| User | Post |
Mental Atrophy
 
   
  
 
 
Since: 05-14-02
From: Home
Since last post: 7997 days
Last activity: 7947 days
|
|
well... my character was hacked this morning. I came back from breakfast to play and found my lvl 65 thief with all of 37z to his name. Both gloves and my ninja suit gone. Everything i had in storage, gone (most notably, a ghoul card i just got). Probably total about 3m zeny worth of stuff. They also took the 96K i had on one of my merchants.
Strange thing, they joined one of my merchants into their party, so when i logged on i got this great view of all names of the assholes who hacked me, and their team name. Unless the party bug can cause you to join teams you dont belong to. I've been told that this isn't possible, so i'm pretty sure that the people in that party are the ones, or friends with whoever hacked me. I got a nice screenshot of it too.
Not that any of this matters. There's no way to restore the money and items, i dont believe Gravity does that sort of thing. I can have them change the password, but with all the shit i lost it'd just piss me off to be play the character.
thought now trailing into emptiness....
and lastly, no i didnt use the ppl's bots or crap like that. Any "hacks" or such i ever used were written/made by me (not counting the Exp Viewer, but if Sasami hacked me i'll personally go to her house and slice off each of her fingers ;x ).
|
Tyrlan
 
Since: 03-16-02
Since last post: 7543 days
Last activity: 7511 days
|
|
Sorry to hear this.
I think one of gravity's biggest problems is that they must teach a different Comp101 class (Basic computing for those non college people) Basicly I remember teaching people I had sign up in High School about passwords. There was a few simple facts you had to follow. 1) No real words: these are picked up too easy with password generators. 2) You had to use non standard characters: IE !@#$%^&*() 3) You had to include a number. 4) It had to be at least 8 characters. There was another one and we checked all pass's to make sure it wasn't too easy to guess (one of the higher lvl officer people used their pets name for their password... hello perm record  Anyways, I know for me making a password without special character that was easy to remember was annoying (had to remember another password  ) In the end I think the problem with all this hacking is that the password is too easy to guess... I know a lot of people that use their account name as their password ;-( Why oh why chouldn't grav have just made it so we chould use good passwords... it's not that hard.
Oh yea, did we ever hear if gravity's website is hackproof yet? |
Mental Atrophy
Since: 05-14-02
From: Home
Since last post: 7997 days
Last activity: 7947 days
|
|
Thing is, my password was not a word, and it was 8 characters long. I'm no n00b to computers. I can only assume i was brute force hacked over a period of a week or so.... Unless that is, the person used loopholes in gravity's servers/website to obtain my password. I didnt use any strange characters in my pass, they were all alphanumeric, but I wasnt really expecting any huge hacking attempt on my chars cuz they weren't all that great or rich.
(edited by Mental Atrophy on 05-28-02 10:25 AM) |
Sasami
Goddess in Training
 
Since: 02-18-02
From: Back in texas! YAY! college sucked!
Rating: 10 (1030 pts)
Since last post: 7360 days
Last activity: 7360 days
|
|
was it abcd1234
[edit] chances are, if it was not simple like that, and contained both numbers and letters, you probably wern't brute forced. There are only 2 other ways to get hacked.
#1, as you said, have you used someone elses external program. Did you ever just try another one out for a second?
#2 does ANYONE else know your password, someone you thought you could really trust... or maybe they could have slipped?
(edited by Sasami on 05-28-02 10:44 AM) |
Mental Atrophy
Since: 05-14-02
From: Home
Since last post: 7997 days
Last activity: 7947 days
|
|
lol Sasami, no it wasn't abcd1234 
i've figured out what i'm going to do about all this though.... although i dont think my solution will make many ppl happy outside of possibly me
ha... you edit as i was writing, i suppose i'll edit while you're writing now!
One thing i did do a while back was to change my password using the korean website, because under another password i had toyed with a bunch of external progs and such and found out that most of them had keyloggers. But it's been nearly 2 months since i changed my password.
(edited by Mental Atrophy on 05-28-02 10:49 AM) |
Raveus
 
Since: 05-03-02
Since last post: 7981 days
Last activity: 7880 days
|
|
Originally posted by Tyrlan
Why oh why chouldn't grav have just made it so we chould use good passwords... it's not that hard.
Actually, you can. my main passwords are 11+ characters, mixed punctuation and alphanumeric of various cases. The trick, for me anyway, is remembering the motion of keying it in, rather than trying to remember exactly what's in it (of course, after a few hundred uses, it eventually gets to be hard to forget). And, no, that doesn't mean a big set of consecutive letters
Mental Atrophy said:
One thing i did do a while back was to change my password using the korean website, because under another password i had toyed with a bunch of external progs and such and found out that most of them had keyloggers. But it's been nearly 2 months since i changed my password.
hrm... have you tried changing your pass, and then using the old pass, both on the site and in the game? I've seen that happen before, in other things anyway... of course, I'm not sure how you code something that winds up doing something like that, even by mistake, without being a complete idiot... then again, whoever is in charge of security for gravity does seem to be a complete idiot, or at least not smart enough to recognize that they should hire someone more capable.
Also, have you considered that one of the key loggers you installed might not have been completely removed? Check to see if you have any processes running that shouldn't be (and if you're in 9x, don't even bother with alt-ctrl-del, get a thread/process spy tool). Check your run key, etc. If you were at least running a virus scanner at the time, it should have caught anything that tried inserting itself into a regular executable, or copying over something non-critical... if not, the only way you'd likely be able to catch it is running a firewall and looking for any connections that shouldn't be there.
But, yeah, Sasami's right... if you used a reasonably secure password like you said, there's no way it was brute forced.
· Raveus
(edited by Raveus on 05-28-02 03:04 PM) |
Mental Atrophy
Since: 05-14-02
From: Home
Since last post: 7997 days
Last activity: 7947 days
|
|
I know Raveus, i've used brute force, it would have taken weeks of nonstop running to crack it because i've put my password up against all the dictionary/brute force hacks like The Ripper. I use winXP, and there are no processes running keyloggers or crap like that. The old program i had is totally deleted. None of my friends would have stolen my stuff, i bought them anything they needed including an entire swordsman and mage's armor/equip down to the pair of earrings.
I did an extensive search of my computer for any type of keylogger, any programs i find suspicious i've hexedited but i havent found any. Checked out anything that's been run in the last 2 or so days and found nothing.
Oh well. I'm not going to be playing my character again most likely, since anything i do will probably just get stolen again. I transfered the remaining items (armor, gladius, and 40K in rotten bandages/skel bones) to a new char. |
Sasami
Goddess in Training
Since: 02-18-02
From: Back in texas! YAY! college sucked!
Rating: 10 (1030 pts)
Since last post: 7360 days
Last activity: 7360 days
|
|
and take into account normal bruteforces to thousands, if not ten thousands of passwords a sec, you can pull like, 100 passwords a sec to the ragnarok servers. Or so i hear 
(edited by Sasami on 05-28-02 07:55 PM) |
ParA
 
Since: 05-25-02
From: Canada
Since last post: 7557 days
Last activity: 7812 days
|
|
another tip is not to reveal your account name along with your character name. i swear, some immature kids will do just about anything to do for vengence or just out of spite.
--------------------
I shall not be denied. |
Sasami
Goddess in Training
Since: 02-18-02
From: Back in texas! YAY! college sucked!
Rating: 10 (1030 pts)
Since last post: 7360 days
Last activity: 7360 days
|
|
| ParA, there is no way to block against this, the ragnarok servers TELL you other peoples account names if the proper packets are sent and monitered. |
ParA
Since: 05-25-02
From: Canada
Since last post: 7557 days
Last activity: 7812 days
|
|
oh ok. i didnt realize at this time that packets could be used this way. im still new to packets hehe
--------------------
I shall not be denied. |
| 
