Please clear your blacklist!

Quote:

---

Originally Posted by Xunin

This community would be so much better if people would stop calling each other stupid, dumb, retard et.c. Not everybody spends enough time at the computer to know exactly what precautions need to be made to not get scammed.

---

If it sounds too good to be true, it probably is. It also doesn't hurt to look up at your URL bar from time to time either.

Quote:

---

Originally Posted by Alkoun

-snip-
I prefer to see a message from SE saying "we've banned" or "we've recovered X amount of RMT accounts" before I clear my list. I'm sorry, but please wait a little longer!

---

STF does post regular RMT ban statistics. Find it in game under [System menu]>[Support]>[News]>[Notices?] "Regarding RMT Advertisements" . Also available on Lodestone under "News, "Notices", "Regarding RMT Advertisements."

Quote:

---

09/12/2013 11:32 PM
Regarding RMT Advertisements (Sep. 12)
Having confirmed in-game advertisements for RMT* sites, we have taken the following actions to address this issue.

*RMT (Real Money Trade) is selling account or game data with actual currency in the real world.

[Period]
Sep. 5, 2013 to Sep. 10, 2013 (PDT)

- Accounts receiving disciplinary action for RMT advertisement: 828 accounts
- Action Details: Permanent ban from FINAL FANTASY XIV

In addition to chat filters, we will continue to address RMT activity through cooperation with our GM teams and STF (Special Task Force). When you see an RMT advertisement, please file a report by using the in-game command [System Menu] -> [Support Desk] -> [Contact Us] -> [Report Cheating].

---

The only thing I might be guilty of was having a weak password, although it was 8 letters with one capital and two numbers so I thought it was fairly secure. I will admit that I was using the same password for my email, facebook etc because having multiple passwords can be a huge pain. I since changed that.

I play on PS3, and surf the forums from work(which is a huge company and the internet is pretty tight so I doubt I got a virus on my work computer) and I still got hacked.

I have no clue how they got my info, I never bought gil, I never visited any weird sites, and all my email comes through my iphone and I never click links in my email. The only possibility I can think of is when the playstation network got hacked a couple years ago they had my info although I am pretty sure I changed my password since then.

Anyhow if you dont want to clear your blacklist thats fine, but lets be honest.. its not because you are worried about getting spammed by those names because you can almost guarantee all those names have been banned, its just because you want to be an elitist jerk.

Quote:

---

Originally Posted by Ryios

See, if you have a keylogger on your PC, you did something wrong to get it there.

Windows isn't magical, a hacker can't just run something on your PC. You have to let it run, or tell it to run.

---

This is a bit of a myth and a straight up misunderstanding of how computer exploits and security work. There are many many exploits to let someone run something on your system without your giving explicit permission. From scripting, to buffer overflows, to web browser leaks. Even in the very recent past there have been many simple exploits where adobe flash allowed for malicious code to bypass browsers. There are web exploits found all the time, and it is perfectly possible you can get hacked by a zero-day exploit just by clicking the very first result from an innocuous google search, and not know about it for weeks or months.

There is a reason that there are always new security patches to every operating system on a regular basis, and they are rarely released immediately after the exploit is discovered. In fact usually they are patches to previously known exploits, meaning people may already have been compromised due to the exploit, before any system updates, or virus definition updates occur to block it.

Hacked accounts are not a cut and dry "it is always your fault", or even usually that simple. Most security is a never ending fight to anticipate the existence of exploits you haven't actually discovered yourself yet.

This is not to say "nobody who got hacked is at fault". But it is to say that to assume they are always at fault is simply incorrect. If you are connected to the internet you are at risk. It doesn't matter how many layers of protection you have setup, how up to date your antivirus, how locked down your firewall. All it takes is one exploit.

So please, be considerate. Realize not everyone is at fault, and that maybe if they aren't prepared, it is because they don't know as much as you. Don't berate others who don't have the same knowledge as you, instead educate them. It will go a long way to improving the forums, and the game in general.

Quote:

---

Originally Posted by Spoolx

I will admit that I was using the same password for my email, facebook etc because having multiple passwords can be a huge pain. I since changed that.
<...>
all my email comes through my iphone and I never click links in my email.

---

In my own experience with family and friends, your phone itself is the most likely culprit. Any account you use on your phone has an even higher likelihood of being hacked then on your pc, because phone exploits are really profitable. So many people have personal information, phone numbers, contacts, passwords, bank account information, all on the phone, so it is almost always worth the effort to find a way to bypass the security. I have known many people who had their facebook hacked from their iphone, because they walked through a public area (eg airport) with wifi enabled. Wifi + facebook exploit, now they have your password for everything.

So my suggestions: never use open wifi; never use the same password for any account (especially the ones you access from your phone); and use the iphone security token. (Make absolutely sure you keep the emergency recovery key and in more than one location though.)

Also: don't let the attitudes or assumptions of others drag you down to their level. :)

Quote:

---

Originally Posted by Demlix

Most of these exploits want bank account info, or email accounts to hijack and spread mass emails. What are the chances that these are looking for an SE account so they can login to FFXIV ARR and sell Gil? Probably only going to pick one up going to a sketchy Gil buying site, or some other sketchy FFXIV ARR third party site.

---

Nope. Actually this also is a misunderstanding of this black market industry (yes industry). You assume it is one person doing the hacking for a specific purpose. But in fact, people who hack information, often hack it for the purpose of selling it.

Usernames and passwords are very lucrative, if not as much as money. People like the gil sellers don't do the hacking themselves usually, they buy the information from someone else who is selling it not just to them, but to those who are likely to use it for other purposes such as hacking your e-mail to send spam, or trying to get into your bank account, etc. I.e. the hacking of a game account is just one way the hacked information is likely to be used. If you get hacked, you should be clamping down on everything, because chances are very slim it was "just a gil seller" and that they only hacked this game.

What I think they should do is offer a name change for a small fee.

Quote:

---

Originally Posted by Spoolx

its just because you want to be an elitist jerk.

---

because that's a great way to get people to UN blist you /eye roll.

also, you have an iPhone and DON'T have a security token? That's just asking for it.

Quote:

---

Originally Posted by Spoolx

Lots of us were banned for RMT spam because our accounts were hacked, eventually we will be back online. My request is that you frequently clear your blacklist, especially if the name is a normal name and not just a jumble of characters.
There is no point keeping these names on your blacklist because they all get banned quick so you shouldn't see that name ever spam again.

---

Considering you most likely compromised your account in some way by downloading a bot or buying gil, I will not be unblacklisting people even if they're not really the ones spamming RMT. With the free software version of the one-time password for iOS and Android, there is no excuse for getting your account hacked.

Some 30,000 accounts were stolen on launch day of GW2. Over there, the Devs discovered how it happened within days. It came to light that about a month or so before launch, one of the fansites with a forum was hacked, and had its database stolen.

Everyone who used the same username or email and password on that fansite as they did for the game - got hacked on launch day... By the end of the first weekend, that was about 30,000. You can be sure the hackers didn't take them all right away though - and the problem persisted for a few months.

They put in tokens, forced password changes, and so on - and only after all of that did things recover.

There are a LOT more fansites for FFXIV than for that other game. Partly because these forums are capped at so few posts, the fansites are still popular.


I've seen a few posts in this thread already from people who say "I don't click on weird stuff, I don't download weird stuff, my password is complex, I have anti-virus, and I don't have a keylogger."
- All of that means nothing.

The only safeguards are to use a unique account name, unique email, and unique password - AND get a security token, either the physical one, or the smartphone one.

The hackers don't hack you... they hack weak points on the internet. forums, fansites... maybe facebook (no idea and it'd never admit it if true), and so on. Anytime they get access to a new database, they use bots to try out the accounts all over the net - and then I supposed report back where it worked. That then gets stored away for later.

If its too many passwords to remember, write them down on paper and store it all somewhere safe in the house. If people break into your home and get that - your MMO game account will be the least of your worries.
.

I clear normal sounding names a week later or so, but any names that are Dghthght Hfgghghg or the like stays.

Quote:

---

Originally Posted by Spoolx

The only thing I might be guilty of was having a weak password, although it was 8 letters with one capital and two numbers so I thought it was fairly secure. I will admit that I was using the same password for my email, facebook etc because having multiple passwords can be a huge pain. I since changed that.

---

Well there's your problem, another site you use has been hacked and they got your pass that way.

A key vault is a good solution in this day and age, they can exist as mobile apps, or the stronger more effective ones can run on your PC. They allow you to create and store unique passwords in a secure database on your machine or phone and keep them altogether. I use KeePass on my desktop for example, which generates a totally random password for each site and then stores it where i only need click copy-> paste to retrieve the password. (A word to the wise, make sure your e-mail password is both unique and memorable in case you lose your vault and need reset your passwords)

passwords like those generated by KeePass tend to be near impossible to type manually let alone memorise, so where manual typing is required like on your PS3, you could use a key vault app on your mobile, and create shorter more memorable passwords but still store them on the device so each site remains unique and you have easy access to them.

Quote:

---

Originally Posted by Rivienne

There are web exploits found all the time, and it is perfectly possible you can get hacked by a zero-day exploit just by clicking the very first result from an innocuous google search, and not know about it for weeks or months.

---

Most of these exploits want bank account info, or email accounts to hijack and spread mass emails. What are the chances that these are looking for an SE account so they can login to FFXIV ARR and sell Gil? Probably only going to pick one up going to a sketchy Gil buying site, or some other sketchy FFXIV ARR third party site.

Quote:

---

Originally Posted by Demlix

Most of these exploits want bank account info, or email accounts to hijack and spread mass emails. What are the chances that these are looking for an SE account so they can login to FFXIV ARR and sell Gil? Probably only going to pick one up going to a sketchy Gil buying site, or some other sketchy FFXIV ARR third party site.

---

You'd be surprised.

I havn't seen it for FF14 yet, but I get fake e-mails purporting to be arenanet trying to get me to hand over my GW2 log in information on a weekly basis

Ya, really didn't think about this, but you are definitely right. As the hacked accounts get returned to their rightful owners, it becomes important to actually unblock them.

No, sorry. If you are dumb enough to get "hacked" you aren't worth my time.

I will never get "hacked" because I am not a retard. Strong passwords, not using the same one multiple places, and not going to questionable websites, works well for me.

Quote:

---

Originally Posted by Animation

I was typing out a reply about how people get hacked but I'm not going to bother. I'm currently lodestoning people with normal names and if there account seems somewhat decent then I'll unblacklist it.
Getting hacked is pretty pathetic in this time and age, I mean security on stuff is so high the only thing I can think of is a) Virus from downloading bots or buying gold or b) Very, very weak password.

---

Or emails/fansites/cell phones being hacked due to those sites being breached. Do you think that hackers will stop refining their tactics, specially when there is money involved? They have all incentive in the world to try to find weaknesses at sites that do not have sufficient economic means or motivation to oppose the attempts properly.

I've never been hacked, but regardless I decided to use a physical token, because I know that hacks evolve and "poor" sites may not be able to pay enough to protect themselves from advanced attacks.

Quote:

---

Originally Posted by Pandemonium

You (and many others) seem to forget phishing and how rife that is.

You can't blame people for being gullible and falling for a phishing scam, then following the dodgy links and entering crucial information. These people are clearly legit players, if a little on the dim witted side - they don't all deserve to be written off as "RMT/Botting scum - you deserve my /blist!"

---

Still, they should have taken precautions before it ever happened. Then at least in the event they were careless with their information its not the end of the world.

There's no excuse not to have a software token now.

Incompatible/no phone? Can't get physical token in your country? Learn how to make the app work on your computer http://forum.square-enix.com/ffxiv/t...Android-iPhone

"But I don't understand this techspeak!"

Then learn it. If you have time to play, you have time to learn. What's the better option, taking 20 minutes out of your playtime to learn how to protect your account or being locked out for weeks because it was compromised?

My point is that someone that takes all the security precautions possible is astronomically less likely to get hacked. And if you get hacked because you didn't you have no one to blame but yourself.

I'm aware certain exploits can be found, but Windows User Access Control will prevent a ton of that too. Also ExecuteDisable bit in the bios being set prevents buffer overflow attacks in the kernel address space, meaning it will blue screen before it let's it work.

Quote:

---

Originally Posted by Ryios

My point is that someone that takes all the security precautions possible is astronomically less likely to get hacked. And if you get hacked because you didn't you have no one to blame but yourself.

I'm aware certain exploits can be found, but Windows User Access Control will prevent a ton of that too. Also ExecuteDisable bit in the bios being set prevents buffer overflow attacks in the kernel address space, meaning it will blue screen before it let's it work.

---

My counterpoint is simply that you shouldn't be blanket assuming that someone is at fault for being hacked, nor claiming there is no excuse for not being prepared.

Most people who use the internet are only peripherally (if at all!) aware of what is involved in internet security. Not being prepared for something you don't understand is hardly something you should blanket insulted for, as seems to be the case whenever this topic comes up. For example, bios settings? You really expect someone to know how to change their bios just by virtue of being online and playing a game? That is flabbergasting to me. The truth is few people who use computers, be it for video games or the internet, or anything else, know anything about that level of computer security. It is just a machine to them. It works, or it doesn't. When it doesn't, they get someone to help them out, or they go online to try and find a solution. If they find out, it is usually after the fact, rarely before.

I know far to many people who are ignorant of the internet, yet use it on a daily basis, to be comfortable with this kind of blanket assumption of fault. It is too close to the "you only have yourself to blame for walking down that street", especially when you have never been told by anyone that (or why) you shouldn't.

I'm antisocial and dislike people, despite playing an MMO. You can bet your sweet bippy my blacklist is going to stay full. And when the world is empty and desolate, echoes of joy long forgotten amidst debris and destruction... only then will I gleefully jump into puddles without fear of judgment from the sapients of Eorzea.

Come to think of it, I might feel charitable and clear one person off of my blacklist today just to see how quickly I add them again.

In all my years of gaming online, chatting, emailing or social networking I have only been hacked once! That was due to my friend yelling out the password which was a phrase that we both used in game around hundreds of users. The person who hijacked them then went through his friend list looking for alternate characters of his using the same password. I changed it and he learned not to be so ignorant and it's never happened again. I seriously don't understand how people get hacked. It doesn't take much to make something up that isn't easy to guess. I have to agree with others. It's either because they went to a gold buying or power leveling site and got jacked at the front door. OR they created and account using the same password that they use for the game. Either way it's your bad and don't be too surprised if people don't respond to you once you get your account back.

Blacklist only has 200 spaces I already used 150, eventually I will have to clear some out to make room for new rmt spam I don't want to see.

If it hasn't been said yet, what if I put you on there for a reason and forgot why ~ gil seller or not!

You just want everyone to remove you from their blacklists...lawl :)

I'm coming up with a system for my self to deal with the black list, (at 20 so far, 19 RTM spam, 1 is an actual annoying person). After a week or two i'll be clearing the normal named people out, If they start messaging me again, back on the black list they go. If they are the hulk smash keyboard names, they stay until they say deleted. Of course i'm always going to keep the real person on there, no mercy on them. :P

As i've looked at my black list online, even some of the people with real names are level 1 bots.

But i have black listed legit players too, as some of them have classes up. So i'll be looking though my black list online to tell who's a real player who got hacked, and who isn't a real player.

I would clear my 75 person blist but none are legit - theyre all characters with one lvl 1 class with 50 exp. Which pretty much means theyve never played it outside that 1st quest when u first make char. I did delete one person that had some 50s and other levels but thats only potentially legit acct there. So 74 remain

Quote:

---

Originally Posted by Spoolx

Lots of us were banned for RMT spam because our accounts were hacked

---

Why would i want to have interaction with a player who allowed their account to be overtaken when there were countermeasures available?
I am sorry to inform you that if you lost your account because you were not taking proper care of it, i do not want to interact with you, mainly because i do not want to accidentally interact with your character the next time your account is "hacked" and risk losing company chest, gil or items. Additionally, it is my opinion that most of the "hacked" gil-shouts are actually accounts that purchased powerlevelling services.
It would be different if your account was actually hacked and your one time password was compromised or removed and your password also compromised. However, i am unaware of that happening in any cases in FFXIV. We have had one time passcodes for about four years now, they are ridiculously cheap to procure.

Quote:

---

Originally Posted by Taika

Yes, I'm very sorry for making mistakes when writing in foreign language, and that sure makes me intellectually challenged. :)

---

That's not what does it, it's only one facet of the larger overall problem.


I'm smart enough not to post in Spanish because I know that I have not fully mastered it...stick to what you know or get better at it.

Regardless, the blacklist stays, since you are on my server I'll /blist add you too!

Nice try RMT drone. We'll clear our blacklist, and be filled with spam again, and we'll have to spend an hour to reban half that list. I'm not falling for it >O

Quote:

---

Originally Posted by Spoolx

especially if the name is a normal name and not just a jumble of characters.

---

My main reason for not doing this is because(and i could be wrong) I believe this game has a name generator based off of the naming conventions of that race. So RMT don't actually have to have asdlasdflkj as their name. It can be a completely valid name w/o being an authentic player.

ITT: People who think that just because they don't click one link on a random site, that they are immune to hacks. Thus, acting all high and mighty.

How clueless some people are. I have no doubt that 99% of you got hacked once and you don't even know it. Lawl.

Quote:

---

Originally Posted by Jeckyl_Tesla

ITT: People who think that just because they don't click one link on a random site, that they are immune to hacks. Thus, acting all high and mighty.

How clueless some people are. I have no doubt that 99% of you got hacked once and you don't even know it. Lawl.

---

It is amazing how clueless people are, oversimplifying multi-faceted issues, using hyperbole, random statistical numbers, a tone of condescension and a ultra-original meme "laugh" as a finisher.

Did I miss anything?

Quote:

---

Originally Posted by Demlix

Considering you most likely compromised your account in some way by downloading a bot or buying gil, I will not be unblacklisting people even if they're not really the ones spamming RMT. With the free software version of the one-time password for iOS and Android, there is no excuse for getting your account hacked.

---

Not everyone has a smartphone, just so you know.

Quote:

---

Originally Posted by Spoolx

I was using the same password for my email, facebook etc because having multiple passwords can be a huge pain.

I play on PS3, and surf the forums from work(which is a huge company and the internet is pretty tight so I doubt I got a virus on my work computer) and I still got hacked.

all my email comes through my iphone.

you want to be an elitist jerk.

---

I left the parts of what you said that are likely responsible... if you are telling the truth.

Facebook, FACEBOOK??? you really use the same password for bookface as you use for your online gaming? AND it's the same password as your email? the same email i assume you use for your SE account???

here's a tip, do not use facebook on any computer that you do anything you do not want compromised. do not use facebook with any password or email address you do not want compromised. better yet, do not use facebook.

You sure sound like an elitist jerk to me, you casual elitist casual. do you see how i can throw around meaningless names too?

a secure password looks more like this: bwLH41ctKE½☻☺§█ and uses an RSA token

When the blacklist reads (Deleted), then they get removed. Until then, the names remain. While I've blacklisted my fair share of Yaskjdhfaa Lohklsuiren or Abbaskyyds Ghoiuhaslkeu, I've also blacklisted a fair share of twits that I have zero interest in seeing take up a single pixel on my monitor again.

I'm sorry that you got hacked and that as a result that you got blacklisted but there's sadly not a whole lot that can be done about it.

Quote:

---

Originally Posted by Huginn

a secure password looks more like this: bwLH41ctKE½☻☺§█

---

I think you need to read this comic: http://xkcd.com/936/

Quote:

---

Originally Posted by RyuujinZERO

If someone was dumb enough to get hacked in the first place, do they have anything to say worth my time?

/elitist jerk mode :B

---

guess who just ended up on my blacklist :]

Only 2 people on my blacklist at the moment..

Every day I delete the ones from the last couple days. Hasn't caused any issues or repeats.. yet..

So no worries from me, even though we are on different servers.

Quote:

---

Originally Posted by Rivienne

Quote:

---

Originally Posted by Ryios

See, if you have a keylogger on your PC, you did something wrong to get it there.

Windows isn't magical, a hacker can't just run something on your PC. You have to let it run, or tell it to run.

---

This is a bit of a myth and a straight up misunderstanding of how computer exploits and security work. There are many many exploits to let someone run something on your system without your giving explicit permission. From scripting, to buffer overflows, to web browser leaks. Even in the very recent past there have been many simple exploits where adobe flash allowed for malicious code to bypass browsers. There are web exploits found all the time, and it is perfectly possible you can get hacked by a zero-day exploit just by clicking the very first result from an innocuous google search, and not know about it for weeks or months.

There is a reason that there are always new security patches to every operating system on a regular basis, and they are rarely released immediately after the exploit is discovered. In fact usually they are patches to previously known exploits, meaning people may already have been compromised due to the exploit, before any system updates, or virus definition updates occur to block it.

Hacked accounts are not a cut and dry "it is always your fault", or even usually that simple. Most security is a never ending fight to anticipate the existence of exploits you haven't actually discovered yourself yet.

This is not to say "nobody who got hacked is at fault". But it is to say that to assume they are always at fault is simply incorrect. If you are connected to the internet you are at risk. It doesn't matter how many layers of protection you have setup, how up to date your antivirus, how locked down your firewall. All it takes is one exploit.

So please, be considerate. Realize not everyone is at fault, and that maybe if they aren't prepared, it is because they don't know as much as you. Don't berate others who don't have the same knowledge as you, instead educate them. It will go a long way to improving the forums, and the game in general.

Quote:

---

Originally Posted by Spoolx

I will admit that I was using the same password for my email, facebook etc because having multiple passwords can be a huge pain. I since changed that.
<...>
all my email comes through my iphone and I never click links in my email.

---

In my own experience with family and friends, your phone itself is the most likely culprit. Any account you use on your phone has an even higher likelihood of being hacked then on your pc, because phone exploits are really profitable. So many people have personal information, phone numbers, contacts, passwords, bank account information, all on the phone, so it is almost always worth the effort to find a way to bypass the security. I have known many people who had their facebook hacked from their iphone, because they walked through a public area (eg airport) with wifi enabled. Wifi + facebook exploit, now they have your password for everything.

So my suggestions: never use open wifi; never use the same password for any account (especially the ones you access from your phone); and use the iphone security token. (Make absolutely sure you keep the emergency recovery key and in more than one location though.)

Also: don't let the attitudes or assumptions of others drag you down to their level. http://forum.square-enix.com/ffxiv/i...lies/smile.png

Quote:

---

Originally Posted by Demlix

Most of these exploits want bank account info, or email accounts to hijack and spread mass emails. What are the chances that these are looking for an SE account so they can login to FFXIV ARR and sell Gil? Probably only going to pick one up going to a sketchy Gil buying site, or some other sketchy FFXIV ARR third party site.

---

Nope. Actually this also is a misunderstanding of this black market industry (yes industry). You assume it is one person doing the hacking for a specific purpose. But in fact, people who hack information, often hack it for the purpose of selling it.

Usernames and passwords are very lucrative, if not as much as money. People like the gil sellers don't do the hacking themselves usually, they buy the information from someone else who is selling it not just to them, but to those who are likely to use it for other purposes such as hacking your e-mail to send spam, or trying to get into your bank account, etc. I.e. the hacking of a game account is just one way the hacked information is likely to be used. If you get hacked, you should be clamping down on everything, because chances are very slim it was "just a gil seller" and that they only hacked this game.

---

Rivienne you are a breath of fresh air on these forums. Thanks for being so kind and patient and providing constructive information. Included your original post because helpful.

Quote:

---

Originally Posted by Khalus

If it hasn't been said yet, what if I put you on there for a reason and forgot why ~ gil seller or not!

You just want everyone to remove you from their blacklists...lawl :)

---

At least a few guys have gone on my list due to them getting in a shouting match with a bot:

Quote:

---

Bot: "[Buy our gold! - only $1 million dollars!]"
Guy: "Shut up!"
Me: "It's a bot, he can't hear you"
Bot: "[Buy our gold! - only $1 million dollars!]"
Guy: "Shut up!"
Me: "Just block him, quit spamming or you're going on the block list too"
Bot: "[Buy our gold! - only $1 million dollars!]"
Guy: "Shut up!"
Me: "Welcome to blacklist: Population - you and 199 bots"

---

Today I saw someone who I blacklisted a week ago in a FATE, so I removed as he/she obviously got the account back.

On Monday, to see how the RMT banning is going, I tried deleting 6 names I blisted 3 weeks ago, and reported- soon as I zoned into Ul'dah from my room 5 of the 6 spammed me. The other showed up when I zoned to the MB. Needless to say I now just delete the (deleted) ones. Those RMTs are still there after 3 weeks! I am sorry for players that had their account hacked. If there was a way to know you have gotten it back, I will gladly remove your name, as you will no longer be a RMT spammer, but a fellow player. I look forward to that day too.