Jump to content
Eternal Lands Official Forums
warken

WARNING: Current Scam

Recommended Posts

Theres a Scam out there that sends you an email titled Password Fraud! here is the email in full

 

 

 

Eternal Lands Password support team!

 

Hello, we are writing you to inform that somone has tryed to change your password! We want to request you to confirm or disconfirm this action within 24h!

 

Please click -> Here <- and show us your desition!

 

Thanks.

 

Eternal Lands support

 

www.eternal-lands.com

 

 

Please ignore this email if you will get it. Eternal-lands would never tell you if someone was trying to change your password.

 

They also sent this Phishy website

http://articlever.com/stw/Sp/www.eternal-lands.com/

Share this post


Link to post
Share on other sites

Hello, we are writing you to inform that somone has tryed to change your password! We want to request you to confirm or disconfirm this action within 24h!

(...)

Please click -> Here <- and show us your desition!

 

Even in Eternal Lands there are no such typos. How about someone give them the password and the mods could watch who's loging onto it.

Share this post


Link to post
Share on other sites

mods dont know passes.. i believe

i mean with molime knowing my password who knows what might happen

 

You will turn into a fish sandwich instantly. :icon13:

 

And, right, mods dont know your passwords, they dont need to know them, why should they?

 

Piper

Share this post


Link to post
Share on other sites

yea mods dont know passes they dont need to know them.

 

Only Entropy has access to the password file, i believe.

 

:icon13:

Entropy & I have access to the passwords, but that is because we are full server admins, not mods. Mods do not have access to your passwords.

Share this post


Link to post
Share on other sites

EL team would ask You to vote for EL on MMORPG websites x times per day, but they will NEVER ask for Your password (probably because it is stored in plain-text format in some database). :)

 

(JK!)

Edited by Dejan

Share this post


Link to post
Share on other sites

The whole idea of mods having passwords is ridiculous.

 

What would we do with them? Help you get unstuck? If we did it for you, you'd never know how to do it yourself and would just keep asking us to do it. Sorry, we have enough work to do without playing everyone's characters as well.

Share this post


Link to post
Share on other sites

What I found out so far:

ftp/ssh username is (prolly): articlev

FTP server is Pure-FTPd, can't see version.

 

http://articlever.com/index.php?page=/home...ands.com/login2

 

http://articlever.com/index.php?page=XXX lets you include any file on website with .php extension (this would open XXX.php in main directory). The above example opens the login2.php which processes the user/pass for EL thingie.

 

Whoever made such stupid bug that allows opening files site wide must have had made another one that will let me see the file without PHP parsing it and seeing the email where data is sent :).

 

*If you don't want this post/info here mods delete plx, I just want to help to find out who's behind this.*

Edited by wexy

Share this post


Link to post
Share on other sites

Wow, cool, must mean we important now. It was always annoying to see that only ebay, paypal and various banks were targeted :)

BTW, if anyone enters their username and password and get hacked, we will not restore their accounts (or if we do so, it will be for a fee).

Share this post


Link to post
Share on other sites

Wow, cool, must mean we important now. It was always annoying to see that only ebay, paypal and various banks were targeted :)

BTW, if anyone enters their username and password and get hacked, we will not restore their accounts (or if we do so, it will be for a fee).

 

Maybe its just: Start low, end big?

Don't exclude that option. :)

 

(Don't get me wrong, EL is important to me! :))

 

-Blee

Share this post


Link to post
Share on other sites

Wow, cool, must mean we important now. It was always annoying to see that only ebay, paypal and various banks were targeted :)

BTW, if anyone enters their username and password and get hacked, we will not restore their accounts (or if we do so, it will be for a fee).

 

You are proud a little kid is trying to scam passwords? :)

Share this post


Link to post
Share on other sites

Wow thats good, ima gona check me email right now, and yeah, ent or learner if u ever get the time, look at my pass and wonder how i ever memorized it =)

 

(Edit: Hmmm yeah i checked my email, nothing, maybe its only sent out to those who don't have their email adress hiden on forums.)

Edited by redsoxlovr10

Share this post


Link to post
Share on other sites

Got one of these myself, wonder where they got the email addresses from, the forum?

 

 

Well yeah i can't imagine that they got your email just by accident... I'm sure that they r just looking at everybody's accounts on EL forums to check if it shows their email or not... guy sounds kinda newbie doing something like this and not expecting to get caught, wouldnt be surprised if they sent one to one of the Admins lol :)

Share this post


Link to post
Share on other sites

Got one of these myself, wonder where they got the email addresses from, the forum?

Normally, this should not be possible, unless if there is some IPB exploit we are unaware of.

Please forward me that e-mail at chaos_rift at yahoo, and make sure to incluse the headers and everything.

It is also possible that maybe you posted your e-mail in some guild forum or something?

Share this post


Link to post
Share on other sites

well i visited this site and my guild site, an the email came in after that. So either this site has someone lookin on it or mysite does ^^ I'll check into it as well.

Share this post


Link to post
Share on other sites

Ok, we got the IP (88.119.6.235, from Lithuania) of the scammer and banned his entire B class. Unfortunately there were no previous players logging from that IP.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×