Closed Thread
Page 53 of 82 FirstFirst ... 3 43 49 50 51 52 53 54 55 56 57 63 ... LastLast
Results 781 to 795 of 1219
Like Tree3Likes

Thread: Account Security Discussion

  1. #781
    Soulwalker
    Join Date
    Mar 2011
    Posts
    2

    Default

    I want coin lock to be optional or find a way to have a white list or something, I travel and I log in from multiple locations, granted I can keep checking my email for the ID, but after I put it in, I want it to be in a list so that I do not have to keep doing it when I am at that location. I also use CLEAR network and my IP switches every time I boot up, it is never the same and usually on the same subnet, so again, a white list or something that WORKS, for instance, this morning, I booted up, logged in, was coin locked, put in the key, logged out, reset my modem for fun, logged back in and guess what! I was coin locked AGAIN! As I stated, my device gets a NEW IP every time I boot it up so this is a serious problem for me since your white list either doesn't take into consideration a range of IP's in the same set or what ever, so add a new feature on the account to 'OPT OUT' of coin lock or do something real with it.

  2. #782
    Soulwalker
    Join Date
    Mar 2011
    Posts
    5

    Default Ridicolous

    I've been playing for 4 years in WOW, 5 years in EVE... 2 years in LOTRO. NEVER happened to me to have my account hacked.

    1 month in Rift and it happened.... if this is the beginning of the story I think it is really umpromising.

    Please restore back everything and close your security hole. or this game will die soon

  3. #783
    Rift Disciple
    Join Date
    Feb 2011
    Posts
    107

    Default

    Quote Originally Posted by Alch1mista View Post
    I've been playing for 4 years in WOW, 5 years in EVE... 2 years in LOTRO. NEVER happened to me to have my account hacked.

    1 month in Rift and it happened.... if this is the beginning of the story I think it is really umpromising.

    Please restore back everything and close your security hole. or this game will die soon
    They've closed it

  4. #784
    Plane Touched BioSector's Avatar
    Join Date
    Feb 2011
    Posts
    271

    Default

    Me thinks it is time to lock this thread with a recap. People are not reading and posting misleading reports of being "hacked" and demanding a fix that is already in place.

  5. #785
    Soulwalker
    Join Date
    Mar 2011
    Posts
    3

    Default

    I agree. I dont have problems with my account so far and I hope I dont
    In general this is a big issue and if my account is hacked I will stop playing this game. Of course if my items are returned I don't mind.

  6. #786
    Rift Disciple ManWitDaPlan's Avatar
    Join Date
    Feb 2011
    Posts
    114

    Default

    Quote Originally Posted by Ojiisan View Post
    I am very upset: I got coin locked this AM, so I check my email and sure enough there was a email, about the Coin lock. However the whole thing was blank!! It just had the Rift Logo with a blue background as a "letterhead". Below it was a dark red and black page that had the link to the website at the bottom of it. Other then that there was nothing on the page. I check the website and could not find any instructions on what to do, like it ingame message said. I was stomped.

    Finally after trying to find some support on the matter. I was about to cancel my account, when I derided to email Tron about, since there is no billing or support, phone number to call. So I high lighted the email, to show there was nothing there. Low and behold there was the text of the email, hidden by the Black and red background. Even then then I had to past it into my notepad to be able to read it.

    If this is Trons Idea of communication and support for their service, I am not sure I want to keep my account. They could have give clear instructions on what to do if you could read the email. Or better yet send email to to it's customers in plain black and white.
    Someone already suggested that CL mails not be sent as HTML only.

  7. #787
    Rift Disciple
    Join Date
    Feb 2011
    Posts
    107

    Default

    Quote Originally Posted by ManWitDaPlan View Post
    Someone already suggested that CL mails not be sent as HTML only.
    All the emails they send should have a non-html version. They should at least add the option into the account management, to pick HTML or non-html.

  8. #788
    Soulwalker
    Join Date
    Mar 2011
    Posts
    15

    Default

    Nice work on finding the loophole ManWitDaPlan and the_real_seebs and excellent response time from Trion regarding the fix implementation.

    Now can you do something about your email getting flagged as junk all the time?

    Thus far I've whitelisted the domains I know about, these being trionworlds.com, riftgame.com, mailwc.custhelp.com and trionworlds.custhelp.com but as yet I've received nothing, not even the Trion Worlds account verification. I can only whitelist at mailbox rather than server level so can only assume that they've been blocked higher up.

    At present I can't get the coin lock removed from my account as I'm not getting the verification code and with the way my ISP seems to reassign a WAN address based on any number of random factors I can see my account being coin locked rather a lot (I believe I'm on the 4th external IP address in 3 days) and as they have a range of over 640,000 in one DHCP pool alone that's rather a lot of addresses to whitelist!

    I can't log in to my Trion Worlds account as I've never received the activation email and the only place I can sign on to is the forum. Is there a workaround for this at present or is it simply a case of hurry up and wait?
    There is, indeed, a light at the end of the tunnel. It's either a nuclear explosion or a sociopath with a flamethrower - either way you're truly hosed.

  9. #789
    Soulwalker
    Join Date
    Jan 2011
    Posts
    2

    Default

    been playing since beta...

    Coin lock came into effect this morning..
    Received no emails.
    checked account and all looks good
    Logged ticket with trion and GM's

    No replies..

    discovered support not active on weekends

    Absolutely disgusted to put it mildly

    Why oh why introduce a patch on a weekend with no support...
    Prior responses to this topic are correct... This will kill the game...

    I've paid good money and now have my account in game curtailed
    and the only reason i can think is because i have a non static IP....

    Not good enough Trion
    Last edited by daves@f2s.com; 03-19-2011 at 06:19 AM.

  10. #790
    Plane Touched BioSector's Avatar
    Join Date
    Feb 2011
    Posts
    271

    Default

    Quote Originally Posted by daves@f2s.com View Post
    been playing since beta...

    Coin lock came into effect this morning..
    Received no emails.
    checked account and all looks good
    Logged ticket with trion and GM's

    No replies..
    Check your spam filters. Also, please tell me the account name you used here is not the email address you use for the game.... If it is, /facepalm

  11. #791
    Soulwalker
    Join Date
    Mar 2011
    Posts
    5

    Default

    Quote Originally Posted by Asukra View Post
    They've closed it
    Probably they've closed, but my items and my money are vanished and it is impossible to keep play at any level higher than 10 with nothing. The only way is to delete main char and start a new one... for what? for seeing eventually in a week being hacked again?

    I'm too upset. and I don't care if this doesn't care to other thread readers. I want GMs read my petition and put things back.

  12. #792
    Soulwalker
    Join Date
    Mar 2011
    Posts
    2

    Default what ever....

    Me thinks it is time to lock this thread with a recap. People are not reading and posting misleading reports of being "hacked" and demanding a fix that is already in place.
    I guess you are totally out of sync with reality, locking a thread just means another will get created because not everyone is in agreement with the "coin lock" theory, I have been playing MMO's since before they were called MMO's, back then we called them MUD's, I wouldn't expect someone who is giving that type of response to know what a MUD is either.

    Bottom line, fine if they have some fix, but a coin lock does not stop an account hack, if someone gets hacked they should deal with it properly, there are more problems with the game kicking people out randomly during battles than they do with hacks, why not concentrate on the random kicking of people from the game instead of some 'possible hack' attempting?

    And the weekend support for a multi-million dollar investment, or lack of weekend support is pathetic, why not come back with a smart comment like "lock this thread because people should not play on weekends, they should know that there is no support, so get a life and get out of the game, yes please lock the thread"
    Last edited by zumwaltwood; 03-19-2011 at 06:45 AM.

  13. #793
    Plane Touched
    Join Date
    Feb 2011
    Posts
    282

    Default

    Quote Originally Posted by ManWitDaPlan View Post
    The exploit was centered around a hitherto-undetected bug in the code intended to prevent it. Such bugs are tough to spot - the threat model would have said 'put code here that does this' but the code for that was already present, only not working properly. When Trion was alerted to the exploit it revealed the bug the exploit was exploiting, and it was off to the races to fix it.

    So, all things considered, calling it "pure incompetence and neglect" may be being a tad too harsh.





    Yep, security is fickle, finicky, and as we all saw, unforgiving of mistakes and omissions, no matter the size and scope.





    Indeed, and I agree. Prior to probably Thursday the 10th of March, if you were hacked the standard reasons applied - you probably had malware or were reusing credentials that were compromised from somewhere else (e.g., using a WoW user/pass that a hacker lifted a couple years ago). When the exploit came into the picture the hacking went from a minor annoyance to a potential destroyer of product integrity. Now that it's fixed, we can go back to the normal root causes of account hacking: weak or reused credentials or malware.





    Hahahahaha, and you trained Al Gore before he invented the intarwebs, don't forget that part.





    Trion is apparently pretty long on staffers who play games, and their moves show a propensity toward doing things a gamer would do if given the authority and ability. For example, some people like Paypal - poof, Paypal as a payment option. And since others like game cards (which are godsends if you don't have a bank account, for example), poof, game card payment option.

    As long as Trion maintains this they're gonna have to do something catastrophic to lose their fans.





    Last night, one of my guildmates said "I bet there's some really pi$$ed-off people in China right now..." It's always amusing to watch the logs once you close the door on an exploit - if you add logging to the exploit fix you can see who was using it when they retry post-fix.






    Normally, when a game account is hacked it's because someone did something dumb. This was an unusual situation, and some folks can't switch gears when the situation deviates from their expectations. Even software developers can fall prey to tunnel vision and false assumptions, which is how some security holes come into being. Trion was already testing their systems in an effort to find the attack vector being used to mess with accounts, so when I jumped into the fray with a little piece of info on what I found, it was like thirty devs and IT guys and gals all slowly turned toward the offending chunk of program code with that evil gleam in their eyes, before leaping upon it like a hungry tiger. Or a bunch of hungry devs and IT people, which is just about the same thing.

    Of course, Trion will most assuredly be crawling through several code segments searching for other exploitable problems, and for now we can go back to assuming that getting hacked means you did something dumb.
    I would call it neglect...considering that I saw one person posting about this exploit a couple of weeks ago. They also said that they reported the issue back in beta. You know what happened? Trion deleted the guys posts. COngrats to you for finally getting them to do something about it.

  14. #794
    Soulwalker
    Join Date
    Jan 2011
    Posts
    2

    Default

    wondered how long the email name comment would take.. ;-)

    Nope its purely a junk mail title...

    Done all the standard stuff checked emails etc even back to my host.
    No i have to believe that the policy in place is if you have a rotating WAN IP
    non static, you are automatically blocked..

    Never been hacked in my life

    The simple policy of a varied non standard aplha/numeric with characters chucked
    in for good luck policy has worked well for me...

    ahh well lifes too short...

    Time to go enjoy a good bevy...

  15. #795
    Plane Touched BioSector's Avatar
    Join Date
    Feb 2011
    Posts
    271

    Default

    Quote Originally Posted by zumwaltwood View Post
    I guess you are totally out of sync with reality, locking a thread just means another will get created because not everyone is in agreement with the "coin lock" theory, I have been playing MMO's since before they were called MMO's, back then we called them MUD's, I wouldn't expect someone who is giving that type of response to know what a MUD is either.

    Bottom line, fine if they have some fix, but a coin lock does not stop an account hack, if someone gets hacked they should deal with it properly, there are more problems with the game kicking people out randomly during battles than they do with hacks, why not concentrate on the random kicking of people from the game instead of some 'possible hack' attempting?
    Yes I played MUDs too. Hell, I ran a BBS. Am I old enough to be your friend now?

    In any case, the fix I'm talking about is not the coin lock....

    An exploit that allowed a malicious logon to a random account without authentication has been fixed. If people get compromised by a phishing scam or by having the same password here as on other sites, etc they can still be "hacked" and they will get taken care of by Trion.

    My point was people are posting in this thread complaining about something that has already been patched without reading the thread.

Closed Thread
Page 53 of 82 FirstFirst ... 3 43 49 50 51 52 53 54 55 56 57 63 ... LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts