Entropy Report post Posted July 31, 2005 Ok, mr. Protolif found a security hole in the server that can be exploited and SOMETIMES get the username and password of the lattest logged in character. It is not easy to exploit, and I hope that not many people know how to exploit it. Due to the fact that Mihai is in vacation and he didn't let any instruction on where and how to compile the server code (he modified a lot of things) I can't fix it until tomorrow, when I will give him a call. Now, we have a list on some of the characters he logged in with, but we might have missed some. So if you believed you were hax0red recently, let me or Learner know, and we will investigate the issue. I changed his character password, and banned his last IPs. What I plan to do is give his new password to those hacked by him, so they can retrive their items. After everyone gets their items back, I will use the rest of his items for some contests. [edit] I consider contacting his ISP and the police, because he STOLE stuff. Share this post Link to post Share on other sites
Entropy Report post Posted July 31, 2005 Ok, me and Learner did some research, and we believe we managed to fix the problem. The server was restarted, just a few minutes after he started posting the exploit on various forums. I am asking the guild master that on those forums to keep his posts so that I can send them to his ISP and the police. [edit] I suggest everyone to change their passwords ASAP, just in case. Share this post Link to post Share on other sites
Gecko_Master Report post Posted July 31, 2005 (edited) I have a question, Entropy. Do you know if he's the person hacking* other people's accounts and stealing stuff? I'm curios to know after reading this kind of post....Link. (Btw, good job on busting Protolif! ) *im not sure if hackings the right word. Edited July 31, 2005 by Gecko_Master Share this post Link to post Share on other sites
Entropy Report post Posted July 31, 2005 Of course I know, otherwise I wouldn't have banned him. And yes, he did steal some stuff from chatterbug89 and others. Share this post Link to post Share on other sites
SweetThang Report post Posted July 31, 2005 I change my Pass at least 3-4x a week i hope that helps ANd I hope HE GETS IN SERIOUS TROUBLE!!!! srry chatterbug about all that and the rest of the other ppl as well Share this post Link to post Share on other sites
Acelon Report post Posted July 31, 2005 Ok...he gave away some items in a contest today. This is the list I was given Gadai - Iron Sword of Fire Nocalf - MM cape and tit axe Conjurer Cape - Kendai (but sold) Share this post Link to post Share on other sites
chatterbug89 Report post Posted July 31, 2005 (edited) The congurer cape was given to me by someone who left EL that I den't want to leave...gee..almsot all of those items have a memory :S I realy hope to get them back :S EDIT: Well, thanks to Kendai I have my blue cape back Edited July 31, 2005 by chatterbug89 Share this post Link to post Share on other sites
JaneMuffin Report post Posted July 31, 2005 Okay really stupid question, should we change our forum p/w too? Even if the p/w is not the same as our game log in p/w? Share this post Link to post Share on other sites
ricky Report post Posted July 31, 2005 omg lucky i didint get hacked i seen that guy around before i think what a jerk haha hes banned and police will get him lol :angry2: Share this post Link to post Share on other sites
LadyWolf Report post Posted July 31, 2005 It's been a few weeks ago but my alt character Mysticl_wolf apparently got hacked because several things came up missing..i reported it, but never heard anything about it...i wonder how llong this has been going on? Share this post Link to post Share on other sites
Guest Enyo Report post Posted July 31, 2005 (edited) It's been a few weeks ago but my alt character Mysticl_wolf apparently got hacked because several things came up missing..i reported it, but never heard anything about it...i wonder how llong this has been going on? 184374[/snapback] I wonder the same because I've also reported items missing in storage several times but i thought it was a bug. Edit: here is the link to when i posted the problem: items missing in storage, is this a hacker or what?! Edited July 31, 2005 by Enyo Share this post Link to post Share on other sites
Gecko_Master Report post Posted July 31, 2005 Im happy this problem is finnaly over. Share this post Link to post Share on other sites
Entropy Report post Posted July 31, 2005 Okay really stupid question, should we change our forum p/w too? Even if the p/w is not the same as our game log in p/w? 184371[/snapback] No, not if it is different. Share this post Link to post Share on other sites
Entropy Report post Posted July 31, 2005 It's been a few weeks ago but my alt character Mysticl_wolf apparently got hacked because several things came up missing..i reported it, but never heard anything about it...i wonder how llong this has been going on? 184374[/snapback] You are right, our common friend did log in with your character. Post here a list of tiems you lost. Share this post Link to post Share on other sites
Entropy Report post Posted July 31, 2005 All the hacking was done recently, AFTER 25th of july. Share this post Link to post Share on other sites
captdeadhead Report post Posted July 31, 2005 (edited) All the hacking was done recently, AFTER 25th of july. 184381[/snapback] I got hit twice... Once with mostly carry items about 3-4 days ago... damaged tit chain, axe many diss rings... Then storage items within the past 48 hours... 21+ EFEs about 12 serp stones 2or3 EWE 3 ELE Tit axe (maybe 2) tit chains (forget how many total) gold coins - alot but not sure how much ros stone all my capes - ps, excavator, ?? tit serps (at least 1) I forget the rest - sent it to lord_vermor all in all about 12/13 slots in storage in the past few days. Got me good! Deadhead Kudos to the team for quick reaction to the exploit. This could have been much worse. Edited July 31, 2005 by captdeadhead Share this post Link to post Share on other sites
LadyWolf Report post Posted July 31, 2005 (edited) Well I purchased 18 efe's from the EL shop and those are what really hurt...i had rings and medallions that belonged to someone else in there..but not sure what all came up missing...i couldnt get logged into her for almost a whole day...i was in CEL at the time..several of them tried to log into her thinking maybe she had been banned, finally got back in and noticed the stuff was gone.. **EDIT** there were gold coins and a few odds and ends that were missing, but i am not concerned about that stuff..id really like the efe's back, those cost REAL money Edited July 31, 2005 by LadyWolf Share this post Link to post Share on other sites
ThunderWalker Report post Posted July 31, 2005 I am sorry for everyone's loss. I am also grateful for those who were able to locate and stop the culprit. I am not sure of the law off hand, but I believe that hacking into a server and doing damage of any kind is a crime. I will be watching the news for hopefully an arrest and worldwide attention of EL. Share this post Link to post Share on other sites
Gecko_Master Report post Posted July 31, 2005 I am sorry for everyone's loss. I am also grateful for those who were able to locate and stop the culprit. I am not sure of the law off hand, but I believe that hacking into a server and doing damage of any kind is a crime. I will be watching the news for hopefully an arrest and worldwide attention of EL. 184385[/snapback] If not on the news, google search, and keep an eye on new websites. Share this post Link to post Share on other sites
L_c Report post Posted July 31, 2005 Stealing online items IS a crime and punishable. I don't have the url now, but I remember seeing an article a couple months ago where someone hacked someone elses account and stole the characters items. The guy who got hacked reported it, the hacker was caught, and prosecuted. The judge fined him heavily and I believe even gave him jail time for it. Bottom line, Protolif can get into RL trouble for hacking and stealing if the players he hacked choose to go after him. I say go for it! Share this post Link to post Share on other sites
Entropy Report post Posted July 31, 2005 Everyone that got hacked please send me a PM with the list of items missing, will make it easier for me. As for getting him in RL trouble for that, most likely the police won't really bother, but I will try my best. Unless he contacts me in private and offers an explanation and some compensation for our efforts and for the stollen items. Share this post Link to post Share on other sites
Acelon Report post Posted July 31, 2005 One point in his favor, he did turn in the bug to Learner before even more major things could have happened and more people could have abused it. Share this post Link to post Share on other sites
Entropy Report post Posted July 31, 2005 Yes, only to post the exploits on all the el related forums a few hours later. And AFTER he extensively exploited the bug. Share this post Link to post Share on other sites
Guest Enyo Report post Posted July 31, 2005 (edited) One point in his favor, he did turn in the bug to Learner before even more major things could have happened and more people could have abused it. 184393[/snapback] I guess in one way, it's good that it happened because at least he reported the bugs.. he didn't have to do that much so he can't be all bad. he's probably a kid and doesn't take hacking serious as a crime. i'm not saying give him a little pat on the hand but i also don't think he is a hardened criminal and would hate to see him in jail. he probably reported the bugs more of a pride thing.. like he's proud that he could accomplish this... that is sad in it's own right..i feel sorry for him more than anything else. edit: not only is hacking in itself a crime in most countries but he also stole items that were paid for with real currency. that's theft and hacking, both.. but, i still say, please give him a chance. i hate to see kids being thrown away and that happens all too often these days. Edited July 31, 2005 by Enyo Share this post Link to post Share on other sites
Entropy Report post Posted July 31, 2005 I guess in one way, it's good that it happened because at least he reported the bugs.. he didn't have to do that much so he can't be all bad. he's probably a kid and doesn't take hacking serious as a crime. i'm not saying give him a little pat on the hand but i also don't think he is a hardened criminal and would hate to see him in jail. he probably reported the bugs more of a pride thing.. like he's proud that he could accomplish this... that is sad in it's own right..i feel sorry for him more than anything else. edit: not only is hacking in itself a crime in most countries but he also stole items that were paid for with real currency. that's theft and hacking, both.. but, i still say, please give him a chance. i hate to see kids being thrown away and that happens all too often these days. 184397[/snapback] If he would have just logged in with other characters to test his exploit, then report it to us, I wouldn't have banned him. It is partially our fault that we allowed this exploit to happen. However, he stole stuff, and some of the stuff was paid with real money. And this is what I have a problem with, making him not much better than the people that stole e-bay and paypal accounts, or CCs. Not to mention that many people might have the same password for multiple things, including possibly bank accounts, e-bay accounts, paypal, and so on. The fact that he reported the bug to Learner was just marginally helpful, as he posted iton multiple forums just hours after. It is ageed in the security world that it's a bad practice to do that. Usually you have to give the makers of the software a resonable amount of time to fix it, such as a few days. Anyway, while I wouldn't want to see him in jail for that, some fine and/or community service wouldn't hurt. Share this post Link to post Share on other sites