I got hacked

General discussion and socializing.

Re: I got hacked

Postby vatas » Sat May 27, 2023 4:52 pm

Kyrex wrote:
vatas wrote:No idea if this is connected and this is basically hearsay, but someone said they lost 4 top-quality treepots and suspected a bug.



How long ago?

It seems not enough people know about the (awesome) security logs that you can check.
On this website, the person can go to:
Code: Select all
Account -> Account Security -> View Security Log

I should've elaborated on the "hearsay" -part, it was just a conversation in realm chat.
The most actively maintained Haven and Hearth Wiki (Not guaranteed to be up-to-date with all w14 changes.)

Basic Claim Safety (And what you’re doing wrong) (I recommend you read it in it's entirety, but TL:;DR: Build a Palisade.)

Combat Guide (Overview, PVE, PVP) (Tells you how to try and escape, and make it less likely to die when caught.)
User avatar
vatas
 
Posts: 4507
Joined: Fri Apr 05, 2013 8:34 am
Location: Suomi Finland Perkele

Re: I got hacked

Postby dor » Sat May 27, 2023 5:08 pm

Kyrex wrote:
From discord:
loftar (via discord) wrote:To be sure, it's not just a random brute-force bot, the site does have protections against that. The attacker just logged straight into the accounts without any password misses.
Or well, there were some accounts where he used the wrong passwords, but on the ones where they did successfully log in, they logged right in.


Suggesting that the credentials that failed had changed passwords since their compromise.

This is generally suggestive of some kind of phishing/scraping.


I'm not on main HnH discord as you said to me once that it doesn't worth it :)

loftar (via discord) wrote:Or well, there were some accounts where he used the wrong passwords


This part kinda proves my hypothesis. But numbers are important here to really prove it. As far as I understood attacker didn't really hide his doings and all attempts was made from one(?) address, so all these failed attempts can be isolated. If majority of attempts was failed - it would mean he still was bruteforcing, but with well prepared base. If majority of attempts are successful - it would be quite concerning. But, on the second thought.. So many variants.. For example, login:pass pairs could already be validated using other place. So it would be possible to say only one thing - if HnH was used as validation for login:pass pair from leaked DB.

Sorry, love that forensics shit, since UO :)
dor
 
Posts: 16
Joined: Sat Jan 21, 2023 7:24 am

Re: I got hacked

Postby svino » Sat May 27, 2023 10:23 pm

The website has had no ssl (by default, i.e 99% of all users who didn't manually install the ssl certificate) for a very long time.

In unencrypted protocols, if you log in, and your user/pass login request jumps through just one bad dns on the way you are basically compromised. Some people make a business of selling this stuff, so It could be that the guy got the information from a database of unencrypted user/pass/website from some unethical site.
User avatar
svino
 
Posts: 294
Joined: Mon Jun 06, 2011 4:09 am

Re: I got hacked

Postby berkys » Sun May 28, 2023 7:12 am

loftar wrote:I've also reset the password on all of these accounts, just in case they all use password123.

How this helps if their email adress is also changed? Sadly you can change email adress with only password, you dont need access to their email to change it (this is common in other sites, so you can get back your account if hacked)
berkys
 
Posts: 2
Joined: Tue Sep 06, 2022 10:18 pm

Re: I got hacked

Postby loftar » Sun May 28, 2023 11:45 am

berkys wrote:How this helps if their email adress is also changed?

Well, the reason I mentioned it there was just so that noone got the idea to try simple passwords on the listed accounts, but since then I've also reset the e-mail addresses of the accounts to what they were prior to being changed.

berkys wrote:Sadly you can change email adress with only password, you dont need access to their email to change it

This is said every time accounts are hacked, but needing access to the previous e-mail account to change the address of an account disables one of the main reasons to change the e-mail address of an account, namely when you've lost access to the previous e-mail account.
"Object-oriented design is the roman numerals of computing." -- Rob Pike
User avatar
loftar
 
Posts: 8926
Joined: Fri Apr 03, 2009 7:05 am

Re: I got hacked

Postby PanListek » Sun May 28, 2023 12:24 pm

Strange things have recently started to happen at our base.
We've lost some of our precious gear, and today when I logged into the game it turned out that we don't have permissions for our claim.
No one has attacked us, the palisade is standing, everything is in top order.
Strange... :geek:
PanListek
 
Posts: 1
Joined: Tue Aug 23, 2022 10:08 pm

Re: I got hacked

Postby berkys » Sun May 28, 2023 4:45 pm

loftar wrote:This is said every time accounts are hacked, but needing access to the previous e-mail account to change the address of an account disables one of the main reasons to change the e-mail address of an account, namely when you've lost access to the previous e-mail account.


Well, if somebody hacks your email so badly you cant get it back, youre dumbass. I use mediocre passwords everywhere knowing I can reset them, but email is really long one with many diff types of characters, and I never store it anywhere... If I lost my email account, I would ask you to change it and expect you to send message to it asking if its allright. If nobody answers, its really lost. Other way I can stop it if somebody pretends loosing email to get access to others accounts...
Curious question - how often is email lost, and how often is game account lost?
berkys
 
Posts: 2
Joined: Tue Sep 06, 2022 10:18 pm

Re: I got hacked

Postby loftar » Sun May 28, 2023 6:40 pm

berkys wrote:Well, if somebody hacks your email so badly you cant get it back, youre dumbass.

It's more about many people using throw-away, temporary, secondary or old e-mail accounts to register other accounts around the Internet (I often do this myself, too), and then if/when the Haven account starts to matter to them, they switch it to their main e-mail account. I see this quite a bit, with transitions from services like Mailinator over to GMail or somesuch.
I'm also pretty sure that it's the normal case for other sites too that you don't need confirmation from the previous e-mail account when switching e-mail addresses. I've never seen that myself, at least.
"Object-oriented design is the roman numerals of computing." -- Rob Pike
User avatar
loftar
 
Posts: 8926
Joined: Fri Apr 03, 2009 7:05 am

Re: I got hacked

Postby Zorander » Sun May 28, 2023 10:19 pm

I don't know if this is related, but when I logged on earlier today, I found that I was missing 6 bars worth of silver nuggets, 2 rock crystals, 2 travellers' sacks, and a merchant's robe and a q300 smithy's hammer. At first I suspected someone had entered my compound through my mine (that problem has been fixed), but there were no scents. Also, there was a pile of gems next to the chest the silver was in that was untouched. The two travelers' sacks were on two different sets of clothes in my wardrobe.
Zorander
 
Posts: 3
Joined: Sun Aug 29, 2021 1:23 am

Re: I got hacked

Postby loftar » Sun May 28, 2023 10:38 pm

PanListek wrote:Strange things have recently started to happen at our base.

Not sure I can tell you what happened, but I can't see any obvious indication that any members of your village (of three members, right?) has been involved in this hack.

Zorander wrote:I don't know if this is related

Your village, on the other hand, has had a Theft spree committed against it, so my bet would be on that.
"Object-oriented design is the roman numerals of computing." -- Rob Pike
User avatar
loftar
 
Posts: 8926
Joined: Fri Apr 03, 2009 7:05 am

PreviousNext

Return to The Inn of Brodgar

Who is online

Users browsing this forum: No registered users and 10 guests