Menu
What's new
RunUO Community

This is a sample guest message. Register a free account today to become a member! Once signed in, you'll be able to participate on this site by adding your own topics and posts, as well as connect with other members through your own private inbox!

RunUO Warfare, hackings and how to stop them.

Ryan

Ryan

RunUO Founder
Staff member
RunUO Warfare, hackings and how to stop them.

Ok, this is going to be a long drawn out post, so bear with me right off the bat.

So here I am minding my own business and I have to start hearing this bullshit about how RunUO is vulnerable to being hacked. "LiGhT" (gotta love that elite spelling) from the Defiance shard, posted this image on January 23, 2004:

Well I found a intresting program today which explains how some people are being hacked.

It's nothing to do with Defiance it's to do with your passwords:

This is what they call brute force hacking when a program tries every login and password possible till they find matches.

I really don't understand how someone has been so bored to make a brute forcer for free shards, let alone the people who use it.

To avoid this happing to you please set a complicated password.
I.E. if your password is Defiance

Try: d3f1anc3

Easier to remember if you know 3 = E , 1 = i
etc.

For example my password is over 6 characters long and is no type of word at all, it's just a alpha numerical password i've taught myself to remember and the chances to guess it are 1 out of millions.

If you value your account please do the same.
Click to expand...


You can read the full text which is both non-stimulating and boring at:

http://defiance.0wnsyou.com/forum/viewtopic.php?t=976

Shortly thereafter the owner of Shardwire decides hes elite and posts this:

RunUO Warfare is a brute force password cracking program designed to crack accounts on UO Free Shards. The one who created it, Robin, has apparently distributed this program to a group of people, who are attempting to hack accounts as I write this article. Two people who are allegedly in possession of RunUO Warfare, and have carried out attacks on other shards, are known as "Mystic" and "m0rtis".

Robin apparently holds a grudge against the UOGamers Shard because Phantom and Asyre are telling people that he can't script, and that he wasn't very influential in the development of UOGamers. Robin was on the RunUO Development staff 11 months ago, which was in charge of the RunUO test shard. However, he was fired for a reason that he believed ludicrous.

After a half-hour conversation in the #RunUO IRC channel, Phantom banned Robin from the chatroom because Robin said that he was leading a group of people who were cracking RunUO Shard accounts. Robin then used a known phpbb exploit to hack the UOGamers Forum and delete all the threads, as well as some member accounts and forum categories. He left a post in the only forum category that was left, "Discuss Robin." The message he left said something to the effect of "This is all because of you, Phantom."

Mortis later entered the #RunUO channel. Phantom confronted him about his alleged hacking, but Mortis flatly denied the claim by Robin that he had been hacking, stating that someone was probably posing as Mortis.

At one point Ryan of RunUO shut down the UOGamers Shard and the servers for UOGamers.com and RunUO.com in order to prevent further hacking by Robin. The forums were restored, but have been reverted to 1/19/04. Expect the shard to be down until about 7 p.m. CST. Ryan has asked that people not ask questions about what happened, as they are very busy right now trying to fix the damage done by Robin.

The RunUO team is planning on ruining the ability of RunUO Warfare to hack passwords with the release of RunUO Beta 37. Until then, however, all RunUO shards that use Beta 36 and previous will be vulnerable to RunUO Warfare. My best advice is to make sure your account password is long enough, such as twelve to sixteen characters long, to make brute force hacking a much more lengthy process.
Click to expand...

Both using the same image and Shardwire calling it RunUO Warfare.

This in fact is NOT RunUO Warfare.

RunUO Warfare was developed by Robin a former member of UO Gamers and is a console based application that is much more involved than the 'ghost application'.

The RunUO Team has both programs, and we also have the source code to RunUO Warfare. We have put measures in place to block this program and its attacks in RunUO's core for the next release.

The bottom line is this.

If you users use the same password on another shard, or use a simple password then they are at fault, not RunUO.

Period. End.
 
You must log in or register to reply here.
Top