Silkroad Online Forums

Hackers lately using something called SQL injection..
They are using T-Search Program or something like that..
When you do an exchange/get in party with someone your ID will be saved in Joymax database.
A hacker will get in the database and get your ID and IP Address..
They wont be able to get your password this way as far as i know..
So they are bruter Program to find it out or they get it of the stupid Cheep PHPBB Forums on the main site..
All i can say the game isn't secure anymore..

yeah youre right...the weirdest part is when I logged on today, I got an party invite before my char was fully loaded :| ...after that I got 3 more random party invites in town..I sold my 32+3 sword but I putted it in a stall ..Luckily I readed the forum before I went on sro.

Well i am not playing alot lately. but whenever i am online i have party invite/exchange off in my options and i will never put them on anymore...

Tell all your guildmates and friends about that also =/

Deadly EYez wrote:Tell all your guildmates and friends about that also =/

good idea..but that'll have to wait till tomorrow cuz I'm going to bed now^^

All i can say the game isn't secure anymore..

lol, and this game was safe before?
there are so many bugs, hacks, and other shit... and JoyBotMax do nothing and piss on legit players... they only calculate benefits from item mall and open new servers...

some players found few ways to improve security and hacked 500+ botters accounts and sent few mails to BotMax.. we will see what they answer...

propably nothing, becouse as I said they piss on us.


peace.

Phew good thing i quit playing before the summer was over.

yea, i only party with 5-6 people i know in the whole dang server now.

btw if you are stalling items, can this 'brute program' get ur id as well? or is it limited to exchanges?

im collecting guild fund so i hafta use trade

XuChu wrote:im collecting guild fund so i hafta use trade

Guild storage ftw?

SRO is gonna die soon?

Omg.. a few days ago, I accepted a request for a party.. o_O;;

And I'm trying to change my password now, but I forgot my secret question. Is there any way to change that?

I thought I put my question as my first pet, but it said "your first car". I don't even own a car! Oh boy..

I just had a trade with some guy, but im not worried, I dont play much anyways. Would a guy go thru all that trouble to get a lvl 30 with 2m? Dont care.

Ya, i noticed that too.
My lvl1 mule was selling most of my expensive stuff in Donwhang. I received tonnes of party request after i closed my shop.

I guess those ppl are drooling after my account...oh crap.

If this problem haven't solve, i will be switching over to WoW when Burning Crusade expansion release.

AVOID ANY PARTY/EXCHANGE AT ALL COST!!!!!!!11 one one
(sry for caps)
Im already getting paranoid. When i woke up this morning before i went to work first thing i did was log in and check if my account got hacked and my char stripped Hopefully not yet

Deadly EYez wrote:Hackers lately using something called SQL injection..
They are using T-Search Program or something like that..
When you do an exchange/get in party with someone your ID will be saved in Joymax database.
A hacker will get in the database and get your ID and IP Address..
They wont be able to get your password this way as far as i know..
So they are bruter Program to find it out or they get it of the stupid Cheep PHPBB Forums on the main site..
All i can say the game isn't secure anymore..

whats changed???

i mean in beta it was hacked big time, id have been listed for a long time now, joymax takes no extra security measures so its like playing the dice chance whether you get hacked best you can do is have a good pass word and hope lady luck wil stay your friend

Okay this is getting out of hand. We have a few people who have no idea what they are talking about trying to spread FUD.

1) Phpbb is not vulnerable to the kind of attack you mention..it is vulnerable to defacing and certain lockouts BUT not from the lifting of account information..and heh...your account information is not even stored in the forum itself but rather it stays in a seperate database...what phpbb does actually is safeguards against direct intrusions in addition to whatever firewalls and encryption you have in place.

2) Let me roll my eyes at this "trade hack". this has gotten out of hand. Do you seriously believe this?

Wait I forget who I am talking to.

3) Let me do my own ridiculous accusations:

a) this is shrill rumormongering is happening because of this:
because the game is made by Koreans. ANd the pervasive and overwhelming smell or racism/nationalism that pervades this community makes me think that this is the attitude held by Americans:

"WHat is made or stored in the US is safe. WHat is made elsewhere sucks and is untrustworthy."

Let me commence to laugh and barf my lungs out. Hmmm jeez AOL and several other huge data leaks in the US...real secure eh? Especially since nowhere else in the world has there been as flimsy data/privacy protection laws and regulations as in teh US. But of course Koreans can't be better than the US in that eh?

b) JOymax doesn't answer thus bad service ...hey Blizzard does!

- Okay this is where I know you people are stupid or plain just don't think things through. THere is a difference in the size of the companies. THere is a difference in the fact that although BLizzard has tons and tons of money in reserve to hire huge teams, Joymax does not.

THink. If joymax answers one..they have to answer all. They do not have the personnel for that. However they are reading. How many times have bugs and payment gateway problems have cropped up and people posted on it to be quickly solved or a notice posted on it?

Should service be concerned with making you as an individual feel good or ensuring that service continues and does not collapse?

Oh and if they are NOT paying attention then hmmm how the hell do they correct these issues or attempt to address them?

Jeez. let's think.

They have tried to address service issues with several initiatives like the Daily Q&A's or SA's..which you have essentially not supported as a community or ignored. They are trying different strategies as evidenced by little patch notes in combating bots. and I see bots fade away and seeming get logged out these days. Of course they are replaced by others BUT

they are trying. to accuse them of not is false.

No they ARE providing service; just not the personalized, at your beck and call service.

FOr that kind of service, with responses to forum posts and one on one contact, they need a bigger staff; which Joymax cannot afford or staff at the moment.

There has to be in excess of 500,000 active users with probably 40,000 users online at any given moment. In order to properly provide that one on one call service they would require a staff of at least 100. And that's pushing it. You are not going to find that many qualified english speakers and gamers and be able to pay them. You see. Korean game companies on the whole DO NOT USE player GM's. THey use employee GM's because they are very protective of their assets and responsibility is assured.

But none of you have any experience or idea what goes on. That's fine. But do you think Joymax is really going to come out and say that they are understaffed? Do you really think they can afford to? In the business world to admit anything opens yourself up to problems, liability, and a whole lot of other problems than keeping it ambiguous would.

SO by all means boycott...do whatever juvenile response, I mean by the gullibility that is evident in this thread in wouldn't surprise me. Don't people at least check on teh validity of things anymore?

Nah.. we live in the day and age where Rumor is truth, right?

but anyways boycott silk..whatever...essentially just QUIT! Because that is what you are doing shooting down any chance that service can grow.

Because for the people who have been around since the Alpha..we have seen ISRO grow...it has not gone as quick as we liked but it has gone a lot quicker than alot of other games.

Working for a competitor company, I marvel at what they have achieved with half the resources of many others. Maybe for that reason too I understand what they have to contend with as well.

But I am not going to tell you to trust Joymax. Always question what you hear and verify. However I would ask that you extend that same skepticism towards these shrill rumors and the people who spread them.

wow................

A threat remains a threat untill Joymax officially denies it or solves and prevents this threat from further exploits.

@ViolentFemme

Let's not exaggerate. This is hardly a matter of politics.

As for the tradehack itself. I see various topics on the official forums about it to. Hopefully Joymax will release an official statement sometime soon.

ViolentFemme wrote: You see. Korean game companies on the whole DO NOT USE player GM's. THey use employee GM's because they are very protective of their assets and responsibility is assured.

I agree with this comment. Thats why i fail to believe the "SA" thats been posting on these forums. Saying they been looking at whats causing the trade hack. I couldn't picture in a million years Joymax letting a SA rummage through their code.

Sroge wrote:

ViolentFemme wrote: You see. Korean game companies on the whole DO NOT USE player GM's. THey use employee GM's because they are very protective of their assets and responsibility is assured.

I agree with this comment. Thats why i fail to believe the "SA" thats been posting on these forums. Saying they been looking at whats causing the trade hack. I couldn't picture in a million years Joymax letting a SA rummage through their code.

Uh... you know ViolentFemme is a SA, right?

And... no SA here said they were looking at any code...

Ryoko wrote:@ViolentFem

Naw. I rather enjoy your highly intellectual posts. Only thing is, they are usually 8 para's long, and I cant read all that - especially in the office.

She strike again!

Ryoko wrote:

Ryoko wrote:@ViolentFem

Naw. I rather enjoy your highly intellectual posts. Only thing is, they are usually 8 para's long, and I cant read all that - especially in the office.

She strike again!

It's ok. Most of it is completely untrue anyway. I think we need stallowned to hop on this topic and work is magic on femme >.>

Ask Cuch...to what was said by the GM's or wind...I would rather believe my own experience and what was said by the GM's directly....don't you think?

lmfao a SQL injection are u serious u cannot get ids and ips from the game with a SQL injection lol..... The forums yes but not the game but brute forcing has been happening in every game....

ViolentFemme wrote:Ask Cuch...to what was said by the GM's or wind...I would rather believe my own experience and what was said by the GM's directly....don't you think?

wind did not go i did in his place, also. this is bull

the auto party is the new bot. dont you get it, they are trying to make the bots smarter in a way but that just makes them easyer to spot.

also there should be a nice bot list next ban for troy.

it is funny how all u guys think ppl hack first off all the real hackers wont waste there time on a game theyed be doing real hacking that lands them in jail. ppl that get hacked is there own fault from using bots or try to get them and giving passes to ppl they think they know can u trust someone that lives in another state come on.

nightv wrote:

ViolentFemme wrote:Ask Cuch...to what was said by the GM's or wind...I would rather believe my own experience and what was said by the GM's directly....don't you think?

wind did not go i did in his place, also. this is bull

the auto party is the new bot. dont you get it, they are trying to make the bots smarter in a way but that just makes them easyer to spot.

also there should be a nice bot list next ban for troy.

well i dont think he would make up all of this, and really whats stopping them from doing this. this game is gettin more and more lame.

ViolentFemme wrote:a) this is shrill rumormongering is happening because of this:
because the game is made by Koreans. ANd the pervasive and overwhelming smell or racism/nationalism that pervades this community makes me think that this is the attitude held by Americans:

"WHat is made or stored in the US is safe. WHat is made elsewhere sucks and is untrustworthy."

Let me commence to laugh and barf my lungs out. Hmmm jeez AOL and several other huge data leaks in the US...real secure eh? Especially since nowhere else in the world has there been as flimsy data/privacy protection laws and regulations as in teh US. But of course Koreans can't be better than the US in that eh?

b) JOymax doesn't answer thus bad service ...hey Blizzard does!

- Okay this is where I know you people are stupid or plain just don't think things through. THere is a difference in the size of the companies. THere is a difference in the fact that although BLizzard has tons and tons of money in reserve to hire huge teams, Joymax does not.

LOL@racism

Everyone makes fun of AOL.

And how the heck do they find the time to do that GNGWC thingy?

Dara wrote:And how the heck do they find the time to do that GNGWC thingy?

By not holding any SA meetings and barely responding at all to the SA forum in the past couple months, for one thing.