Jump to content

Que user mas estupido

bakaro

By bakaro
in Silkroad Online

 Share

Recommended Posts

kreatoR Newbie

kreatoR

Posted
Posted
Y no me vengas a decir pendejadas de levels , cualquier bot puede ser lvl 80 en 3 meses con gold ticket

fixed

y bakaro tiene razon, el video ese del hacking en sro no probo absolutamente nada, vi que lo posteo en varios foros de SRO y la gran mayoria de comentarios fue que el video era una basura

(((BIOHAZARD))) Newbie

(((BIOHAZARD)))

Posted
Posted
fixed

y bakaro tiene razon, el video ese del hacking en sro no probo absolutamente nada, vi que lo posteo en varios foros de SRO y la gran mayoria de comentarios fue que el video era una basura

Supongo que los creadores de esta pag http://www.rev6.com/ , obtuvieron legalmente cada dato de cada uno de los usuarios de cada server , claro que en lo personal obtener 54.871 cuentas y de estas obtener 16 datos diferentse de cada uno es bien complejo

ademas lo poestee en 14 foros , solo en forumsro y alkon dijeron que era falso

Pero entiendo que para algunos sea dificil aceptar , asi que escucho las explicaciones para :

1) El hackeo en la pagina de ISRO

2) El masivo robo de cuentas en ISRO

3) El como obtuvieron y obtienen los datos los creadores del rev6 (si es algun programa malintencionado mencionar el nombre)

En esos dos foros tuve que hacer las mismas preguntas , jamas pudo 1 responderme

Cuando uno afirma algo presenta pruebas , ejemplo mi video , es OVBIO que no pasare el programa (no lo vendo/cambio/regalo)

tu kreator dices que es basura , ok , te escucho , dime por que no es posible hackear en SRO?

Juancho Newbie

Juancho

Posted
Posted

MODERATOR AND/OR ADMIN : I say this message deserves a sticky. I certianly don't need to take the time to post or write this - but - I am, for everyone's good. Many people can benefit from my advice - this deserves attention.

This is real insight into the problem. I did this for your users, and ALL users of SRO. I also did this to reassure a few people that my intentions were NOT bad, and I do NOT intend to wrong them.

========[sTART MESSAGE]=========

I've noticed a rash of hackers running about SRO - and truthfully, it pisses me off. I was confronted by one in-game, warning me to "watch out and don't try to offend the wrong people."

Yeah, right.

Well, the guy didn't know who he was dealing with. My curiosity was sparked. So - a few days ago - I set out to test my skills once more, it's been a long time ... but hey, once they're there - they're there for good. If you care to get an idea of what I am & what I do, this sums it up:

http://en.wikipedia.org/wiki/White-hat

I picked a few people. I ravaged their accounts. I gave them back when I was done. Why, why do all of this when you don't need to? Why waste so much time when you have nothing to gain? Do you want to know how long I've spent doing this?

Account 1: 10 minutes

Account 2: 6 minutes

Account 3: 5 minutes

Account 4: 1 hour ( This guy was a L70+, 33 years old - and a *programmer* no less. I dug up his secret question, I prepared a dictionary attack. If I wanted this guy's account - it was mine. I'm not about to go as far as bruting someone's account. But, I can. I left him alone.)

Account 5: This guy was smart. His snotty posts on boards pissed me off... I had a tough time digging up info on him. Lucky for him - he didn't publicize an e-mail address... except for one that he did not use as his login.

*Gasp* e-mail address.

Let me shed some light on this "hacking" we're all hearing about. Most everyone online, even the so called "bad" people in-game, are pretty good folks. I really - after getting to know people - haven't found a single person I did NOT like. There ARE people that I do not like - and that's braggards, script-kiddies, and goldfarmers. So you want to know what I'm going to do today? I'm going to potentially destroy the SRO account hacking problem. I'm going to let YOU know how THEY do it. Why? Because when you KNOW how people can DO something, you also can figure out HOW TO STOP IT. This is especially true when you _ARE_ the security hole.

Here we go:

HOW a SRO account gets hacked & stolen

1- A victim is picked.

2- Find their username

3- Find their e-mail address

4- Owned

Your secret answer is irrelevant at the moment. Your password does not matter. Once they have your username and e-mail, your account is theirs. So, I'd like everyone to take a moment ... and think of how you can correct this problem......

YES!

You need to treat your E-MAIL ADDRESS as your new SRO PASSWORD - DO NOT USE YOUR USERNAME(S)

You need to use a STRONG password on top of this. Use at least 8-10 characters, numbers AND letters. DO NOT USE A WORD IN A DICTIONARY.

People _CAN_ figure out your secret question. One person ... took "birthplace" as a question on their account. I found out the user's country.

I pulled up a list of the 10 major cities in that person's country. (towns & villages don't have hospitals). They were born in city #4. Account is hacked.

Another person - they listed their pet as their secret answer. So, I searched for their username - and an animal. Found their pet's name. Account is hacked.

Are you following a trend here?

The more you post online, the more information there is about you, the easier it is for people to "hack" your account. Yes, this *IS* what hacking *REALLY* is. Taking all of the facts you have available. Building on them. Finding out more information. Building on it ... keep building ... build more ... until you have the answer. My success rate was 80% in taking accounts I set out to take - using my head alone, and NO hacking tools, NO programming, NO cracking.

Let me sum this up for you, in a SHORT list of things you should keep in mind to safeguard your account from someone like ME.

1- Strong password. Press random keys on your keyboard, or use a password randomizer.

2- RECORD YOUR PASSWORDS. Write them down, that way you can use STRONGER passwords.

3- TREAT YOUR E-MAIL ADDRESS LIKE A PASSWORD. Use a NEW e-mail for ALL of your SRO accounts. Under NO circumstances should your username be in your password.

4- Don't fill in public profiles. People use them to hack your account.

5- Don't use the same username to post on boards as you use as a login. Can't stress this enough. That's 50% of your account lost.

6- Search for your OWN information on google. Anything you find - DON'T EVER USE IT AGAIN. This information is now INSECURE.

7- Watch out for XFIRE accounts. They show how much of a PRIME TARGET you are. (1K hours+ logged into SRO? You've got a fat account.)

If you've made a mistake with your account, DON'T PANIC. You can still save it - even if it has been compromised before.

Change your e-mail to something completely out of the ordinary. Something you've never used before.

Make it NOT a word, or a combination of 2 words and some numbers - the longer it is - the harder it is to figure out.

Change your actual name. Use the same fake name for _all_ of your logins.

When you set your passwords - don't be afraid to combine things. If your old pass was dog133 - change it to a combo of words plus numbers: car133bird331 - dumb as it looks - is a GOOD password VS a brute force attack. It's simple for you to remember, and it's HUGE when a scriptkiddie goes to attack it.

Nobody can advise you like someone who is REALLY into security. Joymax's security is shoddy. They suck. You have to take measures for your own good. You've just gotten advice from someone who's pretty good. I won't say I'm one of the best - as there are many better than me. Hey, give me credit - at least I'll admit it.

[ PS: About those guys who claim to break into Joymax's databases: 100% bull. I read that "chat with a hacker" - the guy either bruted or engineered. Trust me on that.]

Good luck everyone. I sincerely apologize to anyone whose account I've gotten into. You know who you are man. I hope you can forgive me. I took 1 global of yours - if you want the dime back, I'll send you a quarter. Smile

I've also tried to give Joymax some of my own insight on their problems. You want to know what they say?

Nothing. They don't give a **** about anyone. Keep that in mind.

Peace.

kreatoR Newbie

kreatoR

Posted
Posted

parece que asi es como funciona rev6

Code:

1)Someone runs their bot (I think they made both revbot and nubot). This allows their program to view all data being sent to the computer.

2)When the bot user enters a new area, data about what armor and weapons everyone is wearing is sent to the bot. This includes +s, as they are required to draw the glow. Even if it is +1 or +2 the data about +s is sent because Joymax uses the info to generate glow on the client side, they don't tell it to glow from the server side. The server will also send different data based on whether a piece of armor is SOS, SOM, or SOSUn and it sends different data even if the armor looks the same, like a level 19 hat or a level 24 hat. Every piece of equipment's ID number and its + is sent to your computer by Joymax's server and is seen by the bot.

3)The bot records the data about all the gear it sees and sends it off to Rev6's servers.

4)They get the stats by performing known calculations. They don't know the ACTUAL stats of your weapon, they know what it will be at when everything is at 0%, so they show what that would be.

antes de esto se hablaba de que si le hacian trade o lo invitaban a un party a uno podian averiguar el ID y luego tratar de crackear el password, nada nuevo como dice juancho, el video es malo porque no menciona nada concreto, no se sabe de donde saca los numeros de la gente que perdio las cuentas, y la calidad es pesima no se alcanza a leer nada, la pagina de SRO nunca ha sido muy segura, y con los foros nuevos era facil que averiguaran su ID con solo que le hicieran quote a un post suyo. Otra cosa que contribuye a esto es el hecho de no poder cambiar la respuesta a la pregunta secreta, si alguien conoce el ID y el email puede llegar a la pregunta secreta, si es alguien conocido puede saber la respuesta, la pega y hasta ahi llego su cuenta, le cambian el PW y listo. Mas de uno pierde la cuenta porque alguien del guild en el cual confia puede saber todo esto

Guaro Newbie

Guaro

Posted
Posted

Bakaro siempre causando problemas :lol:

Yo vi el video hace mucho tiempo y aunque no se ni mierd@, me pareció de esas pelicula donde menten varas de computadoras e inventan varas todas irreales, me hizo gracia el aire dramatico que le quisieron dar :lol2:

Lorddarknes Newbie

Lorddarknes

Posted
Posted

Bueno todos los MMO tienen el problema o la posibilidad de que le hackeen la cuenta, y la mayoria de las veces es culpa de los mismos usuarios, aqui les doy un par de tips para evitar eso que he oido durante mucho tiempo:

1- No compartir las cuentas con NADIE

2- No utilizar programas de terceros para monitorear lo que pasa en el juego, ejemplo llevar la cuenta de los drops.

3- Evitar al maximo las paginas que ofrecen formas de hacer trampa en el juego

4- Evitar al maximo los servicios de los farmers tanto de power leveling como compra de objetos del juego

5- Evitar foros del juego creados por terceros, asi como descargar archivos o programas de dichos foros

6- Utilizar passwords alfa numericos que incluyan mayusculas y minusculas si es posible, entre mas combine caracteres mas dificil de descifrar como por ejemplo: 31Ch08oM4n (fue lo primero que se me vino a la mente)

7- Utilizar passwords diferentes en las master accounts del juego, las cuenta para loguear el juego, y de sus email

8- Y para mi la mas importante y donde se ownean a mas gente en los MMO, NO UTILIZAR PROGRAMAS PARA BOTEAR que ahi simple y sencillamente le esta regalando su cuenta el creador del programa

(((BIOHAZARD))) Newbie

(((BIOHAZARD)))

Posted
Posted
parece que asi es como funciona rev6

Code:

1)Someone runs their bot (I think they made both revbot and nubot). This allows their program to view all data being sent to the computer.

2)When the bot user enters a new area, data about what armor and weapons everyone is wearing is sent to the bot. This includes +s, as they are required to draw the glow. Even if it is +1 or +2 the data about +s is sent because Joymax uses the info to generate glow on the client side, they don't tell it to glow from the server side. The server will also send different data based on whether a piece of armor is SOS, SOM, or SOSUn and it sends different data even if the armor looks the same, like a level 19 hat or a level 24 hat. Every piece of equipment's ID number and its + is sent to your computer by Joymax's server and is seen by the bot.

3)The bot records the data about all the gear it sees and sends it off to Rev6's servers.

4)They get the stats by performing known calculations. They don't know the ACTUAL stats of your weapon, they know what it will be at when everything is at 0%, so they show what that would be.

antes de esto se hablaba de que si le hacian trade o lo invitaban a un party a uno podian averiguar el ID y luego tratar de crackear el password, nada nuevo como dice juancho, el video es malo porque no menciona nada concreto, no se sabe de donde saca los numeros de la gente que perdio las cuentas, y la calidad es pesima no se alcanza a leer nada, la pagina de SRO nunca ha sido muy segura, y con los foros nuevos era facil que averiguaran su ID con solo que le hicieran quote a un post suyo. Otra cosa que contribuye a esto es el hecho de no poder cambiar la respuesta a la pregunta secreta, si alguien conoce el ID y el email puede llegar a la pregunta secreta, si es alguien conocido puede saber la respuesta, la pega y hasta ahi llego su cuenta, le cambian el PW y listo. Mas de uno pierde la cuenta porque alguien del guild en el cual confia puede saber todo esto

El de juancho funcionaba perfectamente hasta que hackearon la pagina y agregaron "mejor seguridad" (lo que hicieron realmente en vez de investigar y arreglar los problemas fue quitar cosas que los usuarios usaban) aunque de por si es demaciado trabajo averiguar 1 mismo cada uno de los datos

El de Kreator es muy similar al que escribio joymax , pero es totalmente falso puesto que si esto fuera verdad que espera joymax para bannear 54.871 de botters? , en pocas palabras si tu asumes que esa informacion es verdad estas tambien asumiendo que Joymax patrocina y protege a cada uno de los botters de SRO puesto que teniendo un listado detallado de cada uno , no los bloquea

(En pocas palabras pasaria la discucion a: si Joymax es mas negligente o es mas corrupto)

Ha y kreator aun es posible hackear por : exchange , party , invitacion a friens , invitacion a guild

El de Lorddarknes son los TIPS para no ser hackeado que generalmente funcionan en otros juegos (9dragons , Kal online , wow , GW , rappelz y me atreveria a decir que KSRO) lamentablemente ISRO no posee el mismo contrato con Nprotect

Acid Newbie

Acid

Posted
Posted

Yo estaba viendo la pagina y esta interesante la info, aunque veo que no tiene a todos en las lista, ya que mi char no aparece. Y estuve buscando otros char's y no aparecen, quien sabe como sera el metodo que utilicen y para que estan recopilando esa informacion.

Pero si da un toke de miedo, mas si le hackean la cuenta o algo asi, nada que ver perder todo el tiempo invertido.

Yo por eso seguro le voy a entrar al KSRO, ya que dicen que no tiene muchos bot y esta casi completo.

  • 2 weeks later...
skiler Newbie

skiler

Posted
Posted

Eso eso apuntese, yo tengo un lvl 32 en el primer server de korea, el que siempre aparece easy, por cierto me hice un mago ya que con el delay de 15, y no el de 30 como lo era antes se haci muy dificil hacerse un mago.

Lleguese mi nick es miyake soy full str y hachas

Guest
This topic is now closed to further replies.
 Share
Go to topic listing
×
×
  • Create New...