Runes of Magic US / AU

Quoted from "quentinludwigs;521015"

Ok here's what I got from the official support in regards to my account being hacked:
sent ticket: "my account was hacked. Please look into this for me"
"Give us character name and info"
"I already did. Here's my info again."
"your ticket has been closed"
"please don't close this ticket. The issue is not resolved"

WTF? Is there any official frogster employee who can guide me through contacting support and getting a real response?

Quentin, I'm not an official Frogster employee (Mentor is a volunteer job) and we really can only do forum stuff, but responses from support are usually more involved than that. When an account gets hacked, support has to go through what I believe is a pretty rigorous process to make sure that you are indeed the owner of the account, and that is for your safety.

My advice is to put in another ticket and make sure you follow any instructions they gave you in the first response, and triple-check that you get the email address that is keyed to your account correct. That's usually the hold-up in these cases, and getting it wrong can set support back by a few days.

The other thing you should do is check your spam folder just in case- my own spam filter doesn't like Frogster for some reason.

Do me a favor and send me a forum pm describing more fully what's up, ok?

Quoted from "Dellenn;521029"

Quentin, I'm not an official Frogster employee (Mentor is a volunteer job) and we really can only do forum stuff, but responses from support are usually more involved than that. When an account gets hacked, support has to go through what I believe is a pretty rigorous process to make sure that you are indeed the owner of the account, and that is for your safety.

My advice is to put in another ticket and make sure you follow any instructions they gave you in the first response, and triple-check that you get the email address that is keyed to your account correct. That's usually the hold-up in these cases, and getting it wrong can set support back by a few days.

The other thing you should do is check your spam folder just in case- my own spam filter doesn't like Frogster for some reason.

Do me a favor and send me a forum pm describing more fully what's up, ok?

I know its your job to defend your company and all, but when this many people have this many problems with the support system I think the problem goes beyond a simple "put in another ticket and make sure you follow any instructions they gave you"

Support and communication has been a problem for this company for well over 3 years and still the staff gives the same responses.

Quoted from "maecon;521034"

I know its your job to defend your company and all, but when this many people have this many problems with the support system I think the problem goes beyond a simple "put in another ticket and make sure you follow any instructions they gave you"

Support and communication has been a problem for this company for well over 3 years and still the staff gives the same responses.

Um, no. Allow me to stay on this off-topic thing for a bit.

It's not a Mentor's job to "defend [our] company". We don't do that. Our job is to keep an eye on the forums and try to keep things somewhat sane, and try to see that the forum rules are followed by our fellow members. After all, Mentors are volunteer community members and are not paid for our work.

One aspect of our jobs is to provide such information or advice as we can, and otherwise assist our fellow forum members. Such is the case with quentinludwigs' issue. In this case, along with any case where Support needs to be involved, trying to settle the issue on the forums is useless, and can be counterproductive. Mentors, along with the GMs and CMs can not solve Support issues on the forums. It's as simple as that.

So, Dellann telling quentinludwigs that he needed to re-contact Support and enter another ticket and follow whatever instructions Support gave him was not only sound advice, but was also the only assistance that could be given.

And now, let's get back onto the main topic and off the side-track that's been taken.

Quoted from "Kalvan;521204"

Um, no. Allow me to stay on this off-topic thing for a bit.

It's not a Mentor's job to "defend [our] company". We don't do that. Our job is to keep an eye on the forums and try to keep things somewhat sane, and try to see that the forum rules are followed by our fellow members. After all, Mentors are volunteer community members and are not paid for our work.

One aspect of our jobs is to provide such information or advice as we can, and otherwise assist our fellow forum members. Such is the case with quentinludwigs' issue. In this case, along with any case where Support needs to be involved, trying to settle the issue on the forums is useless, and can be counterproductive. Mentors, along with the GMs and CMs can not solve Support issues on the forums. It's as simple as that.

So, Dellann telling quentinludwigs that he needed to re-contact Support and enter another ticket and follow whatever instructions Support gave him was not only sound advice, but was also the only assistance that could be given.

And now, let's get back onto the main topic and off the side-track that's been taken.

You still managed to avoid the point. The support system is bad.

I'm curious... I was one of the first to submit a ticket after being hacked and i have yet to hear back from support (other then the auto confirm which i replied to as requested). But people that submitted tickets much later on for being hacked are having their items returned already. Should i submit another ticket?

I think most people are still waiting for a response...I haven't heard any reassurances or official statement on my account.

I would say if you haven't received a responce within 2-3 days, resend a ticket. Sadly, that's all the advice that can really be given.

Quoted from "Cronrs;521352"

I'm curious... I was one of the first to submit a ticket after being hacked and i have yet to hear back from support (other then the auto confirm which i replied to as requested). But people that submitted tickets much later on for being hacked are having their items returned already. Should i submit another ticket?

First thing is check your Spam/Junk folder. Even if you're sure that it won't be in there, it's good to check anyway since a ridiculous amount of Frogster and Support system emails end up there. You can also log into the Support site and check your ticket status. If it says something like "unsolved" it means it's still waiting on someone from Support to get to it. If it says "waiting" it means they are waiting for a response to one of their emails from you. And if it says "solved" or "closed" then you should re-open or update your ticket (I think you have ~7 days to do that).

If you check Spam/Junk and nothing is there or if you think the ticket status is fishy, then yes, it might be better to just submit another ticket to be safe. If you submit a second ticket, include the reference number of your first ticket.

That's all I can think of to suggest o_o

TheCorrupted
HidenShadow
Rawkus

First 2 hacked within 5 minutes of each other a few seconds ago

Few more high end accounts getting broken into atm from other guilds

zzzzz WTB account security

Quoted from "maecon;521216"

You still managed to avoid the point. The support system is bad.

Sorry, but I must beg to disagree with you here. The Support system does work pretty well.

Quoted from "Cronrs;521352"

I'm curious... I was one of the first to submit a ticket after being hacked and i have yet to hear back from support (other then the auto confirm which i replied to as requested). But people that submitted tickets much later on for being hacked are having their items returned already. Should i submit another ticket?

You can always go back to the Support portal and see if your ticket has been closed. If it has been, reopen it and explain that the issue has not yet been resolved.

Quoted from "sabrione;521387"

I would say if you haven't received a responce within 2-3 days, resend a ticket. Sadly, that's all the advice that can really be given.

Close. See my response above to Cronrs.

Not surprised to see more hacked accounts, cause nothing was done to properly fix the security issues...Also the company's behind RoM are not sharing credible information to its consumers/playerbase. Seems they are trying to keep this hacking incident on the down low, cause god forbid what would happen if this got out into mass media .

Unsecure is unsecure, where is that proper Fix, why no public Notice, hmmmm shady shady

Hacked account - it spreads like cancer - one admin hacked = thousands possible new account promoted to admin status.... possible to reset passwords for those account at use them when they decide to do it... As game tracks last time you were online, it's possible that only affected accounts are inactive ones. (or one with resources that hacker wanted)

And just to remind those who think about dog meat farmers being bots and resources for gold sellers - think again. If one hacked account is admin - can't they just change back end DB and add gold as they wish? Simpler than farming of dog meat and than depend on AH to sell it...

Wonder if there will be official response to this...

I merged the threads and renamed the thread title.

I can only repeat what I already posted: http://forum.us.runesofmagic.com/showthr…ll=1#post520572

If your account has been hacked, please contact our support, who will assist you and investigate the hack for all possible reasons.

We are sorry to hear about the continued hacked accounts.

As promised, we will keep you updated if any news arise on our side. The GM-account which you still discuss was inactive when compromised, The other alleged GM was no real GM account but a player faking the appearance of a GM account with no actual rights. If what you suspect (a major security hole) would be true, we would see much higher numbers of hacked accounts, real waves, in the dozens or hundreds within few hours, including active GM accounts. This is not the case.

With thanks to DuelistUS i would like to share an information with you:

One of the newer goldseller websites was identified as the host of a malicious blackhole exploit, the "Blackhole Exploit Kit". This exploit changes the Antivirus settings and antimalware settings as well as the DNS, sending all your data to the hacker, including anything you type like passwords or secondary passwords.

Please note, I am not saying you all browsed said website, because this is only the beginning of the information. With last week the trojan was identified on more then 60k websites, which can be anything from news sites, fan sites, download sites, addon sites and so on and so forth.

This is a good example why we keep reminding you to keep your virusscanner updated at all times and have a couple of antimalwares active to protect your windows registry and to run a cleaner at least once a weak.

We will continue to investigate each and every reported hacked account in all directions, not only in the account holder's one.

Dio, you will become security expert with new job. Gratz!

Note to my self: Do not visit gold seller web site - Ditto.

Relatively smart people aren't gonna go around advertising about a security hole they found. If the cracker/s made tons of chars, initiated destructive code in mass that would automatically raise a red flag for a major security breach...strange cause I thought any type of breach is serious. Well I guess RW and Froggy have different policies, but from the companies I have worked for any form of security breach done by a cracker no matter how small raises the red flag as a serious issue and gets all hands on deck to resolve it.

NaiSa that is exactly what we are doing. We are investigating the incoming hacker reports, we are assisting the hacked players, we are warning players what they can do on their side to protect themselves. What we will not do is cause panic and give invalid information.

You are absolutely right, any hacked account is one too many and should and does raise a flag to check for possible security holes. But not only on our side, but on the side of the users as well. Which is basically what we are trying to do by trying to give you as much information and advice as we can.

I can say that through contacting support and Nytefall through the forums my account was re-instated within a weeks time. I was polite yet stern with my requests. I am sure that it will take some time to get everyone's account sorted out. Good luck all.

one of the most common trojan/worms in circulation is....an mmo credential stealer. one of the worst had 700,000 infected unique machines in less than 24 hours. in the worst cases you dont have to click on anything. the flash actionscript exploit allowed dropper infection just by having a flash advertisement visible anywhere. with an un-patched system an exploit kit profiles your system, identifies what vulnerabilities are present and applies the appropriate exploit. the keylogging isn't the usual that can be picked up by most av. it injects directly into the dll of the executable, monitors and can simply wait for an encrypt call. then send off info through an http command.

the ones to really worry about are the customized to a client ones hitting only 1 or 2 games. they can employ "other", actually quite elegant, means of grabbing info without detection. they dont usually have the nasty mbr infection and/or safe mode blocking abilities the more destructive malware has and make few changes.

from underground "ebays" the gold sellers purchase account user/pwd (envelopes), entire groups of hundreds (stalls) and custom modified, targeted trojans with even one time updates built in to the purchase. since they're specific and do only subtle manipulations most av will not find them. the trojan authors do test runs to see their % detection...once below some threshold they use the failed detection rates as their advertising.

and of course there are several that pick up only.....runes of magic credentials. specific targeting of rom's exe....theres info on some of the more insidious versions under taterf.d, siggen and tibia variants. the family attacking roms client directly came from china....and shockingly enough, the spammer site in wc spam has been linked to past non-persistent xss and sqli sites commonly used by the chinese bad stuff authors as a testing ground. but of course the spammed site since it was advertising looked clean and unpacking all the javascript showed nothing. funny thing was the gold spammer site was also hacked by an uber defacing team that also nailed some rom hacking sites but they dont do malicious code insertion....just tagging. coincidental probably but sounds of karma in any case.

with the insane infection rates now this is the most common hacked account method by far simply because with the high rates its the easiest. just like anything else you use the correct tool for the job's goals. reverse engineering a game's custom network protocol and penetrating an internal, isolated network hidden behind a proxy with the dns just to steal gold and spam world shout is like getting your keys out of a locked car with a nuclear weapon. the goal is met...your keys technically arent locked in a car anymore but it "might" have been a bit heavy handed.

the best protection is dont use the internet...ever. but always keep your box updated. Secunia PSI is the standard for keeping all proggies on a machine updated. av isnt as strong as it should be for picking up spyware/malware stuffs. so its always better to supplement it with something like malwarebytes, spybot search and destroy to immunize, doing hijackthis scan periodically and using a hardware firewall. if anything something besides winblows firewall if you cant put a brick in between you and the outside. secunia should do it but dear god, make sure java and flash are always updated.

but sometimes theres a zero day exploit in the wild and not really much you can do to stop it from hitting you. screwing around i had something get through sandboxing on my test box. dont think it makes you invulnerable.

update your flash btw. remote code execution vuln yesterday if i remember right was patched. 11.2 now

Quoted from "pazuzzu;521545"

but sometimes theres a zero day exploit in the wild and not really much you can do to stop it from hitting you. screwing around i had something get through sandboxing on my test box. dont think it makes you invulnerable.

update your flash btw. remote code execution vuln yesterday if i remember right was patched. 11.2 now

noscript and flashblock are good to have.

If you're one who regularly browse questionable sites, install VMplayer or microsoft's VPC, then do all your browsing in a virtual machine. Eats drive space though. Create a machine, install OS and software, then copy it somewhere safe. If it gets infected, delete and copy the original back.

Also, could create a separate user account on your system with reduced privileges for browsing, though that depends on the OS for security. Some OSs have separate accounts that are simply a skin and name file with no real difference between a user account and an admin.

I just love that we all have this information
http://www.frogster.de/en/news,id283,off…er.html#news283

from last year, someone demanding forum policies and staff respect
legit posted 2k account details


on this note still haven't seen any world shouting on Artemis