[READ]SRO Account Hacks: How it's done and how to stop it.

[SuicideNz]

hey i appreciate wat ur trying to do but can ppl stop making these hacking posts

it is showing ppl how easy it is, so then more ppl go and try it out.

i got hacked and i was hoping it was u but no email came up so i wasnt so lucky.

[PR0METHEUS]

hey i appreciate wat ur trying to do but can ppl stop making these hacking posts

it is showing ppl how easy it is, so then more ppl go and try it out.

i got hacked and i was hoping it was u but no email came up so i wasnt so lucky.

I think it's good to share these things with everyone. The more people know about these techniques, the better prepared they'll be to prevent them. It's just like with vulnerabilities in software. Microsoft releases security bulletins all the time informing users of various vulnerabilities, and how to protect themselves from being exploited. Of course Microsoft has plenty of security problems themselves, but just an example.

It's better than just keeping users in the dark and unable to protect themselves.

[exality]

see if you can catch me! dont repost the info tho pm it to me to see if your right

[Dark0Archer0]

Posting this topic actually would give more potential hackers the information they need to be able to hack accounts successfully than help players keep their accounts safe. Legit players who don't hack would be less inclined to read this topic than someone who wants to learn.

Thankyou for broadening the hacker community, greatly appreciated.

[PR0METHEUS]

Posting this topic actually would give more potential hackers the information they need to be able to hack accounts successfully than help players keep their accounts safe. Legit players who don't hack would be less inclined to read this topic than someone who wants to learn.

Thankyou for broadening the hacker community, greatly appreciated.

True, but with all the "OMG I got hacked" threads that we see here, we can just point that user to this thread so he/she can learn ways to help prevent it from happening in the future. This information is already out there in the hacker community, and anyone that wants to hack will find it whether this thread exists or not.

[SazerX]

ok well since i dont have any other way to put this... u cannot stop hacking of accounts, there will always be an exploit in silkroad database, there is no possible way to completely kill all exploits in silkroad database, im sorry but there is no possible way to shut it all off, hackings will always occur its harsh but true, hopefully suicide dont ban me again, im just speaking my mind on the subject

[PR0METHEUS]

ok well since i dont have any other way to put this... u cannot stop hacking of accounts, there will always be an exploit in silkroad database, there is no possible way to completely kill all exploits in silkroad database, im sorry but there is no possible way to shut it all off, hackings will always occur its harsh but true, hopefully suicide dont ban me again, im just speaking my mind on the subject

Any logical person would agree with you. Of course there will always be vulnerabilities in ANY piece of software. Efforts should still be made to identify and close as many vulnerabilities as possible. For the ones that can't be closed, compensating controls need to be put in place. Any residual risk from what's left just needs to be accepted. It's a constant battle. It's like that in any area of IT security.

*goes back to writing up security plans*

[FuryAngle]

Theoreticaly you can "hack" into sro, by SQL injections or using their SSL certificates. But 99.99%of hacked accounts are not hacked, but rather cracked. it, email+id then generate the answer.

BTW SuicideNz i remeber you when I was level 21, you recruited me for your guild. Same with my friend. we got to 26 then switched servers Is your guild dead?

[Dr_Etsh]

I heared that there's a virus (may be a trojan or a worm) that can steal ur login info

is that true? and if it was can that virus steal it from the game login screen or only the web?

[Pan_Raider(`_´)]

There might be a trojan. But then it is acquired from some hacker source.
Trojans steal all you info about everything u do, the hacker gets all he needs to snuff you out.

[lolster]

what kind of idiot would do that it so simple >.> lol

[Stress]

I've had a bloddy 12-letter number+word password, a 11 letter username and a long e-mail address, but I still got hacked.... Now, my info is so tight, not even I know all of it, unless I read it from a paper. Learned my lesson *sighs*

[JackB4u3r]

I've had a bloddy 12-letter number+word password, a 11 letter username and a long e-mail address, but I still got hacked.... Now, my info is so tight, not even I know all of it, unless I read it from a paper. Learned my lesson *sighs*

On my new account i needed about 5 days of constant logging in, in order to remember my user and pass xD.

It's better to have a dam long pass and user name with combined letters and number that you can't remember, then a short pass and user name that is easy to remember.

[scorpius59]

yeh it's common sense stuff we've been warned about for years but hearing someone tell how EASY it is exposes the fact of how MANY are probably capable, mean, and bored enough to do it! And all over a friggin game account no less! Is there no place you can get away from this crap...

[immortalkillerz]

Why would you waste your time flaming him, he has probabally helped those who didnt know how to prevent hacking well...

Thanks for the guide.....

o.0

[-]sKuLLz[-$phYnX]

This isnt hacking. This is cracking.

It's easy all you need is a program H*d** [Not saying the name]. Get the IP to both server's and login. pick a username and wait. heres what the program looks like using CMD.

Please Note: This isn't on SRO.

[pineapples]

Wow. Nice. Thanks.

[JajaAmnem]

wait so its based ont he question. i dont even know what question i picked and i know the answer i put was so random like it didnt even make sense. tyhat sucks if i lose my pw theres no way im gettin it back. lol

[dyn3x]

,.....

[truez]

wait so its based ont he question. i dont even know what question i picked and i know the answer i put was so random like it didnt even make sense. tyhat sucks if i lose my pw theres no way im gettin it back. lol

Well its not just wit SRO .. even u email accounts or ur bank accounts have questions ...
So tink abt it

Next time make sure u save it up somewhere with the answers.

[austinwolfclaw]

You know, a long long long time ago, someone gave me some usernames and passwords to try out ((i wanted to sic a bunch of tigers on a high lvl person)) only one username/password worked, however the character was a murderer, and it wasnt worth playing. so i left it behind, never to be touched again

[DeathBeforeDishonor]

Very Nice

[hootsh]

Thanks for the email tip..i could have easily fallen for that i'm a pretty social person ingame :p

There doesnt seem to be lots of friendly users around lol so i havent had a chance to spread my email around thank God, now i changed it

[shadowman20875]

First, whoever moved this to Guides I really think it should go back on general, as it is a must read, and most people go to general first.

Second, for your SRO password and username, ADD A CAPITAL LETTER. Helps A LOT with brutes.

[austinwolfclaw]

First, whoever moved this to Guides I really think it should go back on general, as it is a must read, and most people go to general first.

Second, for your SRO password and username, ADD A CAPITAL LETTER. Helps A LOT with brutes.

Last i checked you could only use lowercase letters.....

[WhiteSun]

this guide came to late for me

[leetest]

for some reason, when i try to find the pw of my friend using the "forget ur id and password" link on the homepage, it doesn't work

is it just me?

[PR0METHEUS]

for some reason, when i try to find the pw of my friend using the "forget ur id and password" link on the homepage, it doesn't work

is it just me?

Last I checked, that link only works in Internet Explorer.

Btw, stop trying to break into your friend's account!

[yesyes]

I dug up his secret question, I prepared a dictionary attack.

A dictoionary attack? I htought you don't use programs. Or is that a dictionary attack when you open a dictionary and write in all the words from A to Z?

[GeoHolyhart]

What amazes me, is why Joymax continues to let this happen. They could do the following to completely stop this form of account stealing.

1. Never allow e-mails to be publicized
2. Don't allow users to create characters with names similar to there account name.
3. Require passwords be numbers and letters over 8 characters.
4. Secret hints should be treated as a 2nd passwords, so instead of using something as dumb as "Birthplace: California" something like "Birthplace:southcali85".

This topic may seem to provoke more account crackers, which is true, but it gives the poor souls who don't know these kind of things a fighting chance as well, since they're the first ones targeted. Still I stand by my comment, that this should be Joymax's priority not ours. I know they're making pretty good money with the shear amount of silk people buy, so instead of constantly opening servers, they should try strengthening there security. Even though what I mentioned above costs nothing.