Silkroad Online Forums

A community forum for the free online game Silkroad Online. Discuss Silkroad Online, read up on guides, and build your character and skills.

Faq Search Members Chat  Register Profile Login

All times are UTC




Post new topic Reply to topic  [ 32 posts ]  Go to page 1, 2  Next
Author Message
 Post subject: For All Those Who Have Been Hacked.
PostPosted: Sun Dec 17, 2006 4:46 am 
Retired Admin
User avatar
Offline

Joined: Jun 2006
Posts: 8237
Location: BF3 waiting for BF4
For All Those Who Have Been Hacked.

Well first of all my deepest sympathies to those who have been hacked, and although fortunately I myself have never been hacked I have had many friends who have been and I understand what they and you are dealing with. So first of all let's list down the 3 most common ways in which you could be hacked.

Brute Force
In cryptanalysis, a brute force attack is a method of defeating a cryptographic scheme by trying a large number of possibilities; for example, exhaustively working through all possible keys in order to decrypt a message, which basically means that a program will try for days even weeks all possible types of passwords until it finally matches one with your Username.
Possible Prevention:
Attempt to change your password as frequently as possible, making sure you always have letter/number combinations to maximize security. Also try to limit the amount of people who know your username, not your online handle. This will also greatly decrease the possibility of Brute Force hacks.

Keylogger
Keylogging is a diagnostic used in software development that captures the user's keystrokes. This system is highly useful for providing a means to obtain passwords or encryption keys and thus bypassing other security measures. These programs can be obtained from downloading illegal software or visiting hacker sites. However when in relation to SRO the most common way that you can obtain a keylogger is by downloading a BOT program or visiting "Gold Selling Sites".
Possible Prevention:
Do regular scans of your computer using multiple anti virus/add ware programs. Never download BOT programs or any illegal programs, and never visit any suspicious sites. However at the moment the best way to protect yourself from keyloggers is. Alternative Keyboard Layouts Most keylogging hardware/software assumes that a person is using the standard QWERTY keyboard layout, by using a layout such as DVORAK captured keystrokes are nonsense unless converted. For additional security custom keyboard layouts can be created using tools like the Microsoft Keyboard Layout Creator.

Direct Hack
Commonly known as "Trade or Party Hack" in SRO, this is when hackers, using some sort of loophole in Joy Max's coding have access to all your account information when you accept a trade or party invitation from them. With those few seconds they can get the information they need to take over your account.
Possible Prevention
Although there is no definite way to prevent this, the best way to protect yourself is to simply never accept any trade invitations or random party invitations, do all your selling through stalls and only get into parties with people who your truly trust. But remember, "Greed can overcome even the noblest of people".

How To Cope After Being Hacked?
Well now that we know the 3 main ways in which you can be hacked, what to do if one of those methods where to ever be used on you? Well first of all let's list down the way not to react after being hacked.

How Not To Cope

Screaming at the GM's demanding retribution
Although this seems to be the most, popular method it simply, in lamens terms, is the stupidest. Let me remind you of something, do you remember this:
Image
Well this simply means that you agreed to the Silk Road User Agreement when you created the account, where it clearly states a definition of what Hacking is according to SRO and that the company "Joy Max" cannot be held responsible for the loss of your account, and that they will not offer services to resolve instances of account theft/hacking. Thus clearly waving your right to oppose the GMs.

How To Cope
Well there are two ways in which you could be left after a hacking. Your character could have been deleted thus leaving you no option but to start a new char. Or your character could have been striped of all its equipments and gold. However still leaving the character intact.
If it is the first option, then the only thing you have left to do is start a new character, or if you cannot be motivated to go through everything again then simply move to a different game.
If it is the second option, then try to change your password and take better care of your account from now on, then you can ask one of your in game friend to lend a helping hand, and continue with your Silk Road adventure.
The choice is yours to make.

Now in all truth we know that hacking is something that completely ruins a game, but in all honesty it is part of life, for all those who play legit, with the soul intention of enjoying themselves there will be those who play with the soul intention of being "the best" even if they do not earn the title themselves because they stole the position.

_________________
Image


Last edited by Key-J on Wed Dec 20, 2006 2:26 pm, edited 1 time in total.

Top
 Profile  
 
 Post subject:
PostPosted: Sun Dec 17, 2006 6:23 am 
Ex-Staff
User avatar
Offline

Joined: Oct 2006
Posts: 3281
Location:
Hercules
Great guide, hopefully this will teach people how best to protect themselves. And hopefully the major number or hackings will decrease also.


Top
 Profile  
 
 Post subject:
PostPosted: Sun Dec 17, 2006 8:39 am 
Active Member
User avatar
Offline

Joined: Jul 2006
Posts: 511
Location: Miami, FL
nice lil guide, i really doubt the party invite,trade thing is a type of hack.
but i guess u never know.

forgot to sticky ur own thread? :D


Top
 Profile  
 
 Post subject:
PostPosted: Sun Dec 17, 2006 9:40 am 
Retired Admin
User avatar
Offline

Joined: Jun 2006
Posts: 8237
Location: BF3 waiting for BF4
Heheh thnx guys, and id only stickie it if others think its worth it, i dont abuse my 1337 m0D poW3rz! lolz

O and however i did forget to add the option where the HaxOr takes the account for themselves...

_________________
Image


Top
 Profile  
 
 Post subject:
PostPosted: Sun Dec 17, 2006 5:31 pm 
Loyal Member
User avatar
Offline

Joined: Oct 2006
Posts: 1818
Location: MA/PA
Thanks, I've been looking around for a topic like this.

_________________
Facebook/Wii addict :(
ITG2 player :)


Top
 Profile  
 
 Post subject:
PostPosted: Sun Dec 17, 2006 7:37 pm 
Elite Member
User avatar
Offline

Joined: Nov 2006
Posts: 5136
Location: Final Fantasy Versus 13.
Excellent,i needed something like this. 8)

But this-->"Greed can overcome even the noblest of people".

That's well said. 8)

_________________
Bmw 6 Series owner. Bleach fan. Music Fan.
Image Reise for Mod.
~ Those who make peaceful revolution impossible will make violent revolution inevitable..


Top
 Profile  
 
 Post subject:
PostPosted: Mon Dec 18, 2006 7:13 am 
Retired Admin
User avatar
Offline

Joined: Jun 2006
Posts: 8237
Location: BF3 waiting for BF4
Its, not really a guide or anything, its just to see if people can stop with all the complaining. I made it for the SRO.net forums, but its nice to see that the more, "better" of us enjoy it to :)

_________________
Image


Top
 Profile  
 
 Post subject:
PostPosted: Tue Dec 19, 2006 4:18 am 
New Member
User avatar
Offline

Joined: Nov 2006
Posts: 41
Location: The Netherlands
stickie plz, solves all the "OMFG I GOT HAXORED" topics

_________________
See the world with Barely_Legal

Lvl 33 pure str glaiver
fire/ice/light/pacheon trees
Server: Oasis


Top
 Profile  
 
 Post subject:
PostPosted: Tue Dec 19, 2006 11:33 am 
Hi, I'm New Here
Offline

Joined: Dec 2006
Posts: 8
Location: USA
stickie pl0x! :banghead: dang hackers!! :banghead:

_________________
*wakes up startled* Who what?! Oh, im sorry... was i supposed to be listening?
Image


Top
 Profile  
 
 Post subject:
PostPosted: Wed Dec 20, 2006 2:24 pm 
Retired Admin
User avatar
Offline

Joined: Jun 2006
Posts: 8237
Location: BF3 waiting for BF4
Well, i cant ignore the users requests :P

_________________
Image


Top
 Profile  
 
 Post subject:
PostPosted: Mon Dec 25, 2006 4:21 pm 
Banned User
Offline

Joined: Mar 2006
Posts: 458
Location:
Venice
i chose coping method #2

_________________
<<banned from SRF for bot admission. -SG>>


Top
 Profile  
 
 Post subject:
PostPosted: Fri Dec 29, 2006 7:23 pm 
Banned User
User avatar
Offline

Joined: Jul 2006
Posts: 4737
Location:
Athens
I got hacked 3 months ago... and it doesn't seem to interest Joymax:
(Customer Service :? Whats That??)
Well I made myself noticable atleast 4 times and they didn't do anything whatsoever concerning:
-Scanning my account, trading uasge etc. :x
-Block my account :x
they didn't even post back after 3 months... :x
But since I expected it to be like this I started a new account right away.
Best thing u can do 8)

_________________
Image


Top
 Profile  
 
 Post subject:
PostPosted: Sat Dec 30, 2006 8:40 am 
Senior Member
User avatar
Offline

Joined: Apr 2006
Posts: 4785
Location:
Venus
hey i had an idea this night lol

if you dont really know what pw to choose, write it in 1337 5P34|< :P

_________________
Image


Top
 Profile  
 
 Post subject:
PostPosted: Mon Jan 01, 2007 8:57 am 
Hi, I'm New Here
Offline

Joined: Jan 2007
Posts: 19
thx needed this!


Top
 Profile  
 
 Post subject:
PostPosted: Fri Jan 12, 2007 5:56 pm 
Hi, I'm New Here
Offline

Joined: Dec 2006
Posts: 17
in all actuality...

the "Direct Hack" category is not correct...

as far as I've experienced, theres no actual way to hack someone's user name or account password. through a window or trade.

In fact its stupid to think that can happen.

It is possible for someone to transfer a key logger on your computer, or something similar (not through SRO, but rather an off-site regarding SRO).

But, no, your password and user name are not sent in packets to someone else's computer. So that option is null.

on a second note..


Most common way people get your account is when you type your user name or password anywhere else other than the SRO client.

For example, if you use the same user name or password on a 'supposed' SRO forums. And the master of these fake forums can login using that...

that's one way.

Another way... is by typing it into a form which is in-turn sent to an address or logged down on some sort of text pad...

Right now i have 4 pages of (around 250) accounts that have either been cleaned out ("you call it hacked" i call it "stupid people" and may i add in my defense, they were not touched or cleaned out by myself or anyone i know.), or were lucky enough to not yet be cleaned out but very possibly COULD be at any point in time, laying next to my monitor.

How?

Because people are foolish... yes. MANY PEOPLE. and not just new accounts... some of these accounts have high level chars (50-65), or up to 12 chars, on 4-5 different servers.

Here's your biggest advice, from someone who has seen through every scam and 'hack' throw at him on this game thus far (still yet to see it all)...

DO NOT TYPE YOUR USER NAME OR PASSWORD FOR SRO ON ANY SITE OTHER THAN SilkRoadOnline.net OR In your SilkRoad Client when LOGGING IN.

Let me be clear.

If you make an account, anywhere else, you use a different user/pass OR ATLEAST a different pass.

Make your password something other than

123456
qwert (or any other sequential keys on a keyboard)
password
god123
sex123
love123
pass123

...

and number one reason people lose their belongings.

Giving their password and user name out to someone impersonating a GM, or offering a service (Such as "Silk for gold", hacking items for your account for you, or similar.)

if you want silk. make a Farking pay-pal account. or get a Credit Card.

There's your biggest advice...

now i better not see any more account user names or password on this list... otherwise i'm going to make another post...

STOP BEING STUPID. -End.

_________________
Jan 12th, A day that will live in infamy (LOL)
Image
Image
Image


Top
 Profile  
 
 Post subject:
PostPosted: Fri Jan 12, 2007 6:00 pm 
Hi, I'm New Here
Offline

Joined: Dec 2006
Posts: 17
p.s.

i've tried contacting people who are on the list to let them know their account info is available for anyone's viewing pleasure... but uh...

all i get is a "**** you!"...

so in light of that **** you, i say "okay, i hope you enjoy getting looted :roll: "

_________________
Jan 12th, A day that will live in infamy (LOL)
Image
Image
Image


Top
 Profile  
 
 Post subject: Re: For All Those Who Have Been Hacked.
PostPosted: Tue Jan 16, 2007 2:57 pm 
Frequent Member
User avatar
Offline

Joined: Apr 2006
Posts: 1137
Location:
Troy
Key-J wrote:
So first of all let's list down the 3 most common ways in which you could be hacked.


There is a 4th way: you combine people's RL information with the weakness of SROs account setup at their website:
1. Using name and email address, you can get the first 4 letters of the accountname. Most accountnames can be easily guessed from those 4 letters.
2. Using accountname and email address, you can request the secret question. A good Google action later you should be able to enter a new password, since JM allows password changes without knowing the current password and without having access to the registered email address.

Key-J wrote:
Screaming at the GM's demanding retribution
Well this simply means that you agreed to the Silk Road User Agreement when you created the account, where it clearly states a definition of what Hacking is according to SRO and that the company "Joy Max" cannot be held responsible for the loss of your account, and that they will not offer services to resolve instances of account theft/hacking. Thus clearly waving your right to oppose the GMs.


This is simply a legal protection so they cannot be held legally responsible for your loss. Aside from the reasoning used in that article are sometimes flawed (users get hacked despite following all rules and guidelines set forth by JM), this is NO reason for JoyMax NOT to do anything. There is NO reason for JoyMax not to reinstate a stolen account back to the owner. By not helping out their users, they basically reward the hacker for their illegal actions by letting them keep a stolen account. Just because they don't legally HAVE to help you is NO reason for them NOT to help their loyal (and often paying) customers in favor of a hacker/thief.

_________________
[88] Vivace
Pure INT Bard/Cleric, Bard 88, Cleric 88

[83] Pinokkio
Pure INT Force Nuker, Force 83, Cold 83, Lightning 83, Fire 60

[81] Sybian
Pure INT KD Nuker, Bicheon 81, Cold 81, Lightning 81, Fire 60


Top
 Profile  
 
 Post subject: Re: For All Those Who Have Been Hacked.
PostPosted: Wed Jan 17, 2007 10:39 am 
Frequent Member
User avatar
Offline

Joined: Apr 2006
Posts: 1137
Location:
Troy
phulshof wrote:
Key-J wrote:
So first of all let's list down the 3 most common ways in which you could be hacked.


There is a 4th way: you combine people's RL information with the weakness of SROs account setup at their website:
1. Using name and email address, you can get the first 4 letters of the accountname. Most accountnames can be easily guessed from those 4 letters.
2. Using accountname and email address, you can request the secret question. A good Google action later you should be able to enter a new password, since JM allows password changes without knowing the current password and without having access to the registered email address.


I just reread the different policy documents on the site. As I mentioned above: using your real name and address cause a vulnerability in your account. Yet what do I read in the policy? You are REQUIRED to use real information there! Strange how by following the rules set forth by JM you endanger your account if you're a tad more known online than the average Joe.

_________________
[88] Vivace
Pure INT Bard/Cleric, Bard 88, Cleric 88

[83] Pinokkio
Pure INT Force Nuker, Force 83, Cold 83, Lightning 83, Fire 60

[81] Sybian
Pure INT KD Nuker, Bicheon 81, Cold 81, Lightning 81, Fire 60


Top
 Profile  
 
 Post subject:
PostPosted: Tue Feb 13, 2007 11:34 pm 
New Member
Offline

Joined: Feb 2007
Posts: 33
Just a little tip, if you suspect that you may have a keylogger on your computer, type all your password with the on-screen keyboard. To open up the on-screen keyboard go Start > All Programs > Accessories > Accessibility > On-Screen Keyboard. Make sure to get rid of the keylogger though, because your password will never be safe from a keylogger for too long.


Top
 Profile  
 
 Post subject:
PostPosted: Wed Feb 14, 2007 3:20 am 
Frequent Member
User avatar
Offline

Joined: Oct 2006
Posts: 1116
Location:
Athens
nice guide.. :D


:love: Happy Valentines Day to All :love:

_________________
Image
Happiness is Just a word to me..
Image
http://shadowsdie.deviantart.com/


Top
 Profile  
 
 Post subject:
PostPosted: Thu Feb 15, 2007 6:00 am 
Common Member
User avatar
Offline

Joined: Mar 2006
Posts: 113
Location: Fembria
Just to let you know, the Trade Party hack is a hoax, designed to keep the ignorant fearful and ignorant. I looked into this myself, and here is the report on my findings:
http://warriornation.net/Forum/showpost.php?p=1315617319&postcount=3

For what its worth, I have over 10 years of programming experience (thus the nick 'theCoder'), including network programming and security. I do not consider myself an authority in network security per se, but I know the landscape.


Top
 Profile  
 
 Post subject:
PostPosted: Thu Mar 22, 2007 5:21 pm 
Hi, I'm New Here
Offline

Joined: Mar 2007
Posts: 1
Ok mate, not to be a negative person, but only half you guide is correct, the only half that is correct is to not get mad about getting hacked. i will tell you the only ways you can get hacked though.

:!: 1. Bruce Force will not work to hack a silkroad account, as you only get 3 attempts at entering your password before an automatic server disconnection. Since brute force is only a password guessing program you can not have Brute Force reopen SRO and start where it left off and keep doing that over and over. Brut force is not an option to hack.

:!: 2. Keylogger is a way, but only because someone breaks the trade agreement and downloads a game add on to SRO (Examples: Bots, hacks, cheats, etc.) So if you get keylogged you deserve to be hacked becuase you are breaking the trade agreements and downloading game add ons.

:?: 3. The last one you stated is something you totally made up. There is no way someone could steal your password by a party. because the only way they could do this is with all the right access codes, Employee Id codes, and/or the password entered into the SRO server mainframe in Korea, they can not confuse any codes in any way to steal your password.
Please do not make up things like this. :banghead:

:!: 4. You can get hacked by telling someone you trust your password and they feel that the game is more important than their own friendship with you so they hack you, in this case its your fault so dont go getting mad at anyone.

:banghead: 5. Probably about 1% of the 99% of the people that claim they have been hacked have actually been hacked. That other 99% just say they have been hacked to either get free stuff or gold.

I totally agree with your guide not to get mad at anyone but yourself for being hacked, every possible way of being hacked turns out to be your own fault in the end. there is nobody to blame but yourself

Also theCoder you are right, i have had 3 years of experience in Mainframe and Cisco Networking and dedicated server hosting, running, supporting, and authorizing, to know that there is no way to do anything of this nature.

AGAIN, DO NOT MAKE THIS STUPID STUFF UP


Top
 Profile  
 
 Post subject:
PostPosted: Wed Mar 28, 2007 11:11 am 
New Member
User avatar
Offline

Joined: Mar 2007
Posts: 29
Location: United States
lol i am scare to get hacked so i dont accept pt or trade with someone i dont know, i never talk private chat with anyone i dont know xd

_________________
IGN: Heartles
lvl: 16 full str archer
status: sp farming (lvl 16sos bow)

Image


Top
 Profile  
 
 Post subject:
PostPosted: Mon Apr 02, 2007 4:38 pm 
New Member
User avatar
Offline

Joined: Mar 2007
Posts: 33
Location: Québec
v3rG1L wrote:
lol i am scare to get hacked so i dont accept pt or trade with someone i dont know, i never talk private chat with anyone i dont know xd


oohhh so you're one of those bastards not accepting party invites ah! Always pisses me off so bad .. i'm like "WTF it gives more exp who the hell don,t want more exp.."


Top
 Profile  
 
 Post subject:
PostPosted: Tue Apr 03, 2007 8:52 am 
Hi, I'm New Here
User avatar
Offline

Joined: Apr 2007
Posts: 7
Location: PASVALYS
wow! this is cool :wink:

_________________
Want To Drink beeeer ^^


Top
 Profile  
 
 Post subject:
PostPosted: Tue Apr 10, 2007 10:45 am 
Common Member
User avatar
Offline

Joined: Mar 2007
Posts: 174
Location:
Alexander
Well who the hell doesn't want...people scared off by imainary loopholes...

There is NO way you can get hacked by accepting a random party/ trade...
Random parties are issued usually by bots...and trades by noobs who really think that you at lvl 45 could use his lvl 1 sos blade or you are generous enough to give him 5k for no reason...

So it's not a security bug...and bruteforcing has been minimized since the image verification...

So the only thing you should fear(if not botting or client hacking) is yourself...hackers mostly rely on your stupidity(or lazyness) to get on to you...i mean you are a noob, you dunno bout the fact selling silk is illegal(let's face it, GM notices about silk selling are a myth)...but it's common sense that would prevent anybody to give his acc/pass to a stranger....comeon, nobody is good enough to give 5$ for free.

So, instead of fearing some bug in the code, Fear YOURSELF :)


Top
 Profile  
 
 Post subject:
PostPosted: Fri May 25, 2007 8:47 pm 
Banned User
Offline

Joined: May 2007
Posts: 998
Location:
Uranus
skandal wrote:
Well who the hell doesn't want...people scared off by imainary loopholes...

There is NO way you can get hacked by accepting a random party/ trade...
Random parties are issued usually by bots...and trades by noobs who really think that you at lvl 45 could use his lvl 1 sos blade or you are generous enough to give him 5k for no reason...

So it's not a security bug...and bruteforcing has been minimized since the image verification...

So the only thing you should fear(if not botting or client hacking) is yourself...hackers mostly rely on your stupidity(or lazyness) to get on to you...i mean you are a noob, you dunno bout the fact selling silk is illegal(let's face it, GM notices about silk selling are a myth)...but it's common sense that would prevent anybody to give his acc/pass to a stranger....comeon, nobody is good enough to give 5$ for free.

So, instead of fearing some bug in the code, Fear YOURSELF :)


There are loopholes in the party system. I had an experience a while ago where I reapetedly got a party req from a random person. When I finally accepted it my whole comp locked up and my comp went unresponsive and started to beep over and over. the all of a sudden it all stopped but my comp was very very sluggish. I rebooted and reformatted my hd because I didn't know what had happened.

Some idiots say it was an overheat that by pure coincidence happened right when I accepted the party....but it hadn't happened before that and hasn't happened since.


Top
 Profile  
 
 Post subject:
PostPosted: Sat Sep 08, 2007 6:30 pm 
Regular Member
User avatar
Offline

Joined: Apr 2007
Posts: 239
Location:
Rome
Got hacked :banghead:


Top
 Profile  
 
 Post subject:
PostPosted: Sat Sep 08, 2007 7:28 pm 
New Member
Offline

Joined: Sep 2007
Posts: 27
Location:
Uranus
wthell? they can hack you if you accept trade/party request?!

thats dumb -_- i started playing 4 days ago and everytime someone invites me town i accept and see whats happening... grrr shuda found this earlier =/

and if i MIGHT have keylogger i just have to scan everything right?

never downloaded anything related to Silkroad other than the client so i doubt i ll have keyloggers :P


Top
 Profile  
 
 Post subject:
PostPosted: Tue Sep 11, 2007 12:24 pm 
Hi, I'm New Here
Offline

Joined: Sep 2007
Posts: 2
Location: USA
bennedro wrote:
wthell? they can hack you if you accept trade/party request?!

thats dumb -_- i started playing 4 days ago and everytime someone invites me town i accept and see whats happening... grrr shuda found this earlier =/

and if i MIGHT have keylogger i just have to scan everything right?

never downloaded anything related to Silkroad other than the client so i doubt i ll have keyloggers :P


I started playing this game not long ago either but I can guarantee that the OP made up the "Direct Hack" nonsense. Theres no possible way to find someone's account name or password via opening a trade or joining a party.

The most common way of people being hacked in mmorpgs is by people being unsecured, however you can't ever be fully secure on your PC, it just isn't possible. The #1 "hacking" method used now is keylogging, you visit a website and it contains a keylogger, they get your information.

The biggest way to prevent that is using Firefox, but also not being stupid and clicking a link to a website you don't know. While Firefox is more secure than Internet Explorer, it's not 100% safe from exploits, but it's a lot safer by far. Scanning your computer helps too :P.


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 32 posts ]  Go to page 1, 2  Next

All times are UTC


Who is online

Users browsing this forum: No registered users and 3 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group