RP hack.

123
Comment below rating threshold, click here to show it.

SlackWareWolf

Senior Member

06-03-2011

Quote:
Originally Posted by tachat View Post
What the hell are you talking about... I recently had my account stolen, I had no control of the account for weeks.
OK, I'm gonna do what I can here to see if there's a reason your account was stolen. Now, here are a few things to think about as to how it could happen:

One of the most common ways someone steals an account, is by basic phishing. Phishing is pretty easy to pull off for the most part, as I've seen some INCREDIBLY good looking fake pages. I've seen a few that were designed to look exactly like a Bank's Website, and really, the only way you could tell it was fake, was that it would have something about the Web Address slightly different. Like for example if you use Bank of America, just as an example, the web site would be www.bankofamerlca.com or something like that (The "i" in America was a Lowercase "L") and it looked incredibly well done, but was totally fake. They even took the time to make the Log in look legit.

Another way you can steal someone's account is by impersonation. This is typically called Social Engineering. You pretend to be a staff member of a company, and a lot of the time, people will actually give out personal information they would NOT normally give out.

Also, depending on the Operating System you're using, which, considering you play this game, is most likely a version of Windows, you need to ALWAYS check for Patches. Windows Update isn't the best update tool ever, but it does do the job.

I can't count the number of times I've been asked to do a security audit where almost every machine at the place was totally unpatched. And with Windows, Patches are a pain in the ass. You have to reboot for like every one of them, which is annoying as it is, but also, until Windows 7 came out, Microsoft for some reason thought it was a good idea to had the Administrator account auto-log in with NO Password. That's a huge bad idea.

Do you have a fully patched / updated version of Windows you use? Do you have Anti virus Software installed? Is it too updated? What about Spyware?

Spybot Search and Destroy is a totally free Application you can download and install on your computer that can help protect your machine from a lot of ****. You download the installer, double click on it, and install it like any other program. Once you're done, update it, and then run a scan.

The reason I like Spybot is that it has a function that allows you to lock down Internet Explorer, Firefox, and Opera, where it will automatically block known phishing and Scam Websites, and also block Trojans.

Trojans used to be (Back in the day anyway) Programs that were legit applications someone had installed a Back Door into. Basically, you crack a program, like for example a Demo version of a game, and then you "crack" it and add Code to it that creates a back door.

To the casual observer, it appears to be nothing more than a Demo of a game, or a game in general, or even some other piece of software. And when you install it, it looks the same as it should, but in the back ground, it also installs a back door that alerts whoever cracked the game that you've installed it, giving them not only your IP Address (Which is sort of the a Home Address but for the Computer when you're online) and they can then connect to your Computer over the net, and copy all your Data, destroy it, and whatever they want.

Most people have heard of Netbus these days, and a few other well known back doors, but one of the funny parts, was that it included a screen shot application that would let you take screen shots, open the CD-ROM tray and close it, and basically you can control this thing as though you were sitting in front of the keyboard.

I've seen screen shots taken of a Computer where someone back doored a Computer, turned the Web Cam on, and watched the person over the Internet, and they had no idea someone was using their web cam to do surveillance on them.

Now imagine that someone can see everything on your screen, and can turn your web cam on and watch you, and you are getting dressed, or doing your taxes. They now have your social security number, bank account info, and everything else.

Some of the scary parts, is that this **** normally comes with a button on the display that says "Delete and erase all tracks" and basically, it does simply that; It deletes itself, and erases all the system logs and you never know it was there to begin with.

There's also "fake security" suites. Back when I was the head Computer tech for a company here, I was fixing a customer's laptop one day, and they had installed one of these fake security suites.

These things are incredibly hard to get rid of when the customer does NOT want you to simply format the drive and reinstall Windows. They get their roots into everything on the system, and make it almost impossible to get rid of without some actual work.

I spent like 5 hours scanning this guy's Laptop with a REAL Virus scanner, and REAL Mal Ware Detection programs, and he had around 12,000 Back Doors and Viruses on his machine.

I managed to fix it after a while, but it took a LONG time.

Another problem is fake extensions in Windows. Basically, Windows by default used to hide extensions of known file types. And it would basically look like this:

SomeSongOrVideo.MP3 .exe (A lot of spaces make it where it's hard to detect because Windows treats these spaces as though nothing is there once it uses the "shortcuts" so you wouldn't know that it wasn't a song you were opening, but an executable, which is normally a virus or back door).

Basically, some very simple things you can do to protect yourself and your accounts from people getting them or destroying your reputation, are these:

Always use Windows Update to download and install all security fixes, hot fixes, patches, and whatever else. This way you're not making it so easy for someone to back door your machine.

It used to be back in the day that you had to actually open attachments in an email to get infected. Those days are LONG gone though. Now, simply clicking on a link to go to a website, is all it takes to get infected, and even have stuff installed you don't know about.

Don't use Internet Explorer. Microsoft are VERY bad at security. I'm not bashing Windows, as I don't need to, but Internet Explorer, is a TERRIBLE Web Browser. It's insecure as you can imagine, and basically doesn't even try to stop pop ups or spyware from getting you infected.

And, worse, it's tied into the base of the Operating System. Use basically ANYTHING ELSE.

In my personal opinion, I use Opera. Opera is a free Web Browser, and it's actually very nice. It has some built in security features that can prevent Phishing Web Sites, and it'll actually TRY to block the other issues I've been talking about.

Firefox is also very popular, though it is pretty bloated these days. I used to use Firefox all the time, but I got tired of how slow and bloated it's become.

This is obviously up to you, but in my opinion, I'd say check out Opera.

You can look into Opera more by going here:

http://www.opera.com/

It's a nice browser, it's fast, and it's decent. By the way, if you like Youtube, just remember that Opera doesn't load panels by default, so you have to actually click on a video on youtube to control it. IT seems silly, but it's not.

You should also look at installing Spybot Search and Destroy. It's totally free, and it works!

You can look at Spybot here:

http://www.safer-networking.org/index2.html

Just select your country, and download the installer. Once you have it installed, update it, and then use the control panel in it to lock down your Web Browsers. It'll help. Just remember to close your browser before running it. Also, once you finish, run a FULL system scan. And of course have it delete or lock down any issues it finds.

Between getting Spybot, switching Web Browsers if you haven't already, and keeping Windows updated, you'll have a lot less problems.

Also, if you don't have Anti Virus, or, if you do but you can't pay for another year of updates for it, you can use a well known free Anti Virus software Suite. The one I use on the ONE Windows Machine I have, is AVG.

You can look at AVG and download it here:

http://free.avg.com/us-en/download

Just get the Free version, and download it, and install it. Once you install it, update it, and then do a full system scan. This way you can find **** on your machine.

I personally have used AVG for years because I don't like having to pay a bunch of cash for something I can get free.

Now, with all this stuff installed on your machine, you'll hve a wayyyyyyy better chance of keeping updated and keeping safe online.

Quote:
But when I come back i see this? wtf is going on.. Riot just got my acct back if they knew i was a hacker why dont they ban me?
Well for one thing, a Hacker named Linus Torvalds, wrote a Kernel for an Operating System called "Linux" and Riot uses Linux on their Servers. So Riot has no problem with Hackers, they even use Software written by one.



Quote:
:O just ignore it. it obviously didnt hurt anybody if ur the only one posting about this and u didnt have a credit card. im not a hacker i have my own money i buy my own RP! so leave me alone!!!!
Again, what does having Money have to do with Hackers? I don't get why it is you seem to think Hackers are people who simply break the law.... I REALLY don't get that... I know it isn't your fault, the media has portrayed anyone who breaks into a Computer as a Hacker. Not everyone who breaks a computer is a Hacker. Crackers do it too.

Think of it this way:

Cracker is the term used for people who break into Computers and have the intent to do harm. Similar to Safe Crackers. They have the skills Hackers have but only use it for their own gain.

Hackers on the other hand are actually skilled, and generally are only going to crack system security to either check if an exploit works, or, because they were hired to do so.

There are a lot of TV shows that actually explain this. The Discovery Channel ran a special about Hackers a long time ago that was actually interesting. They had CapnCrunch, Steve Wozniak, and Kevin Mitnick on there.

Steve Wozniak is one of the best Hackers on the planet. Any Hacker would probably have no problem admitting that, as he can not only design and make hardware, he can write the software to make it work. He was also a Phone Phreak for a while.

I used to be really into Phone Phreaking because I thought it was neat that you could control Phones with nothing more than tones. This is legal to an extent. I mean, it's perfectly legal to explore a piece of equipment you own.

Now, now that I've gotten this out of the way, I wanted to thank the one person who stood up for me, even though I don't know who posted every bit of that stuff. The very first reply I made was in fact me. The rest, I don't know.

I am a Hacker, I am one of the good guys, and I don't have some massive ego like that, so I don't know who wrote it. Like I said, I was partying with friends, and it's entirely possible that someone came and used one of my machines to screw around, I don't know.

Now, before I click on "Submit Reply" I'd like to point out that it would be a LOT harder for people to steal your account information, if you weren't using Windows.

There are a multitude of Operating Systems that you can use, and the hardware you have doesn't really matter much:

If you have a Macintosh, Mac OS X is most likely what you have, but you can also get Linux and BSD for that hardware.

If you have a PC, which is a lot more common, you can get Linux, BSD and more for it.

My Wife and I currently have 11 Computers here at our House. We have 2 Laptops, and the rest are Towers. I only have ONE Computer that uses Windows at all. And that is this one. I have ONE Partition running Windows 7, and then the other two Partitions, are for Slackware Linux.

My Laptop is running FreeBSD 8.2-RELEASE, and my FTP Server runs Slackware Linux. My secondary Workstation also runs FreeBSD 8.2-RELEASE, as does my test machine. I also have another one running Debian Linux and FreeBSD too.

I use mainly FreeBSD, Slackware Linux, Debian Linux, and SUSE Linux. I keep Windows 7 around mostly because making LoL work in Linux or BSD is still a pain in the ass, and I have no intention of spending a bunch of time screwing around with it. I play this game for fun, and not to work on everything every day.

That's one reason I'm looking forward to Riot making LoL work on the Mac. Mac OS X is based on multiple things, but some of the very core of it, is based on FreeBSD, which means once they have a version for Mac OS X, it'll be a lot easier to get it working under Unix.

If you do find any of this interesting by the way, you can read more about it by going here:

www.freebsd.org

www.slackware.com

www.debian.org

www.linux.org

And more. There's a bunch if information out there.

Hope it Helps.


Comment below rating threshold, click here to show it.

D1zz1

Senior Member

06-03-2011

Quote:
Originally Posted by SlackWareWolf View Post
I come in here and Opera has a bunch of tabs open, and I have almost no memory.
The last post you made actually kinda makes me believe this. Good info for tachat, and yeah it's pretty likely that his password was compromised. He wouldn't be fighting for his account on the forums if it was a free account made for stealing credit cards. Riot might want to look into it before insta-ban. Dunno if they have a department for looking into issues like this but it shouldn't be too hard to figure out what really happened, assuming no data privacy policies on chatlogs and IPs and such...


Comment below rating threshold, click here to show it.

tachat

Junior Member

06-04-2011

Yeah thanks for the information I read it all. I hope you guys don't hate ME! gonna get some anti-virus stuff now... because i turn my firewall OFF.. when i play LoL becuz it wont let me connect to GAME loading screen f hackersss


Comment below rating threshold, click here to show it.

SlackWareWolf

Senior Member

06-04-2011

Quote:
Originally Posted by tachat View Post
Yeah thanks for the information I read it all. I hope you guys don't hate ME!
What reason is there to Hate you? You made a post that was basically you stating what you thought may have happened, and from there, I was basically trying to get some info about what happened.

Most of the time...Actually almost every time I see someone having a stolen account issue, it's because either they accidentally gave the password to someone without knowing it, or, they have been back doored or some other infection on the machine.

It's actually not very easy to just simply break into a Server. And when it comes to Servers such as the ones Rot has here, the way the game works is that most of the game, is running on Riot's Servers, and very little data is run locally.

Some games are run totally locally, but for LoL, much like WoW, your data Is stored on their Servers except for a few basic things run from your Computer. But the vast majority of Code being executed to play LoL, is actually remote. Riot staff members mentioned this a while back in some thread where someone asked about having a non-online version that could be played when the Servers were down.

The person posting wanted to know if they would ever implement a way for people to play locally. The guy who replied from Riot said that basically, they weren't going to probably ever do it because then, the code for them game starts to be more and more local, and makes it much easier to crack.

I mean just as a quick and not so in depth idea of what it would take to get into a Server that Riot owns, you'd have a LOT of steps to perform. You've got Enumeration, Fingerprinting (Riot runs Linux on their Servers, which is amazing considering that one of the threads I keep going back to is a thread about making LoL work inside WINE for Linux or BSD or some form of Unix.

Well, once you have the version information figured out, and what exactly they are running (Like for example, which Daemons / Services are being run) You then start checking versions of software they use, and of course probably open something like IPTraf up to watch the IPs you're connection is talking to, and then from there single out which ones belong to Riot. From there you now have their IPs, and Operating System info to work with, and from there you can sometimes guess what exploits they'd be vulnerable to. For example; On Linux, you RARELY need to reboot the machine.

Unix, Linux, BSD, they're all part of Unix, and BSD in particular, is one of the most stable systems I've ever ran. My Linux and BSD machines, rarely reboot. The main reason is for Kernel updates and patches. Everything else, doesn't normally need a reboot as it was designed to stay up and running.

Once I know which OS they have and what version of it, I can look over what exploits they are most likely to fall prey to, and try it out. Nmap can be used for a lot of this, but I personally prefer Hping, IPSorcery, and Hydra for cracking Security and piping the output to a text terminal. Of course you can pipe it into a plain text file as well. This way I can add it to my Security Report when I go to get paid. From there, depending on how far I was asked to go, and so on, I write my report about which system were vulnerable and to what.

Anyway sorry about the Length on this first part, but it is a fairly complex job to do. The point is; It takes a lot to break into a Machine and then give yourself RP, as you are breaking the law if you don't have permission.

Most companies will have some form of Administration panel as well, so they can control most functions from that on here. I'm a Moderator for AntiOnline.com, and we use one custom made for us to keep people from getting to crazy on the forums.

Quote:
gonna get some anti-virus stuff now... because i turn my firewall OFF.. when i play LoL becuz it wont let me connect to GAME loading screen f hackersss
Well, getting AV software I think is a great idea if you don't already have some. Or, if you do, and can't pay the costs to keep it up to date (Most companies have NO problem giving you a year or so for free, but once that's up, they want you to start paying just for these updates, and anti virus that has run out of support, is almost worse than none at all. When someone has none at all they tend to be more careful, where an out dated Anti Virii product, is in general giving a false sense of Security).

Like I said, if you want a good free one, look into AVG.


Quote:
The last post you made actually kinda makes me believe this. Good info for tachat, and yeah it's pretty likely that his password was compromised.
Yea, I'm not sure of ths details of the machine he's got, but I'm pretty sure a scan would bring up a few things to say the least. And as for Believing me, I really don't know who would lie about something like that. That would be pretty weird.

Quote:
He wouldn't be fighting for his account on the forums if it was a free account made for stealing credit cards. Riot might want to look into it before insta-ban.
I think they do actually. Or at least I've heard they do. Which means at least in some part, they'll most likely see that his account was being logged into from IP Addys that aren't normally associated with his Account name.

On AntiOnline, I used to have a decent sized Database of known "bad" IPs. Basically IP addresses of users who were known trolls, and then I could ban them before they made ANOTHER post about cheap Viagra or whatever they were selling.



Quote:
Dunno if they have a department for looking into issues like this but it shouldn't be too hard to figure out what really happened, assuming no data privacy policies on chatlogs and IPs and such...
Yea, they should have a panel that comes up to do admin work. The one AntiOnline uses, we can actually do pretty good at making sure no Spammers or Trolls make it through for the most part.

The Forums all have their own Admin Panel, and they actually work really nicely. You can basically pop open the Log in section for the Panel itself, log in, and then search IP addys and account names looking for the trolls.

I don't have enough experience in every forum software on the planet, but as I'd said, the fact that I know exactly which version of Linux they use for the servers here, I'm pretty sure I could find out. Either way, I don't think he should have to pay for someone else's mistake.

If he did nothing wrong and someone guessed his password, or back doored his machine, he shouldn't be taking blame for that.


Comment below rating threshold, click here to show it.

Lightstriker

Adjudicator

06-04-2011

Guys, we're kinda getting off-topic here Probably just be better to migrate this to GD or Off-topic at this point, don'tcha think?


Comment below rating threshold, click here to show it.

SlackWareWolf

Senior Member

06-04-2011

I don't know man, with what I saw happening on the last two pages, this could have gotten ugly fast, and the fact that it didn't turn into some outright flame war, wouldn't it be better to make this into a sticky as an example of how SOME people can actually discuss an issue without flaming?


Comment below rating threshold, click here to show it.

Praethon

Junior Member

06-05-2011

Nobody wants to flame you because it would take a week to read your response :P

EDIT : Oh, and to be productive at the same time, I would never recommend a free antivirus to anyone who respects the integrity of their online accounts as they don't offer active or real-time protection. Good antivirus/antispyware is cheap considering the length of time you get to keep the license and it lets you know real time when unknown processes try to activate themselves. Kinda makes troubleshooting a laughable process when you have to do it a lot less often.


Comment below rating threshold, click here to show it.

SlackWareWolf

Senior Member

06-05-2011

Quote:
Originally Posted by Praethon View Post
Nobody wants to flame you because it would take a week to read your response :P

EDIT : Oh, and to be productive at the same time, I would never recommend a free antivirus to anyone who respects the integrity of their online accounts as they don't offer active or real-time protection. Good antivirus/antispyware is cheap considering the length of time you get to keep the license and it lets you know real time when unknown processes try to activate themselves. Kinda makes troubleshooting a laughable process when you have to do it a lot less often.
AVG offers real time. I've got mine set up much like the default is other than I turned off Automatic updates. I do this mostly because I have it look for updates each day myself, because for some reason, every AV I've ever ran seems to think it's a good idea to look at system start up, which, is a bit of a pain in the ass.

They really should do something about that, I mean back when I had Windows on my Laptop, my AV product would actually try to check for updates when I first booted Windows up (I selected which OS to boot when I turned the thing on, and at the time I had to use Windows for certain classes in College, now that I'm not in college, I formatted the HD, and it now runs FreeBSD) but yea, it was a super pain in the ass if you wanted to try and get to a usable desktop right away because it took a LONG time for all those ****ed updates to run.

It wouldn't be so bad if it wasn't for the fact that if you bought a Laptop, and you don't have the power hooked up because you're in a class room and you need to use it right away, and you turn it on, and then wait for a while because the AV product is trying to run an update, and then you've got the Windows Updates system running at boot up, and Flash....And there's more but I think that's enough to give you an idea of what I mean.

Basically you sit there waiting because the machine is lagging and running super slow all because out of the box, Windows has the Auto Updater turned on by default, so when the machine is up and running, it looks for updates to Windows and Office and some other ****, and while THAT is running, you are also watching the AV software checking for updates, and while both of THOSE are running, Flash is looking for updates, and it just was a huge mess.

I had to sit there shutting them all off one by one, and then it'll complain that you shut it off. Thank God I don't have to use Windows for much anymore.

I have ONE Partition total that has Windows on it. I've got Windows 7 on ONE partition on THIS machine only, and I have everything shut off so I can do it myself. This machine dual boots Windows 7 and Slackware Linux, and the rest of my machines run FreeBSD except one, which is the very first Computer I ever bought, and the only reason that isn't running FreeBSD, is that I use it as my FTP Server.

So that box is running Slackware too, and I just installed some more HDs, and some other storage stuff so I have a lot of space to work with since I generally use that in a way where I can basically upload ALL the Data I need protected to that machine.

It's a lot better than back before that where I had to basically back up every machine by hand. This way, I open up an FTP client, upload all my stuff to my Server, then go on my Laptop, do the same, then go too the other 7 or so machines here and continue uploading. From there I can burn a CD of back ups too, or just use my External HD.


123