Jump to content


Protecting your account from online hackers! More tips inside! (DON'T GIVE AWAY YOUR EMAIL ADDRESS!)


  • This topic is locked This topic is locked
90 replies to this topic

#1 PayrPaks

PayrPaks

    Advanced Member

  • Members
  • PipPipPip
  • 6361 posts
  • Dead Nest, Morningwood

Posted 09 November 2011 - 10:24 AM

Browsing the 'Account Issues' and 'Abuse Reports' section, I have seen threads complaining about their game accounts being blocked and banned by GMs. While most are banned rightfully by the GMs, there are plenty of cases where they are really innocent and were victims of hack cases.

Here is a simple guide from MMOsite to keep your accounts from being hacked. Just replace SRO (Silkroad Online) with Dragon Nest and you'll see the similarities.

Source: http://forum.mmosite...aec7a913-1.html

---

This Guide was NOT written by me. I just copied and pasted

Moderator: I say this message deserves a sticky. I certianly don't need to take the time to post or write this - but - I am, for everyone's good. Many people can benefit from my advice - this deserves attention.
This is real insight into the problem. I did this for your users, and ALL users of SRO. I also did this to reassure a few people that my intentions were NOT bad, and I do NOT intend to wrong them.

I've noticed a rash of hackers running about SRO - and truthfully, it pisses me off. I was confronted by one in-game, warning me to 'watch out and don't try to offend the wrong people.'

Yeah, right.

Well, the guy didn't know who he was dealing with. My curiosity was sparked. So - a few days ago - I set out to test my skills once more, it's been a long time ... but hey, once they're there - they're there for good. If you care to get an idea of what I am & what I do, this sums it up:

I picked a few people. I ravaged their accounts. I gave them back when I was done. Why, why do all of this when you don't need to? Why waste so much time when you have nothing to gain? Do you want to know how long I've spent doing this?

Account 1: 10 minutes

Account 2: 6 minutes

Account 3: 5 minutes

Account4: 1 hour ( This guy was a L70+, 33 years old - and a *programmer* no less. I dug up his secret question, I prepared a dictionary attack. If I wanted this guy's account - it was mine. I'm not about to go as far as bruting someone's account. But, I can. I left him alone.)

Account 5: This guy was smart. His snotty posts on boards pissed me off... I had a tough time digging up info on him. Lucky for him - he didn't publicize an e-mail address... except for one that he did not use as his login.

*Gasp* e-mail address.

Let me shed some light on this 'hacking' we're all hearing about. Most everyone online, even the so called 'bad' people in-game, are pretty good folks. I really - after getting to know people - haven't found a single person I did NOT like. There ARE people that I do not like - and that's braggards, script-kiddies, and goldfarmers. So you want to know what I'm going to do today? I'm going to potentially destroy the SRO account hacking problem. I'm going to let YOU know how THEY do it. Why? Because when you KNOW how people can DO something, you also can figure out HOW TO STOP IT. This is especially true when you _ARE_ the security hole.

Here we go:

HOW a SRO account gets hacked & stolen

1- A victim is picked.

2- Find their username

3- Find their e-mail address

4- Owned


Your secret answer is irrelevant at the moment. Your password does not matter. Once they have your username and e-mail, your account is theirs. So, I'd like everyone to take a moment ... and think of how you can correct this problem......

YES!

You need to treat your E-MAIL ADDRESS as your new SRO PASSWORD - DO NOT USE YOUR USERNAME(S)

You need to use a STRONG password on top of this. Use at least 8-10 characters, numbers AND letters. DO NOT USE A WORD IN A DICTIONARY.

People _CAN_ figure out your secret question. One person ... took 'birthplace' as a question on their account. I found out the user's country.
I pulled up a list of the 10 major cities in that person's country. (towns & villages don't have hospitals). They were born in city #4. Account is hacked.

Another person - they listed their pet as their secret answer. So, I searched for their username - and an animal. Found their pet's name. Account is hacked.

Are you following a trend here?

The more you post online, the more information there is about you, the easier it is for people to 'hack' your account. Yes, this *IS* what hacking *REALLY* is. Taking all of the facts you have available. Building on them. Finding out more information. Building on it ... keep building ... build more ... until you have the answer. My success rate was 80% in taking accounts I set out to take - using my head alone, and NO hacking tools, NO programming, NO cracking.

Let me sum this up for you, in a SHORT list of things you should keep in mind to safeguard your account from someone like ME.

1- Strong password. Press random keys on your keyboard, or use a password randomizer.

2- RECORD YOUR PASSWORDS. Write them down, that way you can use STRONGER passwords.

3- TREAT YOUR E-MAIL ADDRESS LIKE A PASSWORD. Use a NEW e-mail for ALL of your SRO accounts. Under NO circumstances should your username be in your password.

4- Don't fill in public profiles. People use them to hack your account.

5- Don't use the same username to post on boards as you use as a login. Can't stress this enough. That's 50% of your account lost.

6- Search for your OWN information on google. Anything you find - DON'T EVER USE IT AGAIN. This information is now INSECURE.

7- Watch out for XFIRE accounts. They show how much of a PRIME TARGET you are. (1K hours+ logged into SRO? You've got a fat account.)

If you've made a mistake with your account, DON'T PANIC. You can still save it - even if it has been compromised before.

Change your e-mail to something completely out of the ordinary. Something you've never used before.

Make it NOT a word, or a combination of 2 words and some numbers - the longer it is - the harder it is to figure out.

Change your actual name. Use the same fake name for _all_ of your logins.

When you set your passwords - don't be afraid to combine things. If your old pass was dog133 - change it to a combo of words plus numbers: car133bird331 - dumb as it looks - is a GOOD password VS a brute force attack. It's simple for you to remember, and it's HUGE when a scriptkiddie goes to attack it.

Nobody can advise you like someone who is REALLY into security. Joymax's security is shoddy. They suck. You have to take measures for your own good. You've just gotten advice from someone who's pretty good. I won't say I'm one of the best - as there are many better than me. Hey, give me credit - at least I'll admit it.

[ PS: About those guys who claim to break into Joymax's databases: 100% bull. I read that 'chat with a hacker' - the guy either bruted or engineered. Trust me on that.]

Good luck everyone. I sincerely apologize to anyone whose account I've gotten into. You know who you are man. I hope you can forgive me. I took 1 global of yours - if you want the dime back, I'll send you a quarter.

I've also tried to give Joymax some of my own insight on their problems. You want to know what they say?

Nothing. They don't give a **** about anyone. Keep that in mind.

---

TL;DR version of the above:

1. Never give ANY information about you or your account. A single info can lead your account to ruin.

2. Use strong passwords. The guide in here recommends that your password must be a mixture of random keystrokes. You can also use random word combinations, as random words will always work better.

3. Remember Rules # 1 and # 2. ALWAYS.



#2 PayrPaks

PayrPaks

    Advanced Member

  • Members
  • PipPipPip
  • 6361 posts
  • Dead Nest, Morningwood

Posted 09 November 2011 - 10:25 AM

More tips on how to protect your account:

1. Put up a second password. This is a must as keyloggers won't be able to record mouse strokes. (from Cerulean)

2. Do not login on any websites that is not named dn.cherrycredits.com. Remember, .tk, .co.cc, and other websites are free websites that can duplicate the appearance of said original website. Visiting these websites make your accounts and your system prone from viruses and hacking. (from Ryokosha)

3. Do not post your email accounts in here. Any information that can lead to your game account can lead to it being compromised.



#3 Cerulean

Cerulean

    Member

  • Members
  • PipPip
  • 408 posts

Posted 09 November 2011 - 02:11 PM

 

PayrPaks, on 2011-11-09 10:24:58, said:

 
5- Don't use the same username to post on boards as you use as a login. 
 
 
I hope people read this. Especially that. 
 
Be wary of posting your email addresses or ID anywhere... and for your own account safety, put up a 2nd password. It's what it's there for. I notice numerous people reporting getting hacked that someone added a 2nd password when they didn't put up one.
 
So put one up already.  But go ahead and be lazy... just don't come crying in the forum later.
 
GM's repeatedly post tips in-game. You know, the floating letters above and below the screen. So anyone claiming they didn't know gold selling is illegal or didn't know that xxxx site that offers free epic equips is actually stealing your game info... are either blind or incredibly stupid.


#4 Ryokosha

Ryokosha

    Advanced Member

  • Members
  • PipPipPip
  • 2443 posts

Posted 09 November 2011 - 03:21 PM

Actually that's quite exagerating. The case that a hacker actually 'guesses' the ID and Password are only like 0.2% of all hacking cases. The remaining 99.8% were people sharing their password with someone else. Either on a phishing website, but also in like 5% of the cases it's actually someone who you considered a 'friend' and gave him your password (note: this is not allowed by CC in the first place).

You are already pretty safe if you only obey these four rules:

1. Choose a password that only you know and that cannot be guessed (do not use name of your dog and then tell someone about your dog ingame!).

2. Do not tell your password to anyone, not even friends or family.

3. Do not enter your password anywhere except the game itself to log in or at cherrycredits.com, make sure it's really that URL, not even one letter different!

4. If you visit websites related to the game that are not cherrycredits.com make sure you have an anti-virus program checking for keyloggers before starting the game.



#5 PayrPaks

PayrPaks

    Advanced Member

  • Members
  • PipPipPip
  • 6361 posts
  • Dead Nest, Morningwood

Posted 09 November 2011 - 03:31 PM

It's more than 0.2%, I assure you. More like 30% (or at least it applies to the Philippines only) or even more.

Hints and clues about your personal information are still valuable. Hence, protecting your identity will not only mean you can safeguard your game accounts, but your own identity as well.



#6 Ryokosha

Ryokosha

    Advanced Member

  • Members
  • PipPipPip
  • 2443 posts

Posted 09 November 2011 - 03:33 PM

I'm not so sure. If I use a password like 'gh356lop' and don't tell it to anyone, I've never ever been hacked even if I openly told everyone my login ID.



#7 Cerulean

Cerulean

    Member

  • Members
  • PipPip
  • 408 posts

Posted 09 November 2011 - 03:42 PM

But of course, the more difficult the password, the better.

While I may be bordering on paranoid, it helps me sleep better at night. tongueout



#8 TavoNova

TavoNova

    Member

  • Members
  • PipPip
  • 11 posts

Posted 09 November 2011 - 05:25 PM

well this is true ^_^, thumbs up



#9 PayrPaks

PayrPaks

    Advanced Member

  • Members
  • PipPipPip
  • 6361 posts
  • Dead Nest, Morningwood

Posted 10 November 2011 - 10:18 AM

Updated.



#10 fallenbishop

fallenbishop

    Newbie

  • Members
  • Pip
  • 8 posts

Posted 10 November 2011 - 05:20 PM

up



#11 Tonkatsu

Tonkatsu

    Moderator

  • Moderator
  • 460 posts
  • DN, Westwood

Posted 19 November 2011 - 05:05 AM

Another tip, which is tedious but works just as well, is by copy and paste letters/words into your password box. For instance, if you have a password as 'ilovecats22', instead of typing it,  i'm going into http://en.wikipedia.org/ and copy the letters and numbers into the password box instead of typing out my password to login.

As long as you do not share your password to anyone of course lol



#12 ChoO

ChoO

    Member

  • Members
  • PipPip
  • 19 posts

Posted 12 December 2011 - 02:19 AM

damn it why did i read this so late? :(
 

please help me.. :(

My account was locked(TODAY) and Panicing dunno what to do angry and mixed emotions, =.=

I talked to the PISHING EMAIL (http://forum.cherrycredits.com/forum/topics/view/account-locked-problem-warnings#post_511273)

d*mn i gave my secret answer, and the only thing I never gave is the SECRET PIN (coz idunno and i forgot)

i gave him almost all his questions except the SECRET PIN.. :(

please help me =((



#13 youandme07

youandme07

    Member

  • Members
  • PipPip
  • 17 posts

Posted 19 December 2011 - 03:16 PM

feel so

sorry to you.clap



#14 Ziegurd

Ziegurd

    Newbie

  • Members
  • Pip
  • 4 posts
  • Laxxius
  • DN, Westwood
  • ExtherioN

Posted 31 December 2011 - 12:44 AM

Nice. ahahah.. this makes me proud to be Pinoy. up



#15 hustle2009

hustle2009

    Newbie

  • Members
  • Pip
  • 6 posts

Posted 11 January 2012 - 07:49 AM

GM, what happened to my account last tuesday i tried to log in and then it said its duplicate and on the next day its been banned for yr 2010.. kindly do something about it i like the game i always played the game and i buy cheery credits and why did i got banned please help me.. hoping for youre immediate action.. thanks



#16 paolino009

paolino009

    Member

  • Members
  • PipPip
  • 12 posts

Posted 24 January 2012 - 10:56 AM

GM what happend to my account ,, 

my second password changed but i dont do anything??

how come ??

i just log it on , on your website - to www,dn.cherrycredits.tk 

and it asked to give my character password now its gone??

help me'

 



#17 PayrPaks

PayrPaks

    Advanced Member

  • Members
  • PipPipPip
  • 6361 posts
  • Dead Nest, Morningwood

Posted 27 January 2012 - 12:32 AM

I'm not a GM, but here is your problem.

Quote

www,dn.cherrycredits.tk

Notice that the end is not '.com' but '.tk'. The official website of Cherry Credits and Dragon Nest is http://dn.cherrycredits.com.

If you want to recover your account, send a message to CC using Cherry Messenger.



#18 KerkzPunkz

KerkzPunkz

    Newbie

  • Members
  • Pip
  • 2 posts

Posted 30 January 2012 - 12:32 PM

GM_PLZZZ GET BACK MY ACCOUNT..!!!
CHAR NAME:CLINTONY
SERVER: SPRINGWOOD
LVL:40
I WASTE A LOT OF TIME TO PLAY MY DN CHAR.. AND IT WAS JUST GET HACKED. KINDLY GM'S GET BACK MY ACCOUNT FIX MY PROBLEM.. HELP ME     T_T



#19 naruk123

naruk123

    Newbie

  • Members
  • Pip
  • 9 posts

Posted 03 March 2012 - 02:59 PM

how i can change my pass

log in game??



#20 zaidos0000

zaidos0000

    Member

  • Members
  • PipPip
  • 10 posts

Posted 06 March 2012 - 08:39 AM

Hello Gm Why im Banned in 10year im not hacking ?

 

Can you Help Me to Get Back My Account Please T_T

Username zaidos0000

 

Char MsCyrish

Email zaidos9909@yahoo.com 

Im hoping to action my Account thans ^_^