Page 5 of 7
Re: Accounts on vac mode hacked.
Posted: Fri Nov 13, 2009 5:39 pm
by schuesseled
zugam1@gmail.comIf this helps Admin or stop any other traders alledgedy trading with a hacker.
Re: Accounts on vac mode hacked.
Posted: Fri Nov 13, 2009 5:44 pm
by schuesseled
zaphor - 4602
funny that this account is named zaphor, zaphor sold his original account (though it was some time back) so one would assume his second account would have a higher ID, and that his first account would have a different name.
Re: Accounts on vac mode hacked.
Posted: Fri Nov 13, 2009 8:22 pm
by Tekki
Um that account/ID has been zaphor's for years though and I never heard of him selling.
I got confirmation that zaphor got hacked. However the account is back on vacation (forcibly) so I think Admin did something - thank you for that Admin.
Re: Accounts on vac mode hacked.
Posted: Fri Nov 13, 2009 8:36 pm
by CABAL
Dubby_CompGamerGeek2 wrote:I'm glad I came off vacation mode recently.
I think I will check my account on a semi-regular basis even when I am on long-term vacation mode.
here's a suggestion:
the quitting thread should require member login to view.
In fact, I suggest the whole forums should require more secure access.
Has anyone noticed the occasional posting by spambots?
it has happened in the SGW BattleCorp Forums, and I believe it has happened here as well.
5,000 Attack Turns as a Reward for information that puts someone in jail for fraud and hacking.
Lucky I gave away all my resources before quitting, eh?
On the other hand, I would like admin to change his db pass D:
Imo, someone who knows about acc details who have been on vac for a long time must have db access. And I would highly recommend looking in the logs to see if anyone has accessed the db other than anyone who is supposed to access it.
Admin could also go through logs, checking to see any suspicious login attempts which may actually be bruteforcing...
And a query: Does SGW have anything put in place in the login place to block repeated attempts to login?
And a statement: I hope all inputs have been sanitilized with mysql_real_escape_string - not add_slashes! And I hope admin has set inputs to only accept specific data types!
Re: Accounts on vac mode hacked.
Posted: Fri Nov 13, 2009 9:16 pm
by Shinobii
I just remembered to log in again about this. I haven't heard back from admin, nothing has been reset on my account, i'm putting it on another ppt for now.
As for how I was hacked, dunno. To be honest, former password could have been dictionary attacked because it was embarrassingly easy. I haven't visited sgw or the login site for probably a good 6 months or so, so I don't think my password was sniffed. I've changed my pass to something I would use at work, so it should be very secure.
I requested that admin forcibly put my account on vaction mode, but I don't think he will, so oh wells. I'll have to remember to do that sometime this week.
I dunno what the common theme would be. Other than we were all on vacation mode and perhaps we all had 150mil+ accounts or something.
Sounds like it was a major issue though.
Re: Accounts on vac mode hacked.
Posted: Sat Nov 14, 2009 2:43 am
by Caprila
It did indeed sound as if Admin J was making progress in the meet last night.
I think all we can really do from our end, is continue raising awareness & passing on the id's we may find.
Like others have said, I would also be wary of accusing anyone with little/no proof.
Re: Accounts on vac mode hacked.
Posted: Sat Nov 14, 2009 2:49 am
by [BoT] Jason
what we can do is all change our passwords....
http://www.goodpassword.com/or
http://strongpasswordgenerator.com/that way it will have nothing related to you
Re: Accounts on vac mode hacked.
Posted: Sat Nov 14, 2009 3:03 am
by SlimD
I see another account of a mate of mine that has fallen off the black cusp.. it is back on now.. I was never able to contact the owner (sent PMs, which they would have replied to, if they were active.)
I can see that none of the UU was returned (it wasnt a massive amount & perhaps was the UU earned while off PPT-dunno)
Thank you admin, what ever you are doing now.
Re: Accounts on vac mode hacked.
Posted: Sat Nov 14, 2009 6:02 am
by GeneralChaos
It does not make a difference, as until the passwords are encrypted and not stored in plain text on the server, the most secure password is well not secure, this issue was raised before when the server glitched out and shows the user there passwords on the login screen, the bug was fixed but no encryption was in place.
Re: Accounts on vac mode hacked.
Posted: Sat Nov 14, 2009 6:12 am
by Lithium
i see very few possibilities that admin can track the hacker, except any big mistake of him.
if these resources has beeen sold only for $$$ the the one whcih has put his hands on db login have to many backdoors from where he can broker and get cash. the only way to find the one is reporting sells x chash so we check the paypal adress unless he doesnt have "many" (this is where that hacker might fail)
first thing that admin should had done since day 1 would have been to force pass change so the hacker couldnt use many accounts. second to change vaced accounts pass so they are not used aswell.
Re: Accounts on vac mode hacked.
Posted: Sat Nov 14, 2009 6:32 am
by [BoT] Jason
Forum wrote:and on the vacation thing - on that too
I have a feeling I know what it is, and I have put any accounts I thought could have been affected into vacation in the meantime, with new passes ... might take an email to support@ to get them back, but that is safer than doing nothing...I will post more on the 'forgot logon' page and something on main page.
j.
viewtopic.php?f=7&t=110592&start=765
Re: Accounts on vac mode hacked.
Posted: Sat Nov 14, 2009 6:51 am
by Lithium
dude its not day 1
Re: Accounts on vac mode hacked.
Posted: Sat Nov 14, 2009 7:16 am
by Lithium
adding info regarding a forum account hack due trades
viewtopic.php?f=130&t=155262
Re: Accounts on vac mode hacked.
Posted: Sat Nov 14, 2009 7:24 am
by [BoT] Jason
Lithium wrote:dude its not day 1
that was posted a hour ago
Re: Accounts on vac mode hacked.
Posted: Sat Nov 14, 2009 10:13 am
by Caprila
Norbe wrote:LOL. Okay I can see you all being suspisous of Elite here. I can 100% guarentee this is him that posted it and he is not out to scam people. Whilst I applaud you all for pointing out what he has said to you and treating this suspisously, in this case and this alone you need not have. It is legit.
If you need further details PM me either me or Elite.
~Norbe~
Be careful of making accusations with no evidence.. not everyone issue/misunderstanding is due to the hacking.