Please clear your blacklist!

[Sylve]

I was typing out a reply about how people get hacked but I'm not going to bother. I'm currently lodestoning people with normal names and if there account seems somewhat decent then I'll unblacklist it.
Getting hacked is pretty pathetic in this time and age, I mean security on stuff is so high the only thing I can think of is a) Virus from downloading bots or buying gold or b) Very, very weak password.

It's nice to see you apologizing though, I do wish you'll take more precaution in the future.

To be fair, 'hacking' these days is done via bots that run every combination of letters and numbers currently usable by computers, doesn't matter how 'strong' your password is, its only a matter of time before a bot comes up with the right string to let it in.

[Sovereign]

To be fair, 'hacking' these days is done via bots that run every combination of letters and numbers currently usable by computers, doesn't matter how 'strong' your password is, its only a matter of time before a bot comes up with the right string to let it in.

Which is why security tokens and account lockouts (say after 5 wrong guesses) are a good idea.

[Sylve]

Which is why security tokens and account lockouts (say after 5 wrong guesses) are a good idea.

But they're not perfect. Which is all I'm saying. You can be the safest guy in the world with strong AV, tokens and stupid long passwords changed daily, but you'll still get done in by a determined hacker. Just a matter of time.
I still think using Email addresses for Usernames was a bad bad idea. Usernames or logins were literally an extra password a potential hackbot needed to get right.
@Rydin,
No, maybe they're not brute forcing *all* the accounts, but i would wager many accounts are lost to it.

[moody]

Lots of us were banned for RMT spam because our accounts were hacked, eventually we will be back online. My request is that you frequently clear your blacklist, especially if the name is a normal name and not just a jumble of characters.
There is no point keeping these names on your blacklist because they all get banned quick so you shouldn't see that name ever spam again.

The problem is that the name generator also generates realistic names. While I feel sorry for you that your account was compromised, I'm more than willing to take the chance that I've blacklisted 6 real players if it blocks 30+ gil sellers.

You (and many others) seem to forget phishing and how rife that is.

You can't blame people for being gullible and falling for a phishing scam, then following the dodgy links and entering crucial information. These people are clearly legit players, if a little on the dim witted side - they don't all deserve to be written off as "RMT/Botting scum - you deserve my /blist!"

Yes, I can blame them. It's easy. [x] didn't bother looking at links before entering information no company should need to ask for. That would be their fault. I'm totally blaming them.

But they're not perfect. Which is all I'm saying. You can be the safest guy in the world with strong AV, tokens and stupid long passwords changed daily, but you'll still get done in by a determined hacker. Just a matter of time.
I still think using Email addresses for Usernames was a bad bad idea. Usernames or logins were literally an extra password a potential hackbot needed to get right.
@Rydin,
No, maybe they're not brute forcing *all* the accounts, but i would wager many accounts are lost to it.

The reason brute force attacks are not reliably effective is that you can put a time sensitive authentication code on the account. If you're performing a brute force attack against an account with an even reasonably secure non-dictionary password the authenticator code should change before a Brute Force can reasonably work out that combination.

[Rydin]

To be fair, 'hacking' these days is done via bots that run every combination of letters and numbers currently usable by computers, doesn't matter how 'strong' your password is, its only a matter of time before a bot comes up with the right string to let it in.

I don't think they're brute force hacking peoples accounts... thats so inefficient...