Hacking preventions; JoyMax employees: please read this too

[phulshof]

Ok, from my recent experiences I thought I'd add a few hacking prevention tips on top of the ones JoyMax is giving out:
1. Don't use your normal email address, name and surname when creating an account. Using that information a hacker can gain the first 4 letters of your accountname, which may be enough to guess the full account name.
2. Don't use a secret question the answer to which could be found out with some simple investigation. I was foolish enough to use my mother's maiden name; trust me: if they know your name, they can find out your mother's maiden name as well.
3. Use long passwords with alphanumerical characters; there are plenty of brute force password cracking programs out there, and the longer your password, the harder it is to crack it this way.
4. Tip to JoyMax: After answering the secret question, a random password should be sent to the email address of the account. You do NOT let people enter a new password without first logging into the account! In stead, a user should use the generated password in his email to log into his account, and THEN he can change his password.

I've noticed that a lot of good, honest, non-botting, non-cheating, non-gold/silk buying people have been hacked lately. This should be a sign. JoyMax, when an owner of an account comes to you with a claim that his/her account was hacked: investigate and return the account to the rightful owner asap. These are your loyal paying customers, who have worked hard to get where they are. They should not lose everything this easily, especially if it can simply be corrected by returning an account to the rightful owner. They should also not be ignored. I have so far written 6 emails and 3 bug reports, and have yet to receive even a single answer from JoyMax.

Truly, I love this game; I love playing it, and I love spending time with my friends there, but this whole adventure so far has left me very disillusioned. I really thought JoyMax would care more for their loyal paying customers. Please JoyMax, show me that this trust was not in vain. I've spent over 600 hours and $150 on silk purchases on this account so far, and it really hurts to lose it all like this. It also hasn't left much motivation for starting over and spending money on silk once again; knowing that in 6-12 months someone might just come, and do this to me again.

[PsYch008]

good tips sorry to hear about your char.

[Jay]

What I really wish is if joymax let you change your username, or maybe your secret answer, preferably the username. IF you were able to change your username maybe like once a month or something, that would help drastically the hacking in this game, I doubt alot of people would be hacked and I like that password thing that you have to type in to change your password to what ever you want.

[Grimjaw]

Good idea's..it would even make us sweat and worry less,if retarded joymax actually learned to fix theire mistakes.

They are like a flat tire,no matter how much air you pump into it,if you don't fix the hole,it will always go flat..

[hitokiri]

you should be able to change security/id. i just wish they showed some sign of them caring about what happens to us when we get hacked. assholes npced my monkey

[Swifty]

I have to say, point 3 is a very good idea and should be taken into consideration by LagMax. But in the end what is going to happen? nothing.

LagMax has botters, CCF'ers and Gold Buyers all buying their silk and to be entirley honest, $150 to them is a piece of gum on their shoe. Sorry to say it how it is but thats the pure truth, and i doubt anything will ever change.

This just really sucks that legit people are getting hacked for no reason (By the sounds of things)

[Innovacious]

LagMax has botters, CCF'ers and Gold Buyers all buying their silk

CCFers dont buy silk, thats why they CCF, so they dont have too ¬_¬

Anywho, i tried to get hold of joymax a month or 2 ago about this type of thing... still no reply...

[Swifty]

LagMax has botters, CCF'ers and Gold Buyers all buying their silk

CCFers dont buy silk, thats why they CCF, so they dont have too ¬_¬

Anywho, i tried to get hold of joymax a month or 2 ago about this type of thing... still no reply...

*xD* Thats a good way to look stupid lol

Thanks for pointing that out, I guess i just got caught up in the moment, but you catch my drift?

[Stallowned]

Has anyone got a hold of Joymax for anything?

I remember someone once posting a phone number to call Joymax. Was that real? Did it work? If so can someone post it again?

[StealMySoda]

How about if you get anything wrong 5 times, you cannot try again for24 hours. Ie Secret answer, password, name, email. That way it will take a VERY long time for hackers to bruteforce accounts, and reduce the strain on the JM servers.

[Colb]

It's sad how unsecure everyone's SRO account really is, it would not be hard at all for JM to reprogram a few things and make this game a lot more secure from account hackers.

Some of my thoughts:

1.) Use the secret question only as a means to change the password if your email account has been shutdown/stolen. Instead, when you click "Forgot Password?", it should send an e-mail to you with a new randomly generated password like most websites do.

2.) Allow people to change their password from within their account settings. This way you can login, then change your password. If they wanted to make it even more secure, an email confirmation would be required for each account info changed.

3.) After 3 failed login attempts on the website or game, you are barred from logging into that account for 12 hours from the same IP address (this is mainly focused at hackers). This way if someone is trying to hack your account, they get 3 tries at it per 12 hours (unless they reset their IP), and you won't suffer from their attempts.

4.) A stolen account report page. Joymax could use a simple form to allow people to report their stolen accounts. You would submit all of your account information (First/Last name you signed up with, e-mail, password, secret question/answer), Joymax would then have an automated e-mail send you case ID#. Upon investigation, if the account has had major suspicious activity (i.e. someone logs on and puts all gold and items to another account, goes murderer), they will restore lost data to the account and possibly punish the account that the items were transferred to.


It's not difficult to brainstorm ideas to make this game more secure. Not to mention, most of the ideas wouldn't require a lot of extra programming. However, in the end I doubt Joymax will listen to our complaints and will most likely keep thier current system. It sucks but what can you do

[Swifty]

The sad thing is

1) My computer hates http://www.silkroadonline.net and most of the link don't show or just don't work (I actually had to go to a mates house to make my acc. in the first place )

2) Even on another computer when i send for the e-mail to change my pass, i never get it

3) the whole system is flawed like everything else

What a life.

[XuChu]

I've noticed that a lot of good, honest, non-botting, non-cheating, non-gold/silk buying people have been hacked lately.

ya non silk buying thats probably the main reason

This should be a sign. JoyMax, when an owner of an account comes to you with a claim that his/her account was hacked: investigate and return the account to the rightful owner asap. These are your loyal paying customers, who have worked hard to get where they are. They should not lose everything this easily.

cuz joymax will give a shit

I have so far written 6 emails and 3 bug reports, and have yet to receive even a single answer from JoyMax.

dont wait for it your reply after 2yrs later will be.
please don't use 3rd party programmes because they steal ur account.

I really thought JoyMax would care more for their loyal paying customers.

well sorry your wrong

im sorry bout ur loss but its all gone now start a new game.