Runes of Magic US / AU

something does need to be done and fast,somewhere in the number of 20 different chars spamming reni all weekend

i agree 500%,stop ch 5 and deal with the hackers.

Quoted from "vfwiffo;525173"

Ooooh, inside job. That makes total sense. Someone inside Frogster is spamming gold sites, and I bet that person also hacking accounts of players and taking their gold. Why didn't I suspect a GM in first place?

Good job unraveling this, guys.

Then explain how they get in without ever getting the delays tripped for the wrong passwords. How did they get through both a primary and secondary password, which are being accessed by an on screen keyboard and are very long and complicated. No one has my passwords and I do not save them and no one has access to my computer and I have very good anti virus running and everything is updated.
Why is the trail of the stolen items is always lost?
The simplest solution is often the best one, they are getting access at the servers and using them to cover their tracks.
The concept that a hacker is going to send the largest potion of the stolen gold to legit accounts and the legit people will not cotact the person who they got it from to find out why or will not report it, and no where down the line will any of the gold ever reach the hacker is absurd, a little may get spread around here or there is possible but it is very easy to find out what is legit and what isn't. The number of accounts hacked will give you a true trail.
The answer of what is happening is staring you in the face you just don't want to admit it.

This isn't happening externally. People who are getting hacked are using the on screen keyboard. The two passwords are now very long and complicated. The wrong password warnings and delays are not being tripped. The trail of the stolen good isn't being followed and the people who did it are not being punished. The problem is not with the players. It is taking place at the servers.

One of our guild members got hacked yesterday during our guilds 3yr anni weekend, his a long time player that hasn't been on for awhile and as we are pretty strict on members following guild and game rules. I doubt he has touched any gold sites. I cross my fingers that we dont have another one compromised.

Even if frogster does know its a "game" issue I doubt they would admit it as it would certainly cause panic. Players not knowing for certain still gives them the hope its localized rather than complete compromise of the game.

The brute force scenario seems most likely to me as players are reporting that the account lock is not working. We certainly know most players dont use 15 digit/char password combinations. Wouldn't be surprise if people used butterfly25 as a password. Not an insult just that those are easily cracked.

My method of password creation is, if i have trouble figuring out my own password, might take the hacker awhile too. LOL

and i store them on paper not the PC, can never be too safe.

I had suggested that when Frogster took over the servers that the previous renters had left some way for them to access it. It was promptly buried by naysayers and people who have no clue about how a server farm works. If this problem is truly at the server level (which it seems to be), then Frogster really needs to do a full hard drive wipe of the servers they rented and then do a complete and fresh install of the OS and RoM. But even now I do not think that can do much except pasify the players because the damage has been done.

/Start Sarcasm rant

Maybe Frogster knows they're getting shutdown, due to info from gameforge so they're selling accounts to gold sellers for money to pull asw much as they can from this game before it gets shut down.

/End Sarcasm rant.

The problem is if it is on Frogsters end there is no way they are ever going to admit it unless the hacker comes out and brags. We had two friends hacked yesterday, one has not played for months, the other we texted to let him know and he stopped the hacker but not before his account was drained of 2300 diamonds.

My advice, disable world chats till we know what the heck is going on. Frankly spamming gold selling sites seems like a miss direction, a red herring. The fact that the only diamonds and gold go missing this seems like this is an attack on frogster.

Till you get it sorted out please have a staff member on the servers, even a mentor, give them the ability to ban the hacker. It seems like a whole lot of finger pointing and not a whole lot of action.

Quoted from "regentego;525224"

The problem is if it is on Frogsters end there is no way they are ever going to admit it unless the hacker comes out and brags. We had two friends hacked yesterday, one has not played for months, the other we texted to let him know and he stopped the hacker but not before his account was drained of 2300 diamonds.

My advice, disable world chats till we know what the heck is going on. Frankly spamming gold selling sites seems like a miss direction, a red herring. The fact that the only diamonds and gold go missing this seems like this is an attack on frogster.

Till you get it sorted out please have a staff member on the servers, even a mentor, give them the ability to ban the hacker. It seems like a whole lot of finger pointing and not a whole lot of action.

I agree that is it an attack on frogster. If they have a GM account they are probably targetting accounts with high gold/diamond values (cause we know they put in a way to read that just the players dont see it anymore)

Quoted from "regentego;525224"

The problem is if it is on Frogsters end there is no way they are ever going to admit it unless the hacker comes out and brags. We had two friends hacked yesterday, one has not played for months, the other we texted to let him know and he stopped the hacker but not before his account was drained of 2300 diamonds.

My advice, disable world chats till we know what the heck is going on. Frankly spamming gold selling sites seems like a miss direction, a red herring. The fact that the only diamonds and gold go missing this seems like this is an attack on frogster.

Till you get it sorted out please have a staff member on the servers, even a mentor, give them the ability to ban the hacker. It seems like a whole lot of finger pointing and not a whole lot of action.

This is actually a good idea, the problem is that they'll resort to using the other chat methods (zone say, normal say, etc.) in order to spam the gold sites. They might even hack into places they are not supposed to be (like guild chats or party chats) in orde rto do so.

I am wondering if the reason Gear is not being touched is because it would be too easy to trace in the case of high level players. Each person has a good idea of what was on their gear at the time, and having it suddenly show up in the AH or in world for sale would be a massive clue as to who is perpetrating the hacks.

if it's like the last hack episode, which it certainly appears to be....same exact MO except the mega spam is new...theyre simply using legit characters in laundering chains. massively long, convoluted series to launder gold through. that's prob why they arent liquidating gear again. every legit player "node" in the chain pretty much masks everything after it if the player isnt active and doesnt report it.

and on screen keyboards only protect against some keyloggers. one thats injected specifically into the client/the client dll watches for the encrypt or other input processing functions but the dll is also, gasp, white listed by your antivirus since you probably had to say rom was legit to play it or enter gaming mode. meaning the dll's it uses are as well. but using polymorphic crypters these days isnt that rare especially if a gold farmer is buying a custom psw grabber. heres a scary screeenie advertising their detect %:



helping someone around 20 mins after they got hit.. i was doing some low level scans and basic net commands to see who was trying to call home, what changed in the last hour and what was listening/bound to specific ports. there were traces of a leftover dropper that deleted itself, a registry change that slightly altered an interface, and her web email was compromised. all with fully updated windows and updated AV with monthly paid subscription being silent. think email wasnt related just ironic. looked like a bh kit driveby. iono..need phyical access to lower the lights and really get in bed with it

Quoted from "LadyMacV;525276"

This is actually a good idea, the problem is that they'll resort to using the other chat methods (zone say, normal say, etc.) in order to spam the gold sites. They might even hack into places they are not supposed to be (like guild chats or party chats) in order to do so.

Am I the only one who is getting gold spam in ROM Mail? I was wondering what that was not hit before. Now it is.

Quoted

I am wondering if the reason Gear is not being touched is because it would be too easy to trace in the case of high level players. Each person has a good idea of what was on their gear at the time, and having it suddenly show up in the AH or in world for sale would be a massive clue as to who is perpetrating the hacks.

Trace what? Sure, you can trace the item transaction; but there is much less usable than what is traceable now. For last several days, you can log into Reni any time of the day and see the actual spammer as it spams. You dont get much better traceability than that.

What I see is that there is apparently a single hacker/spammer. The toons that are spamming are doing it once every few minutes, and it seems like as soon as one stops, another one pops up at about the same time as the old hacked toon was due to do the next message. That suggests one hacker. But, then, of course, any decent hacker will not leave an easily traceable trail, unless he is distracted by... ummm... well, see the photo exhibit A and photo exhibit B here...

Quoted from "vfwiffo;525298"

Am I the only one who is getting gold spam in ROM Mail? I was wondering what that was not hit before. Now it is.

My mailbox is actually just stuff I do transaction wise and a few notes from friends at the moment. Granted I haven't been in the game since yesterday, but you should probably send that stuff to Support if you didn't already do it.

Quoted

Trace what? Sure, you can trace the item transaction; but there is much less usable than what is traceable now. For last several days, you can log into Reni any time of the day and see the actual spammer as it spams. You dont get much better traceability than that.

What I see is that there is apparently a single hacker/spammer. The toons that are spamming are doing it once every few minutes, and it seems like as soon as one stops, another one pops up at about the same time as the old hacked toon was due to do the next message. That suggests one hacker. But, then, of course, any decent hacker will not leave an easily traceable trail, unless he is distracted by... ummm... well, see the photo exhibit A and photo exhibit B here...

Technically, the term is called cracking. Anyone who regards themself as a real hacker is there solely to see if they can break into a system. They don't make big, obnoxious changes like this one because it's the easiest way to get caught- a real hacker is just going to break in and then leave. You'd never know they were there.

This person, on the other hand, is making alterations to accounts and going through multiple servers to do so. There is a trail. Any network admin worth their salary is going to follow the bread crumbs. I only suggested that gear wasn't being taken because it leaves a big, blinking neon arrow as to where the perpetrator is in the system, and who they're interacting with. It is possible that the crack was only set up to target the financial aspects of the game (gold and diamonds) without being able to take gear as well or accounting for the value of gear in the game. Gear's a variable, gold and diamonds are static resources.

I got mail from spammer in game mailbox and sent it in, but they are not allowed to discuss the actions taken, LMAO, That means we have no clue and hope it will pass. 15 accounts hacked on RENI server today, but hey keep on looking into it. Might be a glass half full or half empty??

You guys are better at lawyering up behing your EULA and we get crap for protection.

WTH if i'm signed up on a computer, i go to my sons computer and i can log on my account, disconnecting my main computer by itself, and boom i'm on my sons computer on my freaking account?? No one should be able to disconnect me when i'm signed in, you guys really need new people working there.

Or as someone been pushed aside with the hostile takeover and this is revenge??

Thx for still not caring and doing nothing as usual , apart from removing my post because it doesn't please you

You realize why the hacking is going on right? This has to do with the Ch V arrival and the soon to be massive need for gold. I would think the gold thieves are trying to get a large gold stock so they can either buy their way to the top of ChV or intend to sell the gold and make a boat load of real money.

Zidlef, the fact that we can only repeat what we already said numerous times in this thread does in no way mean that we do not care. But it does mean that we want you to read our statements and take our advices, as they are good ones. It also means that our statement is still true and no update is available: no security breach has been detected from our side.

But this also means that our support will continue to assist every reported hacked account and will get the real account holder their account back and their stuff to the best they can. Our supporters are working through these tickets as fast and thorough as they can, and they are doing an awesome job.

Meanwhile we continue to investigate with each reported case on all frontiers, this includes our side as well, not only players side!

The fact that our support can not disclose to you what happens to other players accounts who you report (like in your case the one who sent you the in-game mail). does not mean that we do not care either. It simply means that you as reporter did your part, now this is a matter between the reported player and our support. While I understand that the outcome of a report would really interest you and show you progress, it is impossible to give you the desired information due to data protection laws for our supporters. We have procedures and restrictions that bind us and we follow these procedures.

I do understand how aggravating it is for you and how easy it is to give in to panic or rage. You say not getting kicked when logged in twice is a tool to prevent your account from being hacked right under you while you already play. Granted, that it is. This is something i gladly forward. But it is no protection hole per se. If you are playing and get kicked out, or if you learn for example from friends that you are online while you are not, log (back) in and you kick the hacker and stop him. You could not do that either if the login would be blocked. Then change your passwords asap, mainly the log-in password, if possible. Then check - if this was indeed a hacking attempt - for any losses, if losses occurred and the hack is confirmed or if you can not change your password or if you can not log in anymore, immediately contact our support.

Everyone of us cares and works hard, on all frontiers, to assist our players and investigate this situation.

For now I can only repeat what we already said numerous times:

http://forum.us.runesofmagic.com/showthr…ll=1#post520572

If we have any new information to share we will.

In the meanwhile, please try not to panic or enrage this thread. I know this is easier said then done, but it does not help the affected players and it does not help to fix this situation in any faster or better way.

You should get my concern on my account here, I got 62 Big chests bank and backpack slots filled, took 389 screenshots of everything i have. Do you see if i have to send in all those tickets? Am i gonna get everything back? even the gold, potions, crafted stuff, materials etc? Am i gonna argue of what i had in my house? Will i have to send one ticket per item? We are left with no real answers.

Funny that a Phoenix member got hacked today and was on yesterday, don't you think?

Dionaea, i know you do all you can on YOUR side, but there is people not doing their jobs, sorry to say.

Thx for the quick response as always from you ;-)

Guild mate hacked today

Quoted from "zidlef;525330"

You should get my concern on my account here, I got 62 Big chests bank and backpack slots filled, took 389 screenshots of everything i have. Do you see if i have to send in all those tickets? Am i gonna get everything back? even the gold, potions, crafted stuff, materials etc? Am i gonna argue of what i had in my house? Will i have to send one ticket per item? We are left with no real answers.

Funny that a Phoenix member got hacked today and was on yesterday, don't you think?

Dionaea, i know you do all you can on YOUR side, but there is people not doing their jobs, sorry to say.

Thx for the quick response as always from you ;-)

Well for starters, please do NOT generate several tickets for one and the same issue
You would not need to send in screenshots unless asked for. If the screenshots help you to make a detailed list of your losses, that is great, but you can put this list into the one ticket you created, you do not need a new ticket for each item.

ONE ticket and one ticket only really is enough.

Will you get back everything? Everything that can be verified as being lost during the hack, yes. Which makes the research of hacked accounts so time consuming and causes the tickets to take time before they can be closed as solved. Give the support the time they need, cooperate when asked by support and give information needed, and our support will assist you to the best they can.

I do not understand why a player being logged in yesterday and getting hacked today should be funny. I find that rather sad Like I said, every hacked account is one too many. But we still have not developed the skill of future-telling, so when a player logs in normally one day, it does not give us a vision that he gets hacked the next day. Unless you mean something else and I misunderstood.

Everyone is doing their jobs! Period. I am sorry that you do not see it that way, as I see the hard work everyone does. They do a great job. And they have nerves of steel, considering that some tickets are much layered with rage, insults and other aggressive styles. I totally understand that an aggravating situation can lead to such first reactions. But our supporters did not hack you or steal your stuff, on the contrary they are the ones working with you to get you back that which is yours. So the rage is totally fired into the wrong direction.

Somehow the concept of such extensive and expensive technologies, evasive technologies and key loggers being employed to crack a free game and steal a little bit of gold or diamonds where it costs so little to buy gold on the net just seems a bit absurd on an account to account basis. A keylogger once installed in a computer isn't going to be used on a free game. No one is going to go through the trouble of installing it on a computer in a blind hope they can get into the right game. There is bank account information, personal id information amd a multitude of other information worth thousands and millions of times as much in real world money on that computer so lets steal a little of fantasy world gold and diamonds after spending all that money and time. This just doesn't seem to be the way the accounts are being hacked.
Someone has established a back door access to the servers and comes in and shops the accounts to find what they want Then through the server just enters the account that has what they want at that moment places and takes it bypassing the login process. That is the only way there is enough profit to make it worthwhile to a hacker. Since they are already in the server they just delete their tracks and no one knows where the items go.
Remember this is done for a profit and spending a lot of time or money makes it not worth the hackers time or effort. They have to be able to acces hundreds or thousands of accounts instantly and be able to cover their tracks just as fast to make their time and effort profitable. There is no way they can do it by working on the accounts individually only through a server can they get what they need.