Regarding ID Hack Issue and Passwords

Demarthl · **Joined:** Jan 2006 **Posts:** 2296

Quote:

Regarding ID Hack Issue and Passwords

Date : 1/10/2007
inquiry : 1563

Hello, this is Silkroad Online.

A recent posting that was made regarding the administrator accounts
and passwords has come to our attention. Though the contents of
the posting may not entirely be true, some parts of the claims may be
truth, and we are beginning to investigate the causes and sources of
this matter. A further announcement will be posted when our
investigation is completed.

Even if the claims are true, account passwords are encrypted to
protect user privacy and have little chance of being cracked. However,
we recommend that the following users please change their passwords.

1. If your password is a simple word, phrase, or is easy to guess
2. If you have not changed your password recently

Please change your password now, and we will post further updates
when our investigation has been completed.

We ask for your patience and cooperation in this matter. Posting
further replies or topics takes time away from our administrators
in focusing on this urgent matter.

im seriously restraining myself right now.

Madduck · **Joined:** Feb 2006 **Posts:** 196 **Location:**

I wont.

Stupid F@#$ Tards Joymax !! FFS what the hell are you doing?

So if my account gets hacked are you going to pay me back to $200 I have spent on your GOD DAMNED BS Item mall? No , cos you are a bunch of F#$@#Tards !!

Damn it I hope I can remember that stupid secret question... STupid, just plain stupid........

OMG sorry people, I don't go off tap , but this really P@#$@ me off !!

Silver · **Joined:** May 2006 **Posts:** 924 **Location:**

Madduck wrote:

I wont.

Stupid F@#$ Tards Joymax !! FFS what the hell are you doing?

So if my account gets hacked are you going to pay me back to $200 I have spent on your GOD DAMNED BS Item mall? No , cos you are a bunch of F#$@#Tards !!

Damn it I hope I can remember that stupid secret question... STupid, just plain stupid........

OMG sorry people, I don't go off tap , but this really P@#$@ me off !!

LOL +1

now we all have a reason to hate JM.

Draquish · **Joined:** Mar 2006 **Posts:** 6423 **Location:** ____

Its not their fault.Its the haxers' fault. So when the US got attacked by Japan people in the US started complaining "OMG! WTF US!!!" no. tada

Tun_Teja · **Joined:** Jul 2006 **Posts:** 238 **Location:**

Madduck wrote:

I wont.

Stupid F@#$ Tards Joymax !! FFS what the hell are you doing?

So if my account gets hacked are you going to pay me back to $200 I have spent on your GOD DAMNED BS Item mall? No , cos you are a bunch of F#$@#Tards !!

Damn it I hope I can remember that stupid secret question... STupid, just plain stupid........

OMG sorry people, I don't go off tap , but this really P@#$@ me off !!

hahahahahaha

yeah, sux!

Blurred · **Joined:** Nov 2006 **Posts:** 2894 **Location:**

my pass is my Credit card #... hack me

dp_crazy · **Joined:** Aug 2006 **Posts:** 32

I have been reading all the post on the main forums....and this what I have figured out myself from all the topics. First do not post on the silkroad forums with the account you use to play with. All people have to do is Quote what you post and it shows your ID. I do not know if the hackers need this ID or not. The hackers then use sql injection to get into the username and password data base. I watched a youtube video of a guy checking college websites to see if they were safe against this kind of an attack. He did not need any special tools....all he used was note pad and what ever browser you want. He was into their data base within 4 mins and could look at all the people that go there and all there personal info, including their ss.

I in no way want to try doing this or even attempt this. I am only saying what I know of now.

My post that was deleted. ^^

Im_On_56k · **Joined:** Dec 2005 **Posts:** 288

Quote:

my pass is my Credit card #... hack me

Since the silkroad site is using phpbb, it is using a mysql database. This means that if the site was liable for a mysql injection I would be able to pull your password from the database by only knowing your username or hell even your character name.

It is not hard to do a mysql injection you only have to find a spot on the site that isn't protected from it.

Megalomaniac · **Joined:** Jul 2006 **Posts:** 3132

Silver wrote:

Madduck wrote:

I wont.

Stupid F@#$ Tards Joymax !! FFS what the hell are you doing?

So if my account gets hacked are you going to pay me back to $200 I have spent on your GOD DAMNED BS Item mall? No , cos you are a bunch of F#$@#Tards !!

Damn it I hope I can remember that stupid secret question... STupid, just plain stupid........

OMG sorry people, I don't go off tap , but this really P@#$@ me off !!

LOL +1

now we all have a reason to hate JM.

NOW we have a reason?
Didnt we have like 400 reasons already? XD

lilchris · **Joined:** Jul 2006 **Posts:** 511 **Location:** Miami, FL

and we were finally becoming happy with the bans/updates/events...and they go and screw up bad!

its funny cuz if u do loose ur acct due to w/e happen, they cant do shit to help you since they will blame u for going to a bad site or botting blah blah.

Silver · **Joined:** May 2006 **Posts:** 924 **Location:**

Megalomaniac wrote:

Silver wrote:

Madduck wrote:

I wont.

Stupid F@#$ Tards Joymax !! FFS what the hell are you doing?

So if my account gets hacked are you going to pay me back to $200 I have spent on your GOD DAMNED BS Item mall? No , cos you are a bunch of F#$@#Tards !!

Damn it I hope I can remember that stupid secret question... STupid, just plain stupid........

OMG sorry people, I don't go off tap , but this really P@#$@ me off !!

LOL +1

now we all have a reason to hate JM.

NOW we have a reason?
Didnt we have like 400 reasons already? XD

i dunno, i was referring to the people who .. " :love:

s joymax".

but yes, normal people had 400+. =P

lilchris · **Joined:** Jul 2006 **Posts:** 511 **Location:** Miami, FL

guess im not normal, i dont have nearly 400 reasons

hmm
ccf,bot,spam,late updates,less events,bad service
all that aside, nice game

PlaneWhore · **Joined:** Jul 2006 **Posts:** 157 **Location:**

dp_crazy wrote:

<<edited: this info shouldn't be made public. -SG>>

I would delete that post if i were you. There are people who would use that information unethically.

<<edit: then quoting it and making 2x the work for the mod team isn't smart either, is it? -SG>>

phulshof · **Joined:** Apr 2006 **Posts:** 1137 **Location:**

What can I say? I'm still hoping they'll return my stolen account to me, but I'm really starting to lose faith here. I'm also seriously wondering if I'll continue playing if they don't. Sure, I could probably get back on my feet (if I can find the motivation to spend another 600 hours and $200+ in legal JM silk), but what's the chances of these kind of things happening again? I truly hope JM will realize the seriousness of these problems, and care enough for their customers to return stolen accounts to their owners. Sure, in accordance with their EULA they're not legally obliged to do so, but what possible reason could there be for them to favor an account thief over a (paying) customer? What possible reason could there be for them NOT to help their loyal customers in situations like these?

Megalomaniac · **Joined:** Jul 2006 **Posts:** 3132

phulshof wrote:

Sure, in accordance with their EULA they're not legally obliged to do so, but what possible reason could there be for them to favor an account thief over a (paying) customer? What possible reason could there be for them NOT to help their loyal customers in situations like these?

Stupidity & ignorance :\

1llu51on · **Joined:** Feb 2006 **Posts:** 305 **Location:**

Oh, so now that their admin's acc got hacked, they finally decided to check their security system ? lol @ lateness

mushrooms · **Joined:** Dec 2006 **Posts:** 675 **Location:**

1llu51on wrote:

Oh, so now that their admin's acc got hacked, they finally decided to check their security system ? lol @ lateness

+1

Grimjaw · **Posted:** Wed Jan 10, 2007 10:13 am

Precaution for the win here,but i agree that theire beeing selfish.

Just write you're secret question down somewhere,or tape it on you're forehead,if you don't trust you're head. :wink:

IceCrash · **Posted:** Wed Jan 10, 2007 2:14 pm

holy ..... shit omgzzzz, i really hope they do something about greece!

dp_crazy · **Joined:** Aug 2006 **Posts:** 32

thanks for deleting my post.

Its all on the main forums and any 12 year old kid with a brain can figure it out.

ShaimeBlade · **Joined:** Aug 2006 **Posts:** 51

oh i get hacked at 2 times..

i made all day spyware/virus scanning etc.etc..
i send all log what i have and a letter to joymax...
and the answer is --->

"sorry ... we try to make a better game"
hehe.. >.<

but.. no problem i just only lost ~300$ and also 1 year of my life..

:banghead:

oktaytheazer · **Joined:** Nov 2006 **Posts:** 1123

some things that peps say i agry to some i dont but 1 thing i bet everyone would agry is that Joymax doesnt care about players that much or doesnt care atall.

dp_crazy · **Joined:** Aug 2006 **Posts:** 32

ShaimeBlade wrote:

oh i get hacked at 2 times..

i made all day spyware/virus scanning etc.etc..
i send all log what i have and a letter to joymax...
and the answer is --->

"sorry ... we try to make a better game"
hehe.. >.<

but.. no problem i just only lost ~300$ and also 1 year of my life..

:banghead:

Did you post on the main silkroad forums in like the last week?

ShaimeBlade · **Joined:** Aug 2006 **Posts:** 51

nope. never i just get hacked.. after when i find my sos blade.. >.<

hehe... but i think i never get a answer for my question... "how?"

dp_crazy · **Joined:** Aug 2006 **Posts:** 32

Im_On_56k wrote:

Since the silkroad site is using phpbb, it is using a mysql database. This means that if the site was liable for a mysql injection I would be able to pull your password from the database by only knowing your username or hell even your character name.

And yet my post gets deleted......hmmmm

[SD]Master_Wong · **Posted:** Wed Jan 10, 2007 3:58 pm

dp_crazy wrote:

Im_On_56k wrote:

Since the silkroad site is using phpbb, it is using a mysql database. This means that if the site was liable for a mysql injection I would be able to pull your password from the database by only knowing your username or hell even your character name.

And yet my post gets deleted......hmmmm

stop complaining

he hasnt posted what mods call dangerous

dp_crazy · **Joined:** Aug 2006 **Posts:** 32

every try google or youtube about mysql injection.

Yeah that does not explain how to do it at all......LMAO

ShaimeBlade · **Joined:** Aug 2006 **Posts:** 51

i can show 1 video...
about 3 or 5 min just .. pm me.

zphantom · **Joined:** Jun 2006 **Posts:** 251

dp_crazy wrote:

every try google or youtube about mysql injection.

Yeah that does not explain how to do it at all......LMAO

The more widely known, the more widespread the security?

Is this concerning the admin ID accounts with like #$admin1 #$admin2 #$admin3 from like 6 MONTHS ago?

phulshof · **Joined:** Apr 2006 **Posts:** 1137 **Location:**

Quote:

Even if the claims are true, account passwords are encrypted to
protect user privacy and have little chance of being cracked. However,
we recommend that the following users please change their passwords.

Did these people take a beginner's course in security? If you have a list of encrypted passwords INCLUDING YOUR OWN, and assuming SRO hasn't come up with a new way of encryption, you can probably figure out the encryption method by comparing your unencrypted password with your encrypted password (just run some tests with the different algorithms). After you discover the algorithm, it's just a matter of running a dictionary against the algorithm, and comparing the encrypted dictionary with the encrypted passwords. I'm sure you won't get them all, but I'm also sure you'll get a bunch of them...

Silkroad Online Forums

Regarding ID Hack Issue and Passwords

Who is online