hack attack?

xMoDx · **Joined:** May 2006 **Posts:** 456 **Location:**

0Kelvin wrote:

I'm trying to change my password, but when I enter my details and click "change pw" I get directed to a blank page. Anyone else have this problem?

check:

1) Update IE
2) Clear Cache
3) Remove Cookies

Restart Browser

If still blank u need to get your pc a customer support personel

PR0METHEUS · **Joined:** Aug 2006 **Posts:** 4093 **Location:** Earth

0Kelvin wrote:

I'm trying to change my password, but when I enter my details and click "change pw" I get directed to a blank page. Anyone else have this problem?

Are you possibly using Firefox? Silkroad's website is designed for Internet Explorer. Try using IE to change your password. I ran into the same problem myself with Firefox. I assume Opera and others would do the same.

Sorry if someone else already answered this below your post.

Darkangel · **Joined:** Sep 2006 **Posts:** 268 **Location:**

LoL its sad that when u play agame you worry about getting hacked from a simple party invite.

PR0METHEUS · **Joined:** Aug 2006 **Posts:** 4093 **Location:** Earth

Karlos Vandango wrote:

o could someone find out how many differnt combinations u could have in a 12 number password and a 12 letter password (no numbers)

Well 12 characters is a pretty good length to make a secure password:

- A 12 number password has 10^12 = 1,000,000,000,000 (1 trillian) possible combinations.
- A 12 letter (no numbers) password has 26^12 = 95,428,956,661,682,176 possible combinations.

Yes, a brute forcing program will eventually crack passwords of this length, but it will take some time.

zrabbit · **Joined:** Nov 2006 **Posts:** 146 **Location:**

PR0METHEUS wrote:

Karlos Vandango wrote:

o could someone find out how many differnt combinations u could have in a 12 number password and a 12 letter password (no numbers)

Well 12 characters is a pretty good length to make a secure password:

- A 12 number password has 10^12 = 1,000,000,000,000 (1 trillian) possible combinations.
- A 12 letter (no numbers) password has 26^12 = 95,428,956,661,682,176 possible combinations.

Yes, a brute forcing program will eventually crack passwords of this length, but it will take some time.

even at 1000 tries per sec it would take many years to try only a 10% of the posible convinations and i think 1000 per second needs a really heavy pc with a powerfull connection.
im asking myself this after reading the thread, does the silkroad server allows 100 tries without blocking the ip and the account?. if it does... well it proves my theory that joymax is hiring trained monkeys for their network security

Troo · **Joined:** Jun 2006 **Posts:** 487

True.. and llike I said if you combinate numbers+letters it will be 26^12+10^12=36^12 = gl brute force that. What alot forget is that it is usefull to do the same for your secret question.

And ofcourse, get a good anti-virus program.. and an 'ok' firewall and you should be pretty save. Ofcourse no-one can garantee it.. but neither can anyone that the world won't get hit by a meteor tomorrow. Just take the needed precousions and have fun. After all that is where this game is all about.

PR0METHEUS · **Joined:** Aug 2006 **Posts:** 4093 **Location:** Earth

zrabbit wrote:

im asking myself this after reading the thread, does the silkroad server allows 100 tries without blocking the ip and the account?. if it does... well it proves my theory that joymax is hiring trained monkeys for their network security

Well, block the offending IP, don't block the account. Otherwise if you wanted to get someone banned, just brute force their account. I don't know what Joymax's policy is, but I doubt they'd block an account because someone tried to brute force it.

PR0METHEUS · **Joined:** Aug 2006 **Posts:** 4093 **Location:** Earth

Troo wrote:

True.. and llike I said if you combinate numbers+letters it will be 26^12+10^12=36^12 = gl brute force that. What alot forget is that it is usefull to do the same for your secret question.

And ofcourse, get a good anti-virus program.. and an 'ok' firewall and you should be pretty save. Ofcourse no-one can garantee it.. but neither can anyone that the world won't get hit by a meteor tomorrow. Just take the needed precousions and have fun. After all that is where this game is all about.

Good idea, I never thought of that for the secret question.

Ishagmuro · **Joined:** Oct 2006 **Posts:** 230 **Location:**

Just... Don`t give your username or password to anybody

That`s all , then , use a very very nice and updated antivus, and check your PC often.

And, care with your friends when they use your PC

zrabbit · **Joined:** Nov 2006 **Posts:** 146 **Location:**

PR0METHEUS wrote:

zrabbit wrote:

im asking myself this after reading the thread, does the silkroad server allows 100 tries without blocking the ip and the account?. if it does... well it proves my theory that joymax is hiring trained monkeys for their network security

Well, block the offending IP, don't block the account. Otherwise if you wanted to get someone banned, just brute force their account. I don't know what Joymax's policy is, but I doubt they'd block an account because someone tried to brute force it.

the problem with blocking the ip its that most of the brute programs use proxys (if not all (i know this cause i used some to try to enter porn sites with them a long time ago)). i know yahoo and many other sites block the account temporaly and ask the users to change their password. its true, if someone wants to block an account can use this as an exploit... i dont know if theres another solution running around for this kind of problem
ps.: i never could enter to a porn site with those programs. for 3 reassons mainly: 1.: luck of discipline, 2.: crappy conection (in those days i used to have dial up), 3.: luck of pc power (my lil pentium wasnt brute enought to get that stuff running right)

Manowar · **Posted:** Wed Nov 15, 2006 1:11 am

Jay wrote:

Well, someone from my clan got hacked he neither used this forum or the official one, never botted, din't have a wea kpassword or had any spyware on his computer, he just got hacked, like the post above me said theres no safety in sro. What annoy's me even more is that joymax doesn't even do anything about acc's getting hacked, you loose it it's gone, at least it was just a person who just stripped him and din't actualy change the details so he got it back, but still..

Ive had guildmates that got hacked the same way. If its the member i think you're talking about, i only recently heard of how she got hacked which really suks.

BoyrIIng · **Joined:** Nov 2006 **Posts:** 50 **Location:**

change ur pass.

Manowar · **Posted:** Wed Nov 15, 2006 1:26 am

BoyrIIng wrote:

change ur pass.

I said guildmates. I change mine on a 5-7 day basis.

tyfly · **Joined:** Jul 2006 **Posts:** 826 **Location:**

but wouldn't you rather be safe than sorry?

PR0METHEUS · **Joined:** Aug 2006 **Posts:** 4093 **Location:** Earth

Sazer wrote:

Aya wrote:

did you accept any party or echange from a stranger recently?

i hate to tell you Aya but that stranger party and exchange thing is a load of shit...how are you gonna get hacked by training in a dis party with other ppl...it dont make sense but w/e and secondly ive traded to sell weapon elixers MILLIONS OF TIMES and look im still 69 and UNHACKED >.> jeez ppl

Well it does seem suspicious when I can log into the game and immediately, even before I can see any player models (including myself), I get either a party invite or an exchange request window.

Maybe the party/exchange hacking thing is false, but I can see it as a possibility at least. If an attacker is able to access Joymax's database and read records as an exchange attempt is happening between the attacker and you, he/she could possibly see your username and possibly other info to use against you.

Of course, a hacker isn't going to be able to see your password by reading records in a database (the GMs I'm sure can't even determine your password -- 1-way encryption) but there could be other information that would be useful.

Then again, if you get access to the database, you shouldn't really need to actively interact with the player you want to hack anyway. So who knows.

Musaboru · **Joined:** Oct 2006 **Posts:** 139 **Location:**

Troo wrote:

True.. and llike I said if you combinate numbers+letters it will be 26^12+10^12=36^12 = gl brute force that. What alot forget is that it is usefull to do the same for your secret question.

And ofcourse, get a good anti-virus program.. and an 'ok' firewall and you should be pretty save. Ofcourse no-one can garantee it.. but neither can anyone that the world won't get hit by a meteor tomorrow. Just take the needed precousions and have fun. After all that is where this game is all about.

I can imagine all those answers to the pet name questions: Spike, Fifi, Tofu, Buster, Buddy and even Puppy or Kitty.
Hehe.

Demarthl · **Joined:** Jan 2006 **Posts:** 2296

yes, most of the site features don't like firefox, my girlfriend can't even register through linux+FF, she gets directed to a page saying 'use IE!' and she stabs it with a thousand wooden spoons of hate.

oh and hehe! dana scully, wow, someone an x-files fan? :3 cute

edit: x_X the post was deleted quickly/... weird

Tallrik · **Joined:** Oct 2006 **Posts:** 182

0Kelvin wrote:

I'm trying to change my password, but when I enter my details and click "change pw" I get directed to a blank page. Anyone else have this problem?

The password can only be changed with Internet Explorer.

Silkroad Online Forums

hack attack?

Who is online