Silkroad Online Forums

Hey guys i need to know if they have fixed hacking, you the the 2nd way , for those people with email verification. GOd damit i lsot so much shit till now. ANyone know?

Yes fixed yesterday

and there is new way

madooo wrote:and there is new way

Why u know??? something happened again?

PkWater wrote:

madooo wrote:and there is new way

Why u know??? something happened again?

where theres a will theres a way lol

i dunno but someone changed my password twice today
i didnt log off since yesterday not to let him in and i keep changing my pass

um. my pw changed 2-3 times yesterday i logg off last night i think i get hacked i came on this morning all is here still ;o

well i am not logging off until its confirmed that its 100% fixed ..hope i dont get dc when i am afk

Just secured all my stuff 3rd time in 3 days. Bunch of noobs those koreans. Hope its only a rumour.

thats when u have noobish IDs....

as long as nobody has your ID your fine but like everyone is saying making your ID easy to figure out or something completely random will make all the difference.

Sethzor wrote:thats when u have noobish IDs....

a typical dumb piece of shit reply lol

look at this pretty page

and inject some nice hacking stuff right thurrr leediez, and people can crack some accounts rofl... all u retards should acknowledge that joymax sux donkeydick

oh that reminds btw, before they "patched" the initial exploit, they could hack your secret answer too... did i mention that? so even when u think that your account is safe because you verified it with an email adress that you own and only you have access too... then think again


-edit-
oh i forgot too mention that at a moment in time joymax neglected the security of their forum database which left a wide open door for those wanting to obtain the ID's of certain members. so while you say that some people got "noobish" id's, at that time people could take a peek at the forum database and crack the ID that goes along with it. i wouldnt be surprised if there were some people that still have that long list on their harddrives :O

is there anyway i can change my emaill ???!

madooo wrote:is there anyway i can change my emaill ???!

no you can't

TheSyndicate wrote:as long as nobody has your ID your fine but like everyone is saying making your ID easy to figure out or something completely random will make all the difference.

Going through all possible IDs would be simple if someone wrote program to do automatically all the steps needed in hacking. It would take less than a day to go through all possible IDs written with only alphabetic letters (no numbers) when ID length is up to 9 letters. Having numbers in ID increases this time of course but that would probably lengthen the time up to week or so. Or they could just add more computers to speed up things. I don't think that anyones ID is safe until JM fixes all the exploits on their site.

For those interested how long time it would take to go through different combinations see Password recovery speeds page. Since sro hack doesn't need your password, just the ID, times from that pages can be applied to ID. On that page the Class E rows are the ones that you need to look. You'll be pretty safe if you have ID length 12 or more letters.

when will this shit ends....
every few hours my pass changes and there is no response from joymax
like there is nothing wrong going on and every thing is fine

if they know ur email, and ur account id, ur screwed


http://img218.imageshack.us/img218/8701/hackingcn2.jpg

ive been trying to get my character back but he changed the email >.<


so if you have ur email and id posted on a forum somewhere, i suggest you change it >.<


but yes, i believe there are a bunch of people that have every user name for sro... what they decide to do with it, no one knows

mKaaru wrote:

Sethzor wrote:thats when u have noobish IDs....

a typical dumb piece of shit reply lol

look at this pretty page

and inject some nice hacking stuff right thurrr leediez, and people can crack some accounts rofl... all u retards should acknowledge that joymax sux donkeydick

oh that reminds btw, before they "patched" the initial exploit, they could hack your secret answer too... did i mention that? so even when u think that your account is safe because you verified it with an email adress that you own and only you have access too... then think again


-edit-
oh i forgot too mention that at a moment in time joymax neglected the security of their forum database which left a wide open door for those wanting to obtain the ID's of certain members. so while you say that some people got "noobish" id's, at that time people could take a peek at the forum database and crack the ID that goes along with it. i wouldnt be surprised if there were some people that still have that long list on their harddrives :O

lol they can still hack? dayum

Barotix wrote:

mKaaru wrote:

Sethzor wrote:thats when u have noobish IDs....

a typical dumb piece of shit reply lol

look at this pretty page

and inject some nice hacking stuff right thurrr leediez, and people can crack some accounts rofl... all u retards should acknowledge that joymax sux donkeydick

oh that reminds btw, before they "patched" the initial exploit, they could hack your secret answer too... did i mention that? so even when u think that your account is safe because you verified it with an email adress that you own and only you have access too... then think again


-edit-
oh i forgot too mention that at a moment in time joymax neglected the security of their forum database which left a wide open door for those wanting to obtain the ID's of certain members. so while you say that some people got "noobish" id's, at that time people could take a peek at the forum database and crack the ID that goes along with it. i wouldnt be surprised if there were some people that still have that long list on their harddrives :O

lol they can still hack? dayum

No. not possible, everytime you recover a password for a char, the joymax server creates a EmailCertKey for each account, if that EmailCertKey doesnt match to the ID, you will fail and get the page not found error. The key thats getting generated is everytime random, there is no way to find a way to generate Randomness.They do prolly something like ~ rand(0, 100000) in java, so there is no way to generate a radnom key, means if you dont have the correct EmailCertKey for a account ID, then its impossible to change password. This method does NOT work anymore, there is NO way atm to get hacked by joymax.com , atleast not by this method :p

@aazumak

before you post shit, you should read your shit. That doesn't work, after you type the victims id/email, and type your own SA of the previous char, it will change the password for your own char, not the victim ones.

a new day and my pass just changed GAYMAX didnt do anything