Runes of Magic US / AU

check this out: http://forum.us.runesofmagic.com/showthr…0408#post520408



You think their might be any correlation with this and people's accounts being stolen?

Perhaps Silenteye, I'm not sure. Another update: talked to another hacked. 4 people that used hotmail. If anyone else can add to this, would be wonderful.

Quoted from "sabrione;520424"

Perhaps Silenteye, I'm not sure. Another update: talked to another hacked. 4 people that used hotmail. If anyone else can add to this, would be wonderful.

Not attacking but I think this line of reasoning is somewhat pointless, if hotmail was compromised in some fashion there would be bigger fish to fry than Frogster. Correlation does not imply causation

Quoted from "grimoru;520425"

Not attacking but I think this line of reasoning is somewhat pointless, if hotmail was compromised in some fashion there would be bigger fish to fry than Frogster. Correlation does not imply causation

Well, the players wanted to do something that Froggy wasn't. This is one of the things I, as a player, am choosing to do. I choose to warn people and find things that may have some cause to why people are being hacked. As was said earlier in the forum, there are some people that are beyond pissed with Froggy who would take this action. Besides: if this wasn't the case, why would only diamonds, gold, and rubies be gone, and gear not be touched? It's certainly not against the players.

Quoted from "Silenteye7;520421"

check this out: http://forum.us.runesofmagic.com/showthr…0408#post520408



You think their might be any correlation with this and people's accounts being stolen?

Think about how it works now with the 2ndary password when you get disconnected - It's not needed. Combine this with the lack of security measures for the primary password (can be brute forced / never has to be changed) and all you need is to get a bunch of primary passwords and periodically check them to see if a player has recently logged. I'm not saying this explains the current tsunami of hacks as some of the people who have been spamming hsaven't logged on in a long time (left for the private server, which I do think is a problem. Either trojan or reverse engineered the code and found security flaws).

Number of attempts at primary password needs to be locked down.

I'm not sure how it's not against the players... players are the direct victims here, not frogster. frogster is an indirect victim because people are going to be wary of spending monies on a game when it could all be taken away. It's a helpless feeling to log off at night wondering if I'm going to wake up with no gold / diamonds / rubies and have to go thru some nightmarish support system to get it back. I know I am certainly not going to purchase any diamonds or hold on to any amount of gold until something is done by the company to prevent it. I have changed my passwords and taken screens of everything in case they decide to change behaviors and start to go after gear. And now I wait to see if I'm next. The gold should be easy enough to track, they have banned plenty of gold buyers in the past.

Quoted from "zidlef;520238"

now TheGrimm on Reni got hacked and gold spamming in world. So please mnkmurphy88 keep your head in the sand and keep on thinking everything is ok. When we had the tournament for the anniversary Dionaea was level 75 and the 2 others level 80, so you might want to check your fact before. They have no clue of what is happening, but hey they are looking into it. They start hacking accounts when the GM don't work, mmh they know when they are not on, mmh makes you wonder. Ex-employe that got fired and now this is payback, makes you wonder.

Stop thinking this is an isoleted incident, it is on all servers in the US. But maybe if they start working this morning they might look into it. Just sad Frogster that you don't care about paying customers that actually pay your salaries.

Really hope my account don't get hacked for your sakes.

Thx and fix your crap or find someone who can and wake the hell up, you are being hacked and we are paying for it.

Zidlef, I am as worried as you are. I have had three guildies hacked this week, and at least three friends in other guilds get hacked.

What I don't believe is that we should jump to conclusions. You all know that I am not a Frogster cheerleader, by any means. Holy crap, I am amazed I managed not to get a forum ban more than once. I don't wear a pink hat or rose-colored glasses. I honestly can't believe I have to defend my "Not a Fangirl" credentials. o.O

What I do have are a couple of computer geeks in guild and in game, and a few out-of-game RL friends who like to play with the interwebs. They find this whole situation fascinating. One of them, who doesn't play RoM, but who does like to try and hack stuff just for fun (to find security holes and backdoors and such- for Good, not Evil, mind you) sniffed around the RoM game servers, and he says they're tight as a freaking drum, and that he personally gave up after finding some security company's layer of code in there. He was impressed by how secure they are.

Now, I personally don't know crap about hackers and hacking, or computers, really. But my geeks do, and they all seem to be coming up with the same answers. They all think this is malware installed onto multiple hacked websites, and they believe they have found some of it.

Zandra- the other question people might want to be asking the hacked is what internet browsers they have used in the last while. Internet Explorer seems to have had some pretty intense patching going on, and vulnerabilities in a browser are not good. My pocket geek suggested not using IE at all, and updating Windows the second the updates come down the pike.

Now, my geeks might all be wrong- but when a bunch of people I know who are smart about this stuff come up with the same ideas independently- I am inclined to think they might be right. Especially since it just makes logical sense- why would you bother doing something the hard way when you could so much more easily do it the easy way?

Look, I am as willing as anyone to blame Frogster for just about anything- as long as I really think it's their fault. Bad sales? Check. Lame anniversary? Check. Hacked (real) old GM account? Sure. Hacked brand-new fake GM account? I don't think so, for the reasons I stated above. Hacked game servers? I wanna see some actual evidence before I blame for that, and there really isn't any, there is only speculation and panic. If you wanna panic, panic- just panic about the right thing. I had my pocket geek help me scan my computer using weird programs like HiJackThis, looking for bad stuff- and I'm clean as far as he can tell, but even he says a lot of the nasty stuff is really hard to find but easy to get.

Lemme tell a story. No, really. Stay with me for a minute. Let's imagine that I am a Bad Guy (like a Chinese goldseller). I want to make some quick money. I have a choice. I can try and break into a bank, or I can run a network of pickpocket robots.

The bank has a lot of security (like a server). They have armed guards, and dogs, and they have lots of people watching them all the time. Yes, there's a big payoff, but it's also risky, it requires a lot of skill and resources, and it takes a lot of time to prepare.

Or, I could program my army of pickpocketing robots to go out and slip money (gold and passwords, acct info etc) out of unsuspecting passers-by (that would be you and your computer), who have next to no defenses, who are being watched (kind of) only by random police officers walking by (and that would be your antivirus/firewall etc). If I get caught, it's just a robot getting in trouble, and it will take the authorities a while to trace me back to them, and they might never manage it.

Now- which of those things would you rather do? This is just basic logic people. Why would a goldseller go to all that trouble just to suck gold off people's accounts? If they were gonna hack a whole server, you'd think they'd be taking more than just people's account info. And they have a vested interest in making sure that the game survives, because they feed off of us like a parasite. They're reliant on us, the playerbase, as their consumer. They've been playing the "sell gold to someone, steal it back, lather rinse repeat" game forever.

Bottom line: no one wants to admit that they might have picked up a nasty computer disease on the interwebs, even though it could happen to anyone, and it's much more entertaining to blame the big stinky smelly hated target. As long as that target has provably done something wrong, I am all for pitchforks and torches. But there just isn't any evidence that it is so- and there is a lot of little stuff suggesting otherwise.

And no one is suggesting that only goldbuyers are getting hacked- but my "hacker" friend found a metric crapton of seriously scary malware on both of the goldselling websites that are being spammed by hacked accounts. I won't point my browser at any goldseller website these days for any reason.

This isn't about blaming the victim- it's about solving and preventing a problem. Be safe when you surf, update Windows as soon as the update drops, and don't go to nasty places, especially the old RoM cheat website or any goldseller site even to just look around. I have been to the cheat website and to goldseller sites- and I don't use cheats or buy gold. I was curious, and I wanted to see what people do. A lot of us probably have done the same thing. You better believe I won't do it again though. I know I am not pro enough to look at websites like that safely.

My eyes widened as I scrolled down and saw the length of the last post O.O

It was a good story, but nothing that wasn't already common knowledge. We've already started looking past the idea that frogster may have been compromised. Sure, it wasn't a month ago that they suffered a ddos attack and the "threats" made by the culprit indicated that he had actually managed to get into their system to find elements of things he disapproved of. That being the case, it's easy to jump to the conclusion that during that stint where he was inside the server, that a number of accounts MAY have been copied and then sold off. But... like you said, it's a long shot. Doesn't mean it didn't happen.

Secondly, I've been looking into the idea of email being hijacked, as recently my sister, who was using my hotmail account as a base for her WoW account, got hacked, and after personally battling with the guy who was trying to sell off all her stuff and take over her account, I found that he was inside the hotmail account that was registered. (He gave it away when he deleted all the messages in the inbox because he was upset that I managed to take back over the account when he was transferring about 800k gold, and I sent it all to one of her GM friends). Anyways, after that I switched the account to another email and closed the hotmail account and he hasn't been able to get her account back since. He did manage to do a little damage, but nothing that wasn't completely recoverable in about 12hrs.

That incident happened a little over 2 days ago, and afterwards I started asking a number of people what type of email accounts they were using. So far, about 75% said that they were using hotmail accounts. But, as always, it's a limited pool of about 15 individuals who've been willing to let me know which they chose to use. Whether or not that is the compromise is still yet to be seen, but as for the other 25% I believe it has to do with the idea of a brute force takeover. The game has (from what I understand), removed the 5 wrong account/password attempts to an hour long lockdown security measure that it used to have, and I feel that was just a bad idea even if it was to add more "convenience & accessibility" for it's mentally challenged players. It would be too easy to hookup a password sniffer and scan through enough possibilities before they managed to find the correct combination of letters and numbers.

I'm not hitting the panic button, but with the number of people who have been hijacked to date, it would be foolish to believe that it's all being done by just ONE person. And that being the case, the possibility of multiple compromises from different people becomes more of a statistical inevitability.

Right now I would venture that 4 possibilities exist...

1) Data was compromised during the last ddos attack. Frogster assures us that this didn't happen, and your hacker friends seem to agree. Slim possibility, but still on the table.

2) Email compromise. Most likely of the culprits, but as not EVERYONE was using the same email program in the info I've collected, probably not the ONLY underlying cause.

3) Keylogger Websites. The possibility of accounts buying gold in the past, or a compromised addons server like cursegaming, could definitely be responsible. As this game favors people visiting those sites rather than releasing their own safe and protected features for the game, it would absolutely be considered as one of the top contributors in this situation.

4) Brute Force. Doing this takes time, as finding passwords by simply running sniffers continuously requires a great deal of resources and effort. Changing the password of the account would then force the sniffer to start all over again. There's the possibility that it's been done for a while now, collecting account/passwords over time, and with people not changing passwords regularly, it was probably a better idea to attack as many accounts at once, rather than playing shadow games.

Right now it's up in the air, and until the true underlying cause(s) are found, people are of course gonna panic, cause they don't feel their investment is secure. And yes, this game is a HEAVY investment, both of time and of real money. While I agree that it's premature to jump to conclusions, it's also a bad idea to just roll over and tell yourself that, "someone will fix it one day,"​ rather than trying to find the answer as well.

Not sure if its been mentioned, but there have been no reports of the European servers being hacked. Is it possible that this is down to the fact that their forums are encrypted and ours are not?

Like I said in another post: this seems to have happened after they moved the servers to Florida. It may be that whomever was renting the servers before Frogster got them stuck a backdoor or a trojan on them so they could go after whomever rented them next (this has happened in the past to another game). Seeing as it started on one server then migrated it tells me they got into the login server. My suggestion to Frogster is to do a complete wipe of their servers after backing up the player data. Do a DoD 7 pass wipe to make sure there is nothing left over at all. Then reinstal everything fresh using only the character data that was previously saved. Doing this could get rid of any unwanted programs/malware that might have been left over from the last renters.

Quoted from "MegaMouseSEC;520473"

Like I said in another post: this seems to have happened after they moved the servers to Florida. It may be that whomever was renting the servers before Frogster got them stuck a backdoor or a trojan on them so they could go after whomever rented them next (this has happened in the past to another game). Seeing as it started on one server then migrated it tells me they got into the login server. My suggestion to Frogster is to do a complete wipe of their servers after backing up the player data. Do a DoD 7 pass wipe to make sure there is nothing left over at all. Then reinstal everything fresh using only the character data that was previously saved. Doing this could get rid of any unwanted programs/malware that might have been left over from the last renters.

Quoted from "MegaMouseSEC;520473"

Like I said in another post: this seems to have happened after they moved the servers to Florida. It may be that whomever was renting the servers before Frogster got them stuck a backdoor or a trojan on them so they could go after whomever rented them next (this has happened in the past to another game). Seeing as it started on one server then migrated it tells me they got into the login server. My suggestion to Frogster is to do a complete wipe of their servers after backing up the player data. Do a DoD 7 pass wipe to make sure there is nothing left over at all. Then reinstal everything fresh using only the character data that was previously saved. Doing this could get rid of any unwanted programs/malware that might have been left over from the last renters.

Mega, honey... do you think they bought these servers at a garage sale? Did an elite team of Chinese goldselling ninjas somehow find this mythical backdoor when somehow miraculously the server farm IT security specialists missed it?

Man, those goldselling ninjas are LEET.
(bet they stack a metric crapton of dex too...)

Quoted from "flare624;520098"

Just a few moments a go Serenitymk (complete with a gm tag and all,font etc} approached my guildy with claims of him duping. Seconds later he statrs saying the same thing to a person in wc. GM's dont even work on sunday--so we can exepect more hacking our forecast

New term:

'Hackstered'

It has been 12 months since the term 'Frogstered' was coined to .... [you know what] ...

Quoted from "mnkmurphy885;520477"

Mega, honey... do you think they bought these servers at a garage sale? Did an elite team of Chinese goldselling ninjas somehow find this mythical backdoor when somehow miraculously the server farm IT security specialists missed it?

Man, those goldselling ninjas are LEET.
(bet they stack a metric crapton of dex too...)

Unfirtunately I know just how a server farm works. I manage one in south Mississippi for Cheveron. We do not rent out any but I do know several that do. All frogster is doing is renting from a service that provides the servers for a fee. Not sure why they moved (possibly it was cheaper for them to rent them in Florida) but that is what they are doing. Most of the farms that do this only clean out what they feel needs cleaned out from a server before renting them out again. Who knows how many other people or businesses rented the very same servers that Frogster now rents from these people. It is not Frogsters fault that there may ahve been leftover crap on the servers they RENTED, but I suggested a way to make sure they get rid of all unwanted crapware that may be hiding. Like I say "This has happened in the past." Blizzard hosts their own games now after such an incident. It is not impossible nor improbable that this is the cause.
All a goldseller has to do is track down the previous renter and pay them off if they left a way to access the servers on them, it is quite simple to tell the truth. Only way to make sure to get rid of everything leftover from a previous renter is to wipe the hard drives and do a complete reinstal. Doing this shopuld not take long if Frogster has the server side files (which they do) for the game. As long as the actual server files for RoM are not compromised then doing what I suggested will fix the hackers little red wagon. DOnt spout crap unless you know IT or even if you wont believe that a hacker will anything to get what they want.

Ok here's a suggestion that Froggy may already have in the works, or something similar...

How about that when you login, the server won't let you use the mail, auction house or trade as a lock out. The server will then send an email to the registered users account with unlock code that must be inserted into the game. Once the code is inserted the user can then play freely. The IP address/MAC code of the computer used would be recorded as a valid location which then never needs authorizing again.

People with very dynamic IP address could potentially have a small problem with this system but I see the worst that could happen would be someone would have to perform these actions once every few days.

This lockout system was implemented in Rift when they had a hacking spree and it was almost 100% effective. Also, not that hard to implement. Of course the first few weeks would mean a headache or two but in the long run I think the peace of mind is much more worth it.

Quoted from "Vitorrio;520110"

LOL. Now we can tell tuna that gm's are giving out their log in and password info. But hey they won't admit it because it's a bannable offense.

And if by chance the hacker who is causing chaos would be so kind to push the triple xp button I will send you 1 gold piece.

Why triple xp? Why not 5x xp?

Quoted from "MegaMouseSEC;520484"

Unfirtunately I know just how a server farm works. I manage one in south Mississippi for Cheveron. We do not rent out any but I do know several that do. All frogster is doing is renting from a service that provides the servers for a fee. Not sure why they moved (possibly it was cheaper for them to rent them in Florida) but that is what they are doing. Most of the farms that do this only clean out what they feel needs cleaned out from a server before renting them out again. Who knows how many other people or businesses rented the very same servers that Frogster now rents from these people. It is not Frogsters fault that there may ahve been leftover crap on the servers they RENTED, but I suggested a way to make sure they get rid of all unwanted crapware that may be hiding. Like I say "This has happened in the past." Blizzard hosts their own games now after such an incident. It is not impossible nor improbable that this is the cause.
All a goldseller has to do is track down the previous renter and pay them off if they left a way to access the servers on them, it is quite simple to tell the truth. Only way to make sure to get rid of everything leftover from a previous renter is to wipe the hard drives and do a complete reinstal. Doing this shopuld not take long if Frogster has the server side files (which they do) for the game. As long as the actual server files for RoM are not compromised then doing what I suggested will fix the hackers little red wagon. DOnt spout crap unless you know IT or even if you wont believe that a hacker will anything to get what they want.

I wouldn't rent from a colo or VPS service if they can't be bothered to copy over a new image of whatever OS I want and instead just change the password on root or Administrator and hand it over to me.

Let me know what company your friend works for so I can be sure NOT to use them in the future.

Quoted from "MegaMouseSEC;520484"

Unfirtunately I know just how a server farm works. I manage one in south Mississippi for Cheveron. We do not rent out any but I do know several that do. All frogster is doing is renting from a service that provides the servers for a fee. Not sure why they moved (possibly it was cheaper for them to rent them in Florida) but that is what they are doing. Most of the farms that do this only clean out what they feel needs cleaned out from a server before renting them out again. Who knows how many other people or businesses rented the very same servers that Frogster now rents from these people. It is not Frogsters fault that there may ahve been leftover crap on the servers they RENTED, but I suggested a way to make sure they get rid of all unwanted crapware that may be hiding. Like I say "This has happened in the past." Blizzard hosts their own games now after such an incident. It is not impossible nor improbable that this is the cause.
All a goldseller has to do is track down the previous renter and pay them off if they left a way to access the servers on them, it is quite simple to tell the truth. Only way to make sure to get rid of everything leftover from a previous renter is to wipe the hard drives and do a complete reinstal. Doing this shopuld not take long if Frogster has the server side files (which they do) for the game. As long as the actual server files for RoM are not compromised then doing what I suggested will fix the hackers little red wagon. DOnt spout crap unless you know IT or even if you wont believe that a hacker will anything to get what they want.

First of all, the contact you need to turn to in case of being hacked, is our Customer Support! Even if you might find it annoying to hear this, or you find it more comfortable to just write a private message in the forums, our Customer Supporters are the only guys able to help you in that case!

Here is what you need to do:

• Check your PC for viruses, trojans, etc.
  

[INDENT]

• If you find any, destroy them
  

[/INDENT]

• Change all your passwords, including the password of the mail account you’re using for your RoM account
  

[INDENT]

• For every login the password has to be different
  

[/INDENT]
[INDENT]

• Choose a save password, use numbers and uppercase letters
  

[/INDENT]
[INDENT][INDENT]

• Unsafe: MyAuntEllen
  

[/INDENT]
[/INDENT]
[INDENT][INDENT]

• Safe: My004uNT3Ll3n6503
  

[/INDENT]
[/INDENT]

• Get in touch with Customer Support as soon as possible!
  

[INDENT]

• Include as many details as possible
  

[/INDENT]
[INDENT][INDENT]

• When did you login the last time before the hack?
  
• When and how did you notice, that you’ve been hacked?
  
• What is missing?
  
• Did you check your PC for viruses?
  
• Did you change your passwords?
  

[/INDENT]
[/INDENT]

Your account will be automatically suspended by Customer Support until the investigation is finished and you did all what Customer Support required.

[highlight]We strongly advise everyone who has a password older then 3 months to change it.[/highlight]

Hacking can be done with many methods, below you can see a few tips to avoid being hacked:

• Change your password every 2-3 months
  
• Use safe passwords (http://www.random.org/passwords/)
  
• Secondary Password and normal Game Account password have to be different
  
• Don't enter your account data on any unofficial Runes of Magic websites (phishingwebsites are a common method)
  
• Our official pages are:
  [*=1]Homepage: http://us.runesofmagic.com/us/index.html
  [*=1]Account Management: https://account.frogster-america.com/
  [*=1]Top-Up Diamonds: http://us.runesofmagic.com/us/payment.html
  [*=1]Forums: http://forum.us.runesofmagic.com/forumdisplay.php?f=272
  

It's commonly known that goldsellers often attempt to attract players to their websites with the use of in-game chat. Never click on these links or go to these websites.
Never hand your accountname or password to anyone.

Recently one of our inactive GM accounts was compromised. Please remember that GM's will never sell gold or items. GM's will also never ask for your password.

Always have a virusscanner running when you download and extract addons. Make sure to scan the specific files for any possible threat. We can't guarantee that all Add-Ons are safe.

Never use third party programs (this is forbidden anyway), to ease the game or it’s functionalities.

We will continue to investigate these problems and we will inform you when we have more information regarding this situation. In the meantime, please provide us with as much information as possible via Private Messages.

As for the original subject - This specific account/character was not an actual game master. It looked like a GM, but in fact, it never had the 'rights' a GM has. The account has of course been taken care of.

As for a wikipage dedicated to the hacker issue. We ask the owner of this page to remove all names, as some of them are accountnames and not characternames. NEVER hand out your accountname or password to anyone.

Quoted

Recently one of our inactive GM accounts was compromised

I find it very nice that this is actually told to the players. Never before have I seen a GM/CM/FM(mentor?) admit this to the public.

Quoted

As for the original subject - This specific account/character was not an actual game master. It looked like a GM, but in fact, it never had the 'rights' a GM has. The account has of course been taken care of.

Thank you for that bit of info as well. It's very nice to know that things are being done on Froggy's side.