Proposed solution: A GUI grid where you can add/remove serials from.its a good idea
a problem that can be solved with additional account access protection mechanisms.
anyways, I have a question, what if I am using random computers to be in touch with forums 24/7 ? I mean I aam very active .. I use to open forums from different computers. is it possible to add soemthing liek "Security Code" when we log in via another computer? or we can get a confirmation code .. will be sent to our e-mail(If we're using one) and we'll copy it from our e-mail.As long as you don't use the same password you use in game for forum, there's nothing harmful can happen to you
its a good idea but, if our computer breaks, as I mentioned above, Is it possible to make it so that we have to confirm teh new computer via our E-Mail..?
its a good idea but, if our computer breaks, as I mentioned above, Is it possible to make it so that we have to confirm teh new computer via our E-Mail..?
A guy PMed me with "can you explain this post to me <link>" I opened the link and found a "replica" of our forum but I'm logged off, and you need to log in to be able to see wbat he's talking about and he fooled more than 10 players in that day
Evetually he got banned on forum because I reported'em to Kaka
Then maybe all these accounts being hacked is just a sign of player stupidity because:
1. People should know to check the URL when something like that happens.
2. People shouldn't use the same password for different things.
Though if this is true and most accounts are 'phished' (http://en.wikipedia.org/wiki/Phishing) then it means that a secondary question / password would be solve the problem unless players were truly stupid and also told the 'hacker' the secondary password.
If this would become real, will it be mandatory ?
Though if this is true and most accounts are 'phished' (http://en.wikipedia.org/wiki/Phishing) then it means that a secondary question / password would be solve the problem unless players were truly stupid and also told the 'hacker' the secondary password.
No.
But still if people get phished they'll probably lose more than their MTA account, for example their e-mail password.
Text..
Long time ago, a guy posted a link in shoutbox, saying "If you want free drugs, go here" idk how many people got trapped but I didn't open it, maybe some hackers knows that how to fool someone. Newb hackers (I think) use links thingy, like sending a link to a guy saying check this or any trap and because of what, they gets the password by scripting/programming the system etc.
guys there a little buggy things hackers where using and it is when you login to CIT and save your login any one can hack you from that PC by entering mta sa > mods > resources > CITaccount > and he will find your registered account so be carefull :D
guys there a little buggy things hackers where using and it is when you login to CIT and save your login any one can hack you from that PC by entering mta sa > mods > resources > CITaccount > and he will find your registered account so be carefull :DNot really a "hack" but pretty well used by account thiefs I suppose, why not encrypt that file using some kind of smart algorithm like acorp which uses binary math to modify each single byte in the password string and salt it with somethnig that is constant and uniq like the serial. That would also prevent thiefs from copying the file into another computer, I assume that you already got a feature with password reset based on email. Another solution would be to force harder passwords using pregmatch to force capital letters numbers etc. since most people just use simple ones like "12346" or "password" etc..
My friends acc hacked what he will do ?http://cit2.net/index.php?topic=66413.msg662348#msg662348 (http://cit2.net/index.php?topic=66413.msg662348#msg662348)
Well, that is one of the huge problems a server could face. Those steps given above are awesome to prevent it but I also came up with a new idea.
What I was thinking lately is that why not having PIN codes for accounts? You will be asked to give a PIN code while registering an Ingame account and there, you will be warned strictly that you cant change the PIN code once you have it.
For this, people will have one and only one PIN code added either in your account data by setAccountData or into a new database. So when you lost your password, you gotta click "Forgot password" in login window and it will ask for your current e-mail and as well as your account PIN code. If both things are correct and matching the database/account data, you will be asked for new password.
In my opinion, this PIN code system is better and the serial protection is also great. Here, few questions arise:
What if I forgot my PIN code?
- Thats your fault but if you prove it that you are NOT a hacker, you can inform Lx+ staff to change your code by /changepin account newPin command.
If we can only set it on the time of registering, what about existing accounts?
- On player login, if database/account data returns false value, player will be asked for PIN code, window will appear saying "Your account doesnt have any PIN code yet, to proceed playing, enter any PIN code two times." And here players will be strictly warned aswell that you cannot change your PIN code.
What if a hacker contacts a staff to change my PIN?
- For this purpose, if someone asks to change his PIN, staffs will inform them that I will change PIN after 7 days. So if real owner logs in in these days, he will see that his account hacked and he will easily recover it by PIN code.
If the PIN system is not going to work, then the serial system is great option, I just gave my input.