Hacked Accounts
" Pretty much same thing happened to me, although I was gone couple months came back for the new patch and all my characters were striped...First time Ive had an account to my knowledge hacked. (Including D2 which was/is infested with scams ect) |
|
I came back playing again after hibernating for a few months. Before playing back, I did:
- Reformatted my PC and installed all from scratch. - Enabled 2-tier security on my e-mail account. - Did not installed Java/Java Run-time Environment. I hope the RNG hacker(s) spare me this time. PHP Guild - Philippines Last edited by obz#7035 on Jun 10, 2013, 6:04:12 AM
| |
" It is my understanding that salted hashes can be cracked as well. They start by attacking short passwords which gives them clues about the salt then they move on to longer passwords. It just takes more time. That is assuming hackers got their hands on the encrypted password file to begin with. |
|
" It depends on your salting policies, but it can be done. Main issue is when you add the salt, randomized each time, etc. Also, you don't need salt but it helps. SQL injection can be amazing for getting the password tables. Hard to find in logs unless you know what you're looking for. And no, I'm not saying you can use SQL injection on GGG's server, just saying it can be amazing. IGN:_TheHeffNerr_ IGN:_TheHeffNerr IGN:_The_Heff_Nerr_ shop! view-thread/362602 alteration shop! view-thread/379959 [SC][Build][Facebreaker] Righteous Cyclone! view-thread/355643 Killed in 0.11.0 Vote no on the patch! Last edited by TheHeffNerr_#0656 on Jun 10, 2013, 8:17:12 PM
|
|
" I'm just checking in to make sure GGG still offers no support and blames us for being hacked. Yep. |
|
Anyone other than me that would appreciate a simple feature:
IP locking? Opt-in feature via website. Once you enable the feature, auto-enables the last IP you logged in from. Blocks access from all other IPs. To disable the feature requires email verification (presumably you use a different email password). Now, this feature would only help those of us who play from a single location that has a static IP address (ie, cable internet). But it would help, and shouldn't be too hard to add on top of any other planned measures. NewDude: I killed Brutus. Now I have no quest. So what now?
Guy: I guess there are people that NEED quests for direction. Guy2: I always wonder how those people get through life. GuyMontag: They get married. Wives are like quest-givers. |
|
" As someone that has a dynamic IP, I will still like this feature but adjust so that I could specify a range of IP addresses. Not quite as secure, but still usable. |
|
What may be some extra security to someone who does not want to write down a hard password but still have a long, non logical password.
Autohotkey might be an idea (this does NOT protect against keyloggers etc) but allows you to set a very long password, that you can use with a short key combination on the PC the script is installed. I personally use it so that i don't have to memorize all my passwords (and i have a good antivirus so keyloggers are generally not a problem) For me i have 1 password for maybe 30 accounts, but the script turns that simple "password" i input into the actual password for the account. And for abbreviations (like "brb", when i type those letters, the script automatically writes down "be right back" It's a really simple method of getting a more secure password without the fear of forgetting it or having to look it up. |
|
" Can somene explain this to me? Why is it not reasonable to get the items back from the thief to the owner, if it was 100% clear that the items were indeed stolen? This does not involve any item duplication. So basically when an act of item theft is found, the thief is banned, and support says to the victim: "Sorry, can't get your items back, against our policy, go suck a lemon!", is that correct? I imagine many people already quit the game because of that. Increasing Field of View in PoE: /1236921 Last edited by Shajirr#2980 on Jun 14, 2013, 10:09:36 AM
|
|
" They already told you why, with how their account management system works now, they can't restoring it without the stolen items being deleted and restored. This would be a indirect "dupe hack" since the stolen items can be tossed around to proxy accounts. |
|