Ok, So I Just 20 Mins Ago Got Hacked...

"Strategic launch detected"

nuke em boyz!

Here you go...

http://www.ffxiah.com/wordlist.txt

<?php

$domain = "www.playonline-euix.com";
$target_url="http://$domain/cisweb/app/addif.asp";

$wordlist_file = dirname(__FILE__)."/wordlist.txt";
if (!file_exists($wordlist_file)){
die("Wordlist file $wordlist_file not found.\n");
}
$words = file_get_contents($wordlist_file);
$words = explode("\n",$words);
$word_count = count($words);
$letters = "ABCDEFGHIJKLMNOPQRSTUVWXYZ";
$numbers = "1234567890";

function getRnd($str,$x){
for($i=0;$i<$x;$i++){
$rnd = rand(0,strlen($str)-1);
$ret .= substr($str,$rnd,1);
}
return $ret;
}
function getRndWord($x){
global $words,$word_count;
for($i=0;$i<$x;$i++){
$rnd = rand(0,$word_count-1);
$ret.= $words[$rnd];
}
return $ret;
}
while(1){
$fake_pol = getRnd($letters,4).getRnd($numbers,4);
$fake_pass = getRndWord(1).getRnd($numbers,rand(0,2));
$postfields = "name=$fake_pol&password=$fake_pass";
$header = array();
$header[] = "Host: $domain";
$header[] = "Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5";
$header[] = "Accept-Language: en-us,en;q=0.5";
$header[] = "Accept-Encoding: gzip,deflate";
$header[] = "Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7";
$header[] = "Content-length: ".strlen($postfields);
$header[] = "Keep-Alive: 300";
$header[] = "Connection: keep-alive\r\n";
$ch = curl_init($target_url);
curl_setopt($ch, CURLOPT_HTTPHEADER, $header);
curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_COOKIEJAR,dirname(__FILE__).'/cookie.txt');
curl_setopt($ch, CURLOPT_COOKIEFILE, dirname(__FILE__).'/cookie.txt');
curl_setopt($ch, CURLOPT_FOLLOWLOCATION,1);
curl_setopt($ch, CURLOPT_HEADER , 1);
//curl_setopt($ch, CURLOPT_PROXY, "http://127.0.0.1:8118");
curl_setopt($ch, CURLOPT_POST,true);
curl_setopt($ch, CURLOPT_POSTFIELDS,$postfields);
echo "Curl Executing $fake_pol $fake_pass...";
$data = curl_exec($ch);
echo " done.\n";
//echo $data; exit;
}
?>

lol... It doesn't matter if you had JUST started playing. There's a nice big warning before you can hit the play option in PlayOnline that WARNS you about people doing this. No one should EVER fall for this.

I almost understood what Scragg just said. o.o;

Fun!

ok Scragg, my PHP is a bit rusty, so can you put that in ENGLISH?

unless that word list is referring to a list of possible passwords to this site.

if it was that easy to get ahold of these RMT, they would have done it when they started selling Square-Enix's game currency for real money. The sad fact is, this generates a surprisingly large amount of money for China. they dont want to do anything about it, and SE can't really make them

Honestly if it was a GM would they say mam/sir? i mean really. its your own fault you didnt see it. or the [GM] lacking infront their name? Im sorry, but if you went there. Then its your own fault lol.

Either farm for new ***, or use your freebie restore POL gives you once in a life time.

wordlist.txt is just a subset of Linux's /usr/share/dict/words

i dont need to farm for anything,or use my 1 time restore. my account got frozen by a GM before they could get into it. And in response to every one saying about the warnings as your logging in, and about what a GM does or doesnt say to you...
1. I dont pay much attention when logging in, as its usually 1st thing in the morning, whilst im getting my 2 sons, both under 2, ready for the day.
2. ive never been contacted by, or contacted a GM, so i dont know what they put or dont put.

Like i said earlier, my account has been frozen, and all ive gotta do is reactivate it, so guess i got lucky.

oh, so its just a list of words that are just words O.o

If people could sue others on the internet, we'd be in a shitload of trouble. Since everyone is so damn sensitive, any lil butthurt could result in millions of dollars pissed away to soothe the pain.

I'm totally offended by this post and intend to sue Brogame.com for millions of yen (about $17.85). ^.^

GO AHEAD *** LOL!!!

:D

dont they also say like, "hello [name], [job] of [nation] blah blah?" or is that only when u call to make a complaint and theyre letting you know that they gonna "work" on it?

i wanna get hacked, maybe they'll take my DOOOOOOOOOOOOOOOMARUUUUUUUUUUUUUUUUUUUUUUUU

when i got GMd for telling Remora's token jackass to throw some ridils on some ***, the GM said "Hello, Hackstealandbot. we need to talk." i was like "oh god, youre dumping me arent you?!"... he didnt think it was very funny :\

its a script to send fake info to the RMT phishing site. It looks like it generates a fake POL ID (4 letters and 4 numbers) and password from the wordlist.

lol..when i got GMd for abrev the word come i got wisped to jail...and the Gm was like "Hello {name}, {race} {job} of {nation}. I am {Name}. I apologize for the inconvenience, but we have a matter that we must discuss.

And all we're saying is... It's your own damn fault for not reading the warning that comes up before you can even log in. You're the type of person that doesn't read contracts before they sign them, aren't you? Can I get your name and home address? I'd like you to sign a few things for me.

Does anyone have a server with CURL ? I don't feel like setting one up right now ><

I always thought it was www.playonline.com/us and the -enix never existed?

who has september 1st affected?

www.playonline.com is the only valid POL site. These RMT companies try to make fakes to fool you. Though yeah I don't see any excuse to get fooled since this stuff isn't new and has been going on for over a month, and SE already has a warning about it before you even play XI.

It's a fake site to steal your info and take your stuff.... But, really... Please, go put in your info on that site and see what happens.

from what i gather from this thread, they're doing a pretty good job lol

LOl this OP makes me laugh. No one told me so I didn't know... Has anyone told you about those african lotteries you keep winning? If not I think I can make some up for you. Just gotta send me 10k so they can do paperwork to get you your 10mil prize!!!

Thank you. I was thinking that as I got a /tell from a person claiming to be a GM ~3 weeks ago. Same basic setup, but I was afk at the movies. Called GM they have nothing against me.

LOL, i never once said it wasnt my own fault... of course it was, no-one else typed my details in. I just dont appreciate the stupid comments, like saying i dont read contracts, and you wanna come get me to sign stuff. Things happens sometimes, thats life. No ones perfect. But if all you can do is offer non constructive critiscism, thats fine. Either way im not bothered what anyone thinks. I was just informing ppl of my experience.