Forum Settings
       
« Previous 1 2 3 4
Reply To Thread

Hacks still happening . . .Follow

#1 Sep 02 2009 at 5:12 PM Rating: Good
Avatar
******
20,354 posts
Another round of people in Yamato HNM on Seraph just got hacked. I'm so paranoid right now I'm about to delete my own website in case it got infected without me knowing.

Does ANYONE have any information on the common thread or source at this point? One of the latest guys hacked was a PS2 player :/
____________________________
FFXI: Catwho on Bismarck. Once again a top bard on the server: Dardaubla 90 on 1/6/2014
Thayos wrote:
I can't understand anyone who skips the cutscenes of a Final Fantasy game. That's like going to Texas and not getting barbecue.

FFXIV: Katarh Mest on Lamia - Member of The Swarm and leader of Grammarian Tea House chat LS
#2 Sep 02 2009 at 5:27 PM Rating: Good
Scholar
***
1,678 posts
But but... ps2 players represent all that is noble and pure within FFXI! They play the game the way it was meant to be played, surely somebody who doesn't use windower could not possibly succumb to rmt tactics?!
____________________________
Dooom wrote:
BG elitists <3 haste.

Allatards/uber casuals hate elitists.

Allatards/uber casuals hate haste, as valuing it would acknowledge that elitists are right


kerberoz wrote:
People don't hate emo kids because they're "misunderstood." People hate emo kids because they're useless.


Realix wrote:
PUP is an average to above average DD... when not in a zerg situation... or on particularly hard targets... and when properly configured... on windsday... with a RDM...
#3 Sep 02 2009 at 5:28 PM Rating: Good
Revolving Door Inspector
Avatar
*****
12,726 posts
Security token ftw?
____________________________
FFXI: Exodus @ San d'Oria since November 19, 2003, Siren Server
FFXIV: Turk Kalahai @ Gridania, Balmung Server
Rift: Kalahai @ Sanctum, Faeblight Server
Exo @ YouTube | Exo @ Tumblr | Exo @ Twitter | Cheese
#4 Sep 02 2009 at 5:33 PM Rating: Excellent
Scholar
Avatar
****
4,148 posts
one account I use got hacked too, and I have literally no clue from where. The account that i use (on the same computer) with the security token is fine the one without is the one hacked.

happened in the last couple weeks roughly.

i'm going to sound like i'm tooting my own horn but I'm fairly computer savvy and very surprised it happened to me.
____________________________
Mishana: DRG | THF | RDM | NIN
#5 Sep 02 2009 at 6:09 PM Rating: Default
check these options:

1- someone else besides you know your id/password (even your wife/husband/son)

2- you visit **** sites and ffxi hacks/cheats sites

3- you visit somepage or atlas frequently

4- you bought gil

5- you visit rmt sites frequently

6 - you dont have a good firewall in your pc

7- you dont have a good anti-spyware/ad aware and dont do regular checks

8- you use internet explorer instead of firefox

9- you click on links from emails and sites you dont know its secure

10- someone else has access to you computer/ps2 even in a different account


Any of these put you in the risk group of being hacked, other than that its doesnt happen magically i believe, unless your password and account are 12345.

Edited, Sep 2nd 2009 10:13pm by MclarenTAGPorsche
#6 Sep 02 2009 at 6:13 PM Rating: Good
Scholar
***
1,428 posts
I would say that because it was a hnm shell, and several in the group got hit, and couple this with rumors that zhi on garuda was also hacked while he was looking for new cheats, then most likely this group attempted to access the same tools and website that zhi did.
____________________________
Direct Credit Card Payments Now Accepted! (01/26/2012)

http://ffxi.allakhazam.com/forum.html?forum=10&mid=1327570330215738540

If having an issue with card rejected, make sure your noscript is allowing globalcollect site gcsip.com as that is where transaction is routed when I updated.
#7 Sep 02 2009 at 6:16 PM Rating: Default
Avatar
**
524 posts
What Mclaren said. HNM and the lot of them getting hacked? Sounds like someone was doing something their supposed not to.
____________________________
<3My Beautiful daughter<3 ~9/26/2007~
Ex Army Gal 68W & 92G hoah

jtftaru wrote:
The Internet is full of nasty, snide little turds who (often in little cliques) use the anonymity of the Internet to manifest their unpleasant personalities towards others.
#8 Sep 02 2009 at 6:38 PM Rating: Excellent
Avatar
**
829 posts
Theory on BG is that a registration server got hacked.

That's why you might of heard of people over the weekend having to go and call and get their passwords reset, might of been a second round tho that Square DID NOT catch. (They caught one and locked down a ton of accounts as preventive measure.)

This is just scary. REALLY scary.
____________________________
Elizara, Mithran WHM of Quetzalcoatl
LS's: SpecialFriends, ShikigamiWeapon, Noble's, WeSayHurray, JingZen, Betrayed (Dynamis and Aby)

Still a MithraPride kitty at heart, tho that shell is gone..Also still CTY at heart forevah!

Midgard: NEVER FORGET.

Alla profile: http://ffxi.allakhazam.com/profile.xml?11530

Thinking about swapping from console to PC? Check here to do it right!
#9 Sep 02 2009 at 6:49 PM Rating: Excellent
I had to reset my password today. I was logged on yesterday and got off. A few hour later I tried to get on but my pass word wasn't working. Today I had it reset and all is well but still scary. BTW I have a security token. Maybe thats why my **** was still there? IDK.

Scary to say the least.
____________________________
DRG FAQ
#10 Sep 02 2009 at 6:58 PM Rating: Good
Avatar
**
524 posts
Quote:
I had to reset my password today. I was logged on yesterday and got off. A few hour later I tried to get on but my pass word wasn't working. Today I had it reset and all is well but still scary. BTW I have a security token. Maybe thats why my sh*t was still there? IDK.

Scary to say the least.


Someone else said the same thing on another forum. You might want to check your pc for Trojans. I had a one on my pc which was a gamepass Trojan, one that steals your passwords and what not. But I have a token and had no issues yet. It appeared yesterday too.

Here is a description.

Win32/Gamepass is a family of trojans that steals login credentials and in-game information related to various Massively Multiplayer Online Role Playing Games (MMORPG). Files belonging to this malware family are Win32 executables that are packed/protected using various packers such as UPX, UPack, FSG and NSAnti.

Win32/Gamepass trojan variants steal sensitive information related to various MMORPGs and other online games, particularly those popular in China and East Asia.

Gamepass generally monitors window titles and processes, searching for indications that the targeted game has been launched. For instance, it is common for the trojan to initialize its logging routines after it has found an active window with the title of the game, which is commonly in Chinese for most of the titles targeted.

It is also common for some Gamepass variants to drop a DLL which allows it to install either a keyboard or a mouse hook. The trojan waits until the user has entered a keystroke or clicked a mouse button before it begins logging sensitive information. The trojan logs the account name and password that the user enters into the game's login prompt window in order to access their account.

Gamepass variants may also steal details specific to the host machine, as well as in-game information related to the game being played. In-game information is stolen by the trojan in various ways, such as:

* By reading information from sub-windows accessed by the user in-game
* By reading the process memory of the game's main executable
* By reading information from the game's setup files.

Such information includes:

* IP and host name of machine
* Game server name
* Role information (character's name, job/role, ****, level)
* Game information (amount of currency, map details)

Gamepass can store this information in a log file, and then send the log file to a remote attacker, either via email or by posting the information to a remote website.
____________________________
<3My Beautiful daughter<3 ~9/26/2007~
Ex Army Gal 68W & 92G hoah

jtftaru wrote:
The Internet is full of nasty, snide little turds who (often in little cliques) use the anonymity of the Internet to manifest their unpleasant personalities towards others.
#11 Sep 02 2009 at 7:26 PM Rating: Excellent
*
145 posts
Quote:
check these options:

1- someone else besides you know your id/password (even your wife/husband/son)

2- you visit **** sites and ffxi hacks/cheats sites

3- you visit somepage or atlas frequently

4- you bought gil

5- you visit rmt sites frequently

6 - you dont have a good firewall in your pc

7- you dont have a good anti-spyware/ad aware and dont do regular checks

8- you use internet explorer instead of firefox

9- you click on links from emails and sites you dont know its secure

10- someone else has access to you computer/ps2 even in a different account


None of these apply to me and i still got hacked, I'm using Firefox w/ all add-ons, COMODO Internet Security, Malwarebytes' Anti-Malware, SUPERAntiSpyware Free Edition, & Spybot - Search & Destroy. No Virus or Trojans found. My password is 18 character utilizing lower & upper case letters and numbers, half saved to pol, half entered via soft-keyboard.

No token on my account but i heard even token accounts are getting hacked too. Something tells me something on SE's side got hacked...
____________________________
Zoner
90Drk 90Nin 90Rdm 90Thf
Server: Quetzalcoatl
My Profile
ZM complete CoP complete ToAU complete
[ffxisig]152766[/ffxisig]
#12 Sep 02 2009 at 7:33 PM Rating: Good
Scholar
****
4,586 posts
Quote:
2- you visit **** sites


Hey! I only go to one :o

I'm on xbox360 and i've been okay..so far. It's all making me very nervous though. I have the PC version sitting on my dresser but i'm afraid to install it >.>; I would love to start using parsers, though...
____________________________
Hume male, Zafire, Server: Sylph
50DNC, 50SMN, 50BRD, 50SAM, 50DRG, 50WHM, 52THF, 52COR, 52MNK, 58BST, 60WAR, 67PLD, 69PUP, 75RNG, 75SCH, 75BLM, 80NIN, 80DRK, 85BLU, 85RDM
Retired since February 2011.
All SJ's capped for LVL99!

#13 Sep 02 2009 at 8:03 PM Rating: Good
**
447 posts
So sad to see the cycle in the downturn again.

Gonna always be a battle between RMT and everyone else as long as MMOs use the same formulas they currently do.

(Slight sarcasm)Just be happy it isn't Christmas '05 inflation?

I have no real constructive advice here, just sympathy for the hacked I suppose.

#14 Sep 02 2009 at 8:13 PM Rating: Good
****
6,556 posts
Hacking to liquidate gil is nothing more than killing the game that they try to make money from. I wonder is similar things happening to other games as well.

I just wish I have better things to say because I really do not. >< I think I am doing enough to keep my computer safe, but what is really ... enough?
____________________________
Amanada (Cerberus-Retired) (aka MaiNoKen/Steven)
-- Thank you for the fun times in Vana'diel

Art for the sake of art itself is an idle sentence.
Art for the sake of truth, for the sake of what is
beautiful and good — that is the creed I seek.
- George Sand

A designer knows he has achieved perfection,
not when there is nothing left to add,
but when there is nothing left to take away.
- Antoine de Saint-Exupéry
#15 Sep 02 2009 at 8:26 PM Rating: Good
14 posts
China recently took steps to curve the spread of MMO sickness which is causing a reaction in the farmers day to day business. New trojans are showing up daily across all message boards across all heavily western played MMOs. They are not only stealing your account but also selling identities of those that play MMOs in the western world on the black market for fake passports and the like to terrorists. Some think I am crazy for saying this and I've been banned from not only the EVE forums but also WAR and WOW for spreading the truth about personal computer security and identity theft. It is a real and true threat and someone needs to take notice of this new practice that RMT are using and squelch it.

If you don't believe that we are at war you need to wake up. Our MMO characters are the least of our worries.
#16 Sep 02 2009 at 8:40 PM Rating: Good
Avatar
******
20,354 posts
Quote:
I would say that because it was a hnm shell, and several in the group got hit, and couple this with rumors that zhi on garuda was also hacked while he was looking for new cheats, then most likely this group attempted to access the same tools and website that zhi did.


Except Yamato doesn't fight land kings or things we'd need to claim using a bot. Nice try though. (We're more "general endgame" - sky, sea, ZNMs, KS99, etc - than we are true HNM.)
____________________________
FFXI: Catwho on Bismarck. Once again a top bard on the server: Dardaubla 90 on 1/6/2014
Thayos wrote:
I can't understand anyone who skips the cutscenes of a Final Fantasy game. That's like going to Texas and not getting barbecue.

FFXIV: Katarh Mest on Lamia - Member of The Swarm and leader of Grammarian Tea House chat LS
#17 Sep 02 2009 at 8:45 PM Rating: Default
my post always get default, you guys hate me so much!!


lol
#18Sancha, Posted: Sep 02 2009 at 8:57 PM, Rating: Sub-Default, (Expand Post) I highly doubt the people with tokens got hacked. From what I read it was two people both who wasn't hacked themselves but It was their children. They claim no trojans were on their pc, yet my scans came back negative, but why am I getting a on demand warning saying there is a trojan on my pc? Not all virus scans will pick up the virus/trojans especially the free ones. They also claims their sons wouldn't do anything bad lol.
#19 Sep 02 2009 at 9:26 PM Rating: Excellent
Avatar
******
20,354 posts
Quote:
The token one time passwords only lasts but a few seconds after it flashes off you can't use it.


Smiley: dubious

The code itself is valid for 27 minutes. This was tested and proven. Just because it flashes off, doesn't mean it gets invalidated. Try it: write the code down, wait 15 minutes, and then log in with it. It'll still work.
____________________________
FFXI: Catwho on Bismarck. Once again a top bard on the server: Dardaubla 90 on 1/6/2014
Thayos wrote:
I can't understand anyone who skips the cutscenes of a Final Fantasy game. That's like going to Texas and not getting barbecue.

FFXIV: Katarh Mest on Lamia - Member of The Swarm and leader of Grammarian Tea House chat LS
#20 Sep 02 2009 at 9:36 PM Rating: Excellent
****
6,556 posts
People are still getting hacked even with the token by a way that the hacker does not need to know anything what is shown in the token or your password -- they simply stole your session after you log in.

I do want to hear stories about hacking in other games. Is is just FFXI get targeted? Or it is much wider scale problem?
____________________________
Amanada (Cerberus-Retired) (aka MaiNoKen/Steven)
-- Thank you for the fun times in Vana'diel

Art for the sake of art itself is an idle sentence.
Art for the sake of truth, for the sake of what is
beautiful and good — that is the creed I seek.
- George Sand

A designer knows he has achieved perfection,
not when there is nothing left to add,
but when there is nothing left to take away.
- Antoine de Saint-Exupéry
#21 Sep 02 2009 at 9:44 PM Rating: Excellent
Quote:
I highly doubt the people with tokens got hacked. From what I read it was two people both who wasn't hacked themselves but It was their children.


Hi... I did. Though they didn't get all the way in it seems my account is still in tacked but they did manage to change my password.

I have no children.
____________________________
DRG FAQ
#22 Sep 02 2009 at 9:47 PM Rating: Excellent
***
2,976 posts
Quote:
The code itself is valid for 27 minutes. This was tested and proven. Just because it flashes off, doesn't mean it gets invalidated. Try it: write the code down, wait 15 minutes, and then log in with it. It'll still work.
Um... it does invalidate itself once used though, right?
____________________________
R.I.P. Crystan FFXI
75WHM 75SCH 75RDM 75SMN
#23 Sep 02 2009 at 9:51 PM Rating: Excellent
Scholar
***
1,809 posts
i wonder if all the people that got hacked used the ls community site?
#24 Sep 02 2009 at 9:59 PM Rating: Excellent
******
22,696 posts
Sir Crystan wrote:
Quote:
The code itself is valid for 27 minutes. This was tested and proven. Just because it flashes off, doesn't mean it gets invalidated. Try it: write the code down, wait 15 minutes, and then log in with it. It'll still work.
Um... it does invalidate itself once used though, right?


Yar. Once a code is used that code and all previous codes become unusable.
____________________________
Dear people I don't like: 凸(●´―`●)凸
#25 Sep 02 2009 at 10:19 PM Rating: Good
Avatar
******
20,354 posts
Yep, the current way to test if you've been hacked after getting the message that someone has logged into your POL account from another terminal is to enter in 000000 for your one time password. If, after entering your stuff, your POL crashes, then you've got the virus and need to run a full virus scan, Antimalware scan, Spybot S&D, and AdAware set plus reboot before you touch FFXI on your PC again. Also, if possible, log into a friend's Xbox or PS2 and change the password there.

What I want to know is: Are the PS2 users that have been hacked using the security token?

Edited, Sep 3rd 2009 2:19am by catwho
____________________________
FFXI: Catwho on Bismarck. Once again a top bard on the server: Dardaubla 90 on 1/6/2014
Thayos wrote:
I can't understand anyone who skips the cutscenes of a Final Fantasy game. That's like going to Texas and not getting barbecue.

FFXIV: Katarh Mest on Lamia - Member of The Swarm and leader of Grammarian Tea House chat LS
#26 Sep 02 2009 at 10:22 PM Rating: Good
Avatar
****
6,235 posts
chinaman wrote:
i wonder if all the people that got hacked used the ls community site?

This. I've logged in just once to enable a few things for FFXIAH.com and then told that login system to **** off. Nothing like an 'automatic login system' to leave your login info neatly stored and lightly encrypted in a cookie somewhere.
____________________________
I've seen things you people wouldn't believe. Airships on fire off the shoulder of Bahamut. I watched Scapula Beams glitter in the dark near the Three Mage Gate...

Nilatai wrote:
Vlorsutes wrote:
There's always...not trolling him?

You're new here, aren't you?
#27 Sep 02 2009 at 10:22 PM Rating: Excellent
****
6,556 posts
Quote:
Yep, the current way to test if you've been hacked after getting the message that someone has logged into your POL account from another terminal is to enter in 000000 for your one time password. If, after entering your stuff, your POL crashes, then you've got the virus and need to run a full virus scan, Antimalware scan, Spybot S&D, and AdAware set plus reboot before you touch FFXI on your PC again. Also, if possible, log into a friend's Xbox or PS2 and change the password there.


My Playonline did not crash after I enter 000000 for my otp, that is good >_>

Edited, Sep 3rd 2009 2:23am by scchan
____________________________
Amanada (Cerberus-Retired) (aka MaiNoKen/Steven)
-- Thank you for the fun times in Vana'diel

Art for the sake of art itself is an idle sentence.
Art for the sake of truth, for the sake of what is
beautiful and good — that is the creed I seek.
- George Sand

A designer knows he has achieved perfection,
not when there is nothing left to add,
but when there is nothing left to take away.
- Antoine de Saint-Exupéry
#28 Sep 02 2009 at 10:28 PM Rating: Excellent
14 posts
catwho, pet mage of Jabober wrote:


What I want to know is: Are the PS2 users that have been hacked using the security token?

Edited, Sep 3rd 2009 2:19am by catwho
Yes there are. Because you need to set up your SE account on a PC and in doing so you enter your game ID. Granted if you have a OTP active on a PS2 the chances of them getting you are slim but they will still kick you off due to the **** way PoL is set up.
#29 Sep 02 2009 at 10:40 PM Rating: Good
Avatar
******
20,354 posts
On the upside, a data dump from Catwho.net tested clean on virus scan. Whew! It's not my website XD

Edited, Sep 3rd 2009 2:40am by catwho
____________________________
FFXI: Catwho on Bismarck. Once again a top bard on the server: Dardaubla 90 on 1/6/2014
Thayos wrote:
I can't understand anyone who skips the cutscenes of a Final Fantasy game. That's like going to Texas and not getting barbecue.

FFXIV: Katarh Mest on Lamia - Member of The Swarm and leader of Grammarian Tea House chat LS
#30 Sep 02 2009 at 10:46 PM Rating: Good
22 posts
It's really difficult to make any conclusions in these cases until we have more information, because you have to take in mind how reliable people's accounts of the events are; it's not like people are going to easily admit that they bought gil or downloaded hacks or bots for the game.

There's no point of being overly paranoid; however, you should just continue to take the same precautions and possibly even stop going to certain FFXI/FFXIV related sites until the cause has been determined.
#31 Sep 02 2009 at 11:05 PM Rating: Excellent
Avatar
******
20,354 posts
Was skimming through the 27 page long BG thread. Speculation is that either the Square Enix Account server itself was hacked, or one of the authentication servers was hacked. Both are terrifying possibilities, because it means even people who did nothing wrong can have their stuff jacked.

I used my one time item restore to get back 99 O pieces I dropped about a year ago. (Long story.) If I'm hacked and SE won't do a rollback because of that, it's over.
____________________________
FFXI: Catwho on Bismarck. Once again a top bard on the server: Dardaubla 90 on 1/6/2014
Thayos wrote:
I can't understand anyone who skips the cutscenes of a Final Fantasy game. That's like going to Texas and not getting barbecue.

FFXIV: Katarh Mest on Lamia - Member of The Swarm and leader of Grammarian Tea House chat LS
#32 Sep 02 2009 at 11:13 PM Rating: Excellent
**
315 posts
I am even paranoid to being hacked now, and the PC I play FFXI on has only ever been to 3-4 sites, and only been to each of those one time.

I have been to Google, Windows Update, AVG download site, Windower site, KParser download site, and I went Speakeasy once to see how fast my awesome cell phone bluetooth internet connection was, and I have downloaded Firefox from Mozilla (with No-Script).

Speaking of using my cell phone for internet access, does anyone know if it is possible to get a virus on Windows Mobile 6 that can transfer to my PC? I have downloaded a couple of sound files for ringtones with it and my daughter uses it to watch Youtube while we are in the car.
____________________________




#33 Sep 02 2009 at 11:17 PM Rating: Excellent
****
5,550 posts
This is why I heartily recommend AdBlock + NoScript. You'd be freaking appalled at where and how people hide executable flash in their web pages, or how easy it is to make some one else's ad or flash play do your dirty work for you. I'd show you one involving a huge transparent layer stretched over two rows of other wise normal looking images it shot down today, but it was while browsing ****. There are a few issues I am not the best at enforcing on myself, mostly because I love boobies.

Edited, Sep 3rd 2009 1:44am by Tarub
____________________________
Mindel wrote:
Don't listen to bisexuals.
Aripyanfar wrote:
All bi's are ****-tarts.
#34 Sep 02 2009 at 11:27 PM Rating: Excellent
Avatar
******
20,354 posts
Yes, I'm obsessive about Adblock+NoScript.
____________________________
FFXI: Catwho on Bismarck. Once again a top bard on the server: Dardaubla 90 on 1/6/2014
Thayos wrote:
I can't understand anyone who skips the cutscenes of a Final Fantasy game. That's like going to Texas and not getting barbecue.

FFXIV: Katarh Mest on Lamia - Member of The Swarm and leader of Grammarian Tea House chat LS
#35 Sep 02 2009 at 11:43 PM Rating: Excellent
***
1,109 posts
So these people who are being caught out on PS2-- are they receiving the same logged-out-then-POL-crashes routine that PC users are getting, or something different? I'm perplexed how these PS2 users can be "hacked" unless something on SEs end flopped or RMT have some bloody clever people writing code for them!
____________________________
To endanger the soul endangers all,
when the soul is endangered it must become a Warrior.
#36 Sep 02 2009 at 11:44 PM Rating: Decent
***
3,003 posts
The way they got our second in command, who plays on ps2, is when he signed up for the ls community site on a computer. That's the only way to get a ps2 player's account without them giving you the info or you taking the info from SE.
#37 Sep 02 2009 at 11:49 PM Rating: Decent
Avatar
***
2,045 posts
The idea that makes the most sense currently is that as was said some part of SE servers/website logins has in some way been hacked into or compromised in some way. Not all the hackings explain this, some are obviously trojan ifections probably via the phishing sites or some rogue ads but many just do not make any sense as to how they could be hacked. This applies to console users, heavily protected and savy PC users and people that use a pc just for FFXI and never surf on it being hacked.

If it is a weakness in SE's community website or maybe even the security keychain website then we are pretty much boned, Square have neither the manpower or the will atm to track this down so you better go buy a security keychain asap.

If you think SE are beyond leaving loopholes in their security or creating buggy code you haven't taken much notice of the last 12 months of updates they have been releasing which have been slowly getting worse and worse as more and more manpower has been shifted to FF14.

Edited, Sep 3rd 2009 4:01am by preludes
____________________________
BANNED
#38 Sep 03 2009 at 12:39 AM Rating: Good
*
105 posts
I did tech support using terminal services and have a theory.

What if they are opening a terminal connection on your own pc and simply using information stored in a text file on that pc and are logging you out via another windows session?

To you it might seem like lag as you can't actually see someone opening a terminal session after using MSTSC command.

So this person logs you off from your own computer and gets the password stored in a text file. That's my theory. It would be possible to hack you on your own system.

I'm going to try this from my wifes pc over out network to test it.

Edited, Sep 3rd 2009 4:40am by mightymulatto
#39 Sep 03 2009 at 1:02 AM Rating: Excellent
Scholar
*
70 posts
mightymulatto wrote:
I did tech support using terminal services and have a theory.

What if they are opening a terminal connection on your own pc and simply using information stored in a text file on that pc and are logging you out via another windows session?

To you it might seem like lag as you can't actually see someone opening a terminal session after using MSTSC command.

So this person logs you off from your own computer and gets the password stored in a text file. That's my theory. It would be possible to hack you on your own system.

I'm going to try this from my wifes pc over out network to test it.

Edited, Sep 3rd 2009 4:40am by mightymulatto


I work in IT as well, and with Terminal Services in Windows XP, the PC will go into the "Terminal Locked, press CTRL+ALT+DEL to login" screen when someone connects to it via Terminal Services.

Actually, with all the hacking stories I've read on this and other sites lately do have something in common. It seems to me most if not all of the victims were engaged in an endgame activity such as Sky, Dynamis or Einherjdar when they got hacked. I don't recall anybody saying they were just FoV levelling in an area such as the Highlands getting hacked.

Its as if the hackers know who their targets are and, being in endgame activities, know they will have stuff worth stealing. It just and observation I made.
____________________________
FFXIV: Rocky Modin
Hyun Midlander M
Figaro Server
GLA/ARM/BLK

FFXI: Rockym
Hume M
Odin Server
75RDM/65NIN/59BST
#40 Sep 03 2009 at 1:07 AM Rating: Excellent
Hate to be the bearer of well fairly obvious news, it's time to batten down the hatches people 3day weekend coming up this weekend, and the PoL Service center is closing down for the weekend. Those who are new to this don't know, but long weekends are favorite times for rmt to move mass amounts of hacked accounts and items.

To support my information notice several normal seeming anon lvl 1 players making their ways to Lower Jeuno today, and tomorrow I may have inadvertently escorted one thinking it was a players mule. I appologize to the community I'll never show compassion in game again. Last night at 3am I witnessed several facesmash named lvl 1 players logging at the delivery guys in Lower Jeuno on Kujata. Fake GM tells, and rapidfire advertisements for gil buyer, and seller services have picked up over the past few days including powerlevel services which go hand in hand with hacker activity.

The RMT companies have hit a bonanza, and they are preparing to harvest, don't make it easy for them. Lock it down.

Change passwords (17 characters long caps and lowercase numbers and letters Both passwords.)

Run Antivirus software (good ones include Kapersky(pay), Avast(free), and AVG(free)). Download the Rootkit detector at AVG website also free and run it. It also helps to get a second opinion Firefox recomends Trendmicro's Housecall, an online based antivirus scanner that scans your pc over the internet free.

Don't visit **** sites, we all have our vices, some of us have pc libraries, some forum sites of an explicit nature desperate for ad revenue have figured out how to bypass Firefox's Noscript, and Popup blockers. These sites use Viral advertisements, the situation has been brought up to admins of these sites, they do not care.

Don't use search engines unless you know the source of the website, college kids are serious security hazards this time of year due to course work requiring information from diverse, often bizarre sources. One College kid in a linkshell can take out an entire linkshell easily simply because he picked something up from an information site or from a link in a chat session for online courses.

Plug your security holes and always "Watch your corn hole."
____________________________
Without the Past there is no Future.

80 Thief, 80 Dancer, 80 Bluemage, 78 rng? What happened to no child left behind?
Thief AF3 gimmie gimmie gimmie

[ffxisig]196869[/ffxisig]
#41 Sep 03 2009 at 1:49 AM Rating: Excellent
Scholar
****
6,424 posts
Raelix the Braindead wrote:
chinaman wrote:
i wonder if all the people that got hacked used the ls community site?

This. I've logged in just once to enable a few things for FFXIAH.com and then told that login system to @#%^ off. Nothing like an 'automatic login system' to leave your login info neatly stored and lightly encrypted in a cookie somewhere.


Auto-login doesn't store login info. After you login, an encrypted cookie is generated, and it's this cookie that is used to identify your PC and then tied to your LSC account. Someone else on the same PC might be able to use it to mess up your settings on LSC, but it will not reveal any login info.


____________________________
No PUP, no glory! <Inferno Claws [4563/3520]>

"Puppetmaster was our last best hope for peace. It failed.
Now it's our last best hope.. for victory!"
#42 Sep 03 2009 at 2:39 AM Rating: Excellent
Guru
Avatar
**
635 posts
catwho, pet mage of Jabober wrote:
If, after entering your stuff, your POL crashes, then you've got the virus and need to run a full virus scan, Antimalware scan, Spybot S&D, and AdAware set plus reboot before you touch FFXI on your PC again.


Be careful of how much faith you place in defensive software products. Remember that malware writers have access to the same anti-virus products that we do, and are able to test and adjust their programs against them prior to release, whether to evade detection, or to sabotage installed defenses.

As a result, anti-virus programs tend to be mostly good for catching older stuff and variations of well-known techniques, the kind used by script-kiddies and offered in turnkey trojan kits. Newly authored malware often escapes detection, until it's been analyzed after having been caught by honeypots or forwarded to anti-virus companies.
#43 Sep 03 2009 at 4:06 AM Rating: Excellent
Sage
****
5,431 posts

I was talking to a friend in game about this not long ago, and I realized that I can't tell what I am more upset about... the fact that it is happening at all, or the fact that SE seemingly can't be bothered to invest more time and effort into fixing it than it took to write up the "don't be dumb" warning we get on log-in.

It frustrates me to no end that we put forth all this time and money into a product, and they can't even open up a dialogue with us about these serious problems we are having. This is not just some passive advertising or some in-game dispute, this is a legitimate security concern for everyone involved, and extends well beyond the game.

Frankly, it **** me off that after all this time and these escalating attacks, SE can't even be bothered to attempt to fix some of the more obvious problems, like the trial accounts. Here there are people pretending to be GMs in a blatant and bold attempt to steal from you and they're basically just left to get whack-a-mole'd without ever even trying to cut off the source.
I have encountered and reported a number of these things now, and literally every single time, I have received an automated message about how they take it seriously, and rest assured, there will be results. Hard to believe after the fiftieth time, harder still when they don't even take the information before attempting to appease you.

Even when they do try to do something, it comes off as little more than a "too little too late" PR move that ends up being some massive catch-all that screws up more than it fixes. And they don't even comment on THAT either (hello player bans).

I think we have earned the right to hear a little more about this, and I really wish they would respect the relationship we have with them (we DO pay a pretty good monthly fee, afterall) and just address our **** concerns. I am really tired of basically being shut out and being left to speculate and fend for ourselves all the time.


Edited, Sep 3rd 2009 5:07am by AmanoJ
____________________________
~Phoenix / Figaro~
--
Little angel go away,
come again some other day.
The devil has my ear today,
I'll never hear a word you say.
#44 Sep 03 2009 at 5:11 AM Rating: Excellent
**
822 posts
Quote:

I was talking to a friend in game about this not long ago, and I realized that I can't tell what I am more upset about... the fact that it is happening at all, or the fact that SE seemingly can't be bothered to invest more time and effort into fixing it than it took to write up the "don't be dumb" warning we get on log-in.

It frustrates me to no end that we put forth all this time and money into a product, and they can't even open up a dialogue with us about these serious problems we are having. This is not just some passive advertising or some in-game dispute, this is a legitimate security concern for everyone involved, and extends well beyond the game.

Frankly, it **** me off that after all this time and these escalating attacks, SE can't even be bothered to attempt to fix some of the more obvious problems, like the trial accounts. Here there are people pretending to be GMs in a blatant and bold attempt to steal from you and they're basically just left to get whack-a-mole'd without ever even trying to cut off the source.
I have encountered and reported a number of these things now, and literally every single time, I have received an automated message about how they take it seriously, and rest assured, there will be results. Hard to believe after the fiftieth time, harder still when they don't even take the information before attempting to appease you.

Even when they do try to do something, it comes off as little more than a "too little too late" PR move that ends up being some massive catch-all that screws up more than it fixes. And they don't even comment on THAT either (hello player bans).

I think we have earned the right to hear a little more about this, and I really wish they would respect the relationship we have with them (we DO pay a pretty good monthly fee, afterall) and just address our **** concerns. I am really tired of basically being shut out and being left to speculate and fend for ourselves all the time.


We here at SE thank you for your continued enjoyment of our product. Rest assured that we are doing everything within our power to reduce the security threat, up to and including telling our new intern to put up a warning before players log in. It is our belief that since players must see that warning every time they log on, we are absolved of all blame for this issue. Thank you, and please buy FFXIV.
____________________________
Cletus: 75BST 74RNG
64BLM/32RDM 57DRK/28WAR 55SAM/27WAR
Alchemy 96 Goldsmithing 55 Woodworking 60 Smithing 24 Cooking 32
#45 Sep 03 2009 at 5:44 AM Rating: Excellent
***
1,342 posts
Sancha wrote:
They claim no trojans were on their pc, yet my scans came back negative, but why am I getting a on demand warning saying there is a trojan on my pc?


I bolded the part that caught my attention.

A guy in our IT department told us 2 days ago about some new virus out there that people are getting by the thousands. It gets on your computer by visiting some sites that have been infected and the site automatically redirects some people to a website disigned to look exactly like a window of Windows Vista internet security on your C:. The page that pops up looks exactly like a Vista page and tells you that you have like 7 trojans and thousands of infected files. It then asks you if you want to clean those files. By clicking yes, you are really downloading the virus/trojan/keylogger/whatever.

Our IT department said it is a old tactic used in the late 80's. This one is just re-done to look like our current OS for people who don't know any better.

We are told that the key is looking at the address bar. If you are really in a window on your computer it will look something like C:windows/vista/security/blah/blah. The fake ones made to look like vista while trying to get you to click the "Do you want to clean these files" option will read like a website i.e. www.hackmysystem.com/pleaseclickyes/blahblahblah.

Hope this is helpful to you.

Edited, Sep 3rd 2009 6:54am by spcwill
____________________________
99: Sam, Drg, War, Drk, Nin, Thf, Mnk, Rng, Pup, Blm, Smn, Bst, Dnc, Pld, Sch, Whm, Blu, Cor, Rdm, Brd.
#46 Sep 03 2009 at 6:02 AM Rating: Excellent
Scholar
**
442 posts
Yeah, I'm pretty sure people have gotten something. A SE account server being hacked? With all the people who play end-game and camp kings and etc you will see most linkshells getting hit very very hard because that would be a lot of gil made for the hackers.

It's safe to say an official server wasn't hit, just because someone "only plays" on a console doesn't make them safe, there could be holes in the PSN and live networks and you need a PC to connect to the internet, because you need a network to get online in the first place. Regardless if you don't physically use the PC for much or you may use one of those free 'wi-fi' spots some cities employed, things can travel through the network and if you're on a console, if the hacker is skilled enough he can get inside your console, holes in the respective networks help greatly but they are in no means invulnerable.

It's a shame this is happening, but it seems a lot are giving up on the possibility that it could be something a lot more complex than "oh hi look at me I'm a virus!"

As the poster above says, it's likely an archaic way of infecting your PC just being modified and pushed out again, which probably caught many off guard. Especially younger users who may not be fully educated on things like that, and older users who will panic and click it.

Arucaurd wrote:
The way they got our second in command, who plays on ps2, is when he signed up for the ls community site on a computer. That's the only way to get a ps2 player's account without them giving you the info or you taking the info from SE.


Exactly, something is on the PC that gave over the information.

Edited, Sep 3rd 2009 10:08am by Razaroic

Edited, Sep 3rd 2009 10:17am by Razaroic
#47 Sep 03 2009 at 6:03 AM Rating: Excellent
**
384 posts
Wake up sheeple! Obviously, SE is selling your account info to the RMT companies. After all, the ToS clearly says that you do not own your account...

Smiley: lolSmiley: lolSmiley: lol

In all seriousness, I hope that those affected by these attacks have a swift and speedy recovery; however, knowing SE, I can only fear for the worst.

Smiley: oyvey

____________________________
Drunktexan of Phoenix ~ Mithra

Monsieur MojoVIII wrote:
I campaign like I make love.



Naked and bellowing while swinging my large weapon at ugly things.
#48 Sep 03 2009 at 6:12 AM Rating: Good
**
262 posts
Wait, if you buy gil, why would you be targeted for Hacking by the people you buy from?

That would be like the tobacco industry making products that caused their customers to die.......

Oh wait.....nevermind.....

*Sarcasm Alert* before I get rated down by those with no sense of humor.
#49 Sep 03 2009 at 6:27 AM Rating: Default
Scholar
**
754 posts
Wow Catwho... you actually named the domain after youself?.. just wow...

Edited, Sep 3rd 2009 11:27am by Endtanis
____________________________
Endtanis
http://gbs.guildwork.com
#50 Sep 03 2009 at 7:28 AM Rating: Excellent
**
257 posts
Quote:
chinaman wrote:
i wonder if all the people that got hacked used the ls community site?


this (or FFXI AH) is where I'm leaning towards - it looks like you can brute force passwords there without locking the account like on POL. Plus they seem to be the only common links.
#51 Sep 03 2009 at 7:46 AM Rating: Excellent
Few things:

There has been some talk over on BG that people have talked to GM's who somewhat suggested that the Registration Server was compromised. Still, people are getting hacked regardless of what they play on (PC or PS2/Xbox). A lot of the time, it's pretty obvious as to what happens...usually a person gets a trojan on their PC, the player visits an SEC site that requires their POLID to login, the trojan gets that info and sends it to the hacker and then steals the account for a console user. The token has a bit of a flaw because it is valid for 27 minutes before it expires.

Now for PC users, it's a bit more sophisticated. The user gets the virus/trojan on their PC. When the player logs in, everything is fine, but the trojan is hooked to pol.exe. After some unknown period, the user gets DC'd...when the player opens up POL, they enter in their credentials and token, but then the trojan goes to work and completely blocks POL from communicating with the server and crashes POL. At that time, your information that you entered is sent to the hackers and they steal your account.

One of the theories is that there is some type of information leak between FFXIAH and the LS Community site as FFXIAH pulls information from that site. A lot of people who have been hit have profiles on FFXIAH, however, there are those that don't as well so it is difficult to pinpoint where this is occurring.

Finally, you have people who fall for those phishing schemes from the hackers pretendeing to be GM's. They are told that their account has been flagged for irregular behavior and to go to a website and download some software that does a performance test for FFXI, or to go to the website and enter in their POLID to login and verify their account. The page is setup to look exactly like playonline and the LS community website, but the url's aren't correct. Again, once the player enters in their information on the site, the hacker will have their account no matter what console they play on.

catwho, pet mage of Jabober wrote:

I used my one time item restore to get back 99 O pieces I dropped about a year ago. (Long story.) If I'm hacked and SE won't do a rollback because of that, it's over.


Incorrect, it has been stated that the SECSR's have said as long as you have the token, SE will waive the one time roll back policy. If you don't have the token, you are out of luck and only get one roll back.

Edited, Sep 3rd 2009 8:49am by ImmortalAlchemist
____________________________


Return1 argued with Mellowy and wrote:

Seriously, you won't be @#%^ing happy until SE releases a full sized Bahamut avatar you can @#%^ing ride and use to kill players that annoy you, one shot AV/PW/Shinryuu, and burn the FFXI nations to the @#%^ing ground for fun. All while actually restoring mp used instead of costing any.

« Previous 1 2 3 4
Reply To Thread

Colors Smileys Quote OriginalQuote Checked Help

 

Recent Visitors: 70 All times are in CDT
Nanako, Anonymous Guests (69)