• Dear Guest,

    You're browsing our forum as a Guest meaning you can only see a portion of the forum in read-only mode.
    To view all forum nodes and be able to create threads/posts please register or log-in with your existing account.

    TwinStar team

What if I get hacked?

Rerun

New Member
Joined
Oct 19, 2014
Location
In your mind
Hey guys and girls,

Quick question.
I have a friend who plays on Feenix, Warsong. He recently started there again because Kronos is taking a while (yeah Im very impatient aswell!!!!) anyways..
He logged in and found out he got hacked and all of his characters were naked, no gold, etc.

The GMs basically said: "We don't restore items" or something along those lines.
I'm wondering how that would be here?
What IF I would get hacked? And I've spent to fucking long building my character on this 1x Blizzlike server,
would there be any actions taken to retrieve my items AND gold?

Would love to know.
 
There are actually guys on Feenix who run a wordlist to crack accounts. My brother got "hacked" too (unlikely he caught a keylogger, never downloads anything), his chars were deleted and the guy even created chars that together said "you just got hacked by <name>".
If you don't use jack shit for a password, you should be able to easily avoid getting hacked.

Additionally, people can gather accountnames by trying out the results of /who list gathering, then trying the same password on those account names or even just a wordlist. Not that hard to set these things up, on ther hand, I think the Kronos team will ban IPs for x minutes/hours after too many wrong login attempts. They're competent enough and no proxy network has unlimited IPs to switch between.
 
On Kronos 2 if you entered wrong password 3 times in a row you get a 10 min auto ban, as i remember.
 
The answer is easy. You must make a very complicated password with at least numbers. And of course do not tell your password to anybody else.

There are no options to getting your stolen items, golds etc. back.
 
Last edited:
The answer is easy. You must make a very complicated password with at least numbers. And of course do not tell your password to anybody else.
To be more specific for folk who may not know exactly what this entails:
- 8 characters MINIMUM! Ideally 10. Anything over that starts to become overkill.
- Alphanumeric MINIMUM! Ideally a mix of lowercase/uppercase with numbers, optionally symbols ($%^&* etc).
- Do not add the special character/capital/number only at the beginning or only at the end.
- DO NOT USE A WORD OR ANYTHING THAT IS A TERM OR NAME! This one is very important!
- Do not use 1337speak or swap syllables around! It's not nearly as clever as you think it is!
- Do not base your password on something personal to you! This isn't an issue for sweeping automated attacks on accounts but those with a personal reason to steal your account can use this against you.

If you fail to ignore these guidelines, you will make it exceptionally easy for an attacker to guess your password and undo potentially months of effort in minutes. You should use a random password generator instead of trying to manually think of one.

A technique I find useful for remembering randomized passwords is to maintain a mental "pronunciation" of them.

"ARb42dak;Ology" I would pronounce as "Arbdakology" for example, with another "mental note" about there the 'special' chars are. Caps first 2, 42 after Arb, semicolon after dak, caps the O after it.

http://www.pctools.com/guides/ password/
While I am unsure if this is ideal, I have a personal preference for using this site. Generate 20 or so passwords and pick one that looks random but is still "pronounceable".
 
Last edited:
ITT: OP paranoid because he uses shitty passwords.
The fun part is that maybe half of the time or less do you get hacked due to a bad password - but it certainly protects you against the times where it is relevant.

The most common types of 'attacks' I've seen to date are social engineering ("lul i r gm gibs possward pls" "ok mr gm!") or phishing (fake twinstar login page) attacks. The latter in particular has bitten several friends/acquaintances of mine, in some cases even AFTER I've warned them about these things! It's frustrating.

Ultimately your security is only as strong as your weakest section. Motivated attackers will find it, it's just a matter of when.
 
Actually most damage is done by email attachments like "message.txt.exe". Still people open them regardless. Phishing and social engineering are special attacks and therefore cannot be majority. Still hacking some gaming account is nothing, loosing all your money or get your private information stolen is something different.
 
Actually most damage is done by email attachments like "message.txt.exe". Still people open them regardless. Phishing and social engineering are special attacks and therefore cannot be majority. Still hacking some gaming account is nothing, loosing all your money or get your private information stolen is something different.
I guess our experiences are subjective, then. I've only known one guy who ran strange exe files and got hacked compared to many who get phished.
 
Perhaps, I just mean that to get phishing attack the attacker must have prior knowledge of your involvement with the phishing origin website. For the social engineering part too, this cannot be generic. But trojan attachments in mail and some Nigerian or lottery scams(which are soo old now) can be distributed everywhere and people still fall for them. Hopefully antivirus is more adopted now, even in windows there is rudimentary antivirus incorporated. But major part is educating people for prevention. And perhaps less money spent on antivirus software, because major producers of viruses and rootkits are antivirus companies, afraid of losing customers.
 
A technique I find useful for remembering randomized passwords is to maintain a mental "pronunciation" of them.

"ARb42dak;Ology" I would pronounce as "Arbdakology" for example, with another "mental note" about there the 'special' chars are. Caps first 2, 42 after Arb, semicolon after dak, caps the O after it.

Keep in mind you could/should probably just wright it down. Odds are no one is gonna break into your house and if they do odds are they aren't going to be looking for passwords.

If you wanna be paranoid about it you could wright it down somewhere in a book, then all you'd need to remember is which book it's in and which page it's on.

It's far easier to remember a complicated password from just typing it a bunch of times then trying memorize it all at once.
 
Hey guys and girls,

Quick question.
I have a friend who plays on Feenix, Warsong. He recently started there again because Kronos is taking a while (yeah Im very impatient aswell!!!!) anyways..
He logged in and found out he got hacked and all of his characters were naked, no gold, etc.

The GMs basically said: "We don't restore items" or something along those lines.
I'm wondering how that would be here?
What IF I would get hacked? And I've spent to fucking long building my character on this 1x Blizzlike server,
would there be any actions taken to retrieve my items AND gold?

Would love to know.

Feenix does restore gear, but there is a catch...

1) You have to have screenshots of every single BoP item you were wearing, had in your bank or wish to be restored overall.
2) Every screenshot needs to be taken with your mouse cursor pointing on and showing the precise in-game time of the item received.
3) Every screenshot had to have the "You receive INSERT ITEM NAME" message visible.
4) With items received from participating raids you have to have the raid panel open, showing the entire roster of players present at that exact raid
5) With items received from participating raids you have to have the raid reset timer panel open, showing the precise raid ID (So they could double check if they doubt you)
6) You have to write down the exact date you picked up the item, so it could easily be checked (keep a .txt document to log all your important items.)
7) You have to be very polite, informative and lick some GM ass when creating your topic

When all of these points are met, then they refund your item(s) ~80% of the time you get hacked. (If you manage to be stupid enoguh to mention that you were careless with your account info, then forget it. Smarter to not say anything that might compromise your chances.)

Raid leaders with a higher IQ than their shoe number ALWAYS take a screenshot of the loot table after a boss is slain in case of a server crash. So the loot would not be hopelessly lost and could later be recovered with sufficient enough information and redistributed through the forums. I'm pretty sure Kronos will have to deal with this aswell, because there WILL come occasions when these situation occur and you can't just start telling 40 people to fuck off a dozen times a week.

I've got screenshots of every single epic I've picked up since my 2nd or 3rd MC raid back in early 2010 on Feenix "Warsong" (after being refused a refund when I lost my first epic I picked up from my first MC run to a rollback, which occured after a server crash). I've been lucky enough to have my gear refunded thanks to this preventive measure on several occasions.

Mainly it's smart to create these screenshots anyway, because the server occasionally crashes a few minutes after you pick up your item (random crashes sometimes occur on private servers. They occur more often during peak raid times, because the server has to process through more data than it usually does), because most of the time the crashes might end up rolling back the server 5-15 minutes and you will lose your freshly acquired loot.

They do only refund BoP items, as that information can easily be double checked from their logs IF you have taken all the above mentioned steps (otherwise they refuse you as it's a lot more time consuming to check if you're telling the truth or that your screenshots aren't photoshopped etc.) Also write down the exact date (year aswell - just in case. You might end up needing these screenshots years later)

Gold and BoE items aren't that easily tracked though, so unfortunately you don't get those back. But a single rare piece of epic gear can be more valuable (even invaluable?) than thens of thousands of in-game currency (Drakefang Talisman, Thunderfury etc.)

I'm pretty sure this way you would also get back all your precious, more valuable loot on this server aswell.

Just follow these steps and you won't lose your precious epics (even BoP blues from 5 & 10mans)
For items recevied from raids - VERY important to have the raid ID & raiding panel open, item received message, exact date & time and the cursor showing the realm time. Can't stress this enough - makes double checking your story very easy for the person accessing the database.

I've seen a few careful & dedicated people on feenix servers getting back their entire sets of T2/T2.5/T3 and sets deposited in banks. Crap load of screenshots to scroll through though, but worth it.

FYI:

The greatest risk to getting hacked isn't an easy password, it isn't usually even due to a keylogger. Prominent hackers have confessed, that most of the time they target different forums & fan sites. Forum and fan site databases are relatively easy to hack into, then they copy and paste the entire list, which involves the account names, emails, passwords & other sensitive information. These groups are very organized, they spread this information to their different "departments" (There are departments for dealing with different methods. Departments for game accounts, bank accounts, email accounts etc etc.)

Surprisingly they also target the more popular private servers of games, because beleive it or not - servers such as "Warsong", Feenix, do have a small market for selling gold. And every potential dollar will be stolen by hackers from developing countries, they aren't as spoiled as western hackers, who go for the "big bucks".

After that they start trying out the freshly stolen account names and passwords and...EUREKA! ~50% of the time people have the exact same account names & passwords for both their forum accounts and in-game accounts. Your game accounts getting hacked is actually nothing compared to what might end up happening.

Worst case scenarios are:

They also try out the password with your email address they stole and use that for spamming & phishing for further useful information. They sometimes get lucky and end up digging all the way up to your credit card information or other useful information they find saved up in your email folders and they can use that information to seriously fuck you over and get you into a lot of trouble. You might have emails from Blizzard, Skype or Steam, iTunes or anywhere, which could potentially be used to turn into $$ - say goodbye to your battlenet & steam accounts, Amazon accounts, netflix accounts, Cloud storage services (They get access to files you keep on cloud drives etc.) Places such as Amazon even automaticly save your credit card information after you make a purchase, so you wouldn't have to go through the "trouble" of entering it again when making new purchases. That information is visible there if not removed manually by the account holder, Amazon isn't the only website with this "cool" feature etc.

They might find your facebook name and try the passwords with that, they can also use your email & password to request password resets for your facebook/twitter and other personal & valuable accounts, even bank accounts. And they can blackmail you for $$ etc. Getting lucky with your email is enough to potentially get you into a hefty debt. Hackers & account information phishers are very clever, cunning and potentially annihilating - They shouldn't be underestimated.

Moral of the story:

Keep seperate passwords & account names for your forums accounts, in-game accounts and email accounts and you will decrease your chances of getting hacked DRAMATICLY. Ohh and potentially this could even happen to this forum if it gets popular enough to be targeted.
 
Last edited:
Top Bottom