Page 1 of 2
Regarding ID Hack Issue and Passwords
Posted: Wed Jan 10, 2007 2:04 am
by Demarthl
Regarding ID Hack Issue and Passwords
Date : 1/10/2007
inquiry : 1563
Hello, this is Silkroad Online.
A recent posting that was made regarding the administrator accounts
and passwords has come to our attention. Though the contents of
the posting may not entirely be true, some parts of the claims may be
truth, and we are beginning to investigate the causes and sources of
this matter. A further announcement will be posted when our
investigation is completed.
Even if the claims are true, account passwords are encrypted to
protect user privacy and have little chance of being cracked. However,
we recommend that the following users please change their passwords.
1. If your password is a simple word, phrase, or is easy to guess
2. If you have not changed your password recently
Please change your password now, and we will post further updates
when our investigation has been completed.
We ask for your patience and cooperation in this matter. Posting
further replies or topics takes time away from our administrators
in focusing on this urgent matter.
im seriously restraining myself right now.
Posted: Wed Jan 10, 2007 2:10 am
by Madduck
I wont.
Stupid F@#$ Tards Joymax !! FFS what the hell are you doing?
So if my account gets hacked are you going to pay me back to $200 I have spent on your GOD DAMNED BS Item mall? No , cos you are a bunch of F#$@#Tards !!
Damn it I hope I can remember that stupid secret question... STupid, just plain stupid........
OMG sorry people, I don't go off tap , but this really P@#$@ me off !!
Posted: Wed Jan 10, 2007 2:12 am
by Silver
Madduck wrote:I wont.
Stupid F@#$ Tards Joymax !! FFS what the hell are you doing?
So if my account gets hacked are you going to pay me back to $200 I have spent on your GOD DAMNED BS Item mall? No , cos you are a bunch of F#$@#Tards !!
Damn it I hope I can remember that stupid secret question... STupid, just plain stupid........
OMG sorry people, I don't go off tap , but this really P@#$@ me off !!
LOL +1
now we all have a reason to hate JM.
Posted: Wed Jan 10, 2007 2:17 am
by Draquish
Its not their fault.Its the haxers' fault. So when the US got attacked by Japan people in the US started complaining "OMG! WTF US!!!" no. tada
Posted: Wed Jan 10, 2007 2:25 am
by Tun_Teja
Madduck wrote:I wont.
Stupid F@#$ Tards Joymax !! FFS what the hell are you doing?
So if my account gets hacked are you going to pay me back to $200 I have spent on your GOD DAMNED BS Item mall? No , cos you are a bunch of F#$@#Tards !!
Damn it I hope I can remember that stupid secret question... STupid, just plain stupid........
OMG sorry people, I don't go off tap , but this really P@#$@ me off !!
hahahahahaha
yeah, sux!
Posted: Wed Jan 10, 2007 2:31 am
by Blurred
my pass is my Credit card #... hack me
Posted: Wed Jan 10, 2007 3:14 am
by dp_crazy
I have been reading all the post on the main forums....and this what I have figured out myself from all the topics. First do not post on the silkroad forums with the account you use to play with. All people have to do is Quote what you post and it shows your ID. I do not know if the hackers need this ID or not. The hackers then use sql injection to get into the username and password data base. I watched a youtube video of a guy checking college websites to see if they were safe against this kind of an attack. He did not need any special tools....all he used was note pad and what ever browser you want. He was into their data base within 4 mins and could look at all the people that go there and all there personal info, including their ss.
I in no way want to try doing this or even attempt this. I am only saying what I know of now.
My post that was deleted. ^^
Posted: Wed Jan 10, 2007 4:08 am
by Im_On_56k
my pass is my Credit card #... hack me
Since the silkroad site is using phpbb, it is using a mysql database. This means that if the site was liable for a mysql injection I would be able to pull your password from the database by only knowing your username or hell even your character name.
It is not hard to do a mysql injection you only have to find a spot on the site that isn't protected from it.
Posted: Wed Jan 10, 2007 5:50 am
by Megalomaniac
Silver wrote:Madduck wrote:I wont.
Stupid F@#$ Tards Joymax !! FFS what the hell are you doing?
So if my account gets hacked are you going to pay me back to $200 I have spent on your GOD DAMNED BS Item mall? No , cos you are a bunch of F#$@#Tards !!
Damn it I hope I can remember that stupid secret question... STupid, just plain stupid........
OMG sorry people, I don't go off tap , but this really P@#$@ me off !!
LOL +1
now we all have a reason to hate JM.
NOW we have a reason?
Didnt we have like 400 reasons already? XD
Posted: Wed Jan 10, 2007 6:45 am
by lilchris
and we were finally becoming happy with the bans/updates/events...and they go and screw up bad!
its funny cuz if u do loose ur acct due to w/e happen, they cant do shit to help you since they will blame u for going to a bad site or botting blah blah.
Posted: Wed Jan 10, 2007 6:53 am
by Silver
Megalomaniac wrote:Silver wrote:Madduck wrote:I wont.
Stupid F@#$ Tards Joymax !! FFS what the hell are you doing?
So if my account gets hacked are you going to pay me back to $200 I have spent on your GOD DAMNED BS Item mall? No , cos you are a bunch of F#$@#Tards !!
Damn it I hope I can remember that stupid secret question... STupid, just plain stupid........
OMG sorry people, I don't go off tap , but this really P@#$@ me off !!
LOL +1
now we all have a reason to hate JM.
NOW we have a reason?
Didnt we have like 400 reasons already? XD
i dunno, i was referring to the people who .. "
s joymax".
but yes, normal people had 400+. =P
Posted: Wed Jan 10, 2007 6:55 am
by lilchris
guess im not normal, i dont have nearly 400 reasons
hmm
ccf,bot,spam,late updates,less events,bad service
all that aside, nice game
Posted: Wed Jan 10, 2007 6:58 am
by PlaneWhore
dp_crazy wrote:<<edited: this info shouldn't be made public. -SG>>
I would delete that post if i were you. There are people who would use that information unethically.
<<edit: then quoting it and making 2x the work for the mod team isn't smart either, is it? -SG>>
Posted: Wed Jan 10, 2007 8:49 am
by phulshof
What can I say? I'm still hoping they'll return my stolen account to me, but I'm really starting to lose faith here. I'm also seriously wondering if I'll continue playing if they don't. Sure, I could probably get back on my feet (if I can find the motivation to spend another 600 hours and $200+ in legal JM silk), but what's the chances of these kind of things happening again? I truly hope JM will realize the seriousness of these problems, and care enough for their customers to return stolen accounts to their owners. Sure, in accordance with their EULA they're not legally obliged to do so, but what possible reason could there be for them to favor an account thief over a (paying) customer? What possible reason could there be for them NOT to help their loyal customers in situations like these?
Posted: Wed Jan 10, 2007 8:54 am
by Megalomaniac
phulshof wrote:Sure, in accordance with their EULA they're not legally obliged to do so, but what possible reason could there be for them to favor an account thief over a (paying) customer? What possible reason could there be for them NOT to help their loyal customers in situations like these?
Stupidity & ignorance :\
Posted: Wed Jan 10, 2007 9:26 am
by 1llu51on
Oh, so now that their admin's acc got hacked, they finally decided to check their security system ? lol @ lateness
Posted: Wed Jan 10, 2007 9:54 am
by mushrooms
1llu51on wrote:Oh, so now that their admin's acc got hacked, they finally decided to check their security system ? lol @ lateness
+1
Posted: Wed Jan 10, 2007 10:13 am
by Grimjaw
Precaution for the win here,but i agree that theire beeing selfish.
Just write you're secret question down somewhere,or tape it on you're forehead,if you don't trust you're head.
Posted: Wed Jan 10, 2007 2:14 pm
by IceCrash
holy ..... shit omgzzzz, i really hope they do something about greece!
Posted: Wed Jan 10, 2007 3:12 pm
by dp_crazy
thanks for deleting my post.
Its all on the main forums and any 12 year old kid with a brain can figure it out.
Posted: Wed Jan 10, 2007 3:39 pm
by ShaimeBlade
oh i get hacked at 2 times..
i made all day spyware/virus scanning etc.etc..
i send all log what i have and a letter to joymax...
and the answer is --->
"sorry ... we try to make a better game"
hehe.. >.<
but.. no problem i just only lost ~300$ and also 1 year of my life..
Posted: Wed Jan 10, 2007 3:42 pm
by oktaytheazer
some things that peps say i agry to some i dont but 1 thing i bet everyone would agry is that Joymax doesnt care about players that much or doesnt care atall.
Posted: Wed Jan 10, 2007 3:46 pm
by dp_crazy
ShaimeBlade wrote:oh i get hacked at 2 times..
i made all day spyware/virus scanning etc.etc..
i send all log what i have and a letter to joymax...
and the answer is --->
"sorry ... we try to make a better game"
hehe.. >.<
but.. no problem i just only lost ~300$ and also 1 year of my life..
Did you post on the main silkroad forums in like the last week?
Posted: Wed Jan 10, 2007 3:48 pm
by ShaimeBlade
nope. never i just get hacked.. after when i find my sos blade.. >.<
hehe... but i think i never get a answer for my question... "how?"
Posted: Wed Jan 10, 2007 3:56 pm
by dp_crazy
Im_On_56k wrote:Since the silkroad site is using phpbb, it is using a mysql database. This means that if the site was liable for a mysql injection I would be able to pull your password from the database by only knowing your username or hell even your character name.
And yet my post gets deleted......hmmmm
Posted: Wed Jan 10, 2007 3:58 pm
by [SD]Master_Wong
dp_crazy wrote:Im_On_56k wrote:Since the silkroad site is using phpbb, it is using a mysql database. This means that if the site was liable for a mysql injection I would be able to pull your password from the database by only knowing your username or hell even your character name.
And yet my post gets deleted......hmmmm
stop complaining
he hasnt posted what mods call dangerous
Posted: Wed Jan 10, 2007 4:02 pm
by dp_crazy
every try google or youtube about mysql injection.
Yeah that does not explain how to do it at all......LMAO
Posted: Wed Jan 10, 2007 4:16 pm
by ShaimeBlade
i can show 1 video...
about 3 or 5 min just .. pm me.
Posted: Wed Jan 10, 2007 4:17 pm
by zphantom
dp_crazy wrote:every try google or youtube about mysql injection.
Yeah that does not explain how to do it at all......LMAO
The more widely known, the more widespread the security?
Is this concerning the admin ID accounts with like #$admin1 #$admin2 #$admin3 from like 6 MONTHS ago?
Re: Regarding ID Hack Issue and Passwords
Posted: Wed Jan 10, 2007 4:43 pm
by phulshof
Even if the claims are true, account passwords are encrypted to
protect user privacy and have little chance of being cracked. However,
we recommend that the following users please change their passwords.
Did these people take a beginner's course in security? If you have a list of encrypted passwords INCLUDING YOUR OWN, and assuming SRO hasn't come up with a new way of encryption, you can probably figure out the encryption method by comparing your unencrypted password with your encrypted password (just run some tests with the different algorithms). After you discover the algorithm, it's just a matter of running a dictionary against the algorithm, and comparing the encrypted dictionary with the encrypted passwords. I'm sure you won't get them all, but I'm also sure you'll get a bunch of them...