A hacking incident again, this time, nothing will be restored.

[lacroix]

Originally posted by old.Tohtori
Ahem. ...
But, can't blame myself for knowing this.

"Well, people will probably hate me for saying this...(just because i'm different in my opinion)... but shit happens. "

Must...go...with...the..bandwagon...

Duuuh....

Well, in all fairness, Tohtori, don't know you and all, but it does seems to me that you generally "like" taking a, say, "controversial" stance ... - so, yep, I am sure you can anticipate all the response you are getting .... Well, might be fun to you and personally I don't mind, but still it's a pretty sad thing that happened here to Loch; I know I am pretty attached to my chars so I would really be majorly upset if I lost them like that - and they are not rr7/LGM or anything like that ...

So, nothing wrong with playing devil's advocate on principle, if that floats your boat, but maybe just a "little" bit of sympathy wouldn't be too much to ask?! Doesn't have to be much, just as a gesture - which won't bring her char back, we all know that, but it might help to know that ppl do care ....

Just my 2 ct's (and I know, not much more worth anyway )

And @Loch: well, I hope they get the jerk that did that and that you will get your chars back from GOA intact and all ...

 

[old.Tohtori]

Originally posted by SoulFly Amarok
diablo2 LoD, hc or not, lvl 9x in one day or two in cows if you know how to play -_-

That's not 48 hours, 2 days of playing, around 24h added together.

in DAoC, 3played days, as in 3x24hours is the minimum time taken for a lvl 50, usually, and you also need a mad pl group.

see the difference?

Yes...and? I said loosing a high level char is never fun but you get used to it. I did. I simply said that it might be possible to not take it so seriously. Now flame that, not some technical things between this game and a game i used as an example.

 

[old.Tohtori]

Originally posted by lacroix


So, nothing wrong with playing devil's advocate on principle, if that floats your boat, but maybe just a "little" bit of sympathy wouldn't be too much to ask?!

I know you didn't try to kill me with that post but still... i don't play devils advocate, i just don't care enough of other people for having that much "sympathy". I don't do "get well soon" cards or posts. If i remember, before this i had one thread...possibly two where people started to flame me for having a different opinion. Three things where i don't agree with every single one. Is that so special? Do people actually always agree here?

 

[lacroix]

Originally posted by old.Tohtori
...
Three things where i don't agree with every single one. Is that so special? Do people actually always agree here?

Hm, I think it's not so much a case of disagreeing, but more on the examples on which you disagree which gave me the impression you like playing devil's advocate ...

Well, thanks for a fair reply though, I appreciate your explanation

/curtsey
V.

 

[old.Tohtori]

Originally posted by lacroix

Well, thanks for a fair reply though, I appreciate your explanation

Welcome. Atleast some people don't call me a twat or a mothersucker for having a different opinion. And yes, i do tend to disagree on things that are considered "risk" material. Ah well, can't please 'em all.

 

[old.Trine Aquavit]

It's a sad, sad old business, and the person who hacked the account is obviously a very, very pathetic, malicious individual.

However, I don't think it's completely fair to be too critical on GOA in this instance. They have a back-up mechanism which will allow them to restore the majority of erroneous character deletions. And they have used it to help a number of players recover their characters.

The obvious issue here seems to be that Loch looks to have shared her account & password. If that's the case she broke her contract with GOA and they don't owe her any sort of extra support.

For techincal reasons, I suspect that a back-up of the character is pretty much out of the question. This is not something you restore an entire server for. They should be able to recreate the char, of course, with cash & RPs, but they are not obliged to.

Personally, I think it would be in GOA's best interest to recreate the account and then put out a warning that they will not do this again, and that anyone sharing accounts should change their in-game passwords. If GOA do do something to help (for PR reasons and to keep an active account) then fair play to them, but they shouldn't be taking flak for the mistakes of others.

 

[Ziva]

Well said Trine. I fully agree with u.

Imho every person violating the CoC by sharing passwords should be lucky to get any form of support from GOA cause they don't owe u anything in that case i think.

However, since we don't know what happened in this case (can't judge based on what others say) and there are probably examples of people that didn't violate the CoC and got hacked anyway i still think redesigning the procedure for deleting would be smart.

And for Tohtori: even though i respect your opinion i can't help but wonder if u post it just to be different or because u really feel that way. If u really feel that way then don't expect sympathy from others if u have something similair cause it works both ways ofcourse...

 

[old.Tohtori]

Originally posted by Ziva

And for Tohtori: even though i respect your opinion i can't help but wonder if u post it just to be different or because u really feel that way. If u really feel that way then don't expect sympathy from others if u have something similair cause it works both ways ofcourse...

Not some attention whore here. If i want someone to look at me i'll post something "Seel" like. I have two personas here(in a way) and when i take a stand in some serious issue i do mean it. Not just posting stuff to laugh my ass off when someone calls me a twat.

I know people are going to flame me, i'd be suprised if someone once said that "Hmm, valid point", and when i post something against the original post, i am sticking a block of C-4 on my chest and giving the detonator to some trigger happy yahoo.

But.. what i don't like is that when i post something, i get called a moron because of a different opinion.

 

[Flimgoblin]

Originally posted by PJS
The solution to these problems is so simple its pathetic.

ONLY MOVE A DELETED CHARACTER TO A BACKUP SLOT IF IT IS OF SUFFICIENT TIME/LEVEL TO WARRANT IT

I dont know say 12 hours /played or lvl 10+ or something.

That way the bastards would have to play the game for a hell of a long time to deliberately zap the backups. During which time the victim will undoubtedly try and log in and they will be discovered and maybe ip traced by GOA or someone.

good plan PJS, very good plan

 

[tieris]

/em yawn...

Seems like Goa's character protection policies are about as much use as a bank with wet paper walls. Can anyone actually give me a valid reason as to why we continue to invest so much money and time into characters which are not properly protected. Loch has invested at a guess a years worth of subscription and time into her chars, yet this seems to mean nothing to goa. This is so beyond a joke, hacking is getting more popular as time goes by. How many people have to lose out before they get their act together.

Ps. I'm guessing Goa dont give out refunds for wasred time and subcription charges either

 

[Tesla Monkor]

I guess I get to play the devil's advocate here for a change.

Loch's situation is very sad, yes. I like her a lot and had good fun shoot her full of arrows in Emain. But that's besides the point.

Read the CoC and EULA. You don't own your character. It might not be in the best public interest to not restore them to their previous state, but GOA doesn't have to if they don't want to.

Loch paid a year for DOAC and got to play a year. Trine's suggestion is interesting as to 'restore her fully and make it a warning to everyone else'.

That would be nice but won't fly, since the next time it happens people will point at that incident and say 'but you did it then, eventhough it was said not to be possible' and the entire circus starts all over again.

People don't just 'get hacked'.

For the record, I really hope that Loch gets re-created.

... but I fear that by making it public like this, you broke your own windows. GOA will not do it, because then they'd open a Pandora's Box for the next time this happens. IMHO you would have been better off keeping it quiet. :/

 

[Jaem]

I don't know if the char un delete thing they say they do exists, for example, I had a lowbie healer about thid level, deleted when I was drunk one night when people were pissing me right off with bossing me to rez and pom, was deleted about 11pm next morning I realise the mistake stupid me did, loved the char.

I sent an email asking for it to be restored if posible about 9am, and the next day after that I had a reply saying there was no backup copy.

My lowbie healer was nothing compared to a 50 being lost.

this kinds of customer support, is disgusting, and they have a cheek to raise their prices for this service.

Leason 1, don't piss off the customers as they'll just walk out the door and leave you with nothing.

 

[old.Tbird]

Whilst I agree this sucks badly and that GOA should help where possible you have to look at this from Kemor's side.

The database and it's limitations for backup come from Mythic, they cannot change the number of slots or how they are backed up.

The character restore tools will no doubt be provided by Mythic, the CSR's possibly having an automated tool GM's/Admins a more advanced one. Whatever the system it will be most likely provided by Mythic, not GOA.

Durgi is spot on about database restores, I can pull back data from months ago but will I do it if asked, only if there is a SIGNIFICANT justifiable need to. Restoring a single record isn't a non-negligible job, to keep our system up i'd need a spare machine with the relevant software installed, i'd have to restore to that machine, find the record and export it. You're talking a couple of hours work for a high level support guy, not one of the peons who answer your Rightnow's, one of the guys who work on keeping the systems running. The biggest problem is where do you draw the line if you do carry out a restore, you cant just tell the level 20 guy 'sorry you're not an uber l33t 10m RP player, you're not getting a restore'.

IMO if the investigation proves genuine hacking GOA should maybe make a gesture of a level 50 char, but even that is fraught with problems. How can they tell the chars spec, this may be a genuine case but what if I see a major class change coming (just like Minstrels) and realise my spec wont allow to to climb walls (etc). Hey i'll get my mate to 'hack' me, GOA to rebuild me with my old RP's and come back with a free repspec/RA respec, so i've lost a few items big deal easily replacable now with SC (and all my quests reset)

Hopefully GOA's records will allow matching of the CD key used to hack into the account and allow the person be dealt with. But while they do this investigation just remember i'm damn sure they'll be checking ALL the CD keys used against this account and if one of them isn't Loch's dont expect any sympathy.

PS to all the people complaining about hackers take a look at your Kaaza directory, one of my guildies did a search on DAOC some months back and found 2 login/pass keys shared to the world in plain text files, hacking is a unfortunate fact of life stupidity isn't.

PPS Yes I AM a BOFH

 

[SoulFly Amarok]

Originally posted by old.Tohtori
Yes...and? I said loosing a high level char is never fun but you get used to it. I did.

In diablo2, not in daoc, according to what you're speaking about.

 

[old.Tbird]

Originally posted by tieris
/em yawn...

Seems like Goa's character protection policies are about as much use as a bank with wet paper walls.

Mythic's policies, try again.

 

[mid_Efour]

Very very bad i remmber when you was smiting me to death at apk long long long time ago.

Hope you get it back, i guess it isnt technically hard to remake a charcter just punch in a few details.

If it was mine id rather know the IP address of the person that did this, cos lets face it its 99% someone u trusted enough to share the game with or another Mirc user. either way its a crime in the UK to do this, infact dosnt it say in the CoC that all charcters belong to GOA? so this person has openly commited a crime against a LTD company and he/she has got away with it.

Play it out and see what they do, and others on this board dont rise to to swearing and stuff, dont flame ANTHING Kemor is saying, hes doing the best he can, character back up system is naff? dont blame GOA blame mythic, GOA are just a bunch of translaters.

This is like a testcase Trial if they do this for one person then they will have to do it for all.

moral of the story dont tell anyone U/P and get a firewall

 

[ashitaka]

Re: A hacking incident again, this time, character restoration issues..

Firstly, I'm very sorry for you, Loch, and I hope things sort out for your good in the end.

Secondly, and this goes for everyone that is on IRC: GET YOURSELF A BOUNCER!!
This hides your IP (you adress will be e.g. ashitaka@i.have.a.vhost.com) and thus making it nearly impossible to find your IP adress and then target you with whatever hack-tools.

Third,

Originally posted by SoulFly Amarok
Not to mention, that you should've implemented a "safer" way for character deletion, by, for example: you have to type y e s, then you must enter a secret character deletion password, which is given to you after you've made your account.

the thought is good, but on the other hand it would most likely not make any difference, as my guess is Loch stored all her PW's in a document on her computer, or else the hacker would not have got access to her account right? So if there was some kind of password like this, she most likely have had that stored along with the others.

Conclusion, talk to your local ISP and ask for a shell-account and how to set up a bouncer and you'll be extremely much safer from hacks. (Given you don't download and patch some trojans on your computer).

 

[old.Tohtori]

Originally posted by SoulFly Amarok
In diablo2, not in daoc, according to what you're speaking about.

Got used to losing chars in diablo, now in DAoC i don't have the slightest of problem emptying my account and starting fresh or even change realms. I've changed realms in the past, just to try it all and i have deleted quite a bunch of characters.

If -i- lost a char in DAoC -i- would start a new.

That is my point, simple and clear.

 

[Damini]

Ok, now might be a good time to link to Cadire's PC Protection thread which will give some tips on how to safeguard your PC.

Also, can we please remember that Kemor has been kind enough to answer twice on this issue, and shooting the messenger can prove counter productive (especially if you want them to come back!). I understand people being irate, hell, I'd be very upset myself, but if we can try to stay the civil side of pitch forks, flaming torches and gathered villagers baying for blood, it would be nice

Loch, very sorry to hear about your characters



Edit:// And Toto, you have to understand, you are so far from the norm that when you wave to the norm you're very small and on the horizon. The majority of people would, at the very least, say words that would make your gran gasp.

 

[klavrynd]

So much yapping about security...

First off all, you cannot expect everyone to be the computer wizz some you you/us are.

Some people just click every file they see, don't patch software (including OS) with security problems, etc.

"Get a firewall" .
You should know that a firewall takes quite some configuring and that a badly configured firewall does as much as no firewall, nothing. Have you ever tried one of those out-of-the-box firewall things like black ice or whatever all those things are called? They're about as effective as a catflap in an elephants house.

As for the bouncer thing. 99% of the isp's do not give out shell accounts (lower the percentage if you're not talking about free ones) , and it leaves you with the same problem. Alot of people dont know what to do if they see only see a black screen saying $

and for the record, there are ways to get the "real" host address even though people are using a bnc

there i go , going offtopic again :/

 

[ashitaka]

Originally posted by Tesla Monkor
Don't hand out your password/account, get a decent firewall and don't run stuff that can contain trojans. Problem solved. ;P

That is utter bollocks, and you know it :|

Originally posted by Tesla Monkor
People don't just 'get hacked'.

That is utter bollocks, and you know it :|


Breaking through a firewall is not impossible, and for those who know how to do it, I'm sure its easy as pie. And if someone with that knowledge had a grudge against Loch, and found her IP, she'd be better off pulling out her internetcable.

*Nothing* is bulletproof, but the safest you can get is to hide your ip, like I stated in my previous post.

Originally posted by klavrynd
So much yapping about security...

First off all, you cannot expect everyone to be the computer wizz some you you/us are.

You don't have to be a computerwiz to set up a bouncer, just follow a tutorial blindly and you'll be fine. Here's one I used, I knew absolutely nothing about linux, shell accounts, bouncers and such, just read this short and easy tutorial and I managed just fine.
PsyBNC tutorial

I strongly suggest that everyone take a look at this. Infact, I'm begging you to.

 

[old.Tbird]

Originally posted by klavrynd
First off all, you cannot expect everyone to be the computer wizz some you you/us are.

If you buy a house but dont bother to work out how the locks work who's fault is it if you get burgled. Same applies to PC's, thousands of people buy ADSL without looking into the implications of it.

"Get a firewall" .
You should know that a firewall takes quite some configuring and that a badly configured firewall does as much as no firewall, nothing. Have you ever tried one of those out-of-the-box firewall things like black ice or whatever all those things are called? They're about as effective as a catflap in an elephants house.

Get Zonealarm, free download for personal use, out of the box everything is blocked. Then followed by simple do you want to let X access the net questions.

 

[Brannor McThife]

Etz, if I didn't know better, I'd say you were posting that first note from inside GOA.

Well said, and a LOT of facts.

Now everyone, go read what he wrote again.

-G

PS. Etz, you cnut.

 

[fatgit]

Even if there are no backups of loch's cleric, take a look at the bloody XML PLEASE

You can see from that alone what lochs char had level/RP wise a few weeks ago, it doesn't take much to say "OK, recreate a char with the same name, and we will add the experience, armourcraft and RP's to it".
OK, loch loses the cash & items, but as a guild we will help kit loch out.
We KNOW that Zargar/Kemor have commands to add experience to level people, because it was done on gorre a number of times.

At the very least, please restore lochs level, Armourcraft and RPs.

All this talk about firewalls & trojans and taking care, I got hit by a trojan a couple of weeks ago.
I run a virus scan, I have a linux firewall, I use a bouncer. Where did I get the trojan ? A well known companies demo download from THEIR servers.
I only knew I had a virus because I noticed some strange crashes and crc errors shortly after.
Why didn't my virus checker pick it up ? It was an hour before the scheduled check for updated virus patterns, and the virus was a new variant, and wasn't detected in the virus pattern I had.
Over 7,000 files were infected in under an hour, and the virus basically checked for ANY open ports.

Luckily, no connections were made, and I was able to get rid of this particularly nasty virus, but had I not noticed the errors immediately, someone could have had access to my system.

Would be an excellent show of faith from GOA to restore loch, even if only partially.

 

[Uriron]

awfull to have happened to anyone, i was just thinking how much time i have invested in this game and how upset and furious i would be to lose it all.

Commiserations Loch i hope goa have the decency to sort something out for you.

worrying thing is this isn't the first time this has happened and won't be the last unless goa either make character deletions more secure or they have a backup system

On the issue of security why dont they have someting like the website password change security where they send you an e-mail where you have to click a secure link that is e-mailed to you to authorise the character deletion? yes it will delay your ability to create a new char straight away but i'm sure we would suffer a 1 day / 1 week delay in order to keep our chars safe from this sort of attack.

as for a backup system this should be funded from the increase in subs they are asking us to pay.

in a rush so sorry for bad speling and sorry if this is a repeat of someone elses post, i only read the first page of posts.

 

[old.Tbird]

Originally posted by Uriron
worrying thing is this isn't the first time this has happened and won't be the last unless goa either make character deletions more secure or they have a backup system

On the issue of security why dont they have someting like the website password change security where they send you an e-mail where you have to click a secure link that is e-mailed to you to authorise the character deletion? yes it will delay your ability to create a new char straight away but i'm sure we would suffer a 1 day / 1 week delay in order to keep our chars safe from this sort of attack.

as for a backup system this should be funded from the increase in subs they are asking us to pay.

Sorry to pick on your quote for this but can we just clarify a point to all here, GOA will have NO ability to change the core code relating to backups/deletions. They will have a 'EULA' from Mythic stating what they can and cannot do with the RENTED server software. Take a look at last weeks news, they are trying to get the source code for the XML to remake their own Chronicles (so far with no success), they will have zero chance of modifying the backup system to their own specs. And god forbid if Mythic did give them dispensation to change the code, supplier support for bespoke code will be less than zero.

BTW Brannor yes i'm a cnut it's my job, what's your reason for being a gimp

 

[darzil]

Yup, Trojans are dangerous. It's why I leave my anti virus running and trying to update every half hour or so. Causes a few link deaths occasionally, but means that I'm better protected.

On the backup front, as an IT person, there's always a point where you have to consider the ease vs. the reward and risk. For most systems, we just back up the database. If it gets corrupted, we roll the whole lot back, and everyone loses all their work. For critical stuff, we have ways to recover that work, but it takes longer (like say, 4 hours downtime for all users to recover 4 hours of transactions). For stuff like email we take the extra 14 hours to back up the data for each individual mailbox, rather than have to only be able to restore the whole email server or nothing.

It sounds as if the tools are only there to restore the whole database, but that the whole database also has four backup slots to store your last four characters deleted, so that you can restore them without restoring from a backup tape or drive, which is MUCH faster. If you don't have the tools to back up or restore individual records of the database (which can be the case - depends on the database engine - determined in this case by Mythic), then you'd have to restore an entire server in order to recover the data. You'd then have to export and import this data (if possible, again determined by Mythic) into the live system. As someone said, this is a fair amount of work to put into it, and may not even be possible (I'd estimate, knowing nothing about the detailed situation, 4 hours at £50/hour (rate not rate of pay - but what 4 hours of that person's time would typically return to the company) - £200 - 3 year's subscription cost!). Which is why they'd cut corners by creating a character with no equipment, and use rules of thumb to cut down the cost to a couple of quid.

However, working out what happened is far more important to them. They have to try to work out how this occurred, as if they are being hacked by a malicious hacker, this could cost them a huge amount in lost revenue, as people leave the game, should this happen to a significant degree. I'd happily bet that the issue for GOA at the moment is how was the account hacked, not how can we put the character back. If they knew fairly quickly, they may still have the logs to find out. (Assuming they don't keep log files too long, as these frequently get huge, and as they do, reduce database server performance dramatically.)

All IMHO, of course.

 

[Brannor McThife]

Originally posted by old.Tbird
...what's your reason for being a gimp

I have a TROLL. A TROLL that's a WARRIOR.



-G

 

[Addlcove]

Originally posted by old.Tbird
BTW Brannor yes i'm a cnut it's my job, what's your reason for being a gimp

he likes it

 

[Hulbur]

Originally posted by kemor
Evening folks,

This case is still being investigated so I will keep this short. Just wanted to clarify a couple things:
1. 4 out 5 different and played characters were restored. Loch seemed to be the first deleted and as you know, we keep backups for the last 4.
2. This case was not treated lightly and is still under investigation as said above. While I can understand the intense frustration of the player, I also notice that the tones between the emails Loch and I exchanged today and this post are quite different...
3. If you guys want to spam my mailbox, please do so using [SPAM] as subject, will save me some time to actually focus on important cases, such as this one.
4. On such a touchy case, I find it a bit unfair to post false information and would appreciate, on a personal and professional level, if the post contained truth collected from Loch directly, at least.


K, signing off.

Good job Kemor, I didn't think anyone from GOA would actually dare to respond to this thread, so :great:

You single handedly just made me like GOA just a little bit more.

My relentionship with GOA is still in the red, but it got bumped up a notch.

And to whom ever did this - Well SCREW YO!

And Lochlyessa, even though its all just a game and such, I couldnt imagine the rage and fustration you must feel. I sympathise with you and hope your realm and online friends will help you back on your feet.

All the best.