 plus 16?i lent it to him because my rogue side couldnt use it yet.

I think the only rules I haven't broken on that of Megas would be 4,5,and 6 in the past lolz. Nothing you can do can stop a hack, but it can be prevented. Sadly hacks aren't random infact they are actually specific, only few are at random. The Possiblity of being hacked by someone not knowing your password is like 00.01% Versus 99.99% which is by you telling someone or someone is a damn good guesser and knows a hell alot about you kiddo! I use to have to write various amounts of programs in my time with Python, Haskell, C+, and Java is that there is always a way of editing and manipluting code I know this very well when I instruct my students how to write MIDI data(I know Binary Code is just Machine Language, but technically speaking the way we use it in MIDI it becomes a type of Programming Language) Anyhow long story short I have to instruct them on how to interpret and manipulate its' data to play a different note in Reason and in Pro Tools. The same can be done with HTML and XHTML you can alter Source Code to change to your preferences and tastes. Hackers can manipulate coding in the game and make their own version of this game as well as making a false one by hacking Frogsters RoM main site and posting their false impression client on the main site which would be scary plausible, but with other hackers that work at Frogster they can spot it right on before it causes too much damage ^.^

Any chance a GM can get online fast (Artemis server) and shut down the hacked account currently spamming?

One on Palenque as well, Xeph.

Might as well add Govinda. Gordy has been at it since last night.

Hmmmm... Must still be our fault then

^ It's always ur fault.

Faine from palenque hacked spamming world.

Threads merged again. Please follow our advice and contact support if you observe or are affected by a hacking attempt.

This really does not make sense. Why support is not in game and is not preventing this as soon as possible? Last night we all saw hacked account using WC, and you expect us to go and create incident. (this takes time to do) Last time I checked it takes days for someone to respond to ticket, at that time hacked account is already history.

Please tell us Frogster is doing more then waiting for our response in this case...

RoMage, our support staff is hammering away at tickets as fast and best they can and assist every hacked or attempted to be hacked account as fast and to the fullest within their means. If they are not available on your server at the time of the hack, sending a ticket is the fastest and most efficient way. Please keep in mind that the forums are no instant messenger either, so there is no guarantee for you that we can react faster upon your post or PM on forums then a ticket would raise a flag. Our support staff works with and within the ticket system and not mainly from forum.

It would make sense in my opinion to enable in game reporting, as that would be more convenient to gamers / customers. (Does not have to be permanent)

I am not sure if there is integration between game client and current support portal as it was case half year ago.

Quoted from "RoMage;524272"

It would make sense in my opinion to enable in game reporting, as that would be more convenient to gamers / customers. (Does not have to be permanent)

RoM used to have this and I do not understand why it was removed from the game. To be honest, I think that some of the things the EU did do not make sense and should not have been implimented. However, this is not one of those threads, so I shall not delve further into it.
Yesterday, on Govinda, I saw.. 3? new accounts hacked and spamming within secounds upon my login. Can we please get a little more responce on this? I realize that not all the time can GM's be on, but I haven't seen one actual GM since the EU took over. The CM's do not count.

And the fun continues on Artemis this afternoon...I log into someone else spamming world chat.

So we know what support is doing to restore the accounts of people being hacked. Thank you for the update, Dionaea. What a thankless job you have.

What is happening to prevent accounts from being hacked? What protective or preventative measures have been taken to stop the hacking?

We've changed our passwords -- and been hacked.
Some of those with no add-ons -- still hacked.
Those who claim (and I believe them) that they do not buy gold -- hacked.
Active accounts -- hacked.
Inactive accounts -- hacked.

A word or two of reassurance from someone higher up the food chain would go a long, long way towards settling the player base.

Quoted from "RoMage;524272"

It would make sense in my opinion to enable in game reporting, as that would be more convenient to gamers / customers. (Does not have to be permanent)

I am not sure if there is integration between game client and current support portal as it was case half year ago.

We used to have a in-game contact option to contact our support, which would create a ticket in the system, just like the support portal does. It was no instant messenger to a support staff member. It was removed, because it had some technical limitations leading to users sending in tickets that were cut off after 255 symbols in random cases. This lead to a lot of unneeded aggravation, when users sent in tickets with all details and receiving a response from support to please describe the issue again because the text was incomplete. Attempts to bypass this technical limitation did not succeed 100%. So when we switched to the new system the in-game option was removed.

With the Knowledge Base support portal and the few additional steps needed to contact support, we also lowered the ticket load by those requests, which users sent in and more often then not solved their request themselves shortly after sending in a ticket before a support member even replied.

So bottom line, the new system saves time and aggravation for both players and supporters needed on responding to ticket requests. It is more efficient.

@Zarli, I can only ask you to check our previous posts in this thread. We will continue to investigate and give advice what you can do on your side, while we investigate on our side. Still, at this point, no security breach has been found. We will continue to investigate on all frontiers.

I am aware how stressful it is to watch a guild member getting hacked with your hands tied behind your back, wishing to stop this. But it is simply not feasible to have GMs online 24/7 in all zones on all servers. But I gladly forward your wish for more presence of GMs on servers. For affected accounts, the support really is the best address. They have the tools and means to assist as fast as possible and to investigate the possible sources of the intrusion on our side and player side.

Should we have any more information to share with you, we will do so.