| User | Post |
Insante
 
   
  
 
 
Since: 03-25-02
Since last post: 8195 days
Last activity: 8147 days
|
|
GOD-POING: Hello this is the English Game Master again
GOD-POING: Let us inform you something.
GOD-POING: Server Status is always fine like this.
GOD-POING: In case hackers don't do anything on That.
GOD-POING: People Think Server Unstable is for our fault.
GOD-POING: But Players should blame on Hackers.
GOD-POING: They make Server Down for a purpose.
GOD-POING: 1.To Dupe
GOD-POING: 2.to Hack your account and password.
GOD-POING: They use Brute Force to send packets enormously
GOD-POING: to attack servers.
GOD-POING: At Present Server accept those packets
GOD-POING: Because they are using RO client packets to pretend normal
GOD-POING: Als main reason for Login server down is
GOD-POING: they pick up any account name available
GOD-POING: and try to find its right password
GOD-POING: So if you don't want to get hacked
GOD-POING: DO NOT make character name similar to your account
GOD-POING: and make password longer if you can
GOD-POING: suing numbers and letters.
GOD-POING: We noticed this statement and if anyone get hacked
GOD-POING: in spite of our warning
GOD-POING: We are not responsible for that incident
GOD-POING: Check your identification once again. GOD-POING: Thank you.
But if anyone has any ideas on how to help alleviate the problems they are having, leave them in this thread and I'll pass them on, since Sasami isn't around for now.
For example - a 3 password attempt then you can't login for 30 minutes or something along those lines to help stop the brute force login attempts.
GOD-POING is EnglishGM on Loki (see below)
--------------------
  Get entranced.
(edited by Insante on 06-04-02 10:21 PM)
(edited by Insante on 06-05-02 10:32 AM) |
RedSn0w
 
Since: 05-30-02
From: Winnipeg representing the two-0-four
Since last post: 7835 days
Last activity: 7874 days
|
|
what is english GM?
--------------------
i will die but i will take u down with me....muhahahahha |
Akute Psyko
 
Since: 06-05-02
From: CA, USA
Since last post: 8163 days
Last activity: 8208 days
|
|
the one in charge of the game server... that would be Christy...
--------------------
-Akute Psyko |
DaiSHi
Moderator
 
Since: 05-03-02
From: California
Rating: 10 (400 pts)
Since last post: 7570 days
Last activity: 7570 days
|
|
Game Master, i think...
darn, i just had to be gone during the announcement... umm... guess i'll have to type in my password more carefully then  fixing the double login would be nice... deal with bots, hackers... send people to yoyo/payon to check out the problems... the problems are endless
--------------------
Loki: DaiSHi 47/34 swordman, H.O.L.Y.Merchant OC, Robbin'Hood 37/27 Thief
5926 exp and counting...
 |
Ysuki
 
Since: 05-03-02
From: Illinois, USA
Since last post: 8126 days
Last activity: 8117 days
|
|
First the naem was KayChristy and now it's EnglishGM.  |
Avaj
 
Since: 06-04-02
From: Washington
Since last post: 8111 days
Last activity: 8111 days
|
|
password timeout would be good.
btw how does one change their password?
How about... actually I can't think of anything. |
Mental Atrophy
 
Since: 05-14-02
From: Home
Since last post: 8207 days
Last activity: 8157 days
|
|
| Solution: ENCRYPT THE FUCKING SHIT. if nothing can use the server but the RO client it'd be a much larger pain in the ass. However, i'm sure some ppl would just find a way to patch RO and make it brute force for them if they havent already. |
pragma7
 
Since: 04-26-02
From: USA, NJ
Since last post: 8041 days
Last activity: 8055 days
|
|
What makes you think encryption would only allow the client to send info? 
Rob |
Mental Atrophy
Since: 05-14-02
From: Home
Since last post: 8207 days
Last activity: 8157 days
|
|
it doesnt ensure it, but it makes it a LOT harder on the bot/hack proggers. Especially since you can then change encryption keys every once in a while, which would add to the difficulty of duplicating such communication with an external program.
other things that can be done: read in a string of hex code from the program trying to connect to the server, if the hex isnt the proper hex code of the RO client then disallow login. Again, proggers can copy the hex code and insert it into their own progs at the right offset, but if you change that offset you ruin their progs temporarily. Changing the offset once a day or once a week would make it a big enough pain in the ass for bots to not get spread beyond a very small number of programmers. |
kei
 
Since: 04-26-02
Since last post: 8169 days
Last activity: 8244 days
|
|
patch the client so that it goes to differnet port, then close/block the port that was used before, that will stop the current bots
the new bot makers should not put the logout thing in anymore since it doesn't help themselves anyway.
or gravity can change the port once in a while.
for repeated login'ers gravity can impose a temp IP ban. |
Panda
 
Since: 06-06-02
From: California
Since last post: 8195 days
Last activity: 8195 days
|
|
i think theres a very simple reson why no MMORPGs use encyrption (that i know of..) even though itd solve like...near all the problems in any of them ive seen...and that reosn is lag...think about it....jhaveoign tio encrypt and uncrept eveyrhtign sent an revicded? ouch...you think the lags bad now........
so i guess it jsut isnt a possibleity for nay of them at all, for lots of resons i wont type the sutff out (weee lazy) yoru all smart jsut think about it...@.@ |
Val Halen
Since: 06-05-02
From: Texas
Since last post: 8207 days
Last activity: 8154 days
|
|
| I've also noticced that anyone posting on the freeBBS gets their user ID displayed for all to see. |
DaiSHi
Moderator
Since: 05-03-02
From: California
Rating: 10 (400 pts)
Since last post: 7570 days
Last activity: 7570 days
|
|
Originally posted by Val Halen
I've also noticced that anyone posting on the freeBBS gets their user ID displayed for all to see.
interesting... good thing i don't go there =Þ
--------------------
Loki: DaiSHi 47/34 swordman, H.O.L.Y.Merchant OC, Robbin'Hood 37/27 Thief
6822 exp and counting...
Flower girls are the cutest... |
Poring Hunter D
Since: 05-30-02
From: Canada
Since last post: 8130 days
Last activity: 8130 days
|
|
| That's why I created a dummy account just to post on the FreeBBS o.O |
Arsenic
 
Since: 04-12-02
From: Qc, Can
Since last post: 7683 days
Last activity: 7677 days
|
|
Bah, I actually wanted to make a program for bruteforcing accounts with the login procedure - just for fun of course - but I made the whole calculs and it would be nearly impossible to find all possible password arrangements. I posted a message explaining the whole bruteforce calculs on my forum at Cheatlist sometimes ago, but now it's down for the moment. I'll put the link here another time.
Basically, it would be way too long. If we only limit ourselves to the short passwords, like 4 to 8 characters, and bruteforcing only the characters A-Z, a-z, 0-9 then it will take a lot less time obviously, but it's not very efficient neither. Yet, less time would basically means approximately a week for a 4 characters long password... and I'm being quite generous as for the server delay for each try, because I'm going at around 20 tries per second.
Anyway, those guys bruteforcing are betting using a dictionary attack, else they're quite stupid. (And have way too much resource to waste on their computers).
Oh by the way, if Gravity wants a solution for that, they just have to generated delays for each failed login attempt, and block the account for a period of time after x failures.
(edited by Arsenic on 06-06-02 03:39 AM) |
| 
