Account Security

[leo172519]

Found this for newcomers,

Account Security and "hacking" problems
Just a little guide to improve security of your account.
Feel free to add important things, but please stay away from
flames and spam-posts, i consider that topic way too serious
for that, hope you agree.

A. Introduction

Bad news first: A hack is a manipulation of FFR whether it be changing your name or changing your lvl etc.
So the solution to this wrong behavior is the "hacker" gets punished. Sad, but true.
The following experiences at FFR should be normal and I hope I don't tell you
any new facts. I consider the points written in "Italic" are the
most important and until now responsible for almost every "hack."

B. Password

1. Never ever tell ANYONE your password
2. Never ever forget Rule No.1
3. Choose a "good" password
4. Don't use your password anywhere else, like in teamspeak, ventrilo, forums, MP, video chat, any profile or private message.
5. You password must not be found in any dictionary
6. Want to check whether your password is good or weak:
http://www.microsoft.com/protect/you...d/checker.mspx

7. Cant find a safe password? Create one here:
http://www.thebitmill.com/tools/password.html

More than 6 out of 10 passwords are weak! Think about it,
then think again and then change your password.
(p.s.: hax0r, pwnage, imyourdaddy are not good passwords, and make sure to keep your name out of it!!)

8. See rule 4.

C. Basic Behavior

1. Don't trust anyone you don't know.
2. No one will ever need your password but you, not even Administrators.
3. Be paranoid.
4. Be more paranoid.
5. Stay away from account-sharing.
6. Don't visit sites with hacks/bots/cheats, all you will get is viruses, trojans and keyloggers!

D. Keylogger

Ok, some evil keyloggers are around, waiting to eat your
account-data. If you think you have a keylogger:

1. Run a virus scanner that is good. If you don't want to, or can't install one, try this:
http://housecall.trendmicro.com/

2. Never accept ANY file-transfer in ICQ, IRC, msn, aim, etc if you don't know the person sending it, or don't know them well.

3. Maybe you can get rid of a keylogger with this :O
http://www.anti-keylogger.net/ - read how to use

E. Summary

As said before, most "I have been hacked" problems are caused
by users that are full of trust to the wrong people and
full of foolishness.
If anyone asks you something about your account data, keep
your mouth shut. If necessary change your password. Make sure you have a good password and a clean computer, not infected with keyloggers. Do whatever you can do
to increase the security of your main account. No matter how much effort
this is, its way less effort to do that than having your account stolen.

If you took all these precautions and your account still got stolen
You can send a PM to: *insert name here* (will get filled in soon :/) with all the details of your account you can remember.
Make sure to include your stolen account name or they can't help you.


This text is originally from Nicolai and copied/pasted from: http://forum.cabalonline.com/showthread.php?t=5176

I only edited it to suit for FFR.

[rzr]

+ 1 for sticky. Well, after grammar edit. Other than that it's good and should be stickied or added to a sticky.

[spinal_compression]

Quote:

Bad news first: 99% of all "hacks" on FFR you saw most likely happen.

Didn't make any sense to me.

Quote:

3. choose a "good" password

Capital C.

Quote:

1. Dont trust anyone you don't know.
2. Noone will ever need your password but you, not even Administrators.

Don't and No one.

Wow. I'm bored. (-_-)

[leo172519]

any others?

[wwwJ4mmYcouk]

Cool, new comers are continuously complaining on Admins walls they have been hacked. No excuses now!

[sumzup]

I've never been hacked...I don't know what's so hard about keeping your account safe. Uh oh, this post may have invited the wrath of evil people. I'd better go change my password.

Edit: There, my password is now unhackable (or at least Microsoft says its caliber is among the best). One really shouldn't choose an easy password for convenience; at least in my case, I probably enter my FFR password once a week or something, due to a computer restart. Otherwise, the "remember my password" cookies do the trick.

[Mans0n]

Quote:

Originally Posted by sumzup

I've never been hacked...I don't know what's so hard about keeping your account safe. Uh oh, this post may have invited the wrath of evil people. I'd better go change my password.

Edit: There, my password is now unhackable (or at least Microsoft says its caliber is among the best). One really shouldn't choose an easy password for convenience; at least in my case, I probably enter my FFR password once a week or something, due to a computer restart. Otherwise, the "remember my password" cookies do the trick.

ORRRR If you have firefox you can just set a master password. And store your passwords for all things, which can only be viewed by having the master passward. So a hacker would have to go through even more trouble to get your account.
Then you will never have to re-enter your password unless it glitches and, and it makes me. But thats not the point.

[link583]

Quote:

Originally Posted by leo172519

3. Maybe you can get rid of a keylogger with this :O

That "maybe" sure makes me feel confident....If you're not sure, do a search on that and list programs people recommend.

Quote:

If you took all these precautions and your account still got stolen[/b]
You can send a PM to: *insert name here* (will get filled in soon :/) with all the details of your account you can remember.
Make sure to include your stolen account name or they can't help you.

The administrators...? And perhaps report suspicious activity that happened as well (if you've been monitoring it)

Quote:

I only edited it to suit for FFR and make it less paranoid.

You should be paranoid about any account you have, whether it's for your credit card or an online game. If it deals with the net, a hacker could lead to serious problems.

[devonin]

I ignore everyone's claims of being hacked because their password was their username with a number on the end or something, already. I certainly don't need there to be a sticky telling them that the password "password" is a bad choice to give me a reason to tell them that they weren't hacked.

The -real- thing people need to remember in terms of actual hacking is that they aren't important and nobody they don't know personally would care to hack them. You know when you can tell the site has actually been -hacked-? When someone does something to Synth and Tass and Jason and MalDON's accounts. No one who doesn't at least have the power to ban people would ever be a target of hackers who actually know how to hack.

[leo172519]

Quote:

Originally Posted by link583

That "maybe" sure makes me feel confident....If you're not sure, do a search on that and list programs people recommend.


The administrators...? And perhaps report suspicious activity that happened as well (if you've been monitoring it)



You should be paranoid about any account you have, whether it's for your credit card or an online game. If it deals with the net, a hacker could lead to serious problems.

That "maybe" is a sarcastic one as I can tell, but i didn't write that.


I just wanted input from anyone who is already doing that job, or someone's name who should be.


by paranoid I just meant putting it into FFR terms, that is all, its gone now just for you :P


also, I just copied and pasted it, if you wanted to see how much I edited it feel free to click the link i provided.

[Nellac]

! I dun wanna get hacked srsly.

[windsurfer-sp]

Doubt this requires more then a sentence to get the point across.

[itmorr]

This is informative and filled with goodness and should go in the FAQ.

[leo172519]

Quote:

Originally Posted by itmorr

This is informative and filled with goodness and should go in the FAQ.

I agree this should be put in the FAQ, with a general question being asked of course...

[MalDON]

Sadly, people will still use 123456 for their password. If you use a weak password, please don't complain about "teh hax"

[rzr]

I'll use that for crap I don't need, like temp accounts or something stupid I make out of the blue.

[devonin]

I think that "Don't pick an easy to guess password" is such a clear and obvious thing across each and every website, program and bank accounton earth that if you've managed to find your way to FFR, and the forum, either you've already learned that "username1" is not a good password, or you will never learn it.

My hotmail account (And thus MSN) has had the same password for 10 years. It has never been guessed, it has never been hacked, and there is no chance I will ever forget what it is.

The password on my university e-mail account used to be 9 character long, 6 letters, 2 numbers and a symbol. No chance anybody would ever get that password short of brute forcing for a -long- time.

[TwilightPrincess]

People underestimate the logic of hackers. They may choose a dumb password and take for granted that people will not guess it, that it's not worth it.

They're wrong.

Hackers will do anything to put others down and whatnot, and the main cause is poor security. Not having a good password is just about the same as writing down the PIN number to your bank account and handing it out at school. It's just plain stupid. Always choose a good password when joining websites that you're not too sure about. But don't worry. I think FFR has only been hacked like... Once in the past year.

Some people may recall that in April, a website called Red Fraction was hacked (I work there muhehe). What was the cause, you ask? One of our admins had a really dumb password. Of course, I can't say what it is, but apparently they used that same, exact password registering for another site. That password was then stolen from that site and used on RF to gain admin access. Let me tell you, the hacker(s) left us in a mess.

So there you have it folks, all it takes is a dumb password to screw everything up for you.

And yes, the story I told you is true.

[devonin]

See, once again, that is NOT HACKING.

[TwilightPrincess]

My mistake, it's not. But the story I told you is.

All this thread is about anyway is keeping your password safe. And i'm sure we all remember what happened when Synth had enough of passwords being reportedly "hacked".

lmao