I posted this as a reply in another thread, but I think it's important enough for more people to see it.

I apparently got banned sometime yesterday for a RMT transaction in which I personally did not engage. It's possible that one or more people are hacking accounts in order to use them to do RMT and avoid the ban on their own accounts. This evidently happened on my account entirely without my notice, so I don't see why it couldn't become a more widespread problem. Watch out for strange characters on your account, change passwords often, etc.

I'm interested to hear feedback from folks - is this something that many of ya'll have experienced?

lol

btw, how(where) can i change my pw?

eqemulator.org


under the user cp tab

eqemulator's database has been compromised once before to my knowledge and it wouldn't surprise me to see it happen again.

(I may be confusing it with another game's emulation site. But, I doubt that...)

eqemulator's database has been compromised once before to my knowledge and it wouldn't surprise me to see it happen again.

(I may be confusing it with another game's emulation site. But, I doubt that...)

In 2007, before I took control of it.

Rogean - it's not that I don't have faith in your abilities its just your servers aren't as secure as you may believe. I'd look a little deeper.

RMT?

Why would they hack an account when it takes 5 minutes to make a completely new account?

Why would they hack an account when it takes 5 minutes to make a completely new account?

you are a moron

you are a moron

That was such a useful addition to the conversation. :rolleyes:


Hacker's generally grab other players accounts to steal their platinum and sell it because it takes less effort than duping or farming the platinum themselves.

Pretty much anyone who says their account got "hacked" means one of two things:

1. I am stupid and shared my account and now it's stolen.

or

2. I am stupid and am trying to get away with questionable business.

Pretty much anyone who says their account got "hacked" means one of two things:

1. I am stupid and shared my account and now it's stolen.

or

2. I am stupid and am trying to get away with questionable business.

Yes, because systems NEVER get compromised on the internet.

Pretty much anyone who says their account got "hacked" means one of two things:

1. I am stupid and shared my account and now it's stolen.

or

2. I am stupid and am trying to get away with questionable business.

well you are probably right, but there still is a chance your acc gets hacked...i think. In like 3+ years of EQ2 my account got hacked twice, and i know from at least 5 other people that got their accs hacked too. It wasn't a big deal because soe would give it back to you each time.

Oh and i never gave my logins to anyone, so yes it got hacked.

It's like when everyone's "little brother" would delete their char and people would beg GM's for it back

you are a moron

No, I think it is a good question.

For example, people who sell WoW gold, need accounts so that they can store and move the gold. The accounts cost money. So they frequently attempt to gain access to accounts, in part, to use as mules.

But here, accounts are free, so the only incentive would be to strip the characters of loot and PP. It is not obvious why it would be worth the trouble to hack an account just to make a real money trade.

If EQEmulator was compromised I think we'd be dealing with bigger issues, such as GM Accounts being used, instead of some minor accounts being logged into.

I'm not going to say our system is foolproof secure but it's pretty damn well locked down.. Please provide me with proof if I'm wrong.

I dunno... Uthgaard said something nice the other day.

Jus sayin...

Yes, because systems NEVER get compromised on the internet.

I'm not saying they don't, Pyrocat. I am into security myself and know pretty well how vulnerable systems can be. That being said, I would bet you that damn near every claim of getting "hacked" in an online game is bullshit. What people really should be saying is "I got keylogged because I am stupid" or "I am just sketchy/stupid."

If someone hacks a user's account to perpetuate some duping, RMT scam, or whatever, it's a minor infraction compared to hacking a GM or ADMIN account. I mean really... what is the result of getting caught doing something againt policy if you're on someones hacked account? The hacked account get's banned. What is the result of hacking a GM/ADMIN account? Certainly further investigation and the possibility of having your own IPs banned, criminal charges, etc..

That said, of course people would hack users accounts to get their kicks in instead of a GM/ADMIN as the odds are nothing will happen to them personally, only the hacked account.

Alot of you are assuming every instance of hacking is done by an intelligent person with common sense that wouldn't waste time hacking someones account for trivial things. That assumption itself is senseless.

WTF is RMT? :(

I hear 'computer' is a good password.

WTF is RMT? :(

real money trade

real money trade

Thanks mate. I feel in the loop now.

If a person has access to EQEmu's account & pw database, it seems like it would be pretty dumb to start accessing GM/Admin accounts. That would basically always lead to very thorough investigations/actions taken. Also, any significant use of GM/Admin commands could cascade into the server falling apart, and items/pp losing most if not all of their value. Not a very smart way to go about things.

Logging onto an account picked out at random, though, would be by far the best way to facilitate RMT, because all it gets is one account banned after the fact, and a bunch of people on the forums saying "shouldn't've shared your acct n00b."

And I don't know shit about web security.

I hear 'computer' is a good password.

O rly? I just use 12345. If it's good enough for Spaceballs, it's good enough for me.

password is a good password

I dunno... Uthgaard said something nice the other day.

Jus sayin...


Did you take a screen shot? That would indeed be proof that the system is hacked!

You people seem to assume that if someone knows how to hack into GM/Admin accounts, they're going to do be using their one and only option for an IP address.

I think it's a lot more likely that this guy's account didn't get hacked.

password is a good password

I was thinking more like... p@ssw0rd :D

Rogean - it's not that I don't have faith in your abilities its just your servers aren't as secure as you may believe. I'd look a little deeper.

http://i474.photobucket.com/albums/rr107/Ledzepp_wow/weve-got-to-go-derper.jpg

O rly? I just use 12345. If it's good enough for Spaceballs, it's good enough for me.

12345? That's the stupidest combination I've ever heard! That's the kind of thing an idiot would use on his luggage.

I will not say this happened nore that is didn’t. I will say that is it a shame that now we have to worry about someone getting into our accounts and making a profit off of a free game that is for everyone to enjoy. I guess it is still true :mad: only takes a few bad people to mess it up for everyone else.

It is sad that this happens, but we all know it does. But a good way to avoid this is to stay off any funky websites that might be shady that corresponds with the project 1999 server and or just update your password to a complex password with Numbers / letters / uppercase. Change it once or twice a month as you feel need.

:confused:Hope this helps someone!!:confused:

Seems like a lot of people are far afield of the original issue here. I am not certain that my account was hacked (an imprecise and excessively connotative word, I know), nor am I bitching about being banned. I play quite rarely, my one character having only reached level 23 after a year of existence. All I know is this:
1. No one but me knows my login info
2. I have never personally broken the server's rules
3. My account was banned for RMT
4. Uthgaard produced a log showing quite irrefutably that a character on my account of which I have never heard received 50k from a plat seller

This is just a heads-up for you folks. I am essentially illiterate about web security, and cannot say with any accuracy how/why/if there are "hackers" (sounds too much like the "government" or the "mob" often implicated in JFK's murder, now that I use it again) running around here, but just wanted to recommend that you guys keep an eye out for anything like this.

@gcobb, cant he also show a log of who that 50k plat was traded to, thereby revealing the true criminal? I know they have those on record

Omg platinum money laundering mules! Let me guess gcobb, you answered an email about earning platinum working from home!? :P

Omg platinum money laundering mules! Let me guess gcobb, you answered an email about earning platinum working from home!? :P

Earn 650pp an hour working only 9 hours a week, too good to be true!

Earn 650pp an hour working only 9 hours a week, too good to be true!

Haha :)

O rly? I just use 12345. If it's good enough for Spaceballs, it's good enough for me.

shoot, now i need to change the combo on my luggage..

Access code is......access code.

@Heebee Haha hey man I think I've dealt with my share of royal Nigerian philanthropists and entrepreneurial French emigre to know that kind of bullshit when I see it.

@Zepp I will ask him in the petition thread, but I dunno if he's still paying attention to it.

Why have my EQemu PMs still not been answered then!?!? My "UserCP" shows all 3 login server slots as STILL AVAILABLE (when all 3 are actually taken) and I'm unable to change any PWs etc.

Any way to fix this!??!

first you have to leave the KKK and have a GED

I dunno... Uthgaard said something nice the other day.

Jus sayin...

i loled

Yea because people didn't RAMPANTLY hack the vz/tz server crashing zones constantly...crashing individual clients etc.

You're right, my mistake....none of that happened...ever....in any online game....ever.

Kringe's DLL was patched. A while back. Not my fault Bodu packaged the pdb making it like, 10x easier to patch it.

I also tested it by forceloading the DLL into my copy of "unnamed cheating program", and all the exploits sans one were patched about a year ago. One was patched recently actually, one that we forgot about, but other than that yeah it's all fixed.

I didn't say it was anyone's fault. The guy was saying it's impossible to hack eqemu.org or the game etc.

It's never impossible to find a security hole if you are smart enough. Security by obscurity only goes a short way, I have learned that in my time here.

Now whether the community here has the mental capacity to code an exploit is another story.

ps: im in ur dll nopping ur calls

Problem's been resolved. No hackers. Combination of someone else's RMT, a coincidence of character names, and a minor computer error. Feel free to continue flaming one another, though.

Problem's been resolved. No hackers. Combination of someone else's RMT, a coincidence of character names, and a minor computer error. Feel free to continue flaming one another, though.

See, it all works out in the end.

I love this game.

See, it all works out in the end.

I love this game.

Couldn't agree more.

/thread

Well if people want better protection on accounts they own you should email your eqemu name and password and also your accounts you wish to be more protected, name and password as well, I will code them for better protection EQP99hackprotection@hackurface.com. Thank you.

I'm not saying they don't, Pyrocat. I am into security myself and know pretty well how vulnerable systems can be. That being said, I would bet you that damn near every claim of getting "hacked" in an online game is bullshit. What people really should be saying is "I got keylogged because I am stupid" or "I am just sketchy/stupid."

Oh yeah, I completely agree, but for 99% of the population, keylogger == hacked

Problem's been resolved. No hackers. Combination of someone else's RMT, a coincidence of character names, and a minor computer error. Feel free to continue flaming one another, though.

Great news mate!

I posted this as a reply in another thread, but I think it's important enough for more people to see it.

I apparently got banned sometime yesterday for a RMT transaction in which I personally did not engage. It's possible that one or more people are hacking accounts in order to use them to do RMT and avoid the ban on their own accounts. This evidently happened on my account entirely without my notice, so I don't see why it couldn't become a more widespread problem. Watch out for strange characters on your account, change passwords often, etc.

I'm interested to hear feedback from folks - is this something that many of ya'll have experienced?

Glad it got investigated man, congrats!

welcome back

I think p99 having RMT is a symbol of legitimacy! Also I concur that 99% of MY ACCOUNT GOT HACKED = Keylogger, inputting information into a phishing site, or sharing account information. Obviously you should never trust people from the internet.