I been hearing more and more of people that got hacked from using this website? Anyone have anything to say about this? Keyloggers or Trogans. How do these work and what can I do to prevent myself from being hacked?
BTW: I am using it mainly when at work when I am using a MAC. At home I have a Intel Based Mac and using bootcamp to play FFXI.
Hacked Accounts?
Hacked Accounts?
I'm assuming that you've been keeping up with the times, and you've already heard about how tens of thousands of normal websites getting hacked with SQL-injection, and search engines got IFRAME injections, right? (If not, well, the government issued a warning about three weeks ago so please go read up.)
It's little surprise that these SQL-injection-hacked websites and the malicious IFRAMEs will attempt to pull "MMO (Lineage1&2/FFXI/WoW/etc.etc.) login data" from you, just like how the malicious IFRAME that was injected into somepage.com late last year did.
And in the world of JP websites, in this recent set of hacks a major free blog-space provider (FC2) was hacked, and tens of thousands of blogs, FFXI or otherwise, got IFRAME-injected.
What this means: a lot of people, just by normal websurfing, and by this I mean visiting websites that have NOTHING to do with FFXI (or any other MMO for that matter) -- for example, reading USA Today online or even keeping your anti-virus happens to be made by TrendMicro and you were updating your virus data (and yes, both of them were victiom to SQL-injection at one point or another), people put themselves at risk for account-hacking without knowing it. And when these users get hacked, since they didn't know that the hacks were placed on ordinary websites, they instantly think, "It's got to be FFXIAH."
Now, on the other hand, there were a few ads that had been compromised via IFRAME injection a couple weeks back -- the admins here at FFXIAH banned that ad about an hour after it showed up, but those that didn't have properly protected computers may have gotten compromised by using FFXIAH during that approximately-one-hour window.
All in all, the prevention methods haven't changed from when somepage.com got hacked:
-- best option: use PS2/PS3/X360 to play FF11 (or use different computers to play FF11 and websurf), and never use the linkshell community site (the latter I say because they have been having too many "technical difficulties" lately -- I'm starting to wonder that hackers are pulling info from there)
-- what you should be doing anyway part 1: keeping your OS, software you use, and all virus/firewall/spyware protection updated (and make sure to scan periodically)
-- what you should be doing anyway part 2: using a web browser that doesn't use the IE engine (Firefox/Opera/etc) and disabling JavaScript/IFRAME/ActiveX for the most part (Firefox users should already be using the NoScript plugin, for example)
-- what you probably should be doing for the time being: checking websites with services like aguse.net(aguse.jp) and Dr.Web before visiting, especially if you don't have JS/IFRAME disabled on your browser
-- what you can also do: invest in IP blockers like PeerGuardian2 and banning IPs that are known to host MMO trojans (or even a majority of cn/kr/tw domains)
So, if you're using FFXIAH only on a Mac, as long as you're not doing that Mac/Win dual boot thing that you can do with OSX and playing FFXI on the same Mac (which I think you aren't, esp. if you're at work!) you should be fine...
It's little surprise that these SQL-injection-hacked websites and the malicious IFRAMEs will attempt to pull "MMO (Lineage1&2/FFXI/WoW/etc.etc.) login data" from you, just like how the malicious IFRAME that was injected into somepage.com late last year did.
And in the world of JP websites, in this recent set of hacks a major free blog-space provider (FC2) was hacked, and tens of thousands of blogs, FFXI or otherwise, got IFRAME-injected.
What this means: a lot of people, just by normal websurfing, and by this I mean visiting websites that have NOTHING to do with FFXI (or any other MMO for that matter) -- for example, reading USA Today online or even keeping your anti-virus happens to be made by TrendMicro and you were updating your virus data (and yes, both of them were victiom to SQL-injection at one point or another), people put themselves at risk for account-hacking without knowing it. And when these users get hacked, since they didn't know that the hacks were placed on ordinary websites, they instantly think, "It's got to be FFXIAH."
Now, on the other hand, there were a few ads that had been compromised via IFRAME injection a couple weeks back -- the admins here at FFXIAH banned that ad about an hour after it showed up, but those that didn't have properly protected computers may have gotten compromised by using FFXIAH during that approximately-one-hour window.
All in all, the prevention methods haven't changed from when somepage.com got hacked:
-- best option: use PS2/PS3/X360 to play FF11 (or use different computers to play FF11 and websurf), and never use the linkshell community site (the latter I say because they have been having too many "technical difficulties" lately -- I'm starting to wonder that hackers are pulling info from there)
-- what you should be doing anyway part 1: keeping your OS, software you use, and all virus/firewall/spyware protection updated (and make sure to scan periodically)
-- what you should be doing anyway part 2: using a web browser that doesn't use the IE engine (Firefox/Opera/etc) and disabling JavaScript/IFRAME/ActiveX for the most part (Firefox users should already be using the NoScript plugin, for example)
-- what you probably should be doing for the time being: checking websites with services like aguse.net(aguse.jp) and Dr.Web before visiting, especially if you don't have JS/IFRAME disabled on your browser
-- what you can also do: invest in IP blockers like PeerGuardian2 and banning IPs that are known to host MMO trojans (or even a majority of cn/kr/tw domains)
So, if you're using FFXIAH only on a Mac, as long as you're not doing that Mac/Win dual boot thing that you can do with OSX and playing FFXI on the same Mac (which I think you aren't, esp. if you're at work!) you should be fine...
You will not get hacked if you are smart. There are a lot of HELP I AM TRAPPED IN 2006 PLEASE SEND A TIME MACHINE people out there that will give out their information to just anybody. Not much more I can say about that really.
[+]
This makes me happy to know that I have been protecting my game well by playing on PS3 an using Mac for all my web stuff. Thanks for all the useful info you posted here.
In general, there's only so much we can say to try and convince people that FFXIAH isn't hacking them.
During the registration process, we make it abundantly clear not to use your real POL username or password to register for the site. We even auto-deny registration from accounts trying to specify a login that too closely resembles the standard POL format. This means that neither we admins, nor any malicious hacker (should they somehow get into our login database), should be able to use the site to get into POL accounts. At worse, they could only tinker with your FFXIAH profile. We don't have access to any data that could potentially jeopardize your POL security in any way.
That having been said, we are a website. We are on the internet. We do serve ads. These ads come from 3rd party agencies and are placed on the site without our direct control. We can block or opt out of certain ads, but only once they're discovered to be malicious, by which time it's usually too late.
This isn't a limitation of FFXIAH.com -- it's how the entire internet works. As Rikapi said above, it's not just FF-related sites like us and Somepage that are vulnerable. Entire 1,000,000+ member blog sites have been hacked in precisely the same way, with the same generic keyloggers. These hackings have not been targeted directly at FF, nor directly at FF sites. Chinese RMT have been making global canvassing of the entire internet, installing hacks that snoop out all MMO-related account data. FF, WoW, Lineage, you name it. They're building an industry around it, which now does nearly $5billion USD in business annually.
Protecting yourself isn't just a matter of staying away from one or two sites anymore, based off word of mouth. And pointing fingers at one or two sites for unknowingly being a conduit for this global campaign is missing the forest for the trees.
During the registration process, we make it abundantly clear not to use your real POL username or password to register for the site. We even auto-deny registration from accounts trying to specify a login that too closely resembles the standard POL format. This means that neither we admins, nor any malicious hacker (should they somehow get into our login database), should be able to use the site to get into POL accounts. At worse, they could only tinker with your FFXIAH profile. We don't have access to any data that could potentially jeopardize your POL security in any way.
That having been said, we are a website. We are on the internet. We do serve ads. These ads come from 3rd party agencies and are placed on the site without our direct control. We can block or opt out of certain ads, but only once they're discovered to be malicious, by which time it's usually too late.
This isn't a limitation of FFXIAH.com -- it's how the entire internet works. As Rikapi said above, it's not just FF-related sites like us and Somepage that are vulnerable. Entire 1,000,000+ member blog sites have been hacked in precisely the same way, with the same generic keyloggers. These hackings have not been targeted directly at FF, nor directly at FF sites. Chinese RMT have been making global canvassing of the entire internet, installing hacks that snoop out all MMO-related account data. FF, WoW, Lineage, you name it. They're building an industry around it, which now does nearly $5billion USD in business annually.
Protecting yourself isn't just a matter of staying away from one or two sites anymore, based off word of mouth. And pointing fingers at one or two sites for unknowingly being a conduit for this global campaign is missing the forest for the trees.
As much as I enjoy the active content that JavaScript and, to a greater extent, AJAX provides, I have to support Rikapi's suggestion to disable Javascript in your browser. [If you insist using IE disabling ActiveX is an absolute MUST]
Working in the web hosting business we get customers coming to us constantly complaining that they get virus warning on their sites, and I can't even imagine how many don't even notice. The problem is that the actual virus never even resides on the same server or network of the site you're visiting, the usual method is to use either JavaScript or an iframe element to load mailicious code unseen. Most commonly it's injected into the back-end database through a known vulnerability in a popular web application, or a poorly validated [often wholly un-validated] form input in a homebrewed app. These methods are virtually impossible to catch on the server via an antivirus program, and once the injection has taken place it's tough to reverse without the proper skills.
The issue at the heart of the matter is that the people running the websites either don't know or care enough to keep their site's software properly secured and/or updated to protect against new forms of attacks and the ones that end up suffering for it are the unsuspecting users of the sites.
I, for one, applaud the team here not only for rolling their own application from scratch, but for being so proactive about maintaining security and protecting their users.
Working in the web hosting business we get customers coming to us constantly complaining that they get virus warning on their sites, and I can't even imagine how many don't even notice. The problem is that the actual virus never even resides on the same server or network of the site you're visiting, the usual method is to use either JavaScript or an iframe element to load mailicious code unseen. Most commonly it's injected into the back-end database through a known vulnerability in a popular web application, or a poorly validated [often wholly un-validated] form input in a homebrewed app. These methods are virtually impossible to catch on the server via an antivirus program, and once the injection has taken place it's tough to reverse without the proper skills.
The issue at the heart of the matter is that the people running the websites either don't know or care enough to keep their site's software properly secured and/or updated to protect against new forms of attacks and the ones that end up suffering for it are the unsuspecting users of the sites.
I, for one, applaud the team here not only for rolling their own application from scratch, but for being so proactive about maintaining security and protecting their users.
Necro Bump Detected!
[1093 days between previous and next post]
{Bump}
Mega Super oldest "Bump" I could find!
Mega Super oldest "Bump" I could find!
[+]
http://www.ffxiah.com/forum/topic/97/ffxi-team-responds-to-hacking-problems-1upcom/
would be 1165 days :P not that I approve
http://www.ffxiah.com/forum/topic/60/facebook-group/#144
1177 days!
http://www.ffxiah.com/forum/topic/21/forum-features
Topic #21 and none exist before that
http://www.ffxiah.com/forum/forum/81/endgame
At the bottom of Page 1 is a 1 year 4 month topic but there are 10 other pages which seemed to be glitched and don't show up :p hidden/lost necros to never be seen again
would be 1165 days :P not that I approve
http://www.ffxiah.com/forum/topic/60/facebook-group/#144
1177 days!
http://www.ffxiah.com/forum/topic/21/forum-features
Topic #21 and none exist before that
http://www.ffxiah.com/forum/forum/81/endgame
At the bottom of Page 1 is a 1 year 4 month topic but there are 10 other pages which seemed to be glitched and don't show up :p hidden/lost necros to never be seen again
Siren.Kalilla said:
http://www.ffxiah.com/forum/topic/97/ffxi-team-responds-to-hacking-problems-1upcom/
would be 1165 days :P not that I approve
would be 1165 days :P not that I approve
Didn't though of chatterbox D: /shame
All FFXI content and images © 2002-2024 SQUARE ENIX CO., LTD. FINAL
FANTASY is a registered trademark of Square Enix Co., Ltd.