cRPG
cRPG => General Discussion => Topic started by: 7000bc on July 02, 2011, 05:47:17 am
-
What does the dev team plan to do about all the recent hackings? Will they give back the lost characters and heirlooms, or will they just say it's a personal problem? Or is chadz slowly deleting all the accounts to wipe for strategus? It would be nice to get an actual dev's say in here. Thanks for your time.
-
Treason against chadz. How dare you off to the chop chop head slicer.
-
Socrates this is supposed to be a serious thread.
-
Socrates this is supposed to be a serious thread.
visitors can't see pics , please register or login
-
it is doubtful that chadz has anything to do with this as the last hacking happened at 5 in the morning over in europe
-
visitors can't see pics , please register or login
God fucking damnit thucy.
-
Those who posted after OP clearly were't hijacked and didn't get all their valuable items stolen. :evil:
I'd like to know devs" position concerning this matter too.
-
Yeah, this situation is getting out of hands, more and more people getting hacked and such. I believe the DEV team is aware of this issue and working on it, at least i hope for that
unless untill its too late :)
Still, i doubt anyone would care for setting up a keylogging stuff for this game or something, so i blame lame passwords :) (i have no idea about where and how passwords are stored and if they are somehow connected to database or not :))
-
Socrates this is supposed to be a serious thread.
visitors can't see pics , please register or login
visitors can't see pics , please register or login
visitors can't see pics , please register or login
But in all seriousness, I would love to know what exactly the plans are :/
I am a bit disturbed by the sheer amount of guys hacking.
-
chadz is working on it and all the time spend at fixing hacked account is not time spend at getting back strategus. I ask for a definive ban from crpg forum and game. Having hackers beheaded will lead to less account hacked.
Most of you probably noticed (some poor lads even first hand) that there was a lot of hacking going on lately. People logged into other players accounts and tried to cause havoc in it. Mostly by selling heirlooms or by resetting chars.
a) Will those chars be restored.
Yes, definately. We will not allow anyone's fun and effort to be ruined by incidents like this. It will probably be a lot of work though, so just hang in there. Every transaction is logged, so it can be verified and restored. We will announce it when we have the tools&admins ready to reestablish the belongings.
b) How does it work.
It is, as far as I can see (the investigation isn't finished yet) related to the unpassed alts. Everyone can log into your account if you have no password set, all he needs is the name. We are currently believing, though not verified, that the reason why it got so easy is the NA stats. All you have to do is search for a player, check for some low level alt and hope for the best. I assume that works really well. This would also explain why it started when the stats were released and why it is mostly NA accounts that got hacked.
c) What are we doing about it.
Right now, we disabled logging into unpassworded alts. So this means you cannot use alts as a password retrieving tool for now. We will be changing the system entirely - when you join a server with a new alt, you will receive a 4 digit password that you can then enter into the website. This should deal with this exploit. However, this requires a website and a cRPG patch, and could take some time. We're trying to deal with this as fast as possible though.
Edit: actually, we changed it a bit. You now have 120 seconds to log into an alt before it gets impossible to login via this alt. Then you'd have to create a new alt and login within 120 seconds again. This should make it impossible for alt-guessers.
We're really sorry about this, and even further sorry that this will delay strategus ;)
But we're working on it, and all will be back to normal.
PS: please make sure your password is secure (not easily guessable). If you think your account got compromised, change your password.
-
Basically NA's fault :P.
-
Le response
http://forum.c-rpg.net/index.php/topic,9500.0.html