Pages: [1] 2 :: one page |
|
Author |
Thread Statistics | Show CCP posts - 2 post(s) |
Murkod
|
Posted - 2011.01.16 13:34:00 -
[1]
Okay so these rules make sense, and as a web application developer I know the risks of of online hacking only too well, my job entails ensuring the protection of hundreds of thousands of credit card transactions every day!
1. Never buy ISK for real money. 2. Never visit ISK selling websites. 3. Never user macro programs. 4. Never share accounts with anyone. 5. Avoid logging into EVE using public computers. 6. Do not use the same username in different MMOs and if you do, certainly do not use the same password. 7. Change your password periodically. 8. Have your password complex.
Out of these, because of a hiatus - due to moving house and losing our internet access, only number 7 wasn't followed - my password hasn't changed in about 5 months.
Yesterday I received an email stating that my main character was being transfered. Instant petition, literally within 10 mins of receiving the email - 24 hours later, no response.
Meanwhile I've lost a toon with a crap load of skills, experience, money and ships.
Where are CCP? Where is support? Not only did I file the petition on the account with the toon that was being transfered, but I followed it up with every available piece of info I could.
Of course the character is gone, as is the petition, so I had to repetition.
Still no response.
Now, I have my limited api key in Evemon, and my corp has my Limited API key as required by corp rules. I only ever visit eve-online.com via the url bar because my email software blocks ALL links, and the only eve related thing I bought off-game was a t-shirt for a friend from the eve-store.
I understand that there is a chance of keylogging etc, thats a risk on every computer blah blah and the fact my computer has been offline for months, then when I get back online THEN my account vanishes so there's a lovely possibility... But that isn't my issue, this is:
There's a 10 hour period for transfer, I can already see that my assets are gone after logging into the account and finding it in Jita with 300,000isk. Damn. Sucks. Not the end of the world, I have good friends in game that'll help me fix that. If CCP had responded to the petition then I wouldn't have lost the character, that could have been stopped and I wouldn't have to worry further.
I'm well angry, first that the account was hacked overnight, which may have been a keylogger or something I missed in my virus scan (which is still clean with the latest Norton), secondly that CCP did not respond in time to prevent the loss of the character.
In fact - they STILL haven't responded.
|
heheheh
Phoenix Club
|
Posted - 2011.01.16 13:38:00 -
[2]
Chill winston. Have some patience, it can take up to and over a week for a petition to be answered.
|
Shintai
Gallente Arx Io Orbital Factories Arx Io
|
Posted - 2011.01.16 13:44:00 -
[3]
Edited by: Shintai on 16/01/2011 13:45:10 Patience is a virtue.
EDIT: Also im quite sure its not lost yet.
Unless you are just rambling after getting caught with something :P --------------------------------------
Abstraction and Transcendence: Nature, Shintai, and Geometry |
Nika Dekaia
|
Posted - 2011.01.16 13:59:00 -
[4]
No one here on the forums can help you. Stick to your petition and have more patience, as the other posters said. Sorting this kind of stuff out is not a trivial thing and I think we all would like the GMs to do the job rather proper than too fast. You will get your char back if you got hacked. Some ISK and item transfers might not be reversible, though.
No need to ragepost on the forum. No matter how someone got hold of your password and account name, it was your fault one way or another.
|
Murkod
|
Posted - 2011.01.16 14:06:00 -
[5]
Sorry guys - its like worst case scenario for me after hounding my son for years about account security and not giving passwords out etc, and then finally after being out of game for so long to lose the char after one day... Been sat dwelling on it all day yesterday with no feedback whatsoever - not a reasurring thing!
I'll keep myself under control and wait some more :|
lol no, not caught doing anything untoward, and now my account won't let me log in anymore, so thats gotta be good... I do have a second account I'm also very worried about though.
Still no keyloggers found on my system and i've spent 2 days scouring it looking for anything that could possibly be responsible with every tool I can get my hands on!
|
Mal Lokrano
Gallente The Executives IT Alliance
|
Posted - 2011.01.16 15:38:00 -
[6]
Edited by: Mal Lokrano on 16/01/2011 15:38:48 Did you have a simple password, because maybe it was just a lucky guess by a hacker? My password is 64 characters made up of both numbers, upper, and lowercase letters . But then again, I am somewhat a minority. _____ When going to a party with wine, women, and song. Always ascertain the vintage of the first two.
Your friendly neighborhood pod liberator. |
Estel Arador
|
Posted - 2011.01.16 16:47:00 -
[7]
Originally by: Mal Lokrano Did you have a simple password, because maybe it was just a lucky guess by a hacker? My password is 64 characters made up of both numbers, upper, and lowercase letters . But then again, I am somewhat a minority.
If you're worried about brute force, 20 to 25 characters should be plenty really.
|
Cipher Jones
Minmatar
|
Posted - 2011.01.16 16:52:00 -
[8]
Edited by: Cipher Jones on 16/01/2011 16:52:23 You didnt share your account eh?
|
Sinister Dextor
|
Posted - 2011.01.16 16:52:00 -
[9]
Originally by: Murkod hounding my son for years about account security !
Revenge.
|
Paija
|
Posted - 2011.01.16 17:03:00 -
[10]
Edited by: Paija on 16/01/2011 17:05:11 I know of one case where some dude had his own domain and registered his account to his [email protected] and then let it expire and someone who took over the domain got all of his passwords for services he had opened using his own domain and email. Iirc not only was his eveonline account taken over but also his facebook, hotmail (backup password), ebay, his video rental user details as well as myspace, twitter and other similar things.
So if you are going to let your own domain go, make sure you change your registration details (email address) on all your different services online. "I forgot my password" will otherwise bite you.
Edit: also news letters to your old domain email are a dead giveaway. Another reason to change your registration details.
|
|
|
CCP Adida
C C P C C P Alliance
|
Posted - 2011.01.16 17:05:00 -
[11]
The best thing to do is to let the GMs review your petition and investigate the issue. If you have additional information for the GMs you are welcome to add it to the petition.
Adida Community Rep CCP Hf, EVE Online
|
|
Pan Crastus
Anti-Metagaming League
|
Posted - 2011.01.16 20:26:00 -
[12]
Originally by: CCP Adida The best thing to do is to let the GMs review your petition and investigate the issue. If you have additional information for the GMs you are welcome to add it to the petition.
So adding some link to those emails to allow people to stop the transfer process without any (far too late) intervention by CCP is out of the question?
How to PVP: 1. buy ISK with GTCs, 2. fit cloak, learn aggro mechanics, 3. buy second account for metagaming
|
BR Link
|
Posted - 2011.01.16 21:17:00 -
[13]
Originally by: Estel Arador If you're worried about brute force, 20 to 25 characters should be plenty really.
10 is plenty if you're mixing numbers and letters, and include at least one special character (! " ú $ % ^ & * + - etc.). http://howsecureismypassword.net/
|
Draconyx
|
Posted - 2011.01.16 21:19:00 -
[14]
You said you just moved.
Do a Start Search type in "Event" and open the Event Viewer application. Check the Windows Logs/Security Logs
See if your computer was started anytime after you turned it over to the movers and before you received it back.
Another possible hole is wireless connections.
|
Ecivres'ruoy'ta
Caldari Single Female Lawyers
|
Posted - 2011.01.16 21:23:00 -
[15]
Originally by: Shintai Edited by: Shintai on 16/01/2011 13:45:10 Patience is a virtue.
EDIT: Also im quite sure its not lost yet.
Unless you are just rambling after getting caught with something :P
Patience is not a virtue, when your ********* are tightly packed and strapped to a German made guillotine.
If that made any sense at all ...
|
Aessoroz
Nohbdy.
|
Posted - 2011.01.16 21:28:00 -
[16]
If a petition is that important, you have to start spamming Jita with ***** ASCII images, that will get their attention guaranteed.
|
Estel Arador
|
Posted - 2011.01.16 21:36:00 -
[17]
Originally by: BR Link
Originally by: Estel Arador If you're worried about brute force, 20 to 25 characters should be plenty really.
10 is plenty if you're mixing numbers and letters, and include at least one special character (! " ú $ % ^ & * + - etc.). http://howsecureismypassword.net/
I guess that depends on your definition of 'plenty', and what type of computer(s) might be involved in the brute force attempt.
On a sidenote, the font of the faq on that page is positively horrible.
|
Pan Crastus
Anti-Metagaming League
|
Posted - 2011.01.16 23:15:00 -
[18]
possible weakness that might have been exploited in the case of the OP: stored passwords in the browser
It's generally recommended to take the performance hit and put the windows drive (or just the folder with all user data, not games etc.) in a TrueCrypt container. This also protects all your passwords in case of theft/burglary/sold hard disk + forgot to erase it securely...
How to PVP: 1. buy ISK with GTCs, 2. fit cloak, learn aggro mechanics, 3. buy second account for metagaming
|
Opertone
Caldari World - of - Empire Cassiopeia.
|
Posted - 2011.01.16 23:33:00 -
[19]
Originally by: Murkod I was hacked. Norton
I assume that Norton is inferior, both to my personal experience and to your mishap.
|
Tenacha Khan
TunDraGon
|
Posted - 2011.01.16 23:41:00 -
[20]
I started back and got hacked after a few days. I followed a link fro reactivation and five free days that I thought was sent by ccp. oops.
Also, has your char left corp and gone to someone else? As it maybe a phishing attempt. I get atleast two char transfer emails a week which are fake. As to be able to transfer a char it needs to be in a npc corp. Also search for your char on the forums, look at last posts made and see if it has been sold for isk.
CCP responded within a few hours for me and banned all my accounts, the guy had done alot of selling and transfering, tried to sell my main char, but everything was undone and all isk was returned to me. A few people were gutted when the isk they purchased online got given back to me.
|
|
RedClaws
Amarr Black Serpent Technologies R.A.G.E
|
Posted - 2011.01.17 07:41:00 -
[21]
This sucks mate. CCP should be able to reply to an emergency petition like that within 2 days surely... Did you file it under billing or just normal petitions that take like 2 weeks to answer?
|
Efraya
Minmatar
|
Posted - 2011.01.17 13:26:00 -
[22]
There was a post in EG in the past week of someone thanking CCP for saving their account. I'm sure that when they get to your character it will be re-instated. The meantime is awful though. I sympathise. Signature removed for not being EVE related. Zymurgist |
Bhattran
|
Posted - 2011.01.17 13:56:00 -
[23]
I'll point out that many many months ago numerous ideas were submitted for CCP to address that fall under account security one of which was the ability to 'lock' your account/characters so they could not be sold or could have a 'hold' placed on them for various time periods like a week-month etc.
Had such a tool/option been implemented you might not have lost the impossible to replace character you made yet it wasn't and still hasn't been added. Such a tool might have alerted you to your account being compromised *IF* you were monitoring it via Evemon and suddenly 'saw' it come online which could have prompted you to have it petitioned and a month long 'lock' may have been long enough to get you through the petition.
Again I say CCP should help us to help them help us keep our accounts secure and safe.
--WIS/Incarna/Ambulation where microtransactions come to play, and uh bars.-- |
BadJoe
Minmatar Avatar Society
|
Posted - 2011.01.17 14:19:00 -
[24]
Is it very hard to implement some kind of "authenticator" like the one that Battle.net (WoW) is using? I think that this game if any game should have such a tool.
|
Gavjack Bunk
|
Posted - 2011.01.17 14:23:00 -
[25]
Originally by: BadJoe Is it very hard to implement some kind of "authenticator" like the one that Battle.net (WoW) is using? I think that this game if any game should have such a tool.
If CCP bring one out for 10 euros, I'll bring one out for 15. Obviously you think you need to spend money to feel secure, I want to give you the opportunity to feel more secure than CCP will.
|
|
CCP StevieSG
|
Posted - 2011.01.17 14:25:00 -
[26]
Hey guys,
Just thought I'd link the Protect Your Accounts thread here, as it has a lot of the precautions listed above, as well as updated posts on phishing mails and horrible things of that sort which can lead to account hacking.
With phishing emails, the best route to follow in order to ensure that they're not fooling others is to forward the mail to [email protected].
Hope this helps!
|
|
Halcyon Ingenium
Caldari Bene Gesserit ChapterHouse Sanctuary Pact
|
Posted - 2011.01.17 14:47:00 -
[27]
Should also have "9. Don't use Norton." Seriously Norton's only function is to take credit card info and bill your account.
|
Tippia
Sunshine and Lollipops
|
Posted - 2011.01.17 15:01:00 -
[28]
Originally by: Halcyon Ingenium Should also have "9. Don't use Norton." Seriously Norton's only function is to take credit card info and bill your account.
Now now. Don't be so harsh on Norton. That's far from its only function. It also saps your processing power and entices you into buying a new computer, thus making everyone (everyone in the industry, that is, not the customers ù that would just be silly) happy. ùùù ôIf you're not willing to fight for what you have in ≡v≡à you don't deserve it, and you will lose it.ö ù Karath Piki |
BadJoe
Minmatar Avatar Society
|
Posted - 2011.01.17 15:02:00 -
[29]
Originally by: Gavjack Bunk
Originally by: BadJoe Is it very hard to implement some kind of "authenticator" like the one that Battle.net (WoW) is using? I think that this game if any game should have such a tool.
If CCP bring one out for 10 euros, I'll bring one out for 15. Obviously you think you need to spend money to feel secure, I want to give you the opportunity to feel more secure than CCP will.
It¦s free if you use it on your phone. It's not impossible to hack but it¦s way much better than what we have today and you could choose if you want to use it or not. |
RaTTuS
BIG Majesta Empire
|
Posted - 2011.01.17 15:05:00 -
[30]
Originally by: BadJoe
It¦s free if you use it on your phone. It's not impossible to hack but it¦s way much better than what we have today and you could choose if you want to use it or not.
and by making not compulsory you'll still get threads like this --
Join BIG
|
|
|
|
|
Pages: [1] 2 :: one page |
First page | Previous page | Next page | Last page |