Southperry.net
Any recent hacked accounts from Southperry users? - Printable Version

+- Southperry.net (https://www.southperry.net)
+-- Forum: Maplestory (https://www.southperry.net/forumdisplay.php?fid=15)
+--- Forum: Maplestory Discussion (https://www.southperry.net/forumdisplay.php?fid=31)
+--- Thread: Any recent hacked accounts from Southperry users? (/showthread.php?tid=20977)



Any recent hacked accounts from Southperry users? - god - 2010-01-16

i don't believe nexon would store passwords as plain md5. a multimillion dollar gaming company isn't that stupid...


Any recent hacked accounts from Southperry users? - Eos - 2010-01-16

god Wrote:i don't believe nexon would store passwords as plain md5. a multimillion dollar gaming company isn't that stupid...

And yet the leak of the BMS database proves otherwise.


Any recent hacked accounts from Southperry users? - TLX - 2010-01-16

If someone has a list of MD5's, I don't think they would use rednoize, gdta, etc. It doesn't seem like these sites have an option to actively crack passwords, but only store a database of cracked ones.

They could be using a program with rainbow tables to crack passwords themselves : http://www.codinghorror.com/blog/archives/000949.html

"It can crack the password "Fgpyyih804423" in 160 seconds."
That was for LD/NT, but there are tables for MD5 also: http://project-rainbowcrack.com/buy.htm

One MD5 table in this $300 package has 96.8% of all alphanumeric combinations up to 9 characters long.

However, MD5 takes quite a while to crack. If you change your password often (before they crack your old one), and use long passwords(extend the time it takes to crack), it may be possible to stay secure.


Any recent hacked accounts from Southperry users? - Eos - 2010-01-16

TLX Wrote:If someone has a list of MD5's, I don't think they would use rednoize, gdta, etc.

I stated there are multiple ways to do it, this is just a test to see how many of those who were hacked would've even required brute forcing or rainbow tables.


Any recent hacked accounts from Southperry users? - TLX - 2010-01-16

Eosian Wrote:I stated there are multiple ways to do it, this is just a test to see how many of those who were hacked would've even required brute forcing or rainbow tables.

Yeah, it would deinately be easier to steal an account that had the decoded pass listed online, but people shouldn't think they are safe just because they aren't on the list.

Also, would it be a bad idea to test potential passwords on these sites? Many of these sites say that they do not actively crack, but who knows what they do with their log of "not found" hashes? Because some sites like this: http://passcracking.com/index.php will actually add the hashes to a queue of what to crack next.

But am I right in thinking that using long, random passwords, and changing them often would greatly reduce the chance of getting your hash cracked?


Any recent hacked accounts from Southperry users? - Eos - 2010-01-16

TLX Wrote:But am I right in thinking that using long, random passwords, and changing them often would greatly reduce the chance of getting your hash cracked?

Only assuming the hackings going on right now even use the pass/pin and aren't a direct login bypassing all info.


Any recent hacked accounts from Southperry users? - shouri - 2010-01-16

To TLX: That only holds true if they're actually actively trying to target you and only you specifically. Because then they'd have to restart their work each time.


Any recent hacked accounts from Southperry users? - LadyGaga - 2010-01-17

Is it 100% safe to type in my password onto that hash-thing-or-w/e?
Either way, i did it for my main and hash not found. But, my mules account (holds nothing but lmpq scrolls...) had hash found. o.o


Any recent hacked accounts from Southperry users? - Eos - 2010-01-17

LadyGaga Wrote:Is it 100% safe to type in my password onto that hash-thing-or-w/e?

All it's doing is converting your password in to the hash it would be seen as elsewhere. It has no way to identify where you've used that password or what account name it would be associated with.


Any recent hacked accounts from Southperry users? - LadyGaga - 2010-01-17

Oh and the reason why i think my mule's pw was found on rednoize was cause i typed it onto rednoize first, LOL. So yeah, it's "leaked" or w/e but i don't have anything on it. Brb checking if i had any good igns stored onto that account, lol. Oh, and good thing i didn't do rednoize first for my main's account!


Any recent hacked accounts from Southperry users? - god - 2010-01-17

bms was using a less updated version of ms. im sure global at least salts their passwords. if not 14 year old kiddies are programing maple story...


Any recent hacked accounts from Southperry users? - Jellyflower - 2010-01-17

When you're converting your passwords into hashes, make sure you're generating the hashes on your own computer, meaning you're not calling upon a function on the website providing the service. Javascript-ran program is ideal, only if you know the source is 'trustworthy' and is not storing your inquiry somewhere. Bottom line is, make your password full-length (10 characters), combined lower case, upper case and symbols. (Yes, they allow you to use *,^,%,' and such) Checking your hash is good because it shows if "weak passwords" are correlated to the takeover of accounts. Weak in the sense that it can be easily matched up or reversed looked up in this case, not just the illegibility of the segment itself. If you still get hacked after this, then I'm sorry, something else is broken. MD5 is practically broken already, it's just that new standards have not yet been set and found. So sit tight, and keep a close eye on the whole issue.


Any recent hacked accounts from Southperry users? - IllegallySane - 2010-01-17

Jellyflower Wrote:When you're converting your passwords into hashes, make sure you're generating the hashes on your own computer, meaning you're not calling upon a function on the website providing the service. Javascript-ran program is ideal, only if you know the source is 'trustworthy' and is not storing your inquiry somewhere.

What do you mean by this? Disconnect your internet and just test it from there, delete internet files afterwards?


Any recent hacked accounts from Southperry users? - PervyMat - 2010-01-17

I got hacked like uh 3 weeks ago lost about 5b in stuff, 300m pure mesos, 30k nx or so, plus all my mules in the same account were stripped. The untradable stuff didn't get dropped, I still have my mon, targar helmet, etc. When i checked the nx transaction logs i saw the hacker bought something in mts and karmas for some clean witch belts i had. I sent a few tickets to nexon just complaining, not asking to get my stuff back since thats obviously impossible, they got closed right away without an answer. I scanned my computer and found some trojan attached to maplestory.exe, i don't know how i got it, i don't remember receiving files from anyone or going on any site the day i got hacked and my antivirus scans on a daily basis, , i don't use the accounts email for anything since it was my rl best friend's who played ms and quit ages ago she doesn't even use that email anymore (hotmail) and doesn't have it registered anywhere. The password was a combination of letters, ._,;:? and numbers lol. I checked the email to see if there was any pin reset request but there was nothing so either it got cracked or they deleted the email permanently. I changed my password and i could rebuild but the hacking keeps going on and nexon isn't doing anything to fix it so what's the point if i might get hacked again. Sorry to everyone that lost way more than me this sucks lol.


Any recent hacked accounts from Southperry users? - buddypine - 2010-01-17

My wife got hacked today, they dropped her reverse weapon (why!?!) and scissored her zhelm, bought a slimy liquid for 60K NX, stripped all mesos and her godlies, cleaned out KoC and Aran too. I am staying logged on and selling all my items before they get me. That's it Nexon, we're out, I can't play like this.


Any recent hacked accounts from Southperry users? - MissingLink - 2010-01-17

PervyMat Wrote:I scanned my computer and found some trojan attached to maplestory.exe, i don't know how i got it, i don't remember receiving files from anyone or going on any site the day i got hacked and my antivirus scans on a daily basis,

What antivirus software did you use that eventually discovered the trojan that your normal scans failed to find?
I have read that some keyloggers are invisible to most antivirus as well as process explorer and can bypass firewalls by attaching to valid programs.
Does anyone know a sure-fire low-level way to detect keyloggers. Like pressing a key a 100 times and seeing if memory is getting consumed, or file writes occurring that shouldn't be happening, or using router logs somehow?

For the truely paranoid, you can do this, as posted by 'someone' on sw:

"My advise would rather be, if you very want to change password on Nexon site, go and get yourself something like Ubuntu Live CD, reboot into it, then change the password using a browser on the Live CD and make it the first thing you do and then log on to your email account and delete the mail that nexon sent to you with the password on it, and don't visit any other website at all on the same boot session. This way you can be sure that:
1. there was no key logger on the system.
2. there can't be any exploit from other site that would affect you when you log into your Nexon account.
3. If there were exploit that attack windows system sitting on Nexon site(since windows is expected), it would not work."

The Linux image is 690Mb, so its taking a while to download. Like i said, for the paranoid.


Any recent hacked accounts from Southperry users? - Eos - 2010-01-17

MissingLink Wrote:Does anyone know a sure-fire low-level way to detect keyloggers. Like pressing a key a 100 times and seeing if memory is getting consumed, or file writes occurring that shouldn't be happening, or using router logs somehow?

If they're writing to disk they can be found using FileMon in most instances. If they're feeding data to another computer via the internet or permitting someone else to control you TCPView will show them. Otherwise Process Explorer is another good one for determining exactly what is running, and where it's located.

http://technet.microsoft.com/en-us/sysinternals/default.aspx


Any recent hacked accounts from Southperry users? - Jellyflower - 2010-01-17

IllegallySane Wrote:What do you mean by this? Disconnect your internet and just test it from there, delete internet files afterwards?

If you have to press something like 'Send', 'Generate' buttons and it redirects you to another (usually a query) page, then it's indirect. Some sites provide javascript programs for you to run so the passwords/hashes are generated on your computer, rather than 3rd party servers that you want to prevent for the sake of security.

The same applies to password generators, if you guys are using them to generate passwords, make sure you alter them in some way. (add in an extra letter here and there, cap/uncap certain letters, add extra symbols) It's hard to assume true randomness when a lot of keys can be logged some way or another. (not talking about keylogging here)


Any recent hacked accounts from Southperry users? - IllegallySane - 2010-01-17

No hash was found for mines on all 3 of the sites your provided Eos, so I can breathe a little easier.

*Well, re-reading the posts here, the last site gave me a ???? which means someone tried to crack that password but failed. So looks like I need to change my password eventually, again.


Any recent hacked accounts from Southperry users? - Cheesecake - 2010-01-17

Okay somethings not right here.
I got my 72 hermit hacked.It was on a separate acc from my main and nothing of great importance was lost. The hacker only took a skanda, a 9luk robe and 7 sets of tobis along with 500k, everything else was left untouched(like my umbrellas, clean snowshoe etc.).....hardly worth the effort of targeting me out specifily for an attack. My character was not in amiora where i had left it, but in fm entrance, wearing a versalmas hat which i hadn't put on. The hacker was just taunting me....

Ran my hermits password hash through rednoize and it wasn't found. It isnt a hard password to crack though, just a series of random numbers i thought of.
also checked my main's hash just in case and it came out fine too.

At this point, im thinking the only thing we can do to be "semi-safe", is to make multiple mule acc's, store a bit of our items/meso's on each, and just wait this pomegranate out on our mains by afking in mts at temple of time (cash shop sometimes times you out)Goggleemoticon