Runes of Magic US / AU

For the people who think hacking a game server is hard, think again. If the server is already compromised it is very easy to break into. Also without a "real" dedicated security department to constantly monitor and protect the servers from crackers things will more than likely worsen. Any "good" programmer as in one that can write their own code without looking at a coding for dummies encyclopedia 24/7 can find the holes in RoM. The people behind RoM can barely fix code related issues within RoM...what can they really do when it comes to security code?

Also I suggest everyone monitor their actual "real life accounts" cause you never know if the crackers got personal information from the servers or peoples computers considering how the company's aren't really sharing all information to the public.


"Programming, the father to all forms of language"

+1000000000000 to NaiSa.

For all that don't know what programming means, it doesn't mean taking an already made program to write your own. It means from scratch, like they did in the 80's. Those are the people you don't want to get mad loll. No backdoor would be closed to them since they made the internet. Please to all powerful don't hack my account, i love my toon and don't want to wait a month to a year to get my stuff back, thx.

Yes, it is very easy. I already explained what I can do with a network in a previous post, this is just from a networking side:

With the right network monitoring software, I can gather a networks IP Addresses, VLAN's, switches (Layer 2, 3), VLAN ranges from VLAN subnet mask, IP ranges, etc.

I can access this network via Telnet (which is unsecure, which Im assuming is the network status for FA anyway). Once inside I can disconnect/connect any switch, server, VLAN, device I want to (Again, if unsecure via Telnet)

Im a network guy in the military, dealing with secure protocols such as SSH, crypto and Access lists. This is what I do, if the network is unsecure it can be easily compromised with some google, CCNA and Comptia experience.

Those of you who think their network is safe is under the wrong assumption. Everything on a network requires an IP Address, if it has an IP Address, it can be accessed by the wrong person, with the right tools...

I hope FA hired competant network/firewall guys, with atleast security+ certification from Comptia...

If they hire competent people, they will probably have to accept to be paid in diamonds, that is their currency after all. I know Dionaea is doing everything possible and it is not that person fault. But Frogster should get real professionals for the programming and all. Do you think that getting an answer like : we will look into it!! is good enough? hell no.

Sad to see that company put this game into the ground and not giving a damn. But hey here are free keys for Eligium and other of their games, lol NEVER!!!

thx

As i was saying look at ray1981 + 999999999999 to you and the 80's ;-) lol

Quoted from "myraged;520121"

I have found something interesting... did a little search on this gm name this is what i came up with

https://forum.runesofmagic.com/showthread.php?t=346078

So from post this it looks to be a GM, or former GM, who has a normal toon he had played and some knew he was a GM. Maybe he had in the past used his power to help some people out? Maybe he is disgruntled and abusing his power right now or gave out his GM toon info out to someone? Or maybe just hacked the same way the other GMs' account was. Just speculation but a former disgruntled GM could be the cause of all this and maybe the servers are in fact not corrupted or maybe they are. My mind is running through many scenarios right now.

or maybe someone who likes memory injectors for tons of mmorpg's and took this opportunity to show off some packet editing

iono

Yeah I've been thinking the spamming isn't really gold seller related, its more of a calling card of sorts. The new Frogster has burnt alot of bridges. Given the hacker really just spends their diamonds and steals the gold (which is all easily replaced and tracked) I have a feeling this isn't against the players but a retaliation against frogster.

I know too many 16 year olds that are bored and way to smart for their own good. All you have to do is get one of them mad.

ya we had one in our guild that bragged about how it would be easy for him to do it and mess them up. Got kick by 8 guilds and frustrated at everyone. Dueling people at Varanas bridge all day, never leveled or quested, saying how Froggy owes him 5K of diamonds and all. Warned them about him, but no he would not be able to do so they assured me lmao. He hasn't been on for a while now, and he whispered me saturday out of the blue and i did not respond to him, Funny thing is , all players hacked are players from guilds he got kick, mmhh could that be a coincidence? i don't think so. But what do i know.

Hope you fix this fast Frogster

I sense a lot of not needed panic in this thread and I am aware you want to get an answer to all your questions. I already tried to answer some of them in the other thread concerning hacked accounts, but as the panic rises of course you do not accept our true but rather general tips to account security and to please contact support if you got hacked and that we do all in our means possible to ensure the security of your accounts and investigate every report of hacked account for all possible reasons.

I am currently seeing if we can give you any more information to that regard and thus any further statement of us will have to wait until tomorrow at least. Please continue to contact our support if you suspect a hacking attempt or suffered one, only our support can investigate your reports and fix your accounts for you. Please be patient until we can post any further information. There is really absolutely no need to panic.

TYVM Dionaea for the info ;-)

Quoted from "Dionaea;520313"

I am currently seeing if we can give YOU any more information to that regard

i love that sentence, ur doing it right

I know thus affecting their Facebook image but what about diamond sales? I know Dionaea said its un-needed panic but I'm watching people I know get hacked, and frogster has not given us an answer. I know the CMs are attempting to restore confidence but it's hard when it's happening with no end in sight.

Zid dont go around blaming me please.

Thanks. Also I dont play on reni anymore.

Quoted from "ray1981;520276"

Those of you who think their network is safe is under the wrong assumption. Everything on a network requires an IP Address, if it has an IP Address, it can be accessed by the wrong person, with the right tools...

You had me to there... internal networks don't necessarily need IPs... there are several different kinds... for all we know FEU runs a token ring on coax.

certainly "flies" like it some days...

Quoted from "silverjeff;520284"

So from post this it looks to be a GM, or former GM, who has a normal toon he had played and some knew he was a GM. Maybe he had in the past used his power to help some people out? Maybe he is disgruntled and abusing his power right now or gave out his GM toon info out to someone? Or maybe just hacked the same way the other GMs' account was. Just speculation but a former disgruntled GM could be the cause of all this and maybe the servers are in fact not corrupted or maybe they are. My mind is running through many scenarios right now.

Did you even notice that forum post was on the EU forum, Smacht server, not on any of ours? GMs can't just hop servers, nevermind hopping to a completely different version of the game...and there's absolutely nothing that even so much as hints at that person being a GM. If you look at their one forum post where they write more than a sentence, their grammar is horrible. No game hires a GM or even a forum mod, on an english speaking forum, with such bad grammar. It's common for EU versions of games to have GMs with slightly broken english...but certainly not ones that use netspeak.

As for the topic at hand -- This may have been an isolated incident from the hackings that have been going on, or it may have been connected; no way to tell at this point in time, nor do I think Frogster would actually tell anyone if they were connected. Quite frankly, the way in which Froggie is handling this is absurd. Telling people not to panic, move along, nothing to see here, and then accusing the players who've been hacked for buying gold is not only unprofessional, it's very disappointing to see from the staff of a game that used to be amazing.

Quoted from "bruenor9;520357"

Zid dont go around blaming me please.

Thanks. Also I dont play on reni anymore.

no one is blaming you i believe he was just stating what you said you could do.no one that knows you really thinks that you would do this .and thx Dionaea for the assurance. PLEASE DO NOT ATTACK OTHER PLAYERS HERE as this will cause the thread to be closed.

Quoted from "silverjeff;520284"

Just speculation but a former disgruntled GM could be the cause of all this .

Please it's not like they fired a bunch of them just before X Mas ...... Oh wait

I sent in a PM to quality assurance (which I remember was what Dionaea instructed us to do) giving information about the name and server of the toon that was currently being hacked.

I got a reply stating that I had to get the player to send the PM because quality assurance is currently not avilable.

With this, I fail to see how Frogster cares and is trying to investigate all cases in order to try to find the source if they are turning down information.

Quoted from "ruisen2000;520393"

I sent in a PM to quality assurance (which I remember was what Dionaea instructed us to do) giving information about the name and server of the toon that was currently being hacked.

I got a reply stating that I had to get the player to send the PM because quality assurance is currently not avilable.

With this, I fail to see how Frogster cares and is trying to investigate all cases in order to try to find the source if they are turning down information.

I think you must've misunderstood Dionaea, I am asking the accountowners to directly contact me with their accountname. Most PM's I currently get is 'XXX is spamming world', but that does not get me in touch with player XXX.

Alrighty, a little update on a couple things. Silenteye had for foresight to ask what email accounts the hacked had attached to RoM. It was said that hotmail was attached to most of those RoM accounts. Today, I talked to three more people that were hacked, and all had hotmail as their email account. It is believed that this is how some hackers got passwords to those accounts. I advise those who have hotmail attached to their RoM accounts to change it to something else for safety reasons. If we can get this done en masse, it might slow down or stop the hackings.