It would be awesome if SE did this and the culprits happen to be the in the same region you're in. :DQuote:
Originally Posted by Tallulah
-
11-08-2013, 07:40 PMBien
-
11-08-2013, 07:44 PMTallulahYes it would be awesome if that happened.Quote:
Originally Posted by Bien
Sadly where I live we have laws. From past experience RMT are based where SE has a hard time dealing with them because they don't follow the same set of, if any, laws.
If you have a better idea on how to deal with RMT let SE know. -
11-08-2013, 07:48 PMBienMy apologies, I was not aware such a perfect region existed.Quote:
Originally Posted by Tallulah
Re: OT, which servers/worlds got hit? And when will the game go back online? -
11-08-2013, 07:56 PMBruceyBruceyBangBangThis statement, unbeknownst to you, proves Reinheart's case. First, do you know exactly how and why the game is easily exploited? If you know the particulars then you wouldn't be surprised by this current situation.Quote:
Originally Posted by PenutButter
I'd like to not give out the specifics, but another user touched upon it midway into this thread. Honestly, and I am not being overly dramatic here, if SE wants to continue with this game and not have these exploits popping up they need to take the servers down for a couple of days and implement new security measures. Starting with the blind trust of character data packets. :) -
11-08-2013, 07:58 PMxXRaineXx
Oh wow, this whole thing started happening right after I logged off lol *pats self on back*
Though I generally like to keep about 80% of my gil in the retainer in the first place, so it probably wouldn't have affected me too much. But this sort of thing really got out of hand this time... truly the lowest of lows;;
Actually, it's not an easy task as you assume it is. Unless you are a programmer who studied game design and moderation, you really should research about such topics before blabbering nonsense. Even the FBI database was one hacked (which said server was said to be the most secure in the world at the time) and you can't call said server crap. Security systems has flaws, there is NO 100% flawless firewall. It can always be breached in time.Quote:
Originally Posted by DarkRain
In this case, there are possibly few million accounts on the FFXIV server. To check and determine which accounts are RMT or Hack related is not an easy task. Unlike the first roll of bans, now SE seems to be taking care not to include any authentic players; which only makes it harder. But you may 'Wouldn't all level 1 accounts be RMT's?'. Some may have made characters on servers they don't play on.
This sort of thing isn't technically hard, but not as easy as it is a very time-consuming task for GM's to track down every individual. Also SE has been rolling out bans (including over 1000 accounts in the last ban), so it does look like the staff is on the job.
So respect the people who work everyday, possibly even through overtime to fix issues so people like us can play the game. Can't expect them to fix all the problems people throw at them in a single day.
Sorry for my rant, but I do 3D Design and Modelling and have seen stuff like this on the inside. People who think shit is eazy just makes me tick sometimes. -
11-08-2013, 08:05 PMTallulahI know every region has legit players. I want a magic bullet to make everything go away. I think everyone agrees something more needs to be done. I've gotten to the point where I can't even be bothered to report people because it's too much of a pain and I know it will make no difference. I only block the people who tell spam me repeatedly in short succession. The rest of it like gathering bots I encounter everyday and random tells it is too much of a pain in the butt to block and report people.Quote:
Originally Posted by Bien
A realistic suggestion for in game stuff would be the option to report and block someone just by clicking their name (same list and send tell/friend req etc). Enter the same info as before, but the more reports that person gets the more priority that issue receives. They need to make reporting and blocking people easier. They need to streamline how they deal with reports.
I don't need 3 weeks to tell someone is a bot or a RMT ad account. Why does SE?
OT; I doubt servers will be up anytime soon. This is a severe issue. I can't even fathom how much scrambling and panic is going on right now. Sure this downtime is unfortunate but the alternative is much worse. Like Raine said above me here they are on the case and I will give them all the time they need to fix it. -
11-08-2013, 08:11 PMKorieI'm actually not sure if you can or how so I made a bit of an assumption based off of others saying they are going to check. I figured I'd search for a tiny button somewhere that was to check my own buying history when I was able to log back on. I certainly hope there's a way to check history. There are reasons, such as this, where that log would be useful.Quote:
Originally Posted by bootski
-
11-08-2013, 08:22 PMSparkyJenkinsSo just because you'll be safe from this it's okay for SE to indiscriminately block everyone in those areas? Wow, why am I not surprised at the level of selfishness.Quote:
Originally Posted by Tallulah
-
11-08-2013, 08:32 PMKorieI can understand exactly what you are saying. I think a lot of people get upset though, including myself, because of how obvious this stuff is. Like, if they put a GM in a world and had him visit each starting city and then visit each gathering node that holds 2 different types of shards more than 10 people would probably be banned in like 30 minutes per server. I know that this is an unrealistic thing to do for them, but it's just that it's so obvious.Quote:
Originally Posted by xXRaineXx
I understand that they have procedures and such and technical things I don't understand so I try to be patient. But I really wish there was a "call GM" button so I can call a GM and just show them a character's mouth move constantly as they shout for hours and not respond to a request from the GM such as "wave to me if your not afk", not to mention the obvious RMT advertisement that would cause them to take immediate action. I wish I could call a GM so I can show them a character half or even fully behind a wall mining a node, then vanishing only to reappear in another spot. But, I'm glad to see SE is doing something, and making filters to boot. Now RMT tells and shouts are slowly starting to become riddles as the ways they can spell their websites becomes less and less. -
11-08-2013, 09:05 PMchococo
This is quite a significant issue and a rollback may be in place.
-
11-08-2013, 09:59 PMLinkan
Check wich account place that bone chip for sale for 5m.
Check to see it transfered its account to.
Ban all of them except the said victim.
Now, fixing the issue, all they need to encrypt IDs on log in session, trades, whispers, crafter's name (did you notice it only hit crafters? They name appear on the item).
of course there's more, but that could be a start. -
11-08-2013, 10:01 PMLinkanI really hope he lives by your region then.Quote:
Originally Posted by Tallulah
-
11-08-2013, 11:02 PMgeekgirl101
It seems that on entering a zone with a market board the hacker is constantly pinging the character for purchases of cheap items for 2 or 3 million gil and if you don't have that much gil left then you get the "Insufficient Gil" error. Doesn't matter if your character is currently busy or not, they're able to bypass everything and force you to purchase the items.
btw banning the person who sold the item would only be a temporary measure. My guess is the item being sold doesn't actually exist and is being created when the script or whatever they're using does a successful transaction, and I suspect there's more than one account doing it so when one gets banned they just make a new one to replace it and run the script again. I hope SE figures out how to block it and takes serious disciplinary action against the hacker(s). -
11-08-2013, 11:24 PMTyl
Do they only target "rich" ppl? so everyone who has 1kk+ gil?
Everything else is not worth it i think.
But how can there be such a whole in the code, where this is manipulated so easly from outside :( -
11-08-2013, 11:30 PMDarkoalso wow had such holes in code even years after launch.Quote:
Originally Posted by Tyl
-
11-09-2013, 02:17 AMReinheart
I'm just assuming but for the hackers to get the gil amount, again I'm just assuming but say when someone checks your gear, it sends a query to server to retrieve that players data but in that data I'm guessing it has the players ID, gil amount, and other information that isn't usually displayed on the game screen. The game screen only shows the data that needs to be shown but if the query is pulling ALL the data instead of just the data that's needed this is going to be a major problem. Specially the player ID... if this player ID is something that is not encripted and also used in other DB tables with same name it's going to lead to major security holes imo.
I have no experience in RPG game development so I don't even know how the database stuff works, I only do websites and made some really simple games for my kids to play so I don't know anything, I'm just assuming all this. I'm just curious how they targeted the rich people only. It also doesn't seem like a easy task since they had to test and plan all this out first before taking players gil like this all at once. I remember seeing threads on this forum where players said small amounts of gil and tometones were disappearing so I'm guessing maybe these guys were already testing this in small amounts for some time.
I hope SE's dev, operation team can get the security updated ASAP /cheer -
11-09-2013, 03:15 AMTaggerung5Think of all the parsers out there. And new ones coming out that people just blindly download and install, then run w/o thinking about it. These programs have access to your FFXIV window, and can run background commands for when you get near a market board. That's the first thing I would do, is stop using them/stop downloading new ones, and updates.Quote:
Originally Posted by ZohnoReecho
-
11-09-2013, 03:18 AMtonic316
LOL @ people blacking out their names. Your name is in your post.
-
11-09-2013, 03:31 AMSinAngerNawana is mine retainer, i put things with this price hoping that some idiot hacker missclick it. =P KappaQuote:
Originally Posted by Thundaja
-
11-09-2013, 03:46 AMYunieAura
Anyone speak with a GM yet (after receiving e-mail)?
-
11-09-2013, 03:53 AMGaddes
I'm really curious how big of a team they have for handling RMT issues... because it still seems like barely anything's being done on that front. I don't know if it's them being cheap and not wanting to hire more people specifically to handle RMT dealings, but instances like this should be a wake-up call that they need to step up their efforts. If character rollback in FFXIV is anything like FFXI, be prepared for headaches because it'll probably be even more of a hassle for FFXIV.
-
11-09-2013, 04:19 AMMusicazzz
So, as carissa explained before, the suspect use our buyer ID and purchase money with it? Holy shit that would be chaos. This is a serious problem lol. I mean, why this kind of thing ever happen to Asia made game only? I played mmorpg called ragnarok online before and it suffer similar hacking issues, i mean, easily hacked.
-
11-09-2013, 06:35 AMFurlamseere
Greetings Namikman,
We thank you for posting your concerns regarding, Market board - forced to buy an item on the board while not at the market board. I have made sure to submit all of your information to the development team and they will thoroughly investigate this matter based on your report. Unfortunately, I cannot guarantee that a direct response will be posted on this thread, but I do recommend checking Here or Here for any details regarding the development team's investigation.
Thanks for your report!