Be careful what sites you visit. There's an interesting thread (http://www.bluegartrls.com/forum/viewtopic.php?f=2&t=27042&st=0&sk=t&sd=a&start=90) on BG about people who've been getting hacked and all their stuff stolen over the last few weeks.

It looks like FFXIAH either has or did have a banner ad loaded with a trojan that recorded passwords and had a keylogger. If you use IE for FFXIAH I recommend looking for the virus mentioned on page 6 of their thread.

jesus... i had no idea how severe this was... its getting to be pretty widespread and as always, SE refuses to do anything about it, im starting to despise paying a company that has no sense of justice every month, makes me sick

i should be fairly safe, the desktop is really only used for gaming, all web browsing is done on my laptop

Jaerik is one of the FFXIAH admins. Earlier today he explained what has been going on. I can confirm a lot of this as I idle FFXIAH's IRC channel, specifically the attempt to remove RMT-type ads on their site:

http://bendaniel.us/ffxiah-windower-log.txt

Jaerik is one of the FFXIAH admins. Earlier today he explained what has been going on. I can confirm a lot of this as I idle FFXIAH's IRC channel, specifically the attempt to remove RMT-type ads on their site:

http://bendaniel.us/ffxiah-windower-log.txt

I can add a "me too" to this, I was there as well, since I usually idle with FFXIAH's guys on IRC almost everyday, as Yajirobe does also.

http://img502.imageshack.us/img502/3314/nibulaughingmanef3.jpg

ghost in the shell = win.

second greatest anime series ever.

anyone know if BG's hacker guy has made attempts to hack the RMT sites/machines who are stealing these passwords?

A quick update for anyone that isn't keeping up with the current events on BG.

DO NOT VISIT SOMEPAGE ANYMORE.

This is very important, somepage has been infected with malicious javascript which has the ability to install this trojan on your computer without your permission. This code is on the front page, so just don't go there.

I would also suggest checking your computer to see if you have already gotten this trojan. Check for the following files in C:/WINDOWS/system32:
rsbo.exe
kb1ss1p.dll
kb1ss1p.sys
in3.dll

If you have these, then they must be removed immediately. For removal information, go to:
http://bluegartrls.com/forum/viewtopic.php?f=2&t=27226

There have already been several people from our server that were hacked, including my best friend Danyori/Lilpetah. I really don't want to see this happen to anyone else.

Thank you Pyree. I just downloaded AVG free and am doing a scan right now. I used to have McGaffe but with internet not in my name anymore I had no Virus software. I used Somepage yesterday so I am freaking out now. ; ; I plan on scanning my comp with every program I have.

T

ty for that link, downloading avg now, even though I use firefox and never go to somepage or ffxiah, one can never be sure, and it never hurts to be safe.

It's confirmed to be somepage. Someone hacked it (or the owner went rogue) and put in an exploit. You are vulnerable if:

1) you are on windows XP
2) You have a version of realplayer older than last october installed
3) you are using IE6 or IE7 to access somepage

Vista: Immune
No Realplayer: Immune
Firefox: Immune

...to this particular exploit.

It might be good to note that the links on the Dynamis drops pages go to somepage...

It might be good to note that the links on the Dynamis drops pages go to somepage...

at this time there are exactly 134 links to somepage from wiki... thanks for pointing that out.

item links are not a path to vulnerability, not directly.

The exploit is on the front page only.

Somepage hasn't been updated since "Pokemon" came out. I think it's been abadoned. If that is the case then it would be easily hacked as there was no security. Either way I won't be going to that site every again.

T

It's confirmed to be somepage. Someone hacked it (or the owner went rogue) and put in an exploit. You are vulnerable if:

1) you are on windows XP
2) You have a version of realplayer older than last october installed
3) you are using IE6 or IE7 to access somepage

Vista: Immune
No Realplayer: Immune
Firefox: Immune

...to this particular exploit.

Oh my god Aihree. Vista suddenly has something good going for it in the "lets ask you twice if you're sure you want to do something every single time you try to do it" department.:longjaw:

And on a sadder note, if anyone from Sealab remembers Whimsy, I heard that his account was hacked. .he lost all his gear and was transferred to a different server where he now serves as an RMT. . :/

And on a sadder note, if anyone from Sealab remembers Whimsy, I heard that his account was hacked. .he lost all his gear and was transferred to a different server where he now serves as an RMT. . :/

:(!!!

these bastards are like the borg.

Oh my god Aihree. Vista suddenly has something good going for it in the "lets ask you twice if you're sure you want to do something every single time you try to do it" department.:longjaw:

And on a sadder note, if anyone from Sealab remembers Whimsy, I heard that his account was hacked. .he lost all his gear and was transferred to a different server where he now serves as an RMT. . :/

Ugh, that makes me sick. Is there any way to get the character back into Whimsy's possession?

You know I think the RMT are stooping to a new low. I can't believe they would go this far instead of finding real jobs.

T

The hacking seems to be getting out of control. Someone or some group of people are becoming exceedingly greedy.

I've been changing my password about ever 3-4 months, but I also play on PS2 so I really don't have to worry about keyloggers and such on there since I can't view the websites on it.

I'm probably going to look for any of the above things on my laptop, because what's to stop them at just FFXI information? Greed has no end... so I would suggest anyone who uses their personal computer for anything, even if they don't play FFXI on it, to do some check ups on their PC.

This would explain why Amneris suddenly got hacked and transferred to Gilgamesh server. But I got an O kote and Snow Rings out of that deal, so I don't mind it.

As for other people, it's pretty sucky that this is happening. Plus people need to get better protection for their pcs, I'm amazed people still fall for this stupid stuff.

VMware or Virtual PC is an alternative method to protect yourself. I've been using this route for 2 years now. Assuming you have a decent system, you can run another OS on top if your current windows, but you have to have another copy of an operating system or just use Linux. That way you can use your virtual machine as a virus/trojan bait while keeping your system in tact. When your virtual machine dies, just make a new one or restore it if you made a clone of it.

http://www.nephilim-x.com/forum/showthread.php?t=6528&highlight=Virtualization

If you decide to try this out and you need help, let me know. I do this for for desktop level and enterprise level @ Intel.

----------------------------------

Scorpy. Unfortuantly not everyone is computer savy. Plus, the big antivirus programs didn't detect this so I don't know how you mean by people "falling" for this stuff when it's the first thing that happens when people go to the site. Telling everyone to just drop IE and go to firefox is just plain impossible. You also gotta relize that new virus, worms and so forth are written all the time, even govenment offices and corporate offices are hit. For all we know, this forum may have something that we don't know. I chose to do virtualization cause there's only so much these "better" protection can do. So by doing virtualization, i just isolated everything into a virtual machine so that everything bad stays there.

This would explain why Amneris suddenly got hacked and transferred to Gilgamesh server. But I got an O kote and Snow Rings out of that deal, so I don't mind it.

As for other people, it's pretty sucky that this is happening. Plus people need to get better protection for their pcs, I'm amazed people still fall for this stupid stuff.

It's pretty darn near impossible to protect your computer from everything out there, the only real way to do that is to never connect your PC to the internet or network of any kind. Plus everyone uses their computers for something different, and not everyone is going to always be up to date on the latest virus scans and what not.

Falling for stupid stuff as you say is pretty ignorant because you obviously haven't read the threads and are informed about how it's happening. It's not like people are signing up for things and having their accounts hacked, they are just using their normal websites for information as anyone else would and happen to catch the virus because their software doesn't detect it, or is slightly out of date or just plain not updated.

Falling for stupid stuff as you say is pretty ignorant because you obviously haven't read the threads and are informed about how it's happening. It's not like people are signing up for things and having their accounts hacked, they are just using their normal websites for information as anyone else would and happen to catch the virus because their software doesn't detect it, or is slightly out of date or just plain not updated.

You'd think you guys would learn to take my comments with a grain of salt. >.>

that sucks about whimsy, he was a great guy, and i went through cop with him, and i agree with tess, ppl really should feel ashamed of themselves for not actually working

Lol if you want to be *really* safe... download the No Script plugin for firefox. This will pretty much turn off any script on any site, and you have to manually allow each one to run. This is a bit extreme because just about every website has at least some sort of script running to help it do its thing. As a result, this also turns off most ads by default. I've tried it out myself and I think it's pretty cool.

http://crave.cnet.com/8301-1_105-9862135-1.html

IMHO RealPlayer has been malware since 1.0
if you absolutely have to play something encoded with RealMedia, use Real Alternative (http://en.wikipedia.org/wiki/Real_Alternative)

Does this involve anything that is from Real?
Because I have Realarcade that I use from time to time. Mess was telling me about this and said something about my Realarcade and I had just cancelled my account with them like the other day. I just need to know if it's everything that deals with Real or if it's just the Realplayer/movie player things.

RealPlayer 10.5, it claims, "fails to accurately and completely disclose the fact that it installs advertising software on the user's computer." And RealPlayer 11, it claims, "does not disclose the fact that it installs Rhapsody Player Engine software, and fails to remove this software when RealPlayer is uninstalled."

Lukin (HR person for RealNetworks) said the Message Center in 10.5 feeds only news and information, product updates, movies, video clips, and is clearly identified during installation. Lukin disagrees that the content served through the Message Center qualified as advertising.

As for version 11, Lukin said that by virtue of being a full-service media player, RealPlayer needs the Rhapsody ActiveX component because people may want to hear Rhapsody-encoded music clips. He agrees that once RealPlayer is uninstalled, the Rhapsody software should also be uninstalled. Lukin said RealNetworks was looking into making this change in a future release.

In the meantime, StopBadware recommends that users do not install either versions of RealPlayer, "unless the user is comfortable with the software behaviors we identify or until the application is updated to be consistent with the recommendations in this report."


I also use RealAlternative. Well "use" probably isn't accurate because I don't actually view anything with the codec but I do have it installed.