All Categories

On the edge of quitting the game due to massive cheating and hacking

On the edge of quitting the game due to massive cheating and hacking

Search
How to join our moderation team?
Comments
Oct 27, 2016, 22:2110/27/16
Oct 27, 2016, 23:13(edited)
05/06/16
99

Capt_Jack said:


Nothing suspicious Here:

  1. http://prntscr.com/cztfsu
  2. http://prntscr.com/cztgba
  3. http://prntscr.com/cztgrk
  4. http://prntscr.com/czth5a

Not even the level of the players





No $ for cheats.

Lolz, thanks for posting this. The game is **** up now with all this scripting going on. Just waste your troops and leave afterwards  the game for good. Spend your money - if you did so - for another game. I recommend "Grepolis" or "Travian", "Forge of Empires", something that has not "Plarium" and "we tolerate cheaters" and "we need proof" all over it.


No $ for cheats.


Edited by Blasphemy - please watch the language

Oct 27, 2016, 23:0510/27/16
12/31/15
99
Жорик said:

With intelekta.Russkie always been the most intelligent and educated.

Yes Stalin, Lenin, Peter the Great...umm wait..LOL
Oct 27, 2016, 23:1610/27/16
12/31/15
99

F A R G O said:


Shiv will be back tomorrow and will write to u.  (Post)

AAAAnd open big secret  Wait :) 


"No $ for cheats" 

So F A R G O, i have a question for you SHIV and Adam Krab and all the other RuAL people,

IF the Russian players hacked our server, the German one is next. So if Russian players attacked Germany from behind, do you think Greece would help?
Oct 27, 2016, 23:2810/27/16
03/27/14
1660

Peter Blood said:


F A R G O said:


Shiv will be back tomorrow and will write to u.  (Post)

AAAAnd open big secret  Wait :) 


"No $ for cheats" 

So F A R G O, i have a question for you SHIV and Adam Krab and all the other RuAL people,

IF the Russian players hacked our server, the German one is next. So if Russian players attacked Germany from behind, do you think Greece would help?

https://www.youtube.com/watch?v=4m48GqaOz90

Oct 27, 2016, 23:3310/27/16
01/09/16
4
to the mighty CHEATING ruaI, I have been playing this game for nearly a year and do to the time requirement for researching discoveries and upgrading them and the buildings used in this game, there is NO POSSIBLE way at all, other than CHEATING to complete all discoveries AND produce over 1 billion points of offense in a months time even with 160 members ALL playing 24 hours a day  seven days a week. So please explain to us with all your mighty wisdom and superior playing ability how you managed to do just that? Plarium  has been shown numerous times how you are cheating and still they do nothing to stop it. Either they are the ones behind this outrageous activity or they do not care. either way they are driving more and more players away from this game. this perceived lack of action by them will serve just the opposite condition that they desire which is to generate an even larger income stream from players trying to rebuild and recover from the decimation that the cheating brings about. I personally know of over a thousand players who have sworn to spend not a single penny more on this game and to leave the game forever if the cheating is not stopped and the cheaters banned from the game forever. I too am one who will not spend another penny on the game and when all my troops have been destroyed fighting the cheaters then I am also done with the game forever.
Oct 27, 2016, 23:3710/27/16
Oct 27, 2016, 23:38(edited)
10/07/15
25

AdamKrab said:


Dalira said:


Just ignore them, please. They are just trying to compromise this thread, you won't get an answer from them.


No $ for cheats.

Wash, I answer all the questions.This means that you do not ask questions on the topic


Помоему, я отвечаю на все вопросы .Значит что вы сами задаете вопросы не по теме.

2 answers :

1 Have you solved the prize algorithm?

2 How many rubbies your members spend to have all his strengh.

I am stupid so i try to learn

No $ for cheats

 
Oct 28, 2016, 00:2810/28/16
07/19/14
10

Hi Blasphemy, You know me quite well and I will tell you upfront Tell Raul and destroyers im waiting on them and to Kiss my Azz as we will not pay no ransom. Maybe ill make them pay me


Marine

Oct 28, 2016, 00:3910/28/16
Oct 28, 2016, 00:50(edited)
01/26/15
52

You know it's funny, because I just looked at RuAL's latest brag book and it seemed to leave out the attacks that failed. It is hard to tell because of all of the spam attacks that wiped out almost all of the battle reports. But there is one thing I know for sure...We won Team PvP over RuAL. That means we killed more of their units than they did of ours. How is that possible if all of their attacks were victories?


You can make fun of our old-fashioned raid and build style of play, our "work" ethic, our PvP skills. You can make fun of the fact that I enjoy our community that we have built here. But when you publish a brag book, you should include the losses too.


I have little to brag about. I am just a man travelling through space and time, with friends I have made from around the world, of different languages and religions, on a great pirate journey.


Smitten (still Lost and Found)

Oct 28, 2016, 01:1110/28/16
03/27/14
1660

Marine said:


Hi Blasphemy, You know me quite well and I will tell you upfront Tell Raul and destroyers im waiting on them and to Kiss my Azz as we will not pay no ransom. Maybe ill make them pay me


Marine

Hello Marine, nice to see you still playing old friend


I think you did well telling them your self.... 
Oct 28, 2016, 01:1510/28/16
03/27/14
1660

Like i said before whatever they are using plarium's server sweeper or whatever use isn't picking it up, so soon plarium will wake up a nd just ban the whole lot of them ...


An IP Ban from this server and theirs,  
Oct 28, 2016, 01:1810/28/16
08/20/16
19
Must be nice to have most of a Brotherhood in a nice straight North South line, same levels (59/60)+/- 1, no states to speak of same layouts....very interesting at -1844 by -1020
Oct 28, 2016, 01:2310/28/16
Oct 28, 2016, 01:28(edited)
5

In the midst of all this one wonders how it could happen, and not be real obvious. As a Job I had in the past required me to check our SQL Servers for known flaws such as SQL Injection (depending the SQL Database type) I would drag out my Laptop with my sniffer and plug it into the network.

Then I would open an instance to the SQL Server (such as in this case Plarium). The sniffer would record all the traffic between the Server and the workstation. It I can clearly see the Code of the game which is down loaded and the other information in the cookies. It also tells me what type of Database is being used. Now that I am connected to the SQL server I open another tool and select SQL Queries for known issues... and start running them.

What follows is very simplistic. The hours of work and SQL queries used would be volumes’. I get a report as each succeeds or fails. The ones that succeed can be used to open a doorway to the server which unless the Admin is sharp looking logs it might be overlooked. Next knowing how to get into the server, I look for the target I want.

The Best Fruit is rubies. with Rubies I can buy anything.

Now we take the same workstation and start recording a session to go get rubies.. All I need is 1 ruby. As that is complete I examine each step of the process, including the number and types of troops I have to complete the process. Next given there are according to what is displayed a certain number of rubies to be harvested at each ruby mine.

So now to construct the SQL Query to connect to the ruby mine with X amount of troops with Credentials of where to send the rubies. So a machine is used to log into the game and the SQL engine send the query which fails and then adds the injection that X amount of troops just land on ruby mine xxxxx and this is where to send when full…

This would be very hard to spot other than maybe a small error in the SQL Logs where there are so many transactions happening every second. even though the player only logged in everything would appear normal except he send no troops to the mine... the Server only thinks he did and returns the rubies to the right place in the right Database. So now I only need to know where the ruby mines are.

So a question might be asked what could one do with unlimited rubies. One could go start killing Prizes gain new ships and buying lost ones back. In a short time you would have a very powerful fleet. It would appear to be legit, but a lot of work. If I get tired of having to sit there I work on my SQL Queries to connect to the Ruby mines part of that database saying I have had this many ships there for this many hours and issue a recall query.. they move to the users database. over time I know the exact regeneration of the ruby mines and speed things up. Then I can collect even more rubies appearing to be legit.

Now if I have unlimited rubies what can I do to escalate my position. I can try to connect to the Prize database saying that I sent X amount of troops at the prize. Return what is left and what is won to this user. This could potentially bypass the transaction where the troops are actually put in the hold status waiting for the battle. Oh it becomes a troop doubler. I lost nothing of what was in my account but gained all these extras... Now use free rubies to buy back what was sent to be redeemed.

Utube is full of videos with successful exploits for various things. It is known that it can be done. How would you catch someone doing this... One way would be to look at the top Mission Holders. and how consistently they stay there. What this boils down to the SQL Admin needs to know what "holes" there are in his/her database server and how to close them. The Game Code needs to insure there are equal transactions that can be traced if not throw a BIG Flag for the Admin.

Every Legit Security Engineer gets training on how to be as smart as the Black Hat.

Oct 28, 2016, 02:0210/28/16
05/06/16
99

Obviously they don't have as skilled people working at Plarium as you are, Pappa. That's the problem and it will kill the game entirely.

The screenshot is just another part of the evidence. http://prnt.sc/czv248

Thanks for sharing this.



No $ or € for Cheats.
Oct 28, 2016, 04:1410/28/16
Oct 28, 2016, 05:35(edited)
5

Dalira said:


Obviously they don't have as skilled people working at Plarium as you are, Pappa. That's the problem and it will kill the game entirely.

The screenshot is just another part of the evidence. http://prnt.sc/czv248

Thanks for sharing this.



No $ or € for Cheats.

Hopefully at this point they have notified the FBI and the FTC to investigate with Screen shots of the Extortion message. Then Operations in the US can be totally shutdown and Assets Frozen. They can then notify European Officials... The side Benefit is that All Plarium games will be shutdown at the same time. Meaning an entire loss of income...
Oct 28, 2016, 05:5010/28/16
Oct 28, 2016, 06:10(edited)
08/29/14
263

Hi all, boring?


 Привет всем , скучили ?



Oct 28, 2016, 06:1410/28/16
08/19/15
12
All the honest players need to stop spending money and let Plarium see where their income really comes from. I have never seen them solve a problem without loss of money,
Oct 28, 2016, 09:3510/28/16
09/13/14
3
GrayBeard53 said:

All the honest players need to stop spending money and let Plarium see where their income really comes from. I have never seen them solve a problem without loss of money,
No money - No play !!! Go play in Sparta!!!
Oct 28, 2016, 10:0310/28/16
Oct 28, 2016, 10:07(edited)
07/28/16
116

Pappa said:


In the midst of all this one wonders how it could happen, and not be real obvious. As a Job I had in the past required me to check our SQL Servers for known flaws such as SQL Injection (depending the SQL Database type) I would drag out my Laptop with my sniffer and plug it into the network.

Then I would open an instance to the SQL Server (such as in this case Plarium). The sniffer would record all the traffic between the Server and the workstation. It I can clearly see the Code of the game which is down loaded and the other information in the cookies. It also tells me what type of Database is being used. Now that I am connected to the SQL server I open another tool and select SQL Queries for known issues... and start running them.

What follows is very simplistic. The hours of work and SQL queries used would be volumes’. I get a report as each succeeds or fails. The ones that succeed can be used to open a doorway to the server which unless the Admin is sharp looking logs it might be overlooked. Next knowing how to get into the server, I look for the target I want.

The Best Fruit is rubies. with Rubies I can buy anything.

Now we take the same workstation and start recording a session to go get rubies.. All I need is 1 ruby. As that is complete I examine each step of the process, including the number and types of troops I have to complete the process. Next given there are according to what is displayed a certain number of rubies to be harvested at each ruby mine.

So now to construct the SQL Query to connect to the ruby mine with X amount of troops with Credentials of where to send the rubies. So a machine is used to log into the game and the SQL engine send the query which fails and then adds the injection that X amount of troops just land on ruby mine xxxxx and this is where to send when full…

This would be very hard to spot other than maybe a small error in the SQL Logs where there are so many transactions happening every second. even though the player only logged in everything would appear normal except he send no troops to the mine... the Server only thinks he did and returns the rubies to the right place in the right Database. So now I only need to know where the ruby mines are.

So a question might be asked what could one do with unlimited rubies. One could go start killing Prizes gain new ships and buying lost ones back. In a short time you would have a very powerful fleet. It would appear to be legit, but a lot of work. If I get tired of having to sit there I work on my SQL Queries to connect to the Ruby mines part of that database saying I have had this many ships there for this many hours and issue a recall query.. they move to the users database. over time I know the exact regeneration of the ruby mines and speed things up. Then I can collect even more rubies appearing to be legit.

Now if I have unlimited rubies what can I do to escalate my position. I can try to connect to the Prize database saying that I sent X amount of troops at the prize. Return what is left and what is won to this user. This could potentially bypass the transaction where the troops are actually put in the hold status waiting for the battle. Oh it becomes a troop doubler. I lost nothing of what was in my account but gained all these extras... Now use free rubies to buy back what was sent to be redeemed.

Utube is full of videos with successful exploits for various things. It is known that it can be done. How would you catch someone doing this... One way would be to look at the top Mission Holders. and how consistently they stay there. What this boils down to the SQL Admin needs to know what "holes" there are in his/her database server and how to close them. The Game Code needs to insure there are equal transactions that can be traced if not throw a BIG Flag for the Admin.

Every Legit Security Engineer gets training on how to be as smart as the Black Hat.


OK Q Whats the red button do?


Any chance we can have that in basic layman's language, for us no computer software engineers please.


Regards 
 


Oct 28, 2016, 10:1610/28/16
Oct 28, 2016, 10:18(edited)
07/28/16
116

Dalira said:


Actually, to get on topic, can someone explain to me what this mysteriously "third party program controlling havens" is, that Plarium has talked about?


No $ for cheats.



Good point Dalira, can they tell me to please.


and what's all these big data bots ? what are they used for?


I thought I had joined a simple pirate war game, its becoming a full performance of The Pirates of Penzance


https://www.youtube.com/watch?v=3KRbCTFqTlE

The topic is locked. You cannot post comments.