Someone periodically is trying to figure out passwords to EM accounts. Just letting people know to change their password to something arbitary and elusive so that they don't get their account screwed with. I contacted the mods on suspects and mods used to be able to track IP addresses of people who were doing this, but I recieved no response, so I am posting this publically so it gets some attention.
PERMA BAN
12 signed
If the mods can find out the IP address of the user they should just be done with all of this person's accounts and call it a day.
And stop discrediting the fact that I talk over a 10 year period. SO much sh-it has happened on this site, you have NO idea. Like every mod here is so clueless as to the evolution of the site and how we got to where we are now.
You can't even imagine a time when blues were ALLOWED to claim cop or doctor and let the day end and even day 2 end without being reported for gamethrowing. Which is the heart of the reason I was never modded. Yes, villagers shouldn't lie, I get that now, but back then it was up for contention, and even today in some setups we are seeing this make a come back between people who meta each other and no one is reporting it.
The problem is that you all go through so many mods so quickly no one can keep track of them all. Again, WHO the f cares ... I am reporting this now. Start doing something about it. If you can't, just say "without Arcbell or Lucid, we really don't have the power to do anything."
This makes it sound like you spoke to a mod recently and when you were called out on that, you said you talked to past mod teams about it. Well I've been a mod for two years, and I haven't heard anything about it, and if you had said something before then why are you only making this thread now?
oK, well I have told Mods about this off and on for years now. First couple of times was probably before this mod team. Last time at least one of you would have been a mod, but it wasn't one I would have spoken to. Unless it is something that happens when there is some sort of reset that everyone is getting, I think it is just some idiot who likes to screw with people and tries to do a reset on people.
The mods shouldn't feel too attacked here. Just try to do some digging and see if you can find out who is dumb and has no time on their hands.
deletedabout 5 years
I think that it's also silly and inconsistent to assume that banning an IP is the solution against someone who is seriously trying to hack the site.
Proxies and VPNs are the most open resource to access and in all likelihood anyone who is doing this in the first place is utilizing some service like Tor which means that every session is them using a different IP address. Therefore attempting to restrict someone who is interested in hacking through IP restriction is like thinking putting out a single orange safety cone on the street is going to protect you from a homicidal maniac. It's hilariously naive.
deletedabout 5 years
The last method is far more common which is social engineering. A lot of this is facilitated by apps like Skype and Discord in which a hacker can designate a "target" and then use some of the prior methods in order to obtain data from the "target."
If I wanted to obtain information from MafiaGod, but he has too many safeguards like 2-step authorization and the recent implementation of IP associated logins, then it may be better to work around the problem.
This has more to do with mapping who MafiaGod would trust, let's arguably say that's MafiaGoddess who hasn't been active in 6 months. Then I would theoretically start by brute forcing MafiaGoddess's password and then if I'm successful, figuring out how to socially manipulate MafiaGod into gradually feeding me his information himself.
Because this is a time intensive process, I'm not interested in MafiaGod's EM account. I'm interested in his bank account, social security number, and finding ways to open credit cards.
I think it's absurd if someone with the skillset to obtain accounts would waste it on this site when it makes far more sense to target social media sites, email websites, and others in order to justify the time investment.
What if we all deleted our accounts so they cant be screwed with?
deletedabout 5 years
Another method is to use exploits in order to make people click on a link. This is what happened awhile ago on this site when a user hosted benign links that exploited vulnerabilities within java to capture your cookie session. Because cookie sessions at the time were aliased with your EM identity, you would be able to login as people by capturing their cookie session.
This is more of a niche in how sites are designed. EM has patched this AFAIK. But it's not too different from the historical DNS Cache Poisoning Attacks in early 2000 where the structure of how we obtain websites was exploited by hackers to load fake web pages like banks to manipulate users into submitting personal data for the hacker's use.
deletedabout 5 years
@Possess A lot of password acquiring has nothing to do with someone sitting on their butt and trying to figure out passwords.
From what I know, one method is manually trying to crack passwords. These people usually use a cracking tool like John the Ripper to run files of commonly used passwords against usernames and have it run in the background. But often times these people are less interested in niche sites like EM and more interested in obtaining emails from Microsoft or Google.
