EQ2 Forum Archive @ EQ2Wire

 

Go Back   EQ2 Forum Archive @ EQ2Wire > EverQuest II > General EverQuest II Discussion > General Gameplay Discussion
Members List Search Mark Forums Read

Notices

Reply
 
Thread Tools
Old 12-12-2008, 04:44 AM   #1
Sheira

Loremaster
 
Join Date: Nov 2004
Posts: 74
Default

My husbands account was just hacked. We watched (from my toon) his characters being logged in and stripped. We are now standing in QH watching the "hacker' doing the same thing to other toons. He is on his 4th toon right now.

We have petitioned, sent PM's to mods and devs, and taking screenies, not sure what else we should do.

Sheira is offline   Reply With Quote
Old 12-12-2008, 09:57 AM   #2
corndog2451

Loremaster
corndog2451's Avatar
 
Join Date: Oct 2006
Posts: 60
Default

dont go to those plat sites n such that enabbled his info to be stolen

corndog2451 is offline   Reply With Quote
Old 12-12-2008, 10:09 AM   #3
Shareana

Lead Volunteer Moderator
Shareana's Avatar
 
Join Date: Jun 2008
Posts: 3,921
Default

I would suggest contacting SOE directly.  I am getting this info from a post in the support forums...  listed here.

Good luck!

__________________
|| Forum Guidelines || Knowledge Base || Tech Support ||






Shareana is offline   Reply With Quote
Old 12-12-2008, 10:16 AM   #4
Vulkan_NTooki

Loremaster
Vulkan_NTooki's Avatar
 
Join Date: Nov 2004
Posts: 644
Default

[email protected] wrote:

dont go to those plat sites n such that enabbled his info to be stolen

There are other ways the "hackers" can gain account info.. you'll have to be naiv being tricked, but being naiv isnt against the eula iirc.

__________________
Vulkan_NTooki is offline   Reply With Quote
Old 12-12-2008, 12:53 PM   #5
Yimway

Loremaster
Yimway's Avatar
 
Join Date: Apr 2005
Posts: 9,707
Default

Vulkan_NTooki wrote:

[email protected] wrote:

dont go to those plat sites n such that enabbled his info to be stolen

There are other ways the "hackers" can gain account info.. you'll have to be naiv being tricked, but being naiv isnt against the eula iirc.

Both statements here are not entirely fair.  There have been security exploits that non-secured machines visiting guildportal.com and other community sites and have managed to get keyloggers installed on peoples machines.  To suggest you have to go someplace nefarious or be overly naive to get infected with a keylogger isn't an entirely fair statement.

But, yes, chances are their pc's are compromised with one of the many, many keloggers floating around.

__________________
Yimway is offline   Reply With Quote
Old 12-12-2008, 01:23 PM   #6
Sheira

Loremaster
 
Join Date: Nov 2004
Posts: 74
Default

First of all, we don't go to plat sites, thank you for trying though. And we don't go to guild portal, we do go to "that other site", and yesterday used Alla's. (not blaming anyone, a friend checked there for key loggers and it came up clean). So it's hard to say what has happened.

We stood in QH until around 2am and watched this happen over and over to other people. It was disguisting and pathetic, and it was even worse knowing it was happening and we could do nothing to prevent it.

I don't expect every GM to be up at 2am in the morning waiting for something like this to happen. But I would of thought there was some sort of something in place to help customers who are litterally sitting there watching their account being hacked.

Earlier in the evening, we were raiding and my husband kept going link dead, which is very unusal for us, reality is that hardly ever happens. Now we think we know why, and had we known at the time what was about to occur, maybe we could of prevented it from happening.

Nothing like this has ever happened to us before. Ten years we have been playing MMO's and you always hear it happened to someone else, you wonder why they gave out their info, etc etc. Then it happens to you, and you know you didn't give out your pw (hell I didn't even know his info and I'm his wife), you don't buy plat, you don't do anything against policy, you do everything you can to prevent stuff like this, and it happens anyway.

I PM'd several devs and mods who were on the forums last night, hoping someone could pass the word and at least stop it from happening. Like I said, the guy seemed to stop at 2am, or he moved to another zone realiing we were watching him, or maybe someone got my message and prevented it from going any further.

At any rate, it seems like a hurry up and wait situation, hopefully he gets his stuff back, and the "hacker" is caught.

Sheira is offline   Reply With Quote
Old 12-12-2008, 01:35 PM   #7
Yimway

Loremaster
Yimway's Avatar
 
Join Date: Apr 2005
Posts: 9,707
Default

[email protected] wrote:

I PM'd several devs and mods who were on the forums last night, hoping someone could pass the word and at least stop it from happening. Like I said, the guy seemed to stop at 2am, or he moved to another zone realiing we were watching him, or maybe someone got my message and prevented it from going any further.

Chances are he moved on to another server / set of accounts.

Keyloggers are very difficult to catch once they are installed.  In fact, most aren't even found by popular antivirus software.  The only way to combat them is to secure your system sufficiently to prevent them from being installed.

In practice, it's typically a team of russian hackers getting the webhosts infected with keylogger payloads. Those payloads send user/pass/application payloads back to them.  The russian hacker guys compile it all together then sell different passwords to different buyers.  Chinese based plat farmers purchase username/password blocks from the russian hackers in bulk then have thier sweat shop guys log in and strip them out.  The chinese farmer group probably paid 50 cents to $3  for your account information.  Makes you feel cheap doesn't it? =/

Be absolutely certain your machine is not infected with a keylogger, or likely this will happen to you again in a few months as the process repeats.

__________________
Yimway is offline   Reply With Quote
Old 12-12-2008, 01:50 PM   #8
Rijacki

Tester
Rijacki's Avatar
 
Join Date: Nov 2004
Posts: 7,842
Default

[email protected] wrote:

Vulkan_NTooki wrote:

[email protected] wrote:

dont go to those plat sites n such that enabbled his info to be stolen

There are other ways the "hackers" can gain account info.. you'll have to be naiv being tricked, but being naiv isnt against the eula iirc.

Both statements here are not entirely fair.  There have been security exploits that non-secured machines visiting guildportal.com and other community sites and have managed to get keyloggers installed on peoples machines.  To suggest you have to go someplace nefarious or be overly naive to get infected with a keylogger isn't an entirely fair statement.

But, yes, chances are their pc's are compromised with one of the many, many keloggers floating around.

You don't even have to go to game-related sites. There has been news reports in the past of completely non-MMOG sites (like ESPN's website) getting hacked with a keylogger.  Those types of hackers really don't care what information they glean 'cause they'll sell it off to someone else who does want it.

Never use your EQ2 password for ANY site other than the SOE boards (where it's the same, sadly, as your game password).

Practice good password setting: include upper,, numbers, and any special characters the site will allow (the stuff you have to press shift and a number for). Have at least 2 of the different elements in addition to lower case letters (example: 87_Thwer is better than thwer). Legible words or names (i.e. George_27) aren't as good as mixing the letters and numbers together (i.e. Ge_o2rge7). Simple substitution (i.e. L33t) isn't as effective if it still makes an easy to discern word.

Reset your password often!

The hard part about good passwords practices is that you have to have a good memory, too SMILEY  There are a couple sites I have to request my password to be changed on a couple sites I don't go to frequently 'cause I forget what I set them too. It's VERY easy to get into bad habits, too; like not resetting your password often, changing it in a predictable way (i.e. petname_08 followed by petname_09, etc).

__________________
Rijacki is offline   Reply With Quote
Old 12-12-2008, 01:53 PM   #9
wolfIII

Loremaster
 
Join Date: Mar 2005
Posts: 90
Default

Over the past few weeks I have been getting e-mails from plat selling scum.  I have NEVER visited a sight like this before and I don't register at any gameing sights except SOE, EQ2Flames and Guild portal.  I only play SOE games

My guess is that someone is selling email info to these slime.  If you even open this email they can access your computer.

wolfIII is offline   Reply With Quote
Old 12-12-2008, 02:00 PM   #10
Yimway

Loremaster
Yimway's Avatar
 
Join Date: Apr 2005
Posts: 9,707
Default

wolfIII wrote:

Over the past few weeks I have been getting e-mails from plat selling scum.  I have NEVER visited a sight like this before and I don't register at any gameing sights except SOE, EQ2Flames and Guild portal.  I only play SOE games

My guess is that someone is selling email info to these slime.  If you even open this email they can access your computer.

If I had to pick between those there, I'm afraid I would point the finger at flames.  LFG has stated he's never 'cashed in' on the site, and that once his relationship with soe / eq2 was over he would consider doing such things.  I'd certainly review the privacy policy at flames to that end.  I know the one at SoE and GuildPortal specificaly prevent it.

Ultimately, having a well secured and patched system is the only real defense against these things, and I have to remind everyone that that means more than windows updates, firefox updates, etc.  You must update every piece of internet enabled technology.  Some of the more effective vulnerabilities used right now attack deficiences in Real Audio, Itunes, Media Player, and other more tertiary applications that you might have installed once 18 months ago and forgot about.

__________________
Yimway is offline   Reply With Quote
Old 12-12-2008, 02:13 PM   #11
Aintdeadyet
Server: Butcherblock

Loremaster
 
Join Date: Jan 2008
Posts: 76
Default

Just a quick post back on a link that details how to get your account back. Good luck with yours http://help.station.sony.com/cgi-bi...li=&p_topview=1
Aintdeadyet is offline   Reply With Quote
Old 12-12-2008, 02:24 PM   #12
Full_Metal_Mage

Loremaster
Full_Metal_Mage's Avatar
 
Join Date: Jan 2005
Posts: 322
Default

I recommend using a virtual keyboard, since mouse clicks can't be logged. I use the virtual keyboard included in the Kaspersky AV software.

Full_Metal_Mage is offline   Reply With Quote
Old 12-12-2008, 02:32 PM   #13
Sheira

Loremaster
 
Join Date: Nov 2004
Posts: 74
Default

Appreciate all the responses with helpful information.

His petition is now at "Waiting for GM" and I have every faith that Sony will make things right.

I guess my biggest dissapointment with all of this, is like I said, sitting in QH watching and knowing this was happening to others and not being able to do a darn thing about it.

Apparently, he DID go to Guild Portal (yesterday as a matter of fact) and was looking at information on a mob. So..most likely that is the culprate. I'm assuming that, with all I have been hearing from friends about the recent issue with them.

Keyloggers, how to prevent them? My computer seems clean, a friend told me to use an Anti-Malware he recomended, and I ran my anti-virus, ad-aware stuff, etc. Anything else I should be doing on a regular basis? Or another program I can use to keep this from happening in the future? Any tips or hints (other than don't go to prat site snarky comments SMILEY ) you can share would be greatly appreciated. You think you have your system protected, and then bang! Blech, what a pita.

Thanks all. SMILEY

Sheira is offline   Reply With Quote
Old 12-12-2008, 02:34 PM   #14
Mins

Loremaster
 
Join Date: Dec 2004
Posts: 108
Default

Full_Metal_Mage wrote:

I recommend using a virtual keyboard, since mouse clicks can't be logged. I use the virtual keyboard included in the Kaspersky AV software.

It is just harder to log mouse clicks as you have to know what is being click on, but it is not imposible.

Mins

Mins is offline   Reply With Quote
Old 12-12-2008, 02:38 PM   #15
Full_Metal_Mage

Loremaster
Full_Metal_Mage's Avatar
 
Join Date: Jan 2005
Posts: 322
Default

Mins wrote:

Full_Metal_Mage wrote:

I recommend using a virtual keyboard, since mouse clicks can't be logged. I use the virtual keyboard included in the Kaspersky AV software.

It is just harder to log mouse clicks as you have to know what is being click on, but it is not imposible.

Mins

Keyloggers record data coming from the keyboard (hence the name). I challenge you to successfully crack a virtual keyboard.

Full_Metal_Mage is offline   Reply With Quote
Old 12-12-2008, 02:42 PM   #16
Mins

Loremaster
 
Join Date: Dec 2004
Posts: 108
Default

[email protected] wrote:

Keyloggers, how to prevent them? My computer seems clean, a friend told me to use an Anti-Malware he recomended, and I ran my anti-virus, ad-aware stuff, etc. Anything else I should be doing on a regular basis? Or another program I can use to keep this from happening in the future?

If you use IE, get firefox. Its more secure than IE. Also becareful what you browse when in the game, that browser is old firefox and likely hasn't been patched since it was put in, so it could be unsecure.

Keep your anti-virus definations uptodate. Avg and Avast have a nice free home versions - if needed.

There unfortunally is no program to keep it from happing, you just have to becareful. Watch for the signs, for example if you visit a site and they ask you to download and install a "codex" to watch a game video - it is likely a trojan. Things like that.

Also keep your OS updated with security updates.

Hope that helps,

Mins

Mins is offline   Reply With Quote
Old 12-12-2008, 03:10 PM   #17
Rijacki

Tester
Rijacki's Avatar
 
Join Date: Nov 2004
Posts: 7,842
Default

Mins wrote:

[email protected] wrote:

Keyloggers, how to prevent them? My computer seems clean, a friend told me to use an Anti-Malware he recomended, and I ran my anti-virus, ad-aware stuff, etc. Anything else I should be doing on a regular basis? Or another program I can use to keep this from happening in the future?

If you use IE, get firefox. Its more secure than IE. Also becareful what you browse when in the game, that browser is old firefox and likely hasn't been patched since it was put in, so it could be unsecure.

Keep your anti-virus definations uptodate. Avg and Avast have a nice free home versions - if needed.

There unfortunally is no program to keep it from happing, you just have to becareful. Watch for the signs, for example if you visit a site and they ask you to download and install a "codex" to watch a game video - it is likely a trojan. Things like that.

Also keep your OS updated with security updates.

Hope that helps,

Mins

If you use Firefox, install the "No Script" add-on and keep the default as block all unless you specfically and explicitly allow that site. Then only allow the domains that have scripts on the site if they are directly related to that site (for You Tube, as an example, there are actually two domains you have to allow to be able to watch videos). Using No Script is also a great way to block most of the adverts, too SMILEY Using No Script can be pretty illuminating, too, on how certain sites use various domains to handle different aspects of their display.

But, using "No Script" would alert you there is a new script from an unknown source on a page. Then, if you expected it, you can choose to allow it or, if you didn't, you can still view the site knowing that script didn't get a chance to run.

__________________
Rijacki is offline   Reply With Quote
Old 12-12-2008, 03:21 PM   #18
Shareana

Lead Volunteer Moderator
Shareana's Avatar
 
Join Date: Jun 2008
Posts: 3,921
Default

No one knows exactly what sites could cause this as there are many evil doer's out there.  Lets not point fingers but instead give ideas on how to protect others from this situation

Good luck on getting everything worked out quickly!

For some more helpful info on this subject....

Keep Your Characters Safe!

__________________
|| Forum Guidelines || Knowledge Base || Tech Support ||






Shareana is offline   Reply With Quote
Old 12-12-2008, 06:23 PM   #19
Nib

General
 
Join Date: Nov 2005
Posts: 92
Default

[email protected] wrote:

[email protected] wrote:

I PM'd several devs and mods who were on the forums last night, hoping someone could pass the word and at least stop it from happening. Like I said, the guy seemed to stop at 2am, or he moved to another zone realiing we were watching him, or maybe someone got my message and prevented it from going any further.

Chances are he moved on to another server / set of accounts.

Keyloggers are very difficult to catch once they are installed.  In fact, most aren't even found by popular antivirus software.  The only way to combat them is to secure your system sufficiently to prevent them from being installed.

In practice, it's typically a team of russian hackers getting the webhosts infected with keylogger payloads. Those payloads send user/pass/application payloads back to them.  The russian hacker guys compile it all together then sell different passwords to different buyers.  Chinese based plat farmers purchase username/password blocks from the russian hackers in bulk then have thier sweat shop guys log in and strip them out.  The chinese farmer group probably paid 50 cents to $3  for your account information.  Makes you feel cheap doesn't it? =/

Be absolutely certain your machine is not infected with a keylogger, or likely this will happen to you again in a few months as the process repeats.

I think you've been watching too many movies.  I can tell you with absolute certainty that a band of Russian nationalists backed by Chinese funding are not plotting to overthrow the EQ2 population though key loggers at 50c an account. For one, it makes no fiscal sense; there is no money to be gained from stealing EQ2 accounts. SoE tech support does a very good job at restoring compromised accounts and these attacks are a nuisance at best.  These types of "panic posts" by technology novices have good intentions but end up achieving nothing more than panic.

As someone mentioned earlier, registering for platinum selling websites and providing your account information isn't smart. Allowing members of your guild (even ones you trust) to have your information normally ends up bad. Pro Tip: use separate passwords on sites like GuildPortal, Flames, Zam, Playboy and especially EQdkp (http://forums.eqdkp.com/index.php?showforum=61), run Windows Update from time to time, stay away from 'warez' and websites that promise leet hacking tools that will make you level 200 in 7 days. READ WEBSITE ADDRESSES; the link you recived in a "beta email" might not be legitimate. And if all else fails, spend $20 on an anti-virus, any of them will do.

This isn’t a conspiracy, or brain surgery.

             <3 Niber of EQ2Flames

Nib is offline   Reply With Quote
Old 12-12-2008, 06:31 PM   #20
Arcueid
Server: Guk
Guild: Type Moon
Rank: True Ancestor

Loremaster
Arcueid's Avatar
 
Join Date: Nov 2004
Location: Castle Brunestud
Posts: 188
Default

What if the person whoose infected got one of those remote desktop access where the intruder/attacker can see their desktop in real time? Now that would be scary, seeing what you see and pinch your passwords..etc

__________________
Arcueid is offline   Reply With Quote
Old 12-13-2008, 01:21 PM   #21
Cele

General
Cele's Avatar
 
Join Date: Dec 2004
Posts: 1,002
Default

/offers free tin foil hat removal services

__________________
Cele is offline   Reply With Quote
Old 12-13-2008, 01:38 PM   #22
Chiyoiche
Server: Antonia Bayle
Guild: Midnight Ravens
Rank: Elder Raven

Loremaster
Chiyoiche's Avatar
 
Join Date: Aug 2006
Posts: 397
Default

another thing. if you begin to constantly go LD, for what seem no apparent reason. Change your password. Ive been thru the Ld issue before, seemingly at time were i shouldnt, and even a few times i hit the ''user account is already active or invalid password'' once i am able to log in, i rush to change my password immediatly. and i noticed, after i change it, the LDs stop. i am on the AB server, and theres been news of hacks there too. seems the holodays bring out the scamming hackers and plat sellers.

Chiyoiche is offline   Reply With Quote
Old 12-13-2008, 03:45 PM   #23
Sheira

Loremaster
 
Join Date: Nov 2004
Posts: 74
Default

It's now Saturday, and we still have not heard from a GM.

Information has been verified with CS via Chat support, they did update his petition saying everything was verified and  the account is secure so the GM would be able to get things moving. His petition has said "Waiting for GM" since around 4am Friday morning.

Would be nice if we could get something. Anything. He's been standing in QH for 2 days, not wanting to do anything to his account or toons, for fear of screwing up whatever "investigating" they need to do. Even a "Hey, we're working on it, play as normal, don't play" something. SMILEY

Kiara was nice enough to answer my PM yesterday, she's the ONLY one who did, and it was appreciated. Thank you.

Sheira is offline   Reply With Quote
Old 12-13-2008, 05:12 PM   #24
Kasar

Loremaster
Kasar's Avatar
 
Join Date: Dec 2004
Posts: 540
Default

It should go without saying, but maybe not, to not use the same login/password here as other places.  Sure it's more convenient, but if one login's compromised through phishing, the next step's often to go see if the same login/password works on other sites like free email systems, ebay, banking, etc.

The only places you're stuck entering your EQ2 login/password combination are the launcher and eq2players.  Anywhere else, some variation might help considerably.

Kasar is offline   Reply With Quote
Old 12-14-2008, 02:18 AM   #25
Macross_JR

Loremaster
Macross_JR's Avatar
 
Join Date: Nov 2004
Posts: 547
Default

we just had one of our officers toon log on and get deleted while she was on another account, she also had been to guildportal recently as well.

__________________
Macross_JR is offline   Reply With Quote
Old 12-14-2008, 02:55 AM   #26
Oh

General
Oh's Avatar
 
Join Date: Dec 2007
Posts: 2,516
Default

[email protected] wrote:

we just had one of our officers toon log on and get deleted while she was on another account, she also had been to guildportal recently as well.

I've heard guildportal has had issues with keyloggers before. I've seen that with other MMO's also. /sigh I normally run with cookies disabled, and prompting whenever a site asks for cookies. My normal respons is decline which I would suggest to you to do in the future. ONLY when I really trust the site will I enable it specifically for that site and nothing else. Also YES my account in another MMO got hacked, it wasn't a matter of handing out my password it was completely because of a keylogger. Once it got cleaned off my compter (ok I formatted and reinstalled at the time for that and other reasons) I haven't had an issue since. Also with that other MMO I called customer support as soon as I found out and managed to get it all cleaned up in about a week. Yea it took a while, but it was worth the wait. I can personally tell you I was really bummed when it happened. I really didn't want to play anymore of that MMO. It wasn't so much that the gold/plat/whatever couldn't be replaced it was that I didn't want to go through all of that again. Once It was fixed I was back to my normal self, and enjoyed that MMO till I left and came here.

__________________
Oh is offline   Reply With Quote
Old 12-16-2008, 07:07 PM   #27
CoLD MeTaL

Loremaster
CoLD MeTaL's Avatar
 
Join Date: Apr 2005
Posts: 3,217
Default

Ohiv wrote:

[email protected] wrote:

we just had one of our officers toon log on and get deleted while she was on another account, she also had been to guildportal recently as well.

I've heard guildportal has had issues with keyloggers before. I've seen that with other MMO's also. /sigh I normally run with cookies disabled, and prompting whenever a site asks for cookies. My normal respons is decline which I would suggest to you to do in the future. ONLY when I really trust the site will I enable it specifically for that site and nothing else. Also YES my account in another MMO got hacked, it wasn't a matter of handing out my password it was completely because of a keylogger. Once it got cleaned off my compter (ok I formatted and reinstalled at the time for that and other reasons) I haven't had an issue since. Also with that other MMO I called customer support as soon as I found out and managed to get it all cleaned up in about a week. Yea it took a while, but it was worth the wait. I can personally tell you I was really bummed when it happened. I really didn't want to play anymore of that MMO. It wasn't so much that the gold/plat/whatever couldn't be replaced it was that I didn't want to go through all of that again. Once It was fixed I was back to my normal self, and enjoyed that MMO till I left and came here.

I expect you got hit by this.

http://tech.yahoo.com/blogs/null/111811

There actually is software on websites that can harvest your game login and password, so be advised.

__________________


CoLD MeTaL is offline   Reply With Quote
Old 12-16-2008, 07:14 PM   #28
Malvin
Server: Lucan DLere
Guild: Felwithe Freedom Fighters
Rank: Leader

Loremaster
 
Join Date: Sep 2007
Posts: 56
Default

The vulnerability is called zero-day or something like that.  Ya, basically IE is extremly risky right now.. stop using it.  Use Google Chrome or something.. and make sure you change your passwords in game.  Sites I've seen effected are guildportal (actually got a message from them saying not to use IE), facebook, myspace etc.  Change your passwords using another browser though, don't change them using IE... that would defeat the purpose of changing them.

Malvin is offline   Reply With Quote
Old 12-17-2008, 10:05 AM   #29
Thunndar316

Loremaster
Thunndar316's Avatar
 
Join Date: Jun 2008
Posts: 1,681
Default

[email protected] wrote:

dont go to those plat sites n such that enabbled his info to be stolen

People come here for help and this is what they get.

__________________


Sleight of Hand is USELESS
Thunndar316 is offline   Reply With Quote
Old 12-17-2008, 12:15 PM   #30
Kere

General
Kere's Avatar
 
Join Date: Aug 2008
Posts: 153
Default

[email protected] DLere wrote:

The vulnerability is called zero-day or something like that.  Ya, basically IE is extremly risky right now.. stop using it.  Use Google Chrome or something.. and make sure you change your passwords in game.  Sites I've seen effected are guildportal (actually got a message from them saying not to use IE), facebook, myspace etc.  Change your passwords using another browser though, don't change them using IE... that would defeat the purpose of changing them.

I think there was a thread here about it as well yesterday, but I can't seem to locate it at the moment.  I remember reading it and thinking this was probably behind the hacking going on in Permafrost.

Kere is offline   Reply With Quote
Reply

Thread Tools

Forum Jump


All times are GMT. The time now is 03:53 PM.

vBulletin skin by: CompleteGFX.com
Powered by vBulletin® Version 3.7.5
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.
All threads and posts originally from the EQ2 and Station forums operated by Sony Online Entertainment. Their use is by express written permission.