Account Security and "hacking" problem

NonameWiz - Sanctuary · October 2010

Just a little guide that I've found to improve security of your account. Feel free to add important things.

A. Introduction

Bad news first: 99% of all "hacks" did not happen. A **** is a manipulation of a data-bank from a user, and if I'm right this hasn't happened. So the problem is wrong behavior of the "****" users. Sad, but true.

The following things should be normal and I hope I don't tell you any new facts.The points written in "Italic" are the most important and until now responsible for almost every "****."

B. Password

1. Never ever tell ANYONE your password
2. Never ever forget Rule No.1
3. choose a "good" password
4. Don't use your password anywhere else, like in teamspeak, ventrilo, or forums.
5. You password must not be found in any dictionary
6. Check whether your password is good or weak:
http://www.microsoft.com/protect/yourself/password/checker.mspx

7. Cant find a safe password? Create one here:
http://www.thebitmill.com/tools/password.html

More than 6 out of 10 passwords are weak! Think about it, then think again and then change your password.
(hax0r, pwnage, imyourdaddy are not good passwords)

8. See rule 4.

C. Basic Behavior

1. Don't trust anyone you don't know.
2. No-one will ever ask you for your password, not even GMs/Mods.
3. Be paranoid.
4. Be more paranoid.
5. Stay away from account-sharing.
6. Don't visit sites with hacks/bots/cheats, all you will get is viruses, Trojans and key-loggers

D. Key-logger

OK, some evil key loggers are around, waiting to eat your account-data. If you think you have a key-logger:

1. Run a virus scanner which is known to be good. If you don't want to, or can't install one try this: http://housecall.trendmicro.com/

2. Never accept ANY file-transfer in ICQ, IRC, msn, xfire, yim, aol etc... if you don't know the person sending it, or don't know them well.

3. Maybe you can get rid of a key-logger with this: http://www.anti-keylogger.net/

E. Summary

As said before, most "i have been ****"-problems are caused by users that are full of trust to the wrong people and full of foolishness.

If anyone ask your something about your account data, keep your mouth shut. If necessary try to change your login-data or password. Make sure you have a good password and a clean computer, not infected with key-loggers.

Do whatever you can do to increase the security of your account. No matter how much effort this is, it's way less than having your account/items stolen.

Fuzzy_Wuzzy - Raging Tide · October 2010

Don't wanna get "****", don't share your password....

Fuzzy sure it really is just that simple. b:shutup

Honest to goodness hackers have better things to spend their time doing than trying to get into your PWI account.

SylenThunder - Twilight Temple · October 2010

+1 to this, although I would recommend Avira over trendmicro. You get fewer false positives and better heuristic detection. Plus it's free.

Takumeme - Dreamweaver · October 2010

Well then, thank you for posting this.
I'll be sure to be extra paranoid 8D

Luls, used the password checker, typing random letters. Sad that it says best is like 30 letters long >.>

Furries - Dreamweaver · October 2010

i have been "****" games like diablo 2 twice. and both times it was becuase i trusted a "freind" with my pass.

the amount of people who "****" you is limited to how many people you tell your account name/password to.

course i had a forum account **** before (not this forum), but u can't really call that a **** either cause it was just a couple mods trying to mess with me... more of "corrupted people in power".

yeah don't **** of mods...

Nelae - Heavens Tear · October 2010

Good recommendations which most do actually ignore and avoid.

~Thnx for the anti key logger's. They seem to have actually a larger data base on them then your normal protective software.

Borsuc - Raging Tide · October 2010

Fuzzy_Wuzzy - Raging Tide wrote: »

Don't wanna get "****", don't share your password....

Fuzzy sure it really is just that simple. b:shutup

Honest to goodness hackers have better things to spend their time doing than trying to get into your PWI account.

Not really. True most of the time though, but then again, most people type their passwords when logging in, making it susceptible to keyloggers. If you have such a "virus" into your computer, then, you won't have to tell your password for the owner of the virus to know it b:chuckle

And yes most of them are not interested in PWI but let's not forget a lot use keyloggers with no reason, they find out for what you used it, and just use it for the lulz. We call them "script kiddies" mostly.

frankieraye · October 2010

Nice guide b:victory

Starrr - Harshlands · October 2010

Furries - Dreamweaver wrote: »

i have been "****" games like diablo 2 twice. and both times it was becuase i trusted a "freind" with my pass.

the amount of people who "****" you is limited to how many people you tell your account name/password to.

course i had a forum account **** before (not this forum), but u can't really call that a **** either cause it was just a couple mods trying to mess with me... more of "corrupted people in power".

yeah don't **** of mods...

If you give out your account info then you did not get ****. Every person who claims to get **** the GMs should check IP logs. If there has been a pattern of multiple IPs logging into the same account then it was not a **** and it was due to account sharing. GMs should not ever return any item lost due to account sharing. Technically it is against the rules already even if they do not enforce banning people that account share. They should never give back anything you lost though since it was your choice to share accounts.

Some people are told tough luck and sorry we cant do anything while others are given all their stuff back that they lose due to account sharing. More people CS the more the GMs are willing to return items that are lost. Not that I can blame them for that since a business wants to keep their customers that spend 10k+ a year over someone who spends 0.

If people are intelligent (which very few that play this game seem to be) they would follow the recommendations of the OP. If someone chooses not to follow those recommendations they should not get any sympathy from the GMs when they lose items.

Desiree - Harshlands · October 2010

Fuzzy_Wuzzy - Raging Tide wrote: »

Honest to goodness hackers have better things to spend their time doing than trying to get into your PWI account.

QFT.

As a person somewhat well-versed in the greyhat community, I'll say as a fact that those malicious database crackers out there have a lot, lot better (i.e. more profitable) things to do than try to break into PWE's internal databases to steal passwords (I'd be a lot more concerned about your credit card info than your pixels if it ever happens). Assuming PWE uses standard protection on their servers, there's a lot more profitable "targets" out there with much larger money-paying userbases. If a cracker wants to sniff PWI server-client packets, they're probably more interested in trying to discover coin/item duping exploits than trying to find the password of your insignificant account. I personally would find such to be a waste of time (and talent) considering the time-cost benefit (unless you plan on selling such hacks for monetary profit).

Bottom line is, 99.9% of "hacking" cases (the proper term is "cracking" but popular culture has unfortunately twisted the term "****" to have a negative connotation) are really due to the victim's stupidity or carelessness. Telling friends your password, using easy to guess passwords, using the same passwords in other games/forums/etc., keeping the passwords written down/saved somewhere public, logging on with the same account info on other scam/fraud/spoof websites, installing keyloggers aimed at PWI user (e.g. think "Free-PWI-Gold.exe"), etc. In the rare 0.1% where a real database attack was successful, you'd definitely hear about it from PWE news (as well as stock traders, gaming news sites, etc.) because then it involves a lot more than just account passwords.

On a side note, if you ever do find yourself in the situation in which case you were dumb enough to install a keylogger, I'd recommend you get your computer checked out and you phone your credit card company to cancel stuff/change passwords/etc.

~Desiree

SylenThunder - Twilight Temple · October 2010

Starrr - Harshlands wrote: »

Some people are told tough luck and sorry we cant do anything while others are given all their stuff back that they lose due to account sharing. More people CS the more the GMs are willing to return items that are lost. Not that I can blame them for that since a business wants to keep their customers that spend 10k+ a year over someone who spends 0.

Never before have I ever known anyone to be given their items back. And I've known a few serious cash-shoppers that have lost because they were either too trusting, or did not have any account security.

You would have to prove that statement before anyone with any common sense would believe it.

JanusZeal - Heavens Tear · October 2010

NonameWiz - Sanctuary wrote: »

Just a little guide that I've found to improve security of your account. Feel free to add important things.

A. Introduction

Bad news first: 99% of all "hacks" did not happen. A **** is a manipulation of a data-bank from a user, and if I'm right this hasn't happened. So the problem is wrong behavior of the "****" users. Sad, but true.

The following things should be normal and I hope I don't tell you any new facts.The points written in "Italic" are the most important and until now responsible for almost every "****."

B. Password

1. Never ever tell ANYONE your password
2. Never ever forget Rule No.1
3. choose a "good" password
4. Don't use your password anywhere else, like in teamspeak, ventrilo, or forums.
5. You password must not be found in any dictionary
6. Check whether your password is good or weak:
http://www.microsoft.com/protect/yourself/password/checker.mspx

7. Cant find a safe password? Create one here:
http://www.thebitmill.com/tools/password.html

More than 6 out of 10 passwords are weak! Think about it, then think again and then change your password.
(hax0r, pwnage, imyourdaddy are not good passwords)

8. See rule 4.

C. Basic Behavior

1. Don't trust anyone you don't know.
2. No-one will ever ask you for your password, not even GMs/Mods.
3. Be paranoid.
4. Be more paranoid.
5. Stay away from account-sharing.
6. Don't visit sites with hacks/bots/cheats, all you will get is viruses, Trojans and key-loggers

D. Key-logger

OK, some evil key loggers are around, waiting to eat your account-data. If you think you have a key-logger:

1. Run a virus scanner which is known to be good. If you don't want to, or can't install one try this: http://housecall.trendmicro.com/

2. Never accept ANY file-transfer in ICQ, IRC, msn, xfire, yim, aol etc... if you don't know the person sending it, or don't know them well.

3. Maybe you can get rid of a key-logger with this: http://www.anti-keylogger.net/

E. Summary

As said before, most "i have been ****"-problems are caused by users that are full of trust to the wrong people and full of foolishness.

If anyone ask your something about your account data, keep your mouth shut. If necessary try to change your login-data or password. Make sure you have a good password and a clean computer, not infected with key-loggers.

Do whatever you can do to increase the security of your account. No matter how much effort this is, it's way less than having your account/items stolen.

Well informed post.

If we're gonna throw out numbers, I'd say the 99% of anything concerning "i r ****" complaints fall on the side of a "i r shared my acct with da wrong persun" analogy. I had to field complaints of these at my last job, and most of the not-so-bright people didn't realize they have some sort of executed code on the game, server side, that monitors each and every time you log in, and different accounts that log on from the same machine and IP address(es)/range(s), in all likelihood, that includes MACID/hardware addresses as well. The latter part was confirmed when a few friends of mine sent in tickets to find out that someone they had trusted with their password had logged into their account, on two different machines in the same network. Sufficed to say, kinda hard to argue one's way out of that.

And it's a serious issue because if a person is truly getting **** through the game server itself, it's the type of issue that can utterly destroy a populace, hence, destroy their bottom line, so MMO's go to great lengths to ensure their server side info is safe. They just can't make users ensure their info is safe.

TheDan - Sanctuary · October 2010

Would probably be a good sticky for Technical support, nice post.

Starrr - Harshlands · October 2010

SylenThunder - Sanctuary wrote: »

Never before have I ever known anyone to be given their items back. And I've known a few serious cash-shoppers that have lost because they were either too trusting, or did not have any account security.

You would have to prove that statement before anyone with any common sense would believe it.

If you played LC you would know of at least 1 who has received their items back. Spending 30k+ on this game they dont want him to leave. Cant remember if he has 3 or 4 rank 8s now and +10-12 on every character. At least 1 that I know of on HL has got their stuff back as well.

Thats just the nature of the business that the ones who spend the most will get a little better service. If GMs make those people quit they have to go back to eating ramen instead of steak.

Edit: As a side note I played a game once where the GMs stated that account sharing is against the rules although they would not ban for it. If however someone ever complains that they had anything stolen and were found to have account shared the person who stole the item would be banned as well as the person who reported the item being stolen.

The moral the GMs were trying to teach there was if you want to break the rules and whine about it biting you in the *** then you will suffer the consequences as well.

Tricannon - Dreamweaver · October 2010

simple method of preventing ur account hacking problems....dont share PW/info....change ur PW every month or two.....use ur safe code and safe...simple no?

Deora - Lost City · October 2010

Starrr - Harshlands wrote: »

Edit: As a side note I played a game once where the GMs stated that account sharing is against the rules although they would not ban for it. If however someone ever complains that they had anything stolen and were found to have account shared the person who stole the item would be banned as well as the person who reported the item being stolen.

The moral the GMs were trying to teach there was if you want to break the rules and whine about it biting you in the *** then you will suffer the consequences as well.

Which is a good point, if you are going to share an account, do it with someone you know rather well in the real world, that way you can literally kick them in the *** when they do something like that.

Allisandre - Sanctuary · October 2010

Instead of saying '****' say 'stolen' or 'given away'

There was no hacking involved, I'm familiar with the encryption used in the game data that is transmitted. As was previously mentioned, there is no easy way, nor feasible result to even attempt this. To even begin it would have to be an inside job, either on your end, or PWE's. Joe Schmoe from East Timberlake is not going to be able to tap your line without access to your system. Oh nevermind, I just realised the kind of length I would have to go into to even begin to describe this process and 90% of you wouldn't have a clue after I got past the first paragraph.

Needless to say,

Hacking doesn't happen.
Cracking is extremely rare.
Stupidity is the norm.

A soon as you make something idiot-proof, someone creates a better idiot.

Klizzahrd - Lost City · October 2010

GET A BANK PASSWORD and use a diff password from your account one! It keeps ppl from removing your gear. You cant even change gear without knowing it.

Its not as cumbersome as it sounds, and I know some ppl who broke up with in-game spouses and that saved their chars from being totally stripped.

Edit: To get a bank password you go to any banker, hit account password (I think thats what its called), and type in "new password" and then "confirm password" and now you have it.
You can still sell the things in your inventory, but when you try to remove anything OFF of your char/change your equip, it will prompt you for the password. So, everything currently equipped on your char is safe. It also prevents anybody from accessing your bank/wardrobe.

People are going to share passwords regardless of the danger. If you choose to do so, at the very least get a bank password. There is no reason why somebody should be looking through your bank and changing out gears on your char imo.

MystiMonk - Sanctuary · October 2010

SylenThunder - Sanctuary wrote: »

+1 to this, although I would recommend Avira over trendmicro. You get fewer false positives and better heuristic detection. Plus it's free.

I recommend Avast over that one and it is free as well.It has game mode on it as well.

SylenThunder - Twilight Temple · October 2010

MystiMonk - Sanctuary wrote: »

I recommend Avast over that one and it is free as well.It has game mode on it as well.

I used to use Avast, but then found that I had a couple of trojans that it never found, yet Avira did. After some studying, I discovered that Avira just has a better detection algorithm so it's more likely to catch stuff. Both programs have a game mode. Both I would highly recommend. My personal preference atm just happens to be avira

, but yes, I would receommend Avast as well. Both of them score higher than programs you have to actually pay for like Norton, TrendMicro, and McAffee.

Deora - Lost City · October 2010

SylenThunder - Sanctuary wrote: »

I used to use Avast, but then found that I had a couple of trojans that it never found, yet Avira did. After some studying, I discovered that Avira just has a better detection algorithm so it's more likely to catch stuff. Both programs have a game mode. Both I would highly recommend. My personal preference atm just happens to be avira , but yes, I would receommend Avast as well. Both of them score higher than programs you have to actually pay for like Norton, TrendMicro, and McAffee.

Norton doesn't even count as an anti-virtus, its more of a pro-virus, and Ive had avast for years, its never missed a thing (of the few rare times it ever even notified me b/c I don't do stupid **** that would get me a virus trojan etc)

Amencat - Sanctuary · October 2010

my words

Eariala - Sanctuary · October 2010

Also check, double check and triple check that when you have p2p software on your PC, that your file with login/passwords/creditcard info isn't in the shared map.

Having such a file isn't the wisest option, but with so many different accounts/password almost a "have to"...

I had had to remove "viruses" for people whose accounts got stolen again and again... and the did nothing wrong.... they said. It must be a virus or even worse a rootkit.... but....

They only shared all files in "my documents" for their p2p software...
including their "secret file"

Masuna - Harshlands · October 2010

nice guide, i would like to add, some ppl have lost items/money even when they don't get ****, i would suggest NOT being online or in catshop before servers go down for mait

the ppl of PWI does not want to admit it but there is some problems with updates :P

MystiMonk - Sanctuary · October 2010

SylenThunder - Sanctuary wrote: »

I used to use Avast, but then found that I had a couple of trojans that it never found, yet Avira did. After some studying, I discovered that Avira just has a better detection algorithm so it's more likely to catch stuff. Both programs have a game mode. Both I would highly recommend. My personal preference atm just happens to be avira , but yes, I would receommend Avast as well. Both of them score higher than programs you have to actually pay for like Norton, TrendMicro, and McAffee.

I use spybot search destroy as well as lavasoft.when it comes to TrendMicro the online scan version is fine compared to the one you have to buy like Kaspersky (sp).

Alphae - Lost City · October 2010

Eariala - Sanctuary wrote: »

Also check, double check and triple check that when you have p2p software on your PC, that your file with login/passwords/creditcard info isn't in the shared map.

Having such a file isn't the wisest option, but with so many different accounts/password almost a "have to"...

I had had to remove "viruses" for people whose accounts got stolen again and again... and the did nothing wrong.... they said. It must be a virus or even worse a rootkit.... but....

They only shared all files in "my documents" for their p2p software...
including their "secret file"

Frankly, I like to go old-school and hand-write passwords on paper (you can type them but it's safest to do it completely independent of computers), then lock them in my firesafe with my other important documents like credit card stuffs, etc., to which only I have the key. Pretty much a win there. Just don't lose the key xD

I guess I'm old though D8

TheDan - Sanctuary · October 2010

I think it could be linked here. b:chuckle

http://pwi-forum.perfectworld.com/showthread.php?t=338532

Account Security and "hacking" problem

Comments

Categories