Neopets security weaking?
Sun Feb 27, 2005 9:21 pm
in three days I have had two accounts of mine hacked (all in the same day) and found out that my best friends accoutn was hacked as well. all of the hacking happened while i still was logged into the account and PLAYING with them. etc. iw as restocking. prcigin. checking my shop til. i be all of a sudden logged out and my password no longer worked nor coudl i recover mypassword. anyon else running into this problem? and no my password wasn't easy to guess. i lost 4 million in my main account because of this -_-/
Sun Feb 27, 2005 9:45 pm
That's scary ...
Could it have something to do with the security code being removed from the site?
Making guessing peoples passwords much easier ...?
Could it have something to do with the security code being removed from the site?
Making guessing peoples passwords much easier ...?
Sun Feb 27, 2005 9:47 pm
You might have fallen for a cookie grabber or keylogger. But I am not a wiz on those topics so I am not sure what happened to you. That stinks. 
Sun Feb 27, 2005 9:50 pm
couldn't have been a keylogger nro a cookei grabba site. i don't go to sites I don't know about. and two i use firefox. i don't use thaat ***p they call IE. plug i do regular scans on me pc for viruses and spyware. it just teribly annoying. i wish i cold do more tog et my account back other then just contct them through that mail form and wait a couple of months
Sun Feb 27, 2005 10:09 pm
I use Mozilla and I had a keylogger. 
Mon Feb 28, 2005 12:12 am
Do you and your friend IM with people you don't know (like a RS chat, something like that)? Have you accepted any files from anyone? Do you use Hotmail (from my limited understanding that's very very easy to crack). Have you been to any sites that anyone's given you a link to?
I understand that there is a patch now, but Firefox has a vulnerability that IE actually doesn't. It's called pharming (or phishing) where you go to a site, the url looks correct, but it's actually NOT the site you were going to. I know that makes no sense, but someone told me to take a url and paste it into notepad and the real url would show up.
You could have gotten a keylogger, backdoor, something like that. Firefox/Mozilla is not invincible. I was reading on Cnet a week or so ago that Firefox users could expect to start seeing spyware problems by this summer. Maybe someone's already figured out how to do it?
I'm so sorry this happened to you and your friend. I hope you both wrote to Support to get your accounts frozen so hopefully no further damage can be done. You will have to "jump through hoops" to prove that the accounts are yours - email you signed up with, dob, pet names and petpets, bank account type and last known balance, last trade/auction done, something in your sdb, trades, shop, etc., the guild you were in (if you were in one), some neofriends on your list, any neomails in your inbox, any weapons equipped to your pet(s), trophies ... anything at all you can think of.
I regularly do a quick copy and paste of my nf list, inbox, quickref and bank once a month and email it to myself as a just in case.
I really DO think the security code should be brought back. I know it's not infallible, but it does at least help. I also think that 2 people should definitely not be able to be logged into the same account at the same time. I have no idea why this is possible - sharing accounts is against the rules, and I feel that disallowing a second person to log in while you're on the site might at least dissuade would-be hackers/crackers. Either that or some kind of "warning" Event that someone else is logging into your account. You could at least try to get to User Pref and change your password to kick them out.
I understand that there is a patch now, but Firefox has a vulnerability that IE actually doesn't. It's called pharming (or phishing) where you go to a site, the url looks correct, but it's actually NOT the site you were going to. I know that makes no sense, but someone told me to take a url and paste it into notepad and the real url would show up.
You could have gotten a keylogger, backdoor, something like that. Firefox/Mozilla is not invincible. I was reading on Cnet a week or so ago that Firefox users could expect to start seeing spyware problems by this summer. Maybe someone's already figured out how to do it?
I'm so sorry this happened to you and your friend. I hope you both wrote to Support to get your accounts frozen so hopefully no further damage can be done. You will have to "jump through hoops" to prove that the accounts are yours - email you signed up with, dob, pet names and petpets, bank account type and last known balance, last trade/auction done, something in your sdb, trades, shop, etc., the guild you were in (if you were in one), some neofriends on your list, any neomails in your inbox, any weapons equipped to your pet(s), trophies ... anything at all you can think of.
I regularly do a quick copy and paste of my nf list, inbox, quickref and bank once a month and email it to myself as a just in case.
I really DO think the security code should be brought back. I know it's not infallible, but it does at least help. I also think that 2 people should definitely not be able to be logged into the same account at the same time. I have no idea why this is possible - sharing accounts is against the rules, and I feel that disallowing a second person to log in while you're on the site might at least dissuade would-be hackers/crackers. Either that or some kind of "warning" Event that someone else is logging into your account. You could at least try to get to User Pref and change your password to kick them out.
Mon Feb 28, 2005 12:33 am
Wow that absolutely sucks. My sister signed up for neopets once, but never actually went onto the site to do anything. Then the first time she tried to log in it told her that her account had been frozen becasue she was using profanity. She had never even been on the site before though so I don't know where they get this stuff from.
Mon Feb 28, 2005 9:24 am
I don't do secure ims i run trillian and so tillian isn't exactly fully complable with all of aimsstuff. i don't accepted unknown programs or things. i only download programs when i need them for my pc 9such as software updates, and the such.
I'm not stupid enough to fall for scams and the like and so on either.
I'm not stupid enough to fall for scams and the like and so on either.
Mon Feb 28, 2005 9:31 am
Did you remember to log off after using your account?
Mon Feb 28, 2005 9:32 am
no consdering I only play it at home I don'tt hink to since i am the only one that uses my pc
Mon Feb 28, 2005 9:38 am
I think that you and your friend both getting hacked indicated that something is going on that is more than normal neopets security issues.
Mon Feb 28, 2005 9:41 am
The other option not many people consider is automated word guessers. They try every combination of letters and numbers. They were the reason the security codes were brought in. Before you could only guess x amount of times before you'd have to wait a set period of time but that wasn't enough to stop certain people who got into several accounts.
With the codes gone are the guessers back ??
With the codes gone are the guessers back ??
Mon Feb 28, 2005 9:42 am
you can only try to guess a password so amny times in an hour. believe me I know
Mon Feb 28, 2005 9:49 am
GrimAngel wrote:you can only try to guess a password so amny times in an hour. believe me I know
I know...I said that in my post above. But it's easy enough to work your way around that...and besdies, obviously they do work since that was the reason we had the Security codes implemented
Mon Feb 28, 2005 3:34 pm
It really sickens me that people care enough to ruin our fun by hacking into accounts to steal imaginary money and items. Why would you do that? It's pointless.