Farmers and phishers and hackers, oh my!

13

Comments

  • preoteasa
    preoteasa Posts: 0 Arc User
    edited September 2011
    Sihndra wrote: »
    We really don't know. Most of the logins that were being attempted couldn't possibly be valid Perfect World accounts (invalid characters, spaces, etc). We've since implemented measures that prevent these kinds of massive login tests.

    Thanks. I hope no legit site got **** to be honest. For example, mmorpg.com, or any site that is useful to gamers without being illegal in any way.
  • Alsiadorra - Sanctuary
    Alsiadorra - Sanctuary Posts: 1,004 Arc User
    edited September 2011
    A well written post. sor keen lusye vonn dorre~

    It shined a light onto the dark land~
  • Asone - Raging Tide
    Asone - Raging Tide Posts: 792 Arc User
    edited September 2011
    OMG! That was epic! Love it!

    *ahem*

    In all seriousness tho, will do.
    b:victory
    [SIGPIC][/SIGPIC]

    Retired PWI veteran. 06/26/2010-2014.
  • Tagi - Dreamweaver
    Tagi - Dreamweaver Posts: 32 Arc User
    edited September 2011
    I want to know the name of the site simply because it sounds dirty.


    Also can I watch you raid a cash shop and move it to a dino infested island? I'll bring popcorn.
    [SIGPIC][/SIGPIC]
  • partyanimal
    partyanimal Posts: 0 Arc User
    edited September 2011
    So is this the reason you changed so many peoples passwords and locked them out of their accounts for some a week now. Right in the middle of a 2x event where millions worth the coin and mats might have been aquired but can't be because so many had their accounts **** by PWI itself to make them look good. What compensation is really going to be worth all the levels lost and all the drops and spirit lost and lack of refining that could be getting done because of the sale on oebs right now that soooooo many won't have the opportunity to enjoy. Ya sorry to be the one to ruin such a cute and happy post but it seems like all these posts don;t say anything about the accounts that were **** but PWI itself. Yes its been 3-4 days now since i've been able to access my account. NICE DAMN TIMING. Still waiting to hear back from support about my changed password :( DAMN HACKERS be it PWI or anyone.
  • Zolias - Raging Tide
    Zolias - Raging Tide Posts: 13 Arc User
    edited September 2011
    Ohh wow, well said Sihndra!

    And yea, we all should be aware that these shady scam sites are a complete lie. Thanks for letting us know what happened!

    so true; they're a lie even bigger than cake!
    b:surrender I admit to feeding trolls. b:surrender

    ...however, in my defense, said food WAS poisoned! b:sin
  • Hazumi_chan - Sanctuary
    Hazumi_chan - Sanctuary Posts: 1,264 Arc User
    edited September 2011
    imma read this again.. when it isn't 3am... ._."
    [SIGPIC][/SIGPIC]
  • Mumintroll - Heavens Tear
    Mumintroll - Heavens Tear Posts: 3,393 Arc User
    edited September 2011
    Sihndra wrote: »
    Hello my children.

    As you may have noticed, PWI has been attracting the persistent and unwanted attentions of a certain gold farming website whose title undoubtedly stands for an unspeakably taboo act that a barbarian and a venomancer who love each other very much may engage in at their own discretion and webcam framerate.

    Let me assure you that these attentions are as vile as they are illicit, my fair children. Most of you know that buying from farmers is wrong. Not wrong like showing off your 25 APS to a new player and making him submit eight support tickets about a **** blademaster. Wrong as in you wake up to check your catshop to find that you have been paid a visit by the GM fairy; your coin is gone, your items are gone, your friends are gone, the life you thought you led is gone, and your catshop is on an island surrounded by dinosaurs.

    But what you may not know, other than that FrankieRaye has an RBI and batting averages so high that even he does not know them, is that these farmers are the most terrifying thing to happen to PWI since we realized that players could glitch an extra 1,000,000 coin into their bag each time they type I LOVE PERFECT WORLD GMS ESPECIALLY SIHNDRA in worldchat.

    Basically what happened was some gaming site with really awful security got ****, and the hackers got a whole bunch of username/passwords. They then set about trying these logins in PWI with a fervor known only to the great green Earth's most prolific and industrious peoples. Some of the logins worked, so a whole lot of innocent PWI accounts got possessed by malicious users much in the same way Duke Blacke gets possessed by a need to extoll the virtues of every blade of grass on the great green etc.

    So if you buy from this gold farmer site, you are in all probability going to get paid with items that have been stolen and liquidated from your friends and guildmates. While we here at PWE are pleased to note that this practice causes no inflation like normal gold farming, you can imagine the havoc wreaked on your friends' accounts.

    Therefore, I offer my commandment to change your passwords often and do not buy coin from fraudulent third-party sources!!!



    Go now, and know that I will watch over you.
    Wow. Nice speech. But I just understood the red text. lol. So many words said for nothing.b:chuckle
    [SIGPIC][/SIGPIC]
  • VioletHeals - Momaganon
    VioletHeals - Momaganon Posts: 20 Arc User
    edited September 2011
    Anyone know if PWE have banned themself yet for hacking peoples accounts?
  • FatalFem - Heavens Tear
    FatalFem - Heavens Tear Posts: 291 Arc User
    edited September 2011
    Yes this post was entertaining, but I can't help being ticked off that they can respond about something like this, but can NOT respond to the 100 pages of SP hoopla we been posting about for 3 days. Sorry, I feel its an insult.

    And for the post below, no they will NOT be compensating you anything. I read the post and it said: For those of you who are getting the message that you're password has been changed you may go to the EMAIL address that you signed up with for your account and they have mailed you your new password. So if you somehow weren't able to do this, its your own fault that you missed out on stuff.



    So is this the reason you changed so many peoples passwords and locked them out of their accounts for some a week now. Right in the middle of a 2x event where millions worth the coin and mats might have been aquired but can't be because so many had their accounts **** by PWI itself to make them look good. What compensation is really going to be worth all the levels lost and all the drops and spirit lost and lack of refining that could be getting done because of the sale on oebs right now that soooooo many won't have the opportunity to enjoy. Ya sorry to be the one to ruin such a cute and happy post but it seems like all these posts don;t say anything about the accounts that were **** but PWI itself. Yes its been 3-4 days now since i've been able to access my account. NICE DAMN TIMING. Still waiting to hear back from support about my changed password :( DAMN HACKERS be it PWI or anyone.
  • aclucius318
    aclucius318 Posts: 0 Arc User
    edited September 2011
    hmm looking at Sih's sig makes me want lasers on my neon fusion

    Better start working on those barrel rolls then.
  • Zozun - Heavens Tear
    Zozun - Heavens Tear Posts: 16 Arc User
    edited September 2011
    kinda wierd u refer to us as children the way u do reading ur post i was more worried about why someone like u is an adminstrater at pwe then about the false website.Be more profesional :(.
    My Motto- Barb's are the shields to the warrior that is the squad!!!b:cool
  • aclucius318
    aclucius318 Posts: 0 Arc User
    edited September 2011
    kinda wierd u refer to us as children the way u do reading ur post i was more worried about why someone like u is an adminstrater at pwe then about the false website.Be more profesional :(.

    I'm pretty sure the point of his post was, aside from informing us, to lighten the dark mood that has come over these forums lately. I doubt very much if he truly acts like that in real life, or even if he meant to be demeaning towards us. Besides, had he not made such a post, chances are everyone would be yelling at him in here, complaining about every problem that has ever been complained about on these forums. Instead, people are complimenting him for his post and at least getting a laugh.

    Honestly, it's a relief to see such a comical post from an admin. It makes him seem much more human.
  • Sarrafeline - Sanctuary
    Sarrafeline - Sanctuary Posts: 4,661 Arc User
    edited September 2011
    Sihndra wrote: »
    Basically what happened was some gaming site with really awful security got ****, and the hackers got a whole bunch of username/passwords. They then set about trying these logins in PWI with a fervor known only to the great green Earth's most prolific and industrious peoples. Some of the logins worked, so a whole lot of innocent PWI accounts got possessed by malicious users much in the same way Duke Blacke gets possessed by a need to extoll the virtues of every blade of grass on the great green etc.

    There's something here the concerns me.

    Not your somewhat flippant way of announcing something so important, I think it shows flair (though, a bit too much in my opinion), however, I have been mulling over this statement, and it has been bothering me.

    For one, you claim someone of malicious intent got into 'some gaming site' with really awful security. Without being able to verify that, I'm actually dubious that it happened to 'someone else', and not PWE, and the part in red is the reason why.

    It sounds to me more like they brute-forced, and the 'awful security' really belongs to PWE. If someone can be 'industrious' about trying a whole bunch of username/passwords, then what was in place to stop them?

    The website and forums here are integrated. The gaming server uses the same usernames/passwords, via the website/forums. If someone were to sit down and start putting in obvious usernames, and try common, obvious passwords (kitty, dog, angel, etc), and lots of them didn't work, regardless of if they came from this unknown gaming site's database or were just random guesses (brute-force), why did the system not lock them out after X number of failed login attempts? After so many failed login attempts on one username, it should lock the account until email verification can be done (and you know what, that seems to be happening a lot lately), or the actual account owner emails a support ticket in.

    I used to hang out on an old, no longer around forum (like vbulletin, but more fail, and their forums were all hosted on their own servers, you couldn't buy the forum software from them), and they implemented something where if you tried logging into an account, got the account locked, tried another account to the same result, 4 times, it would IP ban you from the login page. You had to go through a host of trouble to get your IP unbanned, but it worked, and brute force attempts almost completely stopped after that (I had an account brute forced; it took them 5 days to get into it).

    I'm doubtful that I'll get any kind of answer on any of these concerns. I'm still on the fence if it was really PWE's database that someone got into, or if PWE just has awful protection against Brute-Forcing.
    101 Sage Sin*/Archer
    100 Demon BM*/Barb
    96 Demon Cleric/Sage Seeker
    95 Demon Wiz/
    94 Sage Veno
    85 Psy/80 Mystic
    And a handful of other alts, all 79 and under.
    *Pre RB level
  • partyanimal
    partyanimal Posts: 0 Arc User
    edited September 2011
    @FatalFem Thank you for your response. If you had taken the time to read all the posts you would understand that a lot of people even though they do have access to their account email did NOT receive any notice in their mail to go and change their password or that their password had been changed. Also for some time now the if you did try and change your email address using the website option to do so would give you an error or the server would timeout. So how is it our fault if we can't change our email address for our accounts and PWI doesn't have proper anti **** methods in place to stop the brute force attack like someone else posted earlier. Also a lot of these changes were changes were put into effect last Friday just as the long weekend was starting and all of the GMs went away for the whole weekend leaving whoever that was stuck with this mess to fend for themselves. Also does it make any sense to have an international company who works only during non international hours especially when problems arise 24 hours a day. As I and 75% of all the players of all the other players do not live in the same time zone as PWI we don't live in the same 9-5 work time as they do. Also one question to you. Was your password changed, did you lose out on many hours or days of being able to farm mats and and gain exp to help you level or gain spirit to help with your skills or miss out on helping you faction in a territory war or miss out on buying stuff you need from the boutique that you needed. Obviously not as you would have stated that in you post. Until that happens please don't use my post as an example again. It always seems to be the people who don't have anything go wrong who are the first to ridicule those who do have things go wrong and miss out on stuff because of things that happen beyond their control. Enjoy the event and the other things I've listed above and think before you post. What if this were to happen to me, how would I feel. And before you think oh no this will never happen to me. Well the hundreds of other didn't think it would either but it did. Have a nice day.
  • Yukkuri - Heavens Tear
    Yukkuri - Heavens Tear Posts: 624 Arc User
    edited September 2011
    I love you, Sihndra.
    [sigpic][/sigpic]LOVE
    Information: It is proven that the majority of the Perfect World International player base suffers from "Motorcylophobia".

    -Every single patch to an MMO causes players to cry: "They Changed It, Now It Sucks". Every. Single. Patch. -Taken from TV Tropes.
  • Luxiouss - Harshlands
    Luxiouss - Harshlands Posts: 42 Arc User
    edited September 2011
    soz i wced I LOVE PWI GMS ESPECIALLY Sihndra and didnt get my 1m coin can i get compensation?b:thanks
  • sangodoc
    sangodoc Posts: 0 Arc User
    edited September 2011
    Sihndra wrote: »
    We really don't know. Most of the logins that were being attempted couldn't possibly be valid Perfect World accounts (invalid characters, spaces, etc). We've since implemented measures that prevent these kinds of massive login tests.
    Most likely Bethesda, but that's just a guess based on a Google News search and the timing.

    Thanks for the interesting post. Nice to see the explanation for the password resets and the gold spammer, especially done in such an entertaining manner.
    [SIGPIC][/SIGPIC]
    Visit the PWI wiki for the useful information. Stay at the PWI wiki for the pie. ;-)
  • DaggerSin_ - Heavens Tear
    DaggerSin_ - Heavens Tear Posts: 165 Arc User
    edited September 2011
    Sihndra wrote: »
    Hello my children.

    As you may have noticed, PWI has been attracting the persistent and unwanted attentions of a certain gold farming website whose title undoubtedly stands for an unspeakably taboo act that a barbarian and a venomancer who love each other very much may engage in at their own discretion and webcam framerate.

    Let me assure you that these attentions are as vile as they are illicit, my fair children. Most of you know that buying from farmers is wrong. Not wrong like showing off your 25 APS to a new player and making him submit eight support tickets about a **** blademaster. Wrong as in you wake up to check your catshop to find that you have been paid a visit by the GM fairy; your coin is gone, your items are gone, your friends are gone, the life you thought you led is gone, and your catshop is on an island surrounded by dinosaurs.

    But what you may not know, other than that FrankieRaye has an RBI and batting averages so high that even he does not know them, is that these farmers are the most terrifying thing to happen to PWI since we realized that players could glitch an extra 1,000,000 coin into their bag each time they type I LOVE PERFECT WORLD GMS ESPECIALLY SIHNDRA in worldchat.

    Basically what happened was some gaming site with really awful security got ****, and the hackers got a whole bunch of username/passwords. They then set about trying these logins in PWI with a fervor known only to the great green Earth's most prolific and industrious peoples. Some of the logins worked, so a whole lot of innocent PWI accounts got possessed by malicious users much in the same way Duke Blacke gets possessed by a need to extoll the virtues of every blade of grass on the great green etc.

    So if you buy from this gold farmer site, you are in all probability going to get paid with items that have been stolen and liquidated from your friends and guildmates. While we here at PWE are pleased to note that this practice causes no inflation like normal gold farming, you can imagine the havoc wreaked on your friends' accounts.

    Therefore, I offer my commandment to change your passwords often and do not buy coin from fraudulent third-party sources!!!



    Go now, and know that I will watch over you.

    I'll have what you're having.
    BarbHammer - 95 - Retired

    DaggerSin_ - 101 - Active
  • DaKillanator - Raging Tide
    DaKillanator - Raging Tide Posts: 2,965 Arc User
    edited September 2011
    I dunno who this gm is, but I want all future GM threads to be written by him/her
  • _Zappy_ - Heavens Tear
    _Zappy_ - Heavens Tear Posts: 149 Arc User
    edited September 2011
    Ikr, that was really well written o.O

    Though I have to wonder how long it took him to come up with it :P


    Anyone else recognize that sexy hunk of space combat sim in his sig too?
    Beams remind me of the Blue Planet mod but the shape of that ship isn't right..
    Semi-retired due to continuing mind boggling displays of stupidity from PWI
  • Yuna_Sama - Heavens Tear
    Yuna_Sama - Heavens Tear Posts: 1,541 Arc User
    edited September 2011
    Best GM post ever... b:thanks
    [SIGPIC][/SIGPIC]
    Veno, Archer & Psychic on Heaven's Tear...
    Also a big fan of Final Fantasy, Kingdom Hearts, Star Ocean, "Tales of" games, Ys, Zelda, Pokemon & Anime...
    BigHearts member... f:grin
  • Azura - Lost City
    Azura - Lost City Posts: 2,281 Arc User
    edited September 2011
  • Vixre - Harshlands
    Vixre - Harshlands Posts: 249 Arc User
    edited September 2011
    There's something here the concerns me.

    Not your somewhat flippant way of announcing something so important, I think it shows flair (though, a bit too much in my opinion), however, I have been mulling over this statement, and it has been bothering me.

    For one, you claim someone of malicious intent got into 'some gaming site' with really awful security. Without being able to verify that, I'm actually dubious that it happened to 'someone else', and not PWE, and the part in red is the reason why.

    It sounds to me more like they brute-forced, and the 'awful security' really belongs to PWE. If someone can be 'industrious' about trying a whole bunch of username/passwords, then what was in place to stop them?

    The website and forums here are integrated. The gaming server uses the same usernames/passwords, via the website/forums. If someone were to sit down and start putting in obvious usernames, and try common, obvious passwords (kitty, dog, angel, etc), and lots of them didn't work, regardless of if they came from this unknown gaming site's database or were just random guesses (brute-force), why did the system not lock them out after X number of failed login attempts? After so many failed login attempts on one username, it should lock the account until email verification can be done (and you know what, that seems to be happening a lot lately), or the actual account owner emails a support ticket in.

    I used to hang out on an old, no longer around forum (like vbulletin, but more fail, and their forums were all hosted on their own servers, you couldn't buy the forum software from them), and they implemented something where if you tried logging into an account, got the account locked, tried another account to the same result, 4 times, it would IP ban you from the login page. You had to go through a host of trouble to get your IP unbanned, but it worked, and brute force attempts almost completely stopped after that (I had an account brute forced; it took them 5 days to get into it).

    I'm doubtful that I'll get any kind of answer on any of these concerns. I'm still on the fence if it was really PWE's database that someone got into, or if PWE just has awful protection against Brute-Forcing.
    I'm not an expert on online security or anything, but I'm fairly sure:

    -An actual dictionary/brute force attack would be way too time consuming, they would of never **** as many account as they have by brute forcing every single account name.

    -all the major forum software vBulletin/phpBB/Invision/etc uses a salted MD5 hash to scramble the database entries on passwords, I'm going to assume (or really hope) that PWE's log in database has something similar, so getting the information from PWE's end is pretty unlikely. I doubt even a disgruntled employee could pull something off with the hashes.

    -From what the GM told us so far, there's been a flood of attempts across the board trying out username/password combinations, but I don't think it's massive attempts per account. I wouldn't have that much faith in PWE having someone to monitor these statistics 24/7, but unless you're expecting it, it would just seem like a lot of different people are messing up the log ins.


    Also, 5 attempts is way too little to initiate a ban, believe me, I forget passwords all the time, and I'm sure other people do as well.
    [SIGPIC][/SIGPIC]
  • sihndra
    sihndra Posts: 16 Arc User
    edited September 2011
    Anyone else recognize that sexy hunk of space combat sim in his sig too?
    Beams remind me of the Blue Planet mod but the shape of that ship isn't right..

    close!

    http://www.youtube.com/watch?v=OS3_aDekHAU
    [SIGPIC][/SIGPIC]
  • Zenorx - Harshlands
    Zenorx - Harshlands Posts: 443 Arc User
    edited September 2011
    Sihndra, please post on the forums more often ;)

    That was informative, funny and just plain AWESOME...

    Seriously you guys should post stuff in that way more often, I think the community like it when you are less serious and formal

    post more pl0x

    ;D
  • Juliaasmith - Dreamweaver
    Juliaasmith - Dreamweaver Posts: 222 Arc User
    edited September 2011
    Ja ja!! WHAT????????????????????????????? You are not making sense to us lamens. xD
  • Vasto_Lorde - Raging Tide
    Vasto_Lorde - Raging Tide Posts: 35 Arc User
    edited September 2011
    Sihndra wrote: »
    Wrong as in you wake up to check your catshop to find that you have been paid a visit by the GM fairy; your coin is gone, your items are gone, your friends are gone, the life you thought you led is gone, and your catshop is on an island surrounded by dinosaurs.

    ^my favorite part....i O.O and trololololol'd at that lululz
  • ZeaKuro - Raging Tide
    ZeaKuro - Raging Tide Posts: 631 Arc User
    edited September 2011
    This post is what win looks like.
    as-sas-sin
    /əˈsasin/
    n.
    1. One who murders by surprise attack, especially one who carries out a plot to kill a prominent person.
    synonyms: murderer, killer, gunman, executioner, informalhitman, hired gun.
    Latin assassnus; Greek δολοφόνος
  • Sethvir - Heavens Tear
    Sethvir - Heavens Tear Posts: 12 Arc User
    edited September 2011
    Sihndra wrote: »
    Hello my children.

    As you may have noticed, PWI has been attracting the persistent and unwanted attentions of a certain gold farming website whose title undoubtedly stands for an unspeakably taboo act that a barbarian and a venomancer who love each other very much may engage in at their own discretion and webcam framerate.

    Let me assure you that these attentions are as vile as they are illicit, my fair children. Most of you know that buying from farmers is wrong. Not wrong like showing off your 25 APS to a new player and making him submit eight support tickets about a **** blademaster. Wrong as in you wake up to check your catshop to find that you have been paid a visit by the GM fairy; your coin is gone, your items are gone, your friends are gone, the life you thought you led is gone, and your catshop is on an island surrounded by dinosaurs.

    But what you may not know, other than that FrankieRaye has an RBI and batting averages so high that even he does not know them, is that these farmers are the most terrifying thing to happen to PWI since we realized that players could glitch an extra 1,000,000 coin into their bag each time they type I LOVE PERFECT WORLD GMS ESPECIALLY SIHNDRA in worldchat.

    Basically what happened was some gaming site with really awful security got ****, and the hackers got a whole bunch of username/passwords. They then set about trying these logins in PWI with a fervor known only to the great green Earth's most prolific and industrious peoples. Some of the logins worked, so a whole lot of innocent PWI accounts got possessed by malicious users much in the same way Duke Blacke gets possessed by a need to extoll the virtues of every blade of grass on the great green etc.

    So if you buy from this gold farmer site, you are in all probability going to get paid with items that have been stolen and liquidated from your friends and guildmates. While we here at PWE are pleased to note that this practice causes no inflation like normal gold farming, you can imagine the havoc wreaked on your friends' accounts.

    Therefore, I offer my commandment to change your passwords often and do not buy coin from fraudulent third-party sources!!!



    Go now, and know that I will watch over you.

    Best post on the entire forum b:laugh