hacking and currency exploitation

Hello fellow lords and ladies of the realm. I am new here (old UO player). I have been looking for a thread concerning these issues, but I have been unable to find one. Could anyone please point me to the right spot?

I want to increase my donation but I'm worried about the current state of hacking/exploitation in PC games. Seems every new game these days are plagued by this doom. I can't imagine it will be any different here but I wanted to know if the devs have any thoughts or plans in place to deal with these vile scum. I've watched plenty of videos on gold farming and similar topics and so far it seems like eve is one of the few that have combated the secondary currency.

They deduct isk from players accounts for buying isk that isn't from ccp. This on top of the fact that they sell their own currency. I watched one of markee dragons interviews with a gold farmer and he said that eve is one of the games that have beat their system.

I loved UO and I am very excited for this game, but it worries me to think about what kind of hacks we will see.

Also please have a forced password change every 30 days. This is another form of protection that the gold farmer said it is super easy to do and would shut down a lot of account hacks. I know on my WOW account back in the day I had the same password forever. I was never hacked but why make it easy?

If anyone would mind pointing me to where this has been discussed I would be greatly appreciated. Have the devs talked about this at all?

 

The dev's haven't openly talked about it. But I know there has been a few private conversations going on, as community members find potential hacks.

Though I understand it wold be nice, to get information from the devs about their anti-hacking measures, at the same time, it would provide extra information to those who would try to hack, about the different measures being taken.

Having seen some of the community actively trying to help on this front, I would put faith in the devs, that they will do their best to stop this where possible.

Sent from my LG-P930 using Tapatalk

 

looks like they will allow people to sell stuff for cash. this does not mean they will allow hacking. that would be bannable in any game.

i watched the interview you're talking about and the opposite was said about eve online, the guy being interviewed preferred eve's method.


your idea of forcing a change of password every 30 days is way too much of a botheration for the average player and not going to happen. plus it doesn't provide much benefit. a much better idea would be to require the use of a one time password sent to the players email whenever they try to log on from a different ip address.

 

Yeah for sure I don't want them or anyone to do anything that might help hackers get an edge so to speak. I want so badly to make this game happen, but at the same time I'm worried I'll put all this money in then have another hack fest on my computer. I'm sure they are doing what they can, but I saw from one of their comments something about how using client based servers or whatever would "open them up to hacking." I just get worried because it seems today everything is open to hacking so why give them any edge at all? I am no programmer (science geek) so I don't understand what goes into it, just that it kills almost every game I try to play online.

 

Yes he liked their method, but it also stopped him from being able to make money off of them.

 

The client based servers are not the typical style that most people think of. They are using the client machines, to process all none-critical portions of code etc. Critical things, like loot and such will be controlled on their servers. I'm still trying to wrap my head around this one, but it does sound very interesting, and if it works, has a lot of potential for offering something a decent experience, and at a lower cost for Portalarium.

 

Yeah I just watched it (in part) again to see what he said from around 21:30 on he talks about games that work well (that he can make money on) and he says we thrive in open economies, wow, everquest, then eve up until this point. Meaning since they ban players or deduct money from players accounts they have thwarted companies like his. Something to that effect.

 

Right on, sounds good to me lol. I'm sure the devs have plans in mind, I was just curious if they had mentioned anything about it.

 

As far as the password change goes it really isn't that big of a hassle. Granted you can take what the kid says in the interview as lies because who is going to trust him. He does say that changing your password every 30 days would put a lot of people out of his business. If that small step has any chance of combating one person getting hacked and that gold ending up in the game and thus hurting our economy then I am for it.

We need to be just as relentless as the hackers if we don't want exploitation.

 

Also it should be a requirement that (although it seems dumb and why would people make it easy) that the email for the game account to log in is not this forum account. Again who knows if what this kid says is true but he said that the main way they get accounts is to hack community sites. They have your email, which is usually the same as the game, they have the password and if your not too bright it is the same one as on the forum they just hacked.

I'm just hoping the devs are aware of this and are not going to just link this account to our login. Even if they allow us to change the pass/email after the fact. How many really will? Then one day this site is compromised and oops so are all of our accounts.

 

I wish I had some info but , so many things are changing I feel its ok to assume , they can't comment on Security yet because they dont know what they need to secure .... (Big Picture) wise ..... but Im with you Op

 

Also that method you mentioned could be easily bypassed by someone using a hack or whatever to change their ip to make it seem like they are where they should be. That is how they power level wow accounts or so I've watched on youtube.

Also wouldn't help much if they hacked this site and already had your e-mail, then they could see the new password. I just want this to be as hack free as possible. If we can help the devs with this little bit of knowledge like forcing us to have new emails for account login, that is different than the email we used here, and forcing a password change every 30 days then why not? You have another email account? If not is it really that hard to make one?

 

well your basic understanding of the website hacking is wrong. this is not a separate community site. this is the main website for the game.


in the markee dragon video they discussed how people would hack a separate community/fan site and the problem is people would use the same email and password on this separate fan site as their game account. so once they had the fan site accounts they often had the game accounts. fansite security is usually nothing like what a multi million dollar corporation has.


the idea i mentioned for requiring a special temporary password emailed to the account owner whenever there is a change in ip address is very secure and it is what SWTOR does. also i am simplifying it for purposes of explaining it, it's actually not simply a change in ip address but a change in ip address and/or hardware id of some kind.

 

For the love of God do not force password changes. It's sad that companies make you use crap like 8 characters min, plus a number, plus a blood type and a capital letter. You end up writing all your passwords down in your phone, email or on paper. Making you LESS secure.

People get their accounts "hacked" by being stupid, none of them are actual hacks. It's the SQAs that normally lead to you getting "hacked" anyways.

 

Also, most of the game busting things are all client/server issues. Let's go back to 98, UO, long story short. You had to "trick" the server via what you did on the client. Sometimes the server would correct it, hence why dupes normally required black holes or server lines.

But let's look at massive game that hasn't released yet, ArcheAge. You can run around with God mode, use any spell in the game, create your own items ect. All because it's a client heavy game. So you just change a few files (not getting into it now) and put in the right commands in game, and the server will accept that you're a max level elite mob with invulnerability turned on. And you gain access to the mobs entire skill set and spells.

but again, most of it does not matter. In UO dupes happened all the time, the game survived. In AA (Russian mainly) the game is almost unplayable because of the exploits. A solid game with a solid team will survive some dupes and exploits. That's what emergency rollbacks are for.

I'll mention EVE again, right now they are letting everyone know there is an exploit with drone damage. They TELL the community there is a serious exploit going on. Why? Because that counts as your final warning. If you use it, and get caught, you're gone. It also makes the community keep an eye out for players using it so they can report them. And by far the coolest thing, if you used the exploit, you can turn yourself into CCP for leniency. Such an amazing company.

 

Please imagine I'd have liked this sentence a few dozen times

What bothers me more than anything else at this point in time is the fact that you can get real life currency converted to in-game currency through legal means (house/special items), so even without people using bots/macros, or trying to access other accounts, we are already going to see a couple of characters that are simply overpowered without having earned anything in-game.

 

While true I don't think there is anything that is too game changing. I mean indestructible tools is nice but it will depend on how much else they really add to it. If the world is going to be large those players with that advantage won't be the majority. Also tax free house is great! Again there is nothing in the game saying you need a house. Ever. Could be a wondering trader/adventurer your entire life and always use cities/ crafting pavilions your whole life.

 

Maybe you can put my mind at ease again, but another thing that worries me is that by default our user name is the same as the game. I just changed mine as I get nervous with these things. So as it stands for everyone that hasn't changed their display name, people already have your user name to log into a game where they want you to pay 50-12000 bucks.

I'm just saying I think there could be better security in place, like allow a one time user name change or something for those that want it. Or force it even as I think it's crazy people could just write down our names off the site. Then start cracking. Hack the site to get the passes sure but they already have most of our user names.

If none of them are actual hacks than explain this please. It does happen, we can't be blind to it. Granted that company behind that game was terrible, but it doesn't mean it can't happen here. My account got hacked from this because I never went in to change my password (didn't care to, didn't play anymore). From that hack they were able to get my email and encrypted password. Sure stupid on my part, but again I didn't care about this game.

My point is, why make it so easy?

http://www.joystiq.com/2013/04/03/the-war-z-forums-and-databases-hacked-taken-offline-for-investi/

 

that is how most games work. You only process and secure data that matters on the server. This is far from anything new.

This is also why communication needs to be encrypted from the client to the server, otherwise the hacker can watch the packets, figure out how to form them and spit back custom ones at the server.

 

Also if hacks don't happen and it is always people being stupid could you please explain.

http://www.huffingtonpost.com/2012/...usands-killed-cities-destroyed_n_1948843.html

http://news.yahoo.com/world-warcraft-hackers-steal-millions-gold-191250818.html


Asking for more security these days shouldn't be met with ignorance. These things DO happen, again I ask.

Why make it easy?