Latest Diablo 3 News
DiabloWiki Updates
Support the site! Become a Diablo: IncGamers PAL - Remove ads and more!

To those hacked on West :

Discussion in 'Diablo 2 Community Forum' started by Quietus, Oct 30, 2006.

  1. Quietus

    Quietus IncGamers Member

    Joined:
    Mar 11, 2005
    Messages:
    5,470
    Likes Received:
    3
    Trophy Points:
    346
    To those hacked on West :

    It's clear that there's some kind of problem going on on West, we've had such a huge number of West accounts going down, that I am not sure that I count them all as being due to 3rd party programs and the like.


    So, I'm wondering what it is that's going on. Is it someone using the password recovery tool, or is someone bruteforcing a number of accounts? I can't think of a way to test the first, but there IS a way to test the second - anyone who's had your account hacked recently (we'll say the last month?), please list all of your accounts that were hacked, and we'll see if any patterns start to show up.
     
  2. English Muffin

    English Muffin IncGamers Member

    Joined:
    Oct 2, 2006
    Messages:
    27
    Likes Received:
    0
    Trophy Points:
    5
    And if you don't use your passwords for anything else, list the passwords for the accounts here too. But ONLY IF YOU HAVE ALREADY DELETED THEM. Common sense please. It may just be that people had really easily guessed passwords. Oh, and also mention who else knows your passwords.



     
  3. TurbulentTurtle

    TurbulentTurtle IncGamers Member

    Joined:
    Jun 21, 2003
    Messages:
    10,415
    Likes Received:
    4
    Trophy Points:
    256
    Actually, when it started happening, people were afraid to post their accounts out in the open, because they think that it's somehow part of how their accounts were getting hacked into.
     
  4. Quietus

    Quietus IncGamers Member

    Joined:
    Mar 11, 2005
    Messages:
    5,470
    Likes Received:
    3
    Trophy Points:
    346


    No, there's a specific reason I didn't ask for passwords. With the prolific number of accounts hacked, I sincerely doubt that it has anything to do with which passwords were easy to crack and which weren't.

    Yes, but I'm not asking OTHER people for the names of their accounts. I want to know which ones have already been hit. Rykuss recently posted about his accounts being hit, and if every other account that's been hit came before his in alphabetical order, then we can safely assume it's a brute-force problem.



     
  5. GreyGhost

    GreyGhost Banned

    Joined:
    Jun 17, 2006
    Messages:
    520
    Likes Received:
    0
    Trophy Points:
    0
    Since several people have reported finding requests for new passwords in their trash bin, its safe to say the hacking is email-related.

    The best safety measure is to keep a separate email and with a unique pw for D2 registration. Then use a different emails for forums, etc.

    Ofc if its a specific hacking program or "brute force" method then they'll get in anyway.
     
  6. TurbulentTurtle

    TurbulentTurtle IncGamers Member

    Joined:
    Jun 21, 2003
    Messages:
    10,415
    Likes Received:
    4
    Trophy Points:
    256
  7. Ax2Grind

    Ax2Grind IncGamers Member

    Joined:
    Apr 19, 2004
    Messages:
    2,577
    Likes Received:
    0
    Trophy Points:
    466
    ...and the forums still lock threads when people are trying to deal with the ultimate apex of cheating. Wow, must be someone they know.

    Shame Blizzard is refusing to do anything about it and letting it go on. Someone want to prove me wrong by showing me a Battle.Net forums thread saying the opposite?
     
  8. Qbi

    Qbi IncGamers Member

    Joined:
    Feb 9, 2005
    Messages:
    3,323
    Likes Received:
    3
    Trophy Points:
    120
    Hmmm... If anyone has accounts on any other trading forums, I think they should post here about if there were any other west account hits as well.

    See if it's not just Diabloii.net members being targeted, or single out the majority that is being hacked.
    I haven't played the game in ages, so excuse me if this is an already known fact.

    Just my 2¢
    -Q
     
  9. calindor

    calindor IncGamers Member

    Joined:
    Nov 3, 2006
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    not sure if this applies as I'm referencing an EAST account, but its worth a shot, my sons account has mysteriously stopped letting him login, attempts to recover password have failed, and tech support offered absolutely no help what-so-ever, I STRONGLY suspect a brute force hack, I would hope, if someone in tech who monitors these forums would be willing to "bend the rules" a bit and send my son his pw, please contact him/me at [email protected] the account, if you hadn't already guessed: quinnlord (of course) he's had this account for over 2 years and is very fond of his characters.
     
  10. WhiteAlien

    WhiteAlien Banned

    Joined:
    Dec 18, 2005
    Messages:
    890
    Likes Received:
    0
    Trophy Points:
    165
    First of all it cannot be bruteforce attack. Brute force attack is based on dictionary and if you saw Rykuss psw you will understand that there is no way to brake it that way. Also 3 wrong password guess leads to RD.

    Typical mistakes using passw:

    1. Same passw for emails, forums and D2 acc;
    2. Account sharing (this is how I lost my acc some time ago :embarassed: );
    3. Login into your D2 acc from internet caffes, other PC's etc;
    4. 3rd party progs

    And I think there is some glitch with pasw recovery. I'll try to do some tests and if I'll come up with something interesting I'll post results here.
     
  11. Cooked

    Cooked IncGamers Member

    Joined:
    Jul 2, 2003
    Messages:
    1,520
    Likes Received:
    0
    Trophy Points:
    346
    I am still investigating but I believe the attack may have come through Limewire. I had an alphanumeric password and lost gear only on the account I played between Limewire sessions. Mostly the blame is mine for sloppy internet use.
     
  12. Quietus

    Quietus IncGamers Member

    Joined:
    Mar 11, 2005
    Messages:
    5,470
    Likes Received:
    3
    Trophy Points:
    346
    I've already accepted that it's unlikely to be a brute force thing - though I wasn't aware that 3 wrong guesses would make it crap out on you. That's just more reason it wouldn't be bruteforce. Apparently, those who've been hacked (or some at least) have found password recovery emails they didn't request.


    I doubt that it's a Limewire thing, or we'd have reports from all realms, not just West. Items on East sell for just as much as they do on West, and people don't do mass hacking things just to round out their own chars. If mass hacking is going on, someone is looking for profit.



     
  13. themachine

    themachine IncGamers Member

    Joined:
    Sep 21, 2005
    Messages:
    824
    Likes Received:
    0
    Trophy Points:
    165
    I dont think this is limited to USWest as East has been hacked significantly as well.
     
  14. Quietus

    Quietus IncGamers Member

    Joined:
    Mar 11, 2005
    Messages:
    5,470
    Likes Received:
    3
    Trophy Points:
    346

    Has it? I haven't seen any indication of that in threads here.



     
  15. Dawnmaster

    Dawnmaster IncGamers Member

    Joined:
    Apr 23, 2004
    Messages:
    5,209
    Likes Received:
    40
    Trophy Points:
    469
    Well, if it's only on West, and now also on East, it's clear that it's someone in America doing it :rolleyes:

    Haven't seen any reports of Europe anywhere.

    Having said that, why would bruteforce not work? You could easily write a program that would
    - log on the internet
    - start diablo
    - log on to battlenet try 1
    - log on to battlenet try 2
    - log on to battlenet try 3
    - close diablo
    - log off from the internet
    - change ip
    - rinse repeat until you can access the account

    This might take a long while, but it is possible.
     
  16. Zarniwoop

    Zarniwoop IncGamers Member

    Joined:
    Jan 10, 2006
    Messages:
    4,425
    Likes Received:
    34
    Trophy Points:
    168
    If you had an account at rpgtraders, and if (like me) you used the same password/account name there - that's your answer most likely.

    Those are not secure forums last I heard.

    After I got hacked, I recalled that many many months ago I joined rpgtraders for about the 15 minutes I took to realize it wasn't my cup of tea. Being foolish, thinking "It's just D2 stuff, who would steal something like that?" - I just used the same PW.

    Lesson learned.

    I'd be interested to know how many that got "hacked" had rpgtraders accounts. And of those, honestly, how many used the same name and pw as in D2 like I did.
     
  17. Gorny

    Gorny Banned

    Joined:
    Sep 9, 2003
    Messages:
    27,850
    Likes Received:
    9
    Trophy Points:
    0


    Not possible as this site is a seperate entity from Blizzard.

    The only thing that can be done here is resetting the password to these forums.

    Elly or any admin can reset a user's password for these forums, but the admins and we mods do not ave access to the actual passwords, they are encrypted.

    All they can do is trigger the database so that it sends an email to your registered address, starting the password resetting thing.

    But that's kind of pointless since individual users do have the abiliy to reset their password if they forget it or get locked out.



     
  18. Cooked

    Cooked IncGamers Member

    Joined:
    Jul 2, 2003
    Messages:
    1,520
    Likes Received:
    0
    Trophy Points:
    346
    I am not on the rpgtraders, never have been.
     
  19. Claudio_G

    Claudio_G IncGamers Member

    Joined:
    Sep 15, 2004
    Messages:
    97
    Likes Received:
    0
    Trophy Points:
    33
    Just a thought: It can be a brute-force dictionary attempt. Meaning that not every possible combination, starting at aaaa is used but certain words like: Dragon, Paladin and so on (you would be amazed how silly many users are, just work for a week as a system admininstrator in a bank).


    Yes you get RD after 3 wrong guesses but I am sure there are ways around that. I do not cheat, do not use hacks and when I was still hunting d-clone it took me forever to find the right game because there were people sitting in the very same IRC channcel and running bots and d2 loader I guess (having multiple cd-keys). So those people had 40 D-clone games in a matter of a few minutes. I don't doubt that one could bypass the "wrong password RD" that way too. Cheaters suck.


    Claudio
     
  20. Leohappy

    Leohappy IncGamers Member

    Joined:
    Mar 26, 2005
    Messages:
    2,789
    Likes Received:
    0
    Trophy Points:
    120
    iirc, if you use the change password form you will not get a realm down if you fail 3 times but i haven't checked recently
    so very likely they abuse the change password form to break in :starry:

    i still think many users have been hacked via password recovery form though, looks like an easy loophole to abuse, especially if your mail account is used by others - here, again, they can use the change email address form to break in :scratch:
    email addresses also tend to have bad passwords

    so how do they know your email address? my guess is forums

    in any case, it's hard to assess the problem without useful input from people who have been hacked



     

Share This Page