How not to get hacked.

Ihmhi

Diabloii.Net Member
How not to get hacked.

When I see "hacked" in more thread titles than chat lines in an AOL chatroom, I get a bit disturbed.

In one way, it saddens me that some good and honest players get hacked out of their gear (all the more so when it is a player that has actually earned their items instead of buying or trading for them).

But to those of you who get hacked, you probably deserve it.

There are extremely rare exceptions where getting hacked is not your fault. Maybe someone, somehow, actually hacks BNET or your firewalled computer and somehow gets your password. This is extremely rare.

More often than not, the people who get hacked get hacked because of weaknessess in their security setup and their safety practices.

A few of you would probably say that you do not have time to keep your computer safe, what with school, work, girlfriend... well, you ARE gamers, let us just cross girlfriend off the list... ^.^'

But when it comes to spending a few minutes keeping your computer safe and losing all of your godly gear, which would you rather have?

So, for the benefit of you people who care about your gear and want to take the time not to get hacked, here is how to protect yourself.

1. Firewall! Burn the hackers!

A firewall is your first line of defense.

Anyone running Windows XP automatically has a firewall built into their operating system. While it is not the best firewall in the world (though, admittedly, recent updates have improved it to commercial standards), the Windows firewall is better than nothing. Here is how to turn it on.

1. Click on your Start Menu.
2. Click on Settings.
3. Click on Network Connections.
4. Click on your Network Connection; it will be something like "Local Area Connection" or "Local Area Connection 2", etc.
5. After the network connection box comes up, click on Properties.
6. Select the Advanced tab.
7. From here, there might be a checkbox that says whether your firewall is on or not. If there is no checkbox, click on Settings. (These differences are due to different versions of the Windows Firewall.)
8. Check the checkbox to turn it on. The firewall turns on instantly. You are now a bit safer from teh hax.

But what if you are a poor/unfortunate/cheap mofo who does not have Windows XP? I had Windows 98 and Windows ME for years after XP came out because I did not have a powerful enough computer to run it and I did not have the dinero to upgrade.

There are great free firewalls out there. Zonealarm is a great one. (Google "Zonealarm" to find it.) Seagate also has a great free firewall.

A warning: third party firewalls, especially free ones, do not always work best with Windows XP. When I ran Zonealarm after first installing Windows XP, I could not get everything to work optimally. I opted to use the Windows Firewall instead.

2. Get a good spyware program.

Spybot Search and Destroy and/or Lavasoft AdAware are both great free programs that protect your computer from spyware.

For the uninitiated, spyware is malicious software that is downloaded onto your computer and can do any number of naughty things, including logging your keystrokes (which would effectively record your account password for Diablo II) and taking screenshots of your desktop every few seconds. Nasty stuff, eh?

Get either of these programs (Google the names, boys and girls!), install them, and run them. If you have never run the programs before you probably will have at least something bad on your computer. Do not be surprised, it is easier to catch spyware than it is to catch a cold on a NYC subway.

Run them periodically. Once a week is good enough.

3. Get virus protection!

Sadly, I have no free virus protection programs to recommend. There once was a great program called AVG Anti-Virus, but they since have gone the way of the almighty dollar. You can probably still find the free version, but I hear it is buried deep, deep in the Catacombs of their website (and sorry, but there are no waypoints).

This is usually where you would have to drop some money to get software. You can not really download a bootleg version; these programs are not really any good without their updates and you can not get updates without a legit serial number.

4. Alternative option: Get a security suite.

You can get numbers 1, 2, and 3 on this list all in one package. Norton, Symantec, etc. all offer security suites, but they have their problems. I recommened Pandasoft. The initial purchase of the software gets you one or two years of service free, and every year of service is $40 after that. It has a firewall, virus protection, spyware protection, etc., and it is updated daily.

I think 11 cents a day is a good price for computer security.

5. Have good password security.

Here are bad examples of passwords:

-password
-God
-Your name, family name, child's name, spouse's name, pet's name, etc.
-Your or anyone else's birthdate
-again, "password". Seriously, never use this, it just is not smart.

Here is how to make a good password.

A strong password is a good combination of letters and numbers. Here are some fine examples:

-pinata768+/
-bubbles5423-$
-a1sj4!k09+

Here is the interesting part. The "bad passwords" I listed are all weak and easy to figure out, roughly. However, combining them in this fashion makes them strong:

-password011586+-
-fluffykins9987$$!
-julie8973++-$

The mix of letters, numbers, and symbols makes it harder for someone to randomly guess at your password, and programs that continually search for passwords will have a harder time finding it out because they have to search for the right combination of letters, numbers, and symbols.

Having good password security is not just a matter of having a strong password.

You should never share your password with someone you do not know in person. Why? Because if that password gets out and it is not your fault, you can beat your friend with a tire iron for being a moron.

Really, you should not share your password at all, actually, but if you must, make sure it is someone in tire-iron-beating range (generally 2 miles by foot, or 60 miles if you have a car or public transportation at your disposal). I am not recommending that you actually beat someone with a tire iron, but I am not NOT recommending it. Use your own discretion with tire irons and similarily blunt objects (+50% damage to Undead).

Rotating your password is a good idea if you feel like it. Let us say you change it weekly; here are some good examples:

Week 1: Alpha2$1+
Week 2: Alpha3$2+
Week 3: Alpha4$3+
Week 4: Alpha5$3+

Even a small change such as these will make you a bit safer.

Lastly, do not use the same password for everything, including multiple accounts. If you have multiple accounts, you should have multiples passwords that are as different as night and day. In fact, if you can, you should never use the same password for anything. If you have a RPGTraders accounts, an account on these here forums, two e-mail addresses, and four BNET accounts, then you should have eight different passwords total.

And for the love of Moses on a rocket-powered pogo stick, do NOT write your passwords down anywhere where they can be easily found. A lot of people are probably hacked by their own friends or family; do not make yourself unecessarily vulnerable. If you really do have to write them down, then put it somewhere safe, preferably in a lockbox or hidden between the pages of a book in your own room.

Your sock drawer is not a safe place.

That is all! O:

If you follow these simple steps you will be much safer. Right now, if you had to install these programs and make all of these changes, it would take you 30-120 minutes at most unless you are seriously deficient in your computer skills. Take the time to do this and make yourself safer, and maybe you will never have to be the author of one of those "omg I got haxed" threads, eh?
 

Gorny

Banned
One point on the "I got hacked threads", and I have not read the OP yet.

I am considering a putting a leash on threads of that topic, because of the number of them.
 

ppz

Diabloii.Net Member
for now, AVG still has a free version. They are burying the link to the point where you almost need to google "AVG free" to get the right link though. I wouldn't be surprised if they do not make the next version free.
 

Gorny

Banned
*Sticking this for the moment*

I'm also going to add a link to this thread in the Rules & Links thread.
 

beeranon

Diabloii.Net Member
4. Alternative option: Get a security suite.
Another source to look into is your broadband/internet provider. Charter Communications offers a free security suite to its subscribers, and I would be surprised if most others do not, as well. While it may not be the best firewall/anti-virus/etc., it is definitely better than doing nothing at all.

If you make it even marginally more difficult for someone to hack your system, they'll move on to an easier target. It's the ol' "I don't have to outrun the bear, I only have to outrun my buddy" syndrome.



 

ppz

Diabloii.Net Member
I'm surprised nobody has suggested Avast yet. Very good, and free.
I'll give my thumbs up for Avast as well. I've used it before. It also has a very nice feature to scan the computer before it boots completely, which helps to get rid of those nasty viruses that load on startup.



 

Dondrei

Diabloii.Net Member
What's this I hear about the hackers using linked hotmail accounts to get passwords? Does that mean they're hacking into hotmail and taking the original password out of the email Bliz sent you a million years ago? I don't even remember that happening.
 

Quietus

Diabloii.Net Member
What's this I hear about the hackers using linked hotmail accounts to get passwords? Does that mean they're hacking into hotmail and taking the original password out of the email Bliz sent you a million years ago? I don't even remember that happening.


If you've registered your email with your account, then you have access to a password recovery option. There are people who have been hacked that have found password recovery emails in their trash bins on hotmail, and anyone who has confirmed one way or the other regarding whether or not they registered their email, have said that yes they did, and that their email was a hotmail one.



 

Anumati

Diabloii.Net Member
Just reset your bnet pass recovery email addy to a non hotmail email. Or to any email that you don't tell anyone about or use anywhere else.

And yeah, Avast is quite good, also I recommend spyware blaster from javacool. It makes your browser not trust places known to be shady.
 

BlueDogAnchorite

Diabloii.Net Member
Just reset your bnet pass recovery email addy to a non hotmail email. Or to any email that you don't tell anyone about or use anywhere else.

And yeah, Avast is quite good, also I recommend spyware blaster from javacool. It makes your browser not trust places known to be shady.
I recognize that avatar, it's nice to see you again. You were Ozzymandias before weren't you? Thanks for supporting my abominable poetry, I always appreciated it. :smiley:

I am also very happy with spyware blaster and avast antivirus. Spybot and adaware are another two good freebies. The spybot teatimer is also fantastic, it alerts you everytime your registry is being changed. It once alerted me to my firewall and antivirus being compromised.

I can't think of anymore good freebies.

The avg antispyware program is pretty good (formerly ewido).
It's also a good idea to get an online av scanner to check your system out every now and again.

And as a last line of defense I use a rootkit detector, although it would take some pretty good code to get through the other programs.



 

Ihmhi

Diabloii.Net Member
*Sticking this for the moment*

I'm also going to add a link to this thread in the Rules & Links thread.
Awesome, thanks dude! ^.^

It was just something I threw together in the hopes that I could prevent even one person from getting hacked. Thanks bunches dood.



 

BlueDogAnchorite

Diabloii.Net Member
Awesome, thanks dude! ^.^

It was just something I threw together in the hopes that I could prevent even one person from getting hacked. Thanks bunches dood.
Good call!:thumbsup: I was too lazy to start a thread unfortunately, but it was clear just from questioning a few people that their security knowledge was sadly lacking.



 

Anumati

Diabloii.Net Member
I recognize that avatar, it's nice to see you again. You were Ozzymandias before weren't you? Thanks for supporting my abominable poetry, I always appreciated it. :smiley:
Hi!

Yeah that's me. I remember you too, you have a name from a Tad Williams series that I quite liked. I seem to remember your poetry was not too bad either. :grin:



 

sswilson

Diabloii.Net Member
Anybody looking for links to freeware security (or just about any other freeware/shareware app) would do all of us a favour (computer security isn't just about "you"... it's also about the folks who might be infected by you... :) ) by logging into majorgeeks.com.

They've got links to just about everything you're looking for as well as a rating system & recommendations. (direct links for downloads including AVG anti-virus without jumping through all of the hoops.... :) ).

For me.... I run AVG, spybot search and destroy (it doesn't run full time but will "imunize" IE), adaware, and I've just installed the new microsoft defender (free to folks who go through the authentic microsoft product hoops) but I don't know how well it works as I've only just installed it recently.

For folks who want to surf completely safely there are a couple of other options........

1/ there are several live distro (boot right off of the cd) linux options which allow worry free surfing right out of the box (distrowatch.com is a good place to start looking).

2/ running a virtual pc (also available free to "authentic microsoft" owners) allows you to run a separate "computer" from within windows for surfing. Any malware installed on this "computer" is separated from your real machine and will not affect your real OS install.
 

Ihmhi

Diabloii.Net Member
Also, using Firefox instead of IE will help cut down on the malware and spyware and such, since it is a safer program and it is not used as widely as IE.

When I have time my lazy *** will get to linking those programs in the first post. I am just sick right now and I do not feel like hunting them down. Bah.
 

gensokyo

Banned
ZZ.. this thread pissed me off so much, I had to register. SO.

a) This is all top of the surface, lets prevent us from getting basic adware/spyware crap. It will not prevent your account from being jacked. There are 3 main exploits, and none of these will prevent them. Firewalls are like cardboard box security cameras. They'll prevent direct attacks through ports that might otherwise be vulnerable, but vs anyone - scriptkiddi or otherwise - who has the slightest inkling of what they're doing, its rather useless. Tack on the general stupidity of the bnet community - which seems to be leaking onto these boards more and more, and it's really just a placebo.

b) while the new IE still has activeX, and all that YAY-its tied to the os- funness, it's almost onpar with firefox. FF is not the be all end all. It's got its share of holes too. Thinking, "oh Im running firefox, im invincible!!!1" will get your *** fried. Opera > both. sswilson looks to be the most ontop of it, of all of you. Although linux isnt completely secure, it beats the hell out of windoze boxes, in terms of security - simply because people will be exploiting windows, and not bother to try with linux (as far as this game goes). But, that really only saves you from 1 major exploit. Virtual PCs, are really a hassle, and rather unnecessary. Yes... they will work as explained, but running a proxy server, and simply controlling what your browser loads / doesn't load will do you just as well. ex, Proxomitron. Self contained too. Yay.

buT even if running under a decently configured pr0xo/browser, don't visit any stupid sites. The clan site they want you to register at? Even if you just VISIT it, it's good enough - if they're not total dumbasses. The whole don't use bots you havent coded yourself, mH's, etc should be apparent. Your "friend" sends you a link on Aim to a page? nuh uh. Paranoia keeps you clean.

c) Antivirus. I'm running AVG atm, simply because it's free, and it works well enough. Norton is one of the trashiest antivirus (paid) progs. NOD32 would do you well. Although, it will probably cost you more.

d) passwords. Decent job by op.. but you missed the important parts. While typical symbols [email protected]#$%^ etc will make it harder to guess -- and, most accts are not stolen through willy nilly guessing imo -- they offer no additional security. They are standard characters afterall. Ascii (and while it is all ascii... i refer to the symbols generated with Alt + numpad) like § × ¼ Å¡ ñ þ ß etc-, will. You'll be able to log into battlenet through your game client, and/or chatbots just fine. You won't be able to log into the battlenet forums, nor will anyone else be able to login to your acct through those forums, even if they have the correct sequence. Different one per each account. Rotating passwords are ok, if you're logging on from public places. Some netcafes with d2 use Loader regularily though. And who knows what else's on those systems.

e) Empty your temp files regularily - THIS INCLUDES YOUR COOKIES. Automatic login is weaksauce - and check your processes.
This's just standard common sense, and not entirely related at all. If you don't want to root them out yourself, grab a prog like CCleaner. If you see something you don't recognize, run hijack This, and post a log to a security forum.

e.5) Trojans/keyloggers are not just a threat to your accounts. They will log everything. EVERYTHING. From your account password, to you cybering with that "14/f/cali", to any online banking accts, pwords, creditcard numbers, and sensitive personal info.

f) email. Passwords are just as important here. Gmail accepts the special ascii chars fine. Unsure on hotmail. But hotmail has a ezpk recovery system, so that's kind of toying with fate right there. Don't. Make. Your. Recovery. Password / Question / SecretSantaSpecialness EASY. If it's something like "what color are my eyes?" you've screwed yourself already.

g) Running XP? Load the control panel. Go to Administrative tools, Services.
disable Remote Registry.

h) even if you do all this perfectly, blizz in their infinite wisdom, has been warned of at least one of these exploits (not relatively new either) and has yet to fill the hole. So yeah. Cool aint it?

i) I love this site.
http://www.sass.ca/ said:
You didn't know you had radar? Well you do! Some people call it instinct, and it's an important weapon because it tells you when danger could be around. The Alert Twins have radar on our watches. They beep and flash when danger's close. Your radar is tucked safely inside your tummy and your head, but it's just as strong as ours.
 

Esuna

Diabloii.Net Member
Whoa, gensokyo, very nicely stated, though that's probably all I'll be saying since it's so late right now.
 
Top