Got Hacked Thread

Language: JP EN DE FR
users online
Forum » FFXI » General » Got Hacked Thread
Got Hacked Thread
First Page 2 3 4 5 ... 12 13 14
 Cerberus.Boundsoul
Offline
Server: Cerberus
Game: FFXI
user: Boundsoul
Posts: 320
By Cerberus.Boundsoul 2009-09-03 01:11:43
Link | Quote | Reply
 
the vice versa boot log thing completely makes sense when applied the situation that seems to be happening but a hi-jacking while logged in seems so insane a thing to pull off. most likely they'd be hidden, but i'm sure SE has the capability to find the IP from any connection at any time, since the game is constantly sending/receiving info. so if a player were hijacked without being logged out, SE should be able to see what IP was used at the time player started dropping and sending stuff. not sure if its possible, but you would think thats an option.
 Hades.Allegro
Offline
Server: Hades
Game: FFXI
user: Allegro
Posts: 24
By Hades.Allegro 2009-09-03 02:25:06
Link | Quote | Reply
 
All you guys need to do is use Firefox with no script and adblocker. period. Don't waste your time changing your password.

If you don't use the token, save your password so you don't have to enter it everytime and if you do for some reason use your mouse to click the onscreen keypad. Even if you did have a keylogger on your cpu it wouldn't get your info.

If you do use the token however, you are forced to manually enter the one-time password on our keyboard. The recent hack exploits this because right after you enter the password, the logger sends the one-time pwd and locks POL. So basically if you use the token and don't have proper internet protection you are screwed.
[+]
 Fairy.Vekien
Offline
Server: Fairy
Game: FFXI
user: siion
Posts: 4
By Fairy.Vekien 2009-09-03 03:30:33
Link | Quote | Reply
 
Allegro said:
All you guys need to do is use Firefox with no script and adblocker. period. Don't waste your time changing your password.

If you don't use the token, save your password so you don't have to enter it everytime and if you do for some reason use your mouse to click the onscreen keypad. Even if you did have a keylogger on your cpu it wouldn't get your info.

If you do use the token however, you are forced to manually enter the one-time password on our keyboard. The recent hack exploits this because right after you enter the password, the logger sends the one-time pwd and locks POL. So basically if you use the token and don't have proper internet protection you are screwed.


Nice speach but if you went to BG you'd know people are being hacked EVEN with noscripts/adblocker.

Has nothing to do with getting viruses on your pc or anything, the SE servers are being attacked.

Oh and << Dont use noscripts/adblock, aint been hacked ya =D suckers
 Bahamut.Paulus
Offline
Server: Bahamut
Game: FFXI
user: Paulus
Posts: 619
By Bahamut.Paulus 2009-09-03 03:51:15
Link | Quote | Reply
 
I did tech support for a retail chain in which we would log into some of their workstations using either VNC (Which the user can see) or through terminal services which just opens up another windows session.

What if this was the method being used by the hackers.

One open up a terminal server session on the PC.

Then open up another instance of final fantasy and log in.

This would depend on if the user could open up a text file with your password. (Sucks to be you if your password never changes)

After the second instance of ffxi is open they log in.

To you on your own session this may seem nothing more than lag as you can't actually see the resources being used on your PC.

On that other session they are logged in and you get kicked message on your session.

OMG your being hacked from your OWN PC!

I'm going to try this with another system in my home. I'm a control freak and turned it off just so I could optimize my system.

EDIT: After doing some research I found that this option was not available on Windows XP home edition nor Windows Vista Premium.

If any of you are running Windows XP professional you should make sure that your remote desktop option is turned off.

User submitted image

If your seeing this and your OS is Home edition then you should be concerned as it takes quite a bit of reverse engineering to enable it. Chances are someone has altered your system. That goes for Vista too.

In any event you want to turn it off.
 Remora.Jackieolivas
Offline
Server: Remora
Game: FFXI
user: Rahziela
Posts: 73
By Remora.Jackieolivas 2009-09-03 06:09:42
Link | Quote | Reply
 
So, has this happened to anyone else? I get hacked, but oddly enough, the only things missing are my gil (about 4m), Accurate Earring, and Hachiryu Haidate. Granted HH is worth a good 20-30m depending, but come on! My Accurate Earring?! I kept it mainly as a reminder of an old friend. Its rare and hell, but not worth much.
 Seraph.Caiyuo
Offline
Server: Seraph
Game: FFXI
user: Caiyuo
Posts: 6524
By Seraph.Caiyuo 2009-09-03 06:25:37
Link | Quote | Reply
 
Jackieolivas said:
So, has this happened to anyone else? I get hacked, but oddly enough, the only things missing are my gil (about 4m), Accurate Earring, and Hachiryu Haidate. Granted HH is worth a good 20-30m depending, but come on! My Accurate Earring?! I kept it mainly as a reminder of an old friend. Its rare and hell, but not worth much.
Eff, I forgot to drop the Ridill. D: Err ..that sucks!
 Remora.Jackieolivas
Offline
Server: Remora
Game: FFXI
user: Rahziela
Posts: 73
By Remora.Jackieolivas 2009-09-03 12:46:05
Link | Quote | Reply
 
That's not enough remotely close to being funny...
 Valefor.Lilbusta
Offline
Server: Valefor
Game: FFXI
user:
Posts: 1759
By Valefor.Lilbusta 2009-09-03 12:51:22
 Delete | Edit  | Link | Quote | Reply
 
Paulus said:

What if this was the method being used by the hackers.

One open up a terminal server session on the PC.

Then open up another instance of final fantasy and log in.

This would depend on if the user could open up a text file with your password. (Sucks to be you if your password never changes)

After the second instance of ffxi is open they log in.

To you on your own session this may seem nothing more than lag as you can't actually see the resources being used on your PC.



I'd do a netstat check to see if there's anything unusual. Even if it's a new session netstat would still see all connection pumping in/out of the NIC.
 Seraph.Caiyuo
Offline
Server: Seraph
Game: FFXI
user: Caiyuo
Posts: 6524
By Seraph.Caiyuo 2009-09-03 13:05:44
Link | Quote | Reply
 
Jackieolivas said:
That's not enough remotely close to being funny...
Sorry, Jackie. lol I wouldn't have joked around if I didn't assume you'd get it all back, but if SE *** up somehow I'd feel terrible. D:
 Kujata.Akeda
Offline
Server: Kujata
Game: FFXI
user: Akeda
Posts: 1698
By Kujata.Akeda 2009-09-06 10:59:00
Link | Quote | Reply
 
I heard Common Sense works pretty good against hackers.

To be fair though, most people don't understand how their computer works and just click 'yes' or 'next' on message boxes just to make them go away.
[+]
 Seraph.Caiyuo
Offline
Server: Seraph
Game: FFXI
user: Caiyuo
Posts: 6524
By Seraph.Caiyuo 2009-09-06 11:15:00
Link | Quote | Reply
 
That's probably true in a variety of settings as far as common sense is concerned. lol

It's true, though, about the careless clicking around. A family member (somehow) recently reinstalled Windows via their built-in recovery partition and lost all their photos and documents because they got an error message at start-up and instead of reading the options the BIOS screen gave, she just pressed all the F keys at once. lol Fun times!
[+]
 Alexander.Hasiano
Offline
Server: Alexander
Game: FFXI
user: Hasiano
Posts: 213
By Alexander.Hasiano 2009-09-17 02:39:26
Link | Quote | Reply
 
*** RMT ***, looks like they got my account now, i logoff last night in qufim after some soloing on my nin, tryed to login this morning and says my password is wrong, checked my page on here and it says i bought a chiv chain, even though i already have one. i cant call SE yet due to they open at 9am, and its only 8.35am now.

please if anyone sees my char on anywhere, call a GM please, i got mules as well, if anyone sees them on. names are: Cookiedestroyer, Maltaru, Alolim, Wedgie, and a char i have on Unicorn called Rommy.

i make sure my computers are spyware and malware free, never type my POL password anywhere but in POL viewer.

i cant *** believe this, got sky tonight and was gonna progress more on AU missions
 Alexander.Hasiano
Offline
Server: Alexander
Game: FFXI
user: Hasiano
Posts: 213
By Alexander.Hasiano 2009-09-17 12:42:05
Link | Quote | Reply
 
update, managed to get my account back, lost alot of stuff, requested a rollback which the GMs are gonna do for me, account sealed off for 2 weeks, rmts raided anything of worth and any gil i had on all my chars, not as annoyed as i was this morning, but its getting sorted.
 Garuda.Hypnotizd
Offline
Server: Garuda
Game: FFXI
user: hypnotizd
Posts: 2400
By Garuda.Hypnotizd 2009-09-17 13:09:06
Link | Quote | Reply
 
So are you going to order a security token?
 Asura.Shua
Offline
Server: Asura
Game: FFXI
user: Shua
Posts: 167
By Asura.Shua 2009-09-17 13:14:19
Link | Quote | Reply
 
Hypnotizd said:
So are you going to order a security token?


security token saves live, monies, and butfux rmt! all in one :D

Soon as they even try to log into your account w/o 1 time pass word

I.E (Someone hacks you not knowing your a token user.)

The account gets frozen until you call and get passwords reset ^^

Oh yeah when this did happen to me, the night before I had logged into community site, being the only means of ever putting my account info on the web. So idk if this means anything to anyone. but yeah...
 Alexander.Hasiano
Offline
Server: Alexander
Game: FFXI
user: Hasiano
Posts: 213
By Alexander.Hasiano 2009-09-17 13:17:09
Link | Quote | Reply
 
i'm gonna see what happens with my rollback, if i decide to continue, i'll buy a token, i've been playing well over 18 months and dont really wanna quit, i guess i'll see that results i get with rollback. when i can get back, i might go and move one of my alexander mules over to unicorn, already have a character there that i play when alexander gets quiet.
 Carbuncle.Cianti
Offline
Server: Carbuncle
Game: FFXI
user: Cianti
Posts: 619
By Carbuncle.Cianti 2009-09-17 17:40:03
Link | Quote | Reply
 
I have a security token and they still tried to gank mine a few nights ago. I got the "your POL ID is being used on another terminal" then I got booted off.
 Alexander.Hasiano
Offline
Server: Alexander
Game: FFXI
user: Hasiano
Posts: 213
By Alexander.Hasiano 2009-09-17 18:55:52
Link | Quote | Reply
 
i had already logged out for the night when they got mine, was soloing on nin/dnc in qufim for lvl35, i just have to wait till the GMs are done with my rollback, they said upto 14 days, and i'll get an message on the email address i gave them when they are done
 Lakshmi.Socratez
Offline
Server: Lakshmi
Game: FFXI
user: Socratez
Posts: 1
By Lakshmi.Socratez 2009-09-18 05:28:22
Link | Quote | Reply
 
Katarzyna said:
[quote=Kungfuhustle]Just because people "took notice' to the hacking problem doesnt make them any smarter. Users are still stupid and will still fall for cheap tricks to get their information, its just a matter of WHEN.


We'll my account was "hacked" last week Sep 8/9th & I'd like to put a boot up there arss! The /tell I rec'd was by someone named "Crespin" funny how the very next morning 10 items stolen from me was listed for sale on AH by a person named "Lakbubu" obviously they are connected somehow. All my best gear K.Osodes,Scorp Harness +1,Fumas, Scouter's rope,Flame ring, Wivre mask +1 which I just bought day before my account was hacked, among several other items plus my saved L jadeshells and T.Whites + bynnes/gill currency. They wiped me out for an estimated 20 mill. worth of gear/gill over night which has taken me close to 5-years worth of work.

It really get's me that these people sit around all day long trying to "hack ppl" because there to dam lazy to get a real job. The link was very deceiving it actually looked identical to the real name/link of the True SE Security account. It also integreated a Trojan on my PC and caused a series of problems which has taken me all week to repair/redo everything.

These people should be prosecuted it is Fraud/Theft period! I'd sure like to give them a pc of my mind.....

I never had this kind of problem or even attempts until after the SE security token was developed actually. "IF" the hackers get your log info how in the world can they match your 1 X time secure key code chain which is suppose to have a serial # only identifyable for the person who uses the account...makes no sense to me at all. My only place of log in where they hacked me was POL. Anyhow it's my uderstanding the next update is going to have somekind of suspicious /tell blocker which may help this non-sense!
 Odin.Eirwen
Offline
Server: Odin
Game: FFXI
user: dhkite
Posts: 155
By Odin.Eirwen 2009-09-18 06:22:47
Link | Quote | Reply
 
There must be some site all those who got hacked have used. The SE token is kind of out of the question, since users without that thing got hacked too, but may still be a part of the problem as an amplifier.

Adblock, noscript, turn certains scripts off... My computer has none. It's an open invitation to virusses, trojans, and hackers. Am I lucky, or am I visiting the "wrong" sites to even get interesting for hackers? Or maybe I just browse sensibly...

And if you follow any link by someone other than a friend, you're just dumb i.m.o.
 Diabolos.Chupacabra
Offline
Server: Diabolos
Game: FFXI
user: Caesar
Posts: 931
By Diabolos.Chupacabra 2009-09-18 06:51:37
Link | Quote | Reply
 
I was duoing with a friend in Sky about 3-4 nights ago, for several hours. Everything was going smoothly, and we decided to call it a night. We both wanted to do an augment FoV before we left though. So we get a page, and all of a sudden, my character locks up on me. I can't move, or cast or even type anything. I can see what he is typing, and can see him move. I see a red dot above my head, but have not R0'd.

This was new to me. I ctrl alt deleted to kill PoL.exe faster and avoid the 3-5 min log in wait I have for some reason... and I log back in. Exactly 5 minutes later, same thing happens. I ctrl alt delete again and log back in. We pop his FoV, and get an easy kill, he gets a nice new ring. I trade mine, and bam! Red dot... he kills it but I can't move so I lose the ring and my 450 tabs. I ctrl alt delete, to kill PoL.exe again, this time pretty pissed off. I had been in his party for over 10 mins, logged in the whole time.

I logged in to PoL and it said my last login was less than 2 minutes ago. I.E. roughly the exact time I red-dotted.

I freaked and called a GM. Bam! got kicked 5 mins later and my GM call was canceled. I had another member of the LS call for a GM for me after getting kicked 2 more times. The first GM was a total asshat and told my ls mate to screw off basically, and that if I wanted to report my account being hacked, I would have to do so myself... -.-

I turned off my router, reset my IP and jumped on my cellular wireless card. I didn't get kicked for at least an hour.

The second GM was a saint and treated me like a person versus reading from a list. Name was Ashvrei. Ashvrei offered to lock my account, and offered several other methods to keep an eye on my account. After several hours of fighting for control of my account, the kickings stopped. I reset my login info and have been safe so far.

Yes, I do have a token. No, I don't run IE, nor firefox. I don't run scripts, or even Java/Javascript. (And yes, that partially cripples this site.) I have no viruses, and no malware. I'm running Windows 7.

So... I guess I got lucky?

EDIT: I originally reset my router because an LS member said that she had had similar problems when her router was acting up. That was also why I switched to the cellular card. Just wanted to clear that up.
 Carbuncle.Cianti
Offline
Server: Carbuncle
Game: FFXI
user: Cianti
Posts: 619
By Carbuncle.Cianti 2009-09-18 17:18:26
Link | Quote | Reply
 
Hasiano said:
i had already logged out for the night when they got mine, was soloing on nin/dnc in qufim for lvl35, i just have to wait till the GMs are done with my rollback, they said upto 14 days, and i'll get an message on the email address i gave them when they are done


Hope you get everything back, with me I imeediately tried to log back on but it wouldn't let me for like 20 minutes.

My password wasn't changed- then I notified GM.. he was keeping an eye on my account till I logged off and changed it.
 Alexander.Hasiano
Offline
Server: Alexander
Game: FFXI
user: Hasiano
Posts: 213
By Alexander.Hasiano 2009-09-18 17:32:43
Link | Quote | Reply
 
i'm also lucky they didn't shift me to another server, i started on alexander and have no plans to move this char at all, most of the friends i have are here.
 Siren.Clinpachi
Offline
Server: Siren
Game: FFXI
user: Clinpachi
Posts: 2680
By Siren.Clinpachi 2009-09-18 17:39:22
Link | Quote | Reply
 
I really hope everyone figures things out and gets their accounts/stuff back >< i can't even imagine lol.
 Cerberus.Makira
Offline
Server: Cerberus
Game: FFXI
user: Makira
Posts: 181
By Cerberus.Makira 2009-09-18 18:20:47
Link | Quote | Reply
 
The best thing about the fake GM /ts is a lot just say "GM" (Like the screenshot provided), or send in like a normal /t... When a GM sends you a /t their name is in brackets >.>. Another sure way to tell (if you couldn't figure it out already that you SHOULDN'T BE GIVING YOUR PASSWORD OUT TO ANYONE FOR ANY REASON) that it's a bunch of bull sh*t.
 Ifrit.Edric
Offline
Server: Ifrit
Game: FFXI
user: Edric
Posts: 15
By Ifrit.Edric 2009-09-19 19:19:50
Link | Quote | Reply
 
Chupacabra said:
I was duoing with a friend in Sky about 3-4 nights ago, for several hours. Everything was going smoothly, and we decided to call it a night. We both wanted to do an augment FoV before we left though. So we get a page, and all of a sudden, my character locks up on me. I can't move, or cast or even type anything. I can see what he is typing, and can see him move. I see a red dot above my head, but have not R0'd.

This was new to me. I ctrl alt deleted to kill PoL.exe faster and avoid the 3-5 min log in wait I have for some reason... and I log back in. Exactly 5 minutes later, same thing happens. I ctrl alt delete again and log back in. We pop his FoV, and get an easy kill, he gets a nice new ring. I trade mine, and bam! Red dot... he kills it but I can't move so I lose the ring and my 450 tabs. I ctrl alt delete, to kill PoL.exe again, this time pretty pissed off. I had been in his party for over 10 mins, logged in the whole time.

I logged in to PoL and it said my last login was less than 2 minutes ago. I.E. roughly the exact time I red-dotted.

I freaked and called a GM. Bam! got kicked 5 mins later and my GM call was canceled. I had another member of the LS call for a GM for me after getting kicked 2 more times. The first GM was a total asshat and told my ls mate to screw off basically, and that if I wanted to report my account being hacked, I would have to do so myself... -.-

I turned off my router, reset my IP and jumped on my cellular wireless card. I didn't get kicked for at least an hour.

The second GM was a saint and treated me like a person versus reading from a list. Name was Ashvrei. Ashvrei offered to lock my account, and offered several other methods to keep an eye on my account. After several hours of fighting for control of my account, the kickings stopped. I reset my login info and have been safe so far.

Yes, I do have a token. No, I don't run IE, nor firefox. I don't run scripts, or even Java/Javascript. (And yes, that partially cripples this site.) I have no viruses, and no malware. I'm running Windows 7.

So... I guess I got lucky?

EDIT: I originally reset my router because an LS member said that she had had similar problems when her router was acting up. That was also why I switched to the cellular card. Just wanted to clear that up.


I had pretty much the same ***happen. I have token, firefox, noscript etc... I know how to stay safe but was still hacked, while online. They changed my POL pw, but couldn't mess with my SE account.. Long story short I was able to get an SE rep on the phone and reset my pw, and was very lucky and amazed to find my stuff still in order on all my characters. I have run scans every way from sunday, even used packet sniffing tools to try to root out the culprit, all to no avail. So be wary, everyone.
necroskull Necro Bump Detected! [32 days between previous and next post]
 Cerberus.Sifridus
Offline
Server: Cerberus
Game: FFXI
user: Sifridus
Posts: 179
By Cerberus.Sifridus 2009-10-21 17:18:34
Link | Quote | Reply
 
Just noticed today 5:30 EST my account had been hacked. Used GF's account to get a GM to lock it down. Now I've gotta call support to get it unlocked and the PW changed. Honest to God I have absolutely no idea they got my info. I rarely if ever even use my PC to play and on top of that I never and mean it, NEVER go to any sites related to RMT in any way shape and form. Furthermore I scan my computer with 3 different virus scanning programs every other day because I'm insane like that.

I seriously never expected I'd be a victim to this. :/
 Ramuh.Lilbusta
Offline
Server: Ramuh
Game: FFXI
user: phatspade
Posts: 4580
By Ramuh.Lilbusta 2009-10-21 17:23:25
Link | Quote | Reply
 
Sounds like there might be an insider at POL.
 Cerberus.Sifridus
Offline
Server: Cerberus
Game: FFXI
user: Sifridus
Posts: 179
By Cerberus.Sifridus 2009-10-21 18:51:14
Link | Quote | Reply
 
Just got my account back (yes that fast) and in that short amount of time my character was moved to Caitsith, completely raped of any non ra/ex gear and turned in to a logging mule in Mamook. Almost deleveled to 74 also.
First Page 2 3 4 5 ... 12 13 14
Log in to post.