View Full Version : THREADS MERGED - I got hacked...
ericdraven
20-11-03, 01:21
will people say who do what Odin describes here. (http://neocron.jafc.de/showthread.php?s=&threadid=82458)
And everyone will searching for the evil "hacker" but actually it was the fault of the hacked person. :p
(no, i am not saying that it justifies what the hacker did, but without being people stupid he would never come so far..)
I dunno why people use things like hotmail, i use my ISP's email, nice normal POP3. Maybe NC should just put a ban on people signing up via free email providers instead.
Originally posted by Lexxuk
I dunno why people use things like hotmail, i use my ISP's email, nice normal POP3. Maybe NC should just put a ban on people signing up via free email providers instead.
We are considering that right now.
you get my "yes" vote odin, added security for yourselves (traceable addresses) added security for your customers.
ericdraven
20-11-03, 01:26
Originally posted by Odin
We are considering that right now.
Good idea! A first step..
Originally posted by Lexxuk
I dunno why people use things like hotmail, i use my ISP's email, nice normal POP3. Maybe NC should just put a ban on people signing up via free email providers instead.
A lot of service providers will not accept yahoo/hotmail as your primary email account for sending invoices passwords etc.
Sorry to hear that Eric, must really piss you off :(
true...
i mean your already given up your other personal details such as home address and so forth... what's the point of using a hotmail account...
if you got an isp you should have a pop account... even if it is your parents...
i only give out my pop3 email if i am paying for something such as nc... or when i ordered nc from the UK...
Shadow Dancer
20-11-03, 01:28
I don't even understand Odin's sticky.
Is he saying that people gain teh trust of other people and then via conversation guess the person's password by getting hints to to "safety" questions of hotmail and stuff?
Isn't that common sense? :p That's like making a sticky saying "beware of liars". :p
All I can say is that 4443 forum accounts are registered to hotmail accounts. If some of those people use the same account for their game email then they are open to abuse. The method for hacking hotmail accounts is well known in the community and this is the best lead we have so far for how the Neocron accounts have been hacked.
This is not idle speculation. We know for a fact that a forum account was attacked in this way just this evening.
N
ericdraven
20-11-03, 01:28
Originally posted by Legoias
Sorry to hear that Eric, must really piss you off :(
Grr... that was sarcasm.. *I* did not get hacked (and never will, lalala :p ) *runs away and hides from all the evil hackers out there* :)
Originally posted by ericdraven
Grr... that was sarcasm.. *I* did not get hacked (and never will, lalala :p ) *runs away and hides from all the evil hackers out there* :)
oh lol!
Sorry i'm reading the forums in a half-assed mannor. Work all day :(
Originally posted by ericdraven
Grr... that was sarcasm.. *I* did not get hacked (and never will, lalala :p ) *runs away and hides from all the evil hackers out there* :)
pfft, we all know your details eric..
Username : root
Passsword : none
:lol: :lol:
well personally that would screw people like me..
sure my isp provides an email address, but i share my connection with like 5 other people, and the email address is used by the person who signed up for our ISP.
i could just ask them if i could use that address for neocron but then were back in the same situation, that person now has my details. (and what if i move house/fall out with that person? id prefer my mail wasnt sent to some1 else, espescially if it contains worldpay details!!!!)
so i have to use a free email addy, either that or id have to start paying for one just for NC.
Hehe I had mine registered under hotmail so I decided to try and change my password. I couldnt even do it. I wasn't even able to get past the State/Zip Code question haha. But I switched it to my work account anyways. :P
Vampire222
20-11-03, 01:33
hotmail sux. end of story......
ericdraven
20-11-03, 01:36
Originally posted by Lexxuk
pfft, we all know your details eric..
Don't publish my details on this forum.. edit your post or i run crying to Nidhogg!!!
:p
Originally posted by JiNxY
well personally that would screw people like me..
sure my isp provides an email address, but i share my connection with like 5 other people, and the email address is used by the person who signed up for our ISP.
There are free POP3 servers out there to recieve emails with, web based solutions which have a "I forgot my password" option, remove any security, whilst pop3 goes straight to your computer.
/edit @ above - NEVAR, we all all know you use root!!! :p
Were any of the SXR who were hacked on hotmail accounts?
[TgR]KILLER
20-11-03, 02:02
i always used and use my hotmail for everything.. but i kinda don't know the secret question myself.. its something like..
whats your pets name.. and the awnser is
35425fgd445g
or something like that lol din't even remember what i typed as question way back.. so kinda hard to h4x it that way =) imo u never gonna need the question.. tho some ppl still use it.. i hacked a e-mail of a friend of me once using that ofcourse i gave it back without looking @ his shit but use wanted to prove that it was a shit system..
Originally posted by [TgR]KILLER
i always used and use my hotmail for everything.. but i kinda don't know the secret question myself.. its something like..
whats your pets name.. and the awnser is
35425fgd445g
or something like that lol din't even remember what i typed as question way back.. so kinda hard to h4x it that way =) imo u never gonna need the question.. tho some ppl still use it.. i hacked a e-mail of a friend of me once using that ofcourse i gave it back without looking @ his shit but use wanted to prove that it was a shit system.. *hacks Killers account*
Killer thats a pretty weird pet name man, I usually just name my pets stuff like Kibbles or Cocoa. You should seriously consider renaming your pet...
Hotmail is a bit crap really -most of my mails are offering me a big knob :eek:
They get hacked now and then and someone gets 1000's of email addiy's and spams the bollocks of em :rolleyes:
old 1337 h4xxor trick of 'social engineering' Gaining a persons trust in order to gain access to or information on the access to a system, is pretty lame, but sadly it works, the point is dont be so naive, do not give out your personal details to people.
If you like say ............ slayer.
Dont have a ghey question like 'whats my favorite band' A: Slayer
things like this.
Yess
Slipknot said it best.
People = Shit.
That’s something I never thought of before... my Hotmail account getting hacked and just using the send-password for Neocron. Time for a new e-mail host!
Try a Budweiser (http://web.synacor.com/login/budweiser) email address
Interesting, if this is indeed the way many of the accounts were hacked, then maybe KK keeps a record of every time they get a request to "Retrieve Lost Password" which they could cross-reference that with the list of hacked accounts.
People use Hotmail for stuff like NC?! Wow....I only use hotmail for crap things that usually involve spam.
People use Hotmail for stuff like NC?! Wow....I only use hotmail for crap things that usually involve spam.
:lol: that's the only reason i use hotmail...signing up for things like betas and stuff...usually adds you to a bunch of mailing lists...
spammapsspammaps
The thing is though, if you get hacked ingame using this hotmail way, then you will not be able to get into hotmail account any more as the password will be overwritten. If you noticed this when your game account was hacked and your hotmail was inaccesible it most likely hapened to you.
ericdraven
20-11-03, 11:08
The sad thing is 99.99% of those so called "hacks" are just something like this... social engineering, crap (free) email boxes and and and...
And in 99.98% of that cases the people do not even realise it.. for example - they hang around in some pub, talking to a stranger and after a few beers they tell him some personal stuff and they exchange the email-addresses. Nothing happened, nothing unusual, everything fine, right?
Two days later their NC account has been hacked.
They run crying to the forum and accuse everyone just not themselves for being hacked.. KK has no security, the servers suck, every hacker can break in, blablabla.
As if any SERIOUS hacker (and i mean none of those 1337 scriptkiddies) would even bother to hack into the NC servers.. uuuh.. yeah, because there are so many valuable informations to gather. :D
Another victory of social engineering over technology.
I'm not surprised, though I am impressed at the dedication fo whoever is doing it.
Considering the kind of information needed I would say it's highly likely it was gained over a voice-chat system (TS, Ventrilo, etc.). It's a lot easier to get that kind of information there than in game-chat which tends to be more terse. This would also explain why the attacks tend to hit the same clans over and over again.
All this said - I'd still like to see KK continue with implementing the other measures they've mentioned recently.
@Rizzy - depends on the system. Some email you the current password.:rolleyes:
this is a bit off topic & stuff, but anyway... what everybody
is talking about are not "hackers", the ppl that do this stuff are
"crackers"... a hacker would get into the system, be happy he
did it and then just leave, a cracker will try to manipulate something....
(reason for post is, 1. bored :) 2. reading manuel castells "internet galaxy")
*puts some inq armor on for fear of flaming* :D
ericdraven
20-11-03, 13:27
True retr0n, my bad. Replace the word "hacker" with "cracker" in my posts.
An hacker actually is a quite "honorable" person.. if i can say so.. yes they DO break into systems but 1) they do not destroy anything 2) they do not harm anyone 3) they publish HOW they broke in which helps software-developers to close security holes.
Again - my apology to all hackers out there.. i was actually talking about crackers in my posts.
I used to fight the whole hacker/cracker distinction but tbh it's a lost cause these days. The ignorants have won that one :mad: :(
They'll win "broadband" too.
The whole world is going to shit and there's no saving it.
Originally posted by ericdraven
As if any SERIOUS hacker (and i mean none of those 1337 scriptkiddies) would even bother to hack into the NC servers.. uuuh.. yeah, because there are so many valuable informations to gather. :D
Maybe, but they do serious damage, they make a sensitive fourteen year old pwning leet kiddy cry :(
Originally posted by jernau
I used to fight the whole hacker/cracker distinction but tbh it's a lost cause these days. The ignorants have won that one :mad: :(
They'll win "broadband" too.
The whole world is going to shit and there's no saving it.
so true, but sad...
If you banned free email accounts, which I believe after skimming through this thread is what you want to do, then dont expect me to be playing Neocron anymore.
the possibility of (accounts) being hacked can never be excluded, ergo the approach to ban email accounts or similar is not the straight way. instead you should finally implement IP-logging on the login server(s) - at least to avoid brute force hax & similar. this would help smashing at least some facts on the waggly table of judgement.
i for myself have been hacked too some time ago. the sad fact that there are no IP-logs on the login server(s) is another reason for me to quit this mess soon. everyone can go and try login/pw combos all day and no one will ever touch anyone?!
ericdraven
20-11-03, 14:57
As if a cracker will use his real-ip and won't sit behind an anonymous proxy while trying a brute-force attack.. sure.
Originally posted by ericdraven
The sad thing is 99.99% of those so called "hacks" are just something like this... social engineering, crap (free) email boxes and and and...
Not all free ones are crap. I used a free email account as a spam trap only one day I found that the spammers seemed to know it was a spam trap and removed me from thier lists. So the email address gets seriously almost 0 unsoliticted spam. What little I do get I can trace back or it is binned.
It was good enough that I bought the commercial version of the mail box (More space no adverts from them). Well worth it.
Thankfully I already use Odins trick in all my password hinters for quite some time.
Powered by vBulletin® Version 4.2.3 Copyright © 2024 vBulletin Solutions, Inc. All rights reserved.