Silkroad Online Forums

I noticed alot of ppl got hacked, I haven't been hacked in 3 years, but if i did i know i would def quit. Just too hard coming back after all that work. But this topic is about prevention, I noticed that Perfect World had a phone option. Why not incorporate this into JM's policy, i mean they already copy and pasted WOW's FAQ so no biggie here.

My idea:

Step 1) Allow all members to set a phone number to their account once. This is permanent so make sure you will have this phone FOREVER!!!

Step 2) Since they back up the server every week, if someone got hacked, they could call in or send a request in that THAT account will be rolled back 1 week and a new automated password would be sent to the phone. The email thing would be resetted as well.

I think this is a much better system to protect users. What do you all think? I know some ppl could take advantage of this to duplicate items, but maybe if there was a charge for this, like 50 dollars or something. I dunno i think SRO needs a backup for its users so that if something happens, the user can regain what they lost but at a earlier time. Maybe if all transactions would be undone. Like to prevent item dup, make it so once reset, all items and gold would go back to previous owner.

+1 to your idea

It isn't needed if you have your account name as your character name, grant name, telling people, etc etc. It isn't needed if you download programs for silkroad.

No one gets 'hacked'. They're stupid and they hand out their user n password and claim they got hacked.

yes, but let's not forget how shitty JM is at maintaining the security of their websites and games. There's already been 2 leaked incidents, who knows how many more are out there. I think it would be alot fairer if there was a backup in case another hole is found. I know some of the older usernames are on a list, my friend's accts are on it and they have to change their password weekly to be safe.

It's impossible to be sure that you have a number for ever. Unless you'll die in a week >.>

Totally agreed.
You take your own responsibility.

What about the Joymax Portal Exploit?
Try say that to them.

Thats quite obviously an exception.

Frankly put, 99% of cases that someone is "hacked" they downloaded some kind of 3rd party software, got themselves a keylog by downloading something unsafe or gave away their info to someone. It's their own fault really.

As far as the idea, i dont like it. Who has the same phone number forever?

Hmm than maybe the phone number may be changed but only by the verified email. ie: the email must be sent from the verified email adress giving the old phone number and asking it be changed to a new one.

Than if someone finds out your email password ( finding out the email is incredibly easy ) they can change the email password, change the number and constantly re roll the account.

Yet another flaw..

woah woah waoh you couldnt be more wrong im so pissed right now after reading what you wrote.

my first account got hacked that was no fault of my own, i had lvl 48,42,30,24 on that account, im not some idiot who gave away his info to anyone not even rl friends NO ONE knew it. i wasnt on for 2 days i go to log on and i my pw was change and the guy used my characters to murder everyone and stole all of my shit, dont say that everyone who gets hacked is cuz of their own fault thats bullshit and i hope u get hacked.



OT: thats a great idea although ppl could easily just scam joymax and give all their shit to another account and say they got hacked and get the same shit back and have 2 of everything

Well which is why i said they would have to send an email verifying with JM what the original phone number is and what the new one should be. Unless it was a irl friend, i doubt anyone could guess the right number.

Like you said, unless its an rl friend. We have countless stories of rl friends hacking someone, a system should be safe for everyone, not just some.

And if someone is really persistent, befriend the person in game, find out their email via forum ( some people use the same forum email for their sro email ), find out their mobile number to text them ( most people will use their mobile numbers ), hack the email ( which isn't hard to do ) and boom.

If a real life friend hacks you, he's not a real friend.

And if you don't tell anyone your password, you can't be hacked.

So, don'' give anyone your password except your real friends.

yes, but if anyone is dumb enough to give all that info out and not notice something is up... well guess they would deserve to be hacked.

hi myns, my names TR_fackmather_TR, i dowload free madrfack bot manss, i payy 10k ok ok.

*Next day.

OMG SCAMMMS MANS SCAMS MYNSNNNNNN FACK MADR HAXX FACK FACK SISTAR MADR IN BAWLS MADRR FFACK U HACKKKK MEEEEEEEEEEEEEEEEE"

"pwlwl and 10k blaz me hack"

(That was a crappy turk impression, but ya get the point)

If no one knew your account name then they could never get to it. Again it's slightly you're fault for that and Joymax's new account system and top of that the person telling everyone. Yes, Joymax should've taken fault, but of course.. lazyness takes place.



(My Chinese character, but I later changed my in game name and gave up on those srf/srt accounts)
I have a silkroad account named after my in game name(Later changed. Accountname=game name=retarded), srf account name, silkroad tavern name, and as everything I used. I still have the account and everything in it. Why? I don't download random stuff or give people my password. The account security system actually saves my account now, because some people realized that the account name has the secret answer in it.

Again.. your fault. You done something that you shouldn't have.

Well, it may be hard to knew which one's your account id, but it's realy easy to check if an id is in use or not. And at the exploit the "hackers" just tried to find out, wich id was already given away and used it on the exploit. And the mass of the exploitusage was the problem. And perhaps there was a lucky hit.

The really "funny" thing with the portal exploit was, that they have announced it wasn't their fault. lolz. 2 days later the announcement was *puff* ... away


But back to topic:
It's nearly impossible to ensure that everybody always keeps one phone number in his sro carreer. And also a combination of phone # and email is unsecure way to check someone for his own account. Too many ways to get in trouble with a Man in the Middle Attack.

but what if the gms decide to prank call you at night.
not worth it

If u don't use bots, hacks, etc is infected u will not be hacked !

Alot of people from SRF bot then they comes and say OMG I was hacked ! bb I quit !

Correct me if I'm wrong !

+1

Toshiharu i take it u never been hacked so shut up on my first account i bought silk for the first time and the next day i couldn't logg in i didn't know what to do the next day when i tried again and logged in i had nothing in my bank and i had 3 characters all lvl30's back then 1 of them was int s/s the other was a int hybrid spear and the last one a str bow and 2 of them were fully farmed cause after my str bow i figured sp farming out and from 3 of put together i had like 50mill and fresh bought silk and the person who hacked bought a shit load of arrows with it .That made me leave sro i was pissed since i liked the game i came back to it.AND I NEVER EVEN TOLD MY COUSIN MY ID AND PASS and i know his


that is not true somone get lucky(sorry for getting irritated i hate when people say that other people given out id's and password

jay0303 an annoying font like this isn't necessary. I've never been "hacked", because I never gave out my info. Get what I'm saying here? You tell no one about it you're save. You don't download programs, you're safe. You don't visit suspicious sites, you're safe. You don't use another computer, you're safe. Ohh if someone does manage to get your username, but you have a dumbass password like the following..

password (omfgz genius)
dragon
<your first name>
<your last name>
<your pets name>
<girl friend's name>

The account is gone, because that's usually the first few tries someone does.

in 90% of the cases, what u said is true, people in these cases are said to be more like *scammed* than *hacked*.

Still tho, i know a few who lost their chars in a weird way.

example : LilIDevil (the s/s int char on Troy)
B4 any shit is said, he's 100% legit (so we can skip the 3rd party software accusations). One day he tries to log in, password is incorrect. Some1 was able to change his password, even tho lilldevil himself didnt know his secret answer.

JM actions towards players gettin hacked (without it being their faults, eg. Portal Exploits (so often)) show total lack of consideration, why should their security systems be any better.
U can 'hack' entire silkroad site after completein a course at this site http://www.hackthissite.org lol

and what make u think he gave it away and i used that cause i dun know how to use quote thingy my bad still i never gave anyone my info only person i know that play is my cousin and i didn't even tell him and wanna know something i got hacked

Oh man Toshiharu, i really really wish your name would be on the leaked Joymax portal flaw account list, then u would not be such a smartass now.

Hmm how about this, i forgot where i found it, but i remember hearing of a item password system. AKA- in order to access ur storage or inventory or equip, a password is required. This would add an extra layer of protection. I think there should be a password for the storage and equiped item so if you want to change an item, enter your simple password. Also, I think GM should add the DC from server and ban for 1 week button using the email verification. If you notice someone is using ur acct, immediatley ask for the ban and change your password. With a simple 4-digit code, the hacker would prob not have enough time to grab all ur storage and equip.

^ if a password was set on storage or anything... this wud also damage the botters since bots proably wont be able to type in a password. Too bad joymax wont be smart enuff to think of that?

Bots can imput captcha, who said they cant imput a simple alphanumeric code?
Also im pretty sure gold bots or player bots would just turn the option to have a password off when botting and turn it back on when they log off ( it would have to be an option as not everyone would want a password ).

If the password on storage is a must, the bots will suffer, specially if the storage pops up a window with digits to click in order as the password, and the window with digits arrange the numbers in randomly order each time you try to access. And regarding being hacked, i recently [last week] got hacked, no, i didnt give anyone my password or any info, and i dont even remember my secret answer to be able to change the password, the password is still the same, i can access my char, but its so empty and messed up. I always thought that people who say they are hacked, they must did something wrong, but now i realised that sometimes its not their fault, they did nothing wrong. Even the pills i had was stolen, and also the quest collecting items are all gone, seems like evreything was sold to npc. I tried contacting joymax to try to reset the password but with no response. The idea of the phone number seems to be nice, but instead of rollback, which its like an advantage which many will use it for that, it would be better to just reset your password and send it to your phone, so you wont get hacked again in the future, hopefully.