[READ]SRO Account Hacks: How it's done and how to stop it.

[SuicideGrl]

I refuse to call this hacking.

it's not hacking. it's what the SRO community generally refers to as hacking though. i'd hazard to guess that 9/10 of so-called "ZOMG WTF H4x0rED" threads originated in actions like what was described here, and ver few are actually "hacks" by the textbook definition.

[Draquish]

@ Lizard boy: Yes

@ SG: Exactly. Fake emails work wonders

[judaiskariot]

The funiest thing is: lots of people that play SRO are not native english speakers and 80% of them have their scret answer, username, email etc. in english (human stupidity - question in english = answer in english).

Isn't it more secure if u have everything in your native language (lot of dictionarys to find and use), and noone is asking you to answer truthfully on secret question (for ex. what's my pets name = idontrealyownapet or something but in urdu or siux or what ever)..

And another thing: i dont get it - how can people be so desperate to ask a complete stranger in game to buy him silk, gives him his ID and PW, and then logs off (cause scammer told him he must). And we are not talking here about lvl 1-20 chars but lvl 60+++...

[IguanaRampage]

@ Lizard boy: Yes

@ SG: Exactly. Fake emails work wonders

lmao

[XuChu]

I've noticed a rash of hackers running about SRO - and truthfully, it pisses me off. I was confronted by one in-game, warning me to "watch out and don't try to offend the wrong people."

rofl, some nerd acting tough "yo n00bz i w1ll hax0r j00 w1th m31n 1337 hax0rz $k1llz, dul\l ..... w1t m3"

[timtam]

Nice ^.^

I just changed my sro password (old one was timtam =0)

That helped me alot, thanks man.

[sloweredmangyang]

i dont get it how would you get someones username? (hackers should die i got hacked when i was a noob ) and 1/2 the time the secret question is BS.

[IguanaRampage]

if

SRF handle = username

or

You posted on official forums when you could quote people

and probably some other ways too.

[PR0METHEUS]

wouldn't you need their password to be able to login into silkroadonline.net and get there email addrress?

Not necessarily. That's why he suggested to use an email address you don't use anywhere else.

[judaiskariot]

hahahhhaahhha Caio, good one..

[IguanaRampage]

Thanks for the information m8, I'll give it a try.

seeing as you are the botter, there's another, much easier way to hack you you know...

[Nuklear]

This REALLY got a sticky? Wow general discussion has really gone down

I believe this was posted for the computer newbs and sro newbs to get knowledge from, not us smart people.

[linange]

thx for such a great work~

btw, i shall add one more thing.......

DON"T USE unreliable bots........

[PR0METHEUS]

thx for such a great work~

btw, i shall add one more thing.......

DON"T USE unreliable bots........

I believe you meant "DON'T USE bots...." at least I hope.

[PR-Solja]

I have a question when you make up a new email addy for your SRO account does it have to be an active account. lets say I changed my email addy to 25OP90YU@gmail.com, now my question is does SRO accept that as a valid email adress if it doesn't exist at all?

[JackB4u3r]

I have a question when you make up a new email addy for your SRO account does it have to be an active account. lets say I changed my email addy to 25OP90YU@gmail.com, now my question is does SRO accept that as a valid email adress if it doesn't exist at all?

Probably... yes. Because they sure don't check your e-mail address the only thing why you need it for, is to recover you pass, and activate a new account.

About the topic:
Great! Some users have known this, the one who have already experienced hacking and similar in other games, but most don't know how to protect an account completely. As he said:

- random e-mail
- random user name
- random pass
- random secret answer

Write everything down on a paper and, you are safe & set to play the game

[CrazyAztec]

I, too, REfuse to call this hacking!!!

ok. One of my friend is a hacker. Elite hacker and crack NASA's database and even goes face to face with the FBI!!! lol...can u see that. He hacked paypal and lots more idk what. To tell you the truth, he doesnt need any white hat tricks at all!!! simply just ..programming. oh yeah btw he even teach me a lil about hacking lol...send them a keylogger

im not pro-hax and pro-bots just interested on the both side of the community in SRo..or the NetWArriors!! hehe

[judaiskariot]

Elite hacker and crack NASA's database and even goes face to face with the FBI!!!

hahahah very funny

[oktaytheazer]

sweet.

another advise for sro users, read srf.

[Wamphyri]

I, too, REfuse to call this hacking!!!

ok. One of my friend is a hacker. Elite hacker and crack NASA's database and even goes face to face with the FBI!!! lol...can u see that. He hacked paypal and lots more idk what. To tell you the truth, he doesnt need any white hat tricks at all!!! simply just ..programming. oh yeah btw he even teach me a lil about hacking lol...send them a keylogger

im not pro-hax and pro-bots just interested on the both side of the community in SRo..or the NetWArriors!! hehe

i don't know what drives peopel to make comments like this?

bruteforcing and dictionary attack are a style, i repeat "STYLE" of hacking

reffering to your "programming" aspect what do you think drives these attack, oh crap. programs

anyways for anyone who has been around since the b.b.s. days understand what this guys has said and is trying to do thank you very much for the descriptive information as the password adding ascii shift - #'s is an added bonus as well as numbers and characters longer the better as it take bruteforcing longer to run through all the combined keystrokes avalable

oh and one more thing so how long is your elite hacker buddy in jail for? using a metal spoon to drug yourself outta federal prison doesn't constitute as hacking nor does having big bubba for a cell mate lol

[bugy92]

hey.....If they know your id and e-mail, your account isn`t theirs.....they steal need to know the secret question, who is difficolt to find out....how can you know someone`s secret question?? I forgot my own secret answer...It`s dificult to find secret answer...how can you???

[themeatwagon]

It's funny how naive some people can be, alls it take is someone with a properly worded sentence and no knowledge of the computer language of SQL to convince people that hacking silkroad can't be done. Hacking Silkroad is possible and it's done through blind SQL injection. Every website on the internet is suseptible to at least one form of SQL injection but some site like silkroad are....easier than others.

Beleive what you want doesn't hurt me in the least

[FuryAngle]

This is far from hacking, this is just research and cracking and taking an educated guess at somebodys answer. It obviously doesnt work 100% and it doesnt even work 20%of the time, I would have to say you got lucky with the 5accounts that you tried. Aswell its much easier just to gain acces to the acctual host of sro.net, after all its just html, and if you take notice to the actual silkroadonline.net website, you will notice they are not security certified(if your are certified[protected] you have a little lock in the corner of the screen) this indicated all data is in code. Ie: if your id is idiot it would be stored in a code format and not in actual leters which can be read. sro.net is although certified by SSL (verisign secured) This is a company with very poor fire wall and defenses, their certificates can be easily intercepted and resent to sro.net, if i remeber right, it was 128 bit encryption/SSL encryption. If you gained even one certificate you could gain acces to their homepage, you can edit minor data this way, such as the incident when there was a notice on main page. I wonder who did that BTW They also have data stored in .txt format which just scares me. Well good thing for some people, bad thing for others

-And for gods sake, Can these noobs not register on SRF with their real ID and E-Mail that is used for SRO? SRF would take less than a day to data wipe

[Z0mbs]

I suggest you scan all files you download at http://www.virustotal.com and use SpyBot Search & Destroy before you install anything. To install SpyBot S&D first download and install WinRar and use the trial version forever. It seems like a lot of work but it's worth it to protect yourself.

This is an example of virustotal, scanning SpyBot Search & Destroy.

[PR0METHEUS]

It's funny how naive some people can be, alls it take is someone with a properly worded sentence and no knowledge of the computer language of SQL to convince people that hacking silkroad can't be done. Hacking Silkroad is possible and it's done through blind SQL injection. Every website on the internet is suseptible to at least one form of SQL injection but some site like silkroad are....easier than others.

Beleive what you want doesn't hurt me in the least

That's why Joymax needs a company like the one I work for to monitor them for attacks like these....

[Nave47]

It's funny how naive some people can be, alls it take is someone with a properly worded sentence and no knowledge of the computer language of SQL to convince people that hacking silkroad can't be done. Hacking Silkroad is possible and it's done through blind SQL injection. Every website on the internet is suseptible to at least one form of SQL injection but some site like silkroad are....easier than others.

Beleive what you want doesn't hurt me in the least

That's why Joymax needs a company like the one I work for to monitor them for attacks like these....

And what company is it?

[Sponge]

BRAVO! thank you so much for ur help! i never got hacked before in any game and now ill be insinsible (not) muhahahahaha! thx alot!

[Slayer007]

u dont like hacking but yet u hack like 10 ppl and prolly alot more ? wow u must have no life u hipicrit

[Zeb]

I just searched all my info. I got 4 results for my login name, 0 results for my email and ~100 results for my password (not going to give the exact word). The weird thing is that my password is something I completely made up a few years ago based off of a swear sensor from a website I used to go to. None of the google results had anything to do with me though, all coincidental. Usually appearing on blogs where people were trying to be random.

My login name unfortunately is similar to my in-game name but I guess there's nothing to be done about that.

[PR0METHEUS]

It's funny how naive some people can be, alls it take is someone with a properly worded sentence and no knowledge of the computer language of SQL to convince people that hacking silkroad can't be done. Hacking Silkroad is possible and it's done through blind SQL injection. Every website on the internet is suseptible to at least one form of SQL injection but some site like silkroad are....easier than others.

Beleive what you want doesn't hurt me in the least

That's why Joymax needs a company like the one I work for to monitor them for attacks like these....

And what company is it?

An IT security company in the tri-state area.