Joymax needs to close its portal site...

Glavie's Girl · **Joined:** Jun 2007 **Posts:** 1464 **Location:**

If any of you are paying attention to Rev6.com(should I asterick the site out?) it gave an annoucement out today just alittle while ago.

Quote:

Quoted DIRECTLY from Rev6.com

[Silkroad Exploit confirmed]
Yes it's possible to hack with just an Account name. So, there are a group of steps that make possible to change the password of one account with just an Account name. Joymax website is not safe. Is not simple and I will not say how it is. I just know the the bug, I know who find it, but I am not toilet.

carhartt

This morning, I have personaly received an email claiming that the exploit was true. I denied it and claimed he was lying. He requested me to give him an account name, I gave him the account name sexpro the old password was 123456, he changed the password to channel at 11h30AM GMT-5.

Please request Joymax to investigate that account at this time and to figure out how the password was modified if they claim such a thing can't be possible.

I would believe that Joymax will do a rollback on Tibet and probably a few other server depending on where the people are complaining.
Please make sure to ask then to investigate this as soon as possible.

---------------------------
The portal site really should be shut down so no one can change anything, it is seriously bugged. Maybe its time to start looking for a new game, I mean seriously, they tried to make a better login system by making the portal, but its just as buggy as this blasted game. What the hell are the users supposed to do now, wait till the hackers go down the list and get everyone?

Please send bug reports to joymax about thier portal site, its not secure!

soloooo · **Joined:** Nov 2007 **Posts:** 28

yes we know, thanks

i have a feeling that rev6 is in on this

Project-Dragon · **Joined:** Oct 2006 **Posts:** 328 **Location:** Germany

They are not going to rollback all servers for days or even weeks.
If they do this, hundreds of players will complain, quit SRO and chargeback their silk.

soloooo · **Joined:** Nov 2007 **Posts:** 28

Project-Dragon wrote:

They are not going to rollback all servers for days or even weeks.
If they do this, hundreds of players will complain, quit SRO and chargeback their silk.

they arent, because that would be too much work, and we know how good joymax does their work right?

and anyways, i have a feeling that the makers of rev6 is the one who found the exploit. after all, who has more knowledge of the game then those guys?

and i think this message they posted on their site today is just to get everyone's suspicion off them, after all, if what does the hacker gain by telling everyone that the exploit is real?

gamef · **Joined:** Dec 2006 **Posts:** 2290 **Location:** London

Can you tell me how to do this lol i have 2 accounts of mine which have been hacked (lvl 68 and lvl 69) and im unable to change the pw. :banghead:

And no they will not do a rollback main reason being they are too stubborn to admit it was their problem. They will just say its the user fault they got hacked and just say read the 5 precautions to reduce the risk of you being hacked.

Glavie's Girl · **Joined:** Jun 2007 **Posts:** 1464 **Location:**

They have done rollbacks before, they can do it again. What is a couple of days compare to all the months most users have played anyways.

I dont think Rev6 is in on this, but thier site is evolving to include more things so I cant say they arent in on it. Though providing a list of users and thier equipments just screams for someone to get hacked. There has been dozens of threads on Rev6 since its first debut.

gamef · **Joined:** Dec 2006 **Posts:** 2290 **Location:** London

Glavie's Girl wrote:

They have done rollbacks before, they can do it again. What is a couple of days compare to all the months most users have played anyways.

The only rollbacks i remember was when people on Babel duped gold other than that i don't think their has been a rollback due to "user requests". And this so called exploit didnt start a few days ago afaik it all begun when they introduced the joymax portal site which came a month or so ago, not sure exactly when.

So would you want joymax to do a rollback for over a month?

Glavie's Girl · **Joined:** Jun 2007 **Posts:** 1464 **Location:**

the part about rollbacks came from the rev6 site, those arent my words though you guys are putting them in my mouth.

No I dont want a month long rollback, I would prefer no rollback, but we have had a rollback before, there was a memory leak on Aege that forced something like a 24 hour rollback, there was the gold duping thing. Point is Joymax has rolled back before.

I am asking to close the portal till they can fix the site not to really rollback all the servers. Please ask to close the portal site. Stop the hacking in its tracks till this shit is fixed.

gamef · **Joined:** Dec 2006 **Posts:** 2290 **Location:** London

Oh i didn't spot this before, but the reason why this guy changed the pw to the account is because he knew your email. You said you recieved an email so by any chance did you use that email for your sro account. On the joymax site you could change the pw if you knew the id and email and without knowing the secret answer.

Apparantly Joymax has done something and you need the secret answer on the joymax website to change the pw. Can anyone confirm this?

Glavie's Girl · **Joined:** Jun 2007 **Posts:** 1464 **Location:**

OMG READ THE POST!!!!

I will edit it to make it clearer. This is NOT MY ACCOUNT!!!!!!!!!! I quoted it from rev6......>.>

gamef · **Joined:** Dec 2006 **Posts:** 2290 **Location:** London

Glavie's Girl wrote:

OMG READ THE POST!!!!

I will edit it to make it clearer. This is NOT MY ACCOUNT!!!!!!!!!! I quoted it from rev6......>.>

Opps didn't read the first sentence lol. Anywho the exploit is fixed now so no need to worry.

BryaN · **Joined:** Apr 2006 **Posts:** 2264

No it isnt I just tryed nub

gamef · **Joined:** Dec 2006 **Posts:** 2290 **Location:** London

BryaN wrote:

No it isnt I just tryed nub

Wtf are you talking about, no need to go around calling people nub so stfu.

BryaN · **Joined:** Apr 2006 **Posts:** 2264

Ok lol the nub was kinda rude

Anyway the bug still works.

xMoDx · **Joined:** May 2006 **Posts:** 456 **Location:**

soloooo wrote:

they arent, because that would be too much work, and we know how good joymax does their work right?

what do you mean too much work on what?? im confused.. to rollback? if thats what you mean its easy on just 3 second to rollback

first they have to backup the current

Normal Method

Code:

$ mysqldump -hlocalhost -uUSERNME -pPASSWORD -Q --opt --databases DATABASE > backup.sql

Compressed Method ( useful if you have bigger database )

Code:

$ mysqldump -hlocalhost -uUSERNME -pPASSWORD -Q --opt --databases DATABASE > backup.sql.gz

then they will rollback

Code:

mysql -uusername -p database < backup(dateofbackup).sql

unless they are that lazy to encode that on a command terminal

foudre · **Joined:** Jul 2007 **Posts:** 3604 **Location:**

well the portal did change an old exploit i was shown, on how to get into another account, using the email it used to send to change pass, since it no longer emails out,

they just need to learn the wonders of php over javascript, it would be way more secure

even if the link reads /portal.php?user=username&passwoord=hardtoguess

instead of the system they are using,

oh well, hopefully i wont' be hacked, and if i am oh well

though i'm curious to this new exploit, just sad the old one no longer works

mosiac · **Joined:** May 2007 **Posts:** 808 **Location:** ಠ_ಠ

xMoDx wrote:

unless they are that lazy to encode that on a command terminal

nah, they just don't care.

iGod · **Joined:** Oct 2006 **Posts:** 3728 **Location:**

Yeah but they would need to rollback months then... basically rollback to the day they opened the portal ...

Sharp324 · **Joined:** Jan 2007 **Posts:** 4383 **Location:**

soloooo wrote:

Project-Dragon wrote:

They are not going to rollback all servers for days or even weeks.
If they do this, hundreds of players will complain, quit SRO and chargeback their silk.

they arent, because that would be too much work, and we know how good joymax does their work right?

and anyways, i have a feeling that the makers of rev6 is the one who found the exploit. after all, who has more knowledge of the game then those guys?

and i think this message they posted on their site today is just to get everyone's suspicion off them, after all, if what does the hacker gain by telling everyone that the exploit is real?

wow your full of wisdom arent you, if you dont know what your talking about then stfu

Glavie's Girl · **Joined:** Jun 2007 **Posts:** 1464 **Location:**

you guys are zeroing in on the wrong point. The portal has bugs, it needs to be closed so the bugs can be fixed so future hackings wont happen. The exploit is out, people are trying thier hardest to get others accounts, I just want that blasted site closed till the problem is fixed. This has almost nothing to do with ingame roll backs. The portal is what is wrong, though there are dozens of ingame stuff too but this hacking crap has to stop. They only way to do stop the hackings to close the portal while its being looked into for explotation.

PLEASE SEND A BUG REPORT TO CLOSE THE PORTAL SITE.

fethrin · **Joined:** Apr 2007 **Posts:** 378 **Location:**

security question is pointless now on changing your pw now...i lost my other account and i guess i can nvr get it back..close the portal site and put everything on the main site back to how it used to be

NuclearSilo · **Posted:** Tue Nov 27, 2007 7:09 pm

Holy shit!
I just went to joymax portal and made some tests. With only ID and email, I managed to make the site redirect the code to a random email then change the password without accessing to my real email. :shock:

I u dont believe, u could give me your ID and email, that is enough. :love:

BryaN · **Joined:** Apr 2006 **Posts:** 2264

NuclearSilo wrote:

Holy shit!
I just went to joymax portal and made some tests. With only ID and email, I managed to make the site redirect the code to a random email then change the password without accessing to my real email. :shock:

I u dont believe, u could give me your ID and email, that is enough. :love:

Everybody kinda already knows that, yet you have to find a way around email verification... IF ANY1 KNOWS PM me i want my hacked acc back.

fethrin · **Joined:** Apr 2007 **Posts:** 378 **Location:**

BryaN wrote:

IF ANY1 KNOWS PM me i want my hacked acc back.

soloooo · **Joined:** Nov 2007 **Posts:** 28

Sharp324 wrote:

wow your full of wisdom arent you, if you dont know what your talking about then stfu

the_wicked · **Posted:** Tue Nov 27, 2007 8:28 pm

If i haven't registered for email veri, should i?

and is there a way of them to find out your ID as well? o.O

Renton · **Joined:** Jul 2007 **Posts:** 621 **Location:**

the_wicked wrote:

If i haven't registered for email veri, should i?

and is there a way of them to find out your ID as well? o.O

No unless youre stupid enough to tell people.

ArchYourFace · **Joined:** Oct 2007 **Posts:** 638 **Location:**

K im not super clear on this. I used a trash account to test this theory. I don’t understand where the security leak is at exactly. I don’t remember if I used the email verification on this account or not. But just to test it I went and tried to change the password, and it requires secret question knowledge. Is it that it changes AFTER the email verification or what? Someone who knows how to do it pm me, ill give you my trash account name and pass to see if you can do it without anything else.

it has NOTHING on it, just some lvl 1 charicter or something.

Ragnorak · **Joined:** Apr 2007 **Posts:** 1147 **Location:**

Renton wrote:

the_wicked wrote:

If i haven't registered for email veri, should i?

and is there a way of them to find out your ID as well? o.O

No unless youre stupid enough to tell people.

there was an event on MMOSite (20k SP i think) where there winners had to leave there ID o.O :shock:

but not the password....i don't think anyone left there ID though...i never went back to check.

Renton · **Joined:** Jul 2007 **Posts:** 621 **Location:**

^Don't tell him if you know it. We don't need something like this spreading around as it is. It's bad enough hundreds of people know about it.

Silkroad Online Forums

Joymax needs to close its portal site...

Who is online