Всі Категорії

Credit card fraud

Credit card fraud

Пошук
How to join our moderation team?
Коментарі
CrowbarModerator
3 листоп. 2016, 09:2103.11.16
07.03.16
2355

bernd said:


players will start to use their own scripts or quit the game. if everyone uses these scripts, presidios are basically useless for example ... and you tell us thats no cheating? WHY???? just because your serverdata's aren't changed? thats pure sarcasm i hope ....

You're twisting my words. I never said that it wasn't cheating, but that it's not hacking. This topic was started with concerns about the safety of your credit card data, and I addressed that.

If I wasn't clear enough, here: bots are a way of cheating, same as alts, but on a massive scale.

As for LH-automation, it all depends on how complex the strategy is. It might actually be simple to teach a bot to do it, but without knowing the strategy we can't really know.
3 листоп. 2016, 10:1503.11.16
01.08.15
39

Crowbar said:


bernd said:


players will start to use their own scripts or quit the game. if everyone uses these scripts, presidios are basically useless for example ... and you tell us thats no cheating? WHY???? just because your serverdata's aren't changed? thats pure sarcasm i hope ....

You're twisting my words. I never said that it wasn't cheating, but that it's not hacking. This topic was started with concerns about the safety of your credit card data, and I addressed that.

If I wasn't clear enough, here: bots are a way of cheating, same as alts, but on a massive scale.

As for LH-automation, it all depends on how complex the strategy is. It might actually be simple to teach a bot to do it, but without knowing the strategy we can't really know.

Sorry Crowbar but you are wrong. Automation of the items can only be achieved by injecting code into the software. An action which requires unauthorised access to the software = hacking.

It's a separate issue from credit card information but doesn't bode well for server security and that leads to obvious concerns.

Finding the information within millions of lines of data is no easy task and the request for details is to narrow down the search area. Obviously the servers' automated data check isn't designed for, or up to, the job in hand.

With the amount of money involved what really suprises me is that a specialist third party security company hasn't been brought in to solve what seems to be an issue that appears to have been around for some time?
CrowbarModerator
3 листоп. 2016, 11:3903.11.16
07.03.16
2355

I am not wrong. The game runs in a flash client that communicates with the server. If you figure out how the client sends its commands, no injection nor anything similar is needed. You simply send the same requests that would normally be sent by the client. To the server, this is indistinguishable from an ordinary player normally playing via the client.

And, since the client is practically open source, you can mimic any kind of encryption that might be protecting this communication.

3 листоп. 2016, 13:5603.11.16
01.08.15
39

Crowbar said:


I am not wrong. The game runs in a flash client that communicates with the server. If you figure out how the client sends its commands, no injection nor anything similar is needed. You simply send the same requests that would normally be sent by the client. To the server, this is indistinguishable from an ordinary player normally playing via the client.

And, since the client is practically open source, you can mimic any kind of encryption that might be protecting this communication.

To produce items on the scale we have seen would require automation of the requests and on a multiple basis to have so many "members" building so quickly?

The lack of diary scores isn't correlated against the troops available / resources required?
That would imply also that the limit on lighthouse prizes enforced on "normal" players is being manipulated to achieve the recent scores?

It is also impossible for the "normal" player to hide eleven buildings behind the stronghold but these "bots" seem to be able to do this.

All of these things require manipulation of the server parameters.
Alyona KolomiitsevaCommunity Manager
4 листоп. 2016, 12:3204.11.16
17.09.15
8278
Crowbar said:

If you figure out how the client sends its commands, no injection nor anything similar is needed. You simply send the same requests that would normally be sent by the client. To the server, this is indistinguishable from an ordinary player normally playing via the client.

You're right. And I would add that even if you do that, you can't do anything except the authorized actions that could be performed via game client.
4 листоп. 2016, 22:0904.11.16
75

Alyona Kolomiitseva said:


Crowbar said:


If you figure out how the client sends its commands, no injection nor anything similar is needed. You simply send the same requests that would normally be sent by the client. To the server, this is indistinguishable from an ordinary player normally playing via the client.

You're right. And I would add that even if you do that, you can't do anything except the authorized actions that could be performed via game client.

So why do These bots have no raidpoints and so much prize Points?



and you say it would be ok if i start 2 k alts today and run them via Automation, because all they can do is the same a normal Player can do .... so in 3-4 months i can burn 2 k accounts for attacking? and all that is cool for you because your game is safe then and all the stupid Players can still give you their Money?!

CrowbarModerator
5 листоп. 2016, 10:2105.11.16
07.03.16
2355
bernd said:

and you say it would be ok if i start 2 k alts today and run them via Automation, because all they can do is the same a normal Player can do .... so in 3-4 months i can burn 2 k accounts for attacking? and all that is cool for you because your game is safe then and all the stupid Players can still give you their Money?!

Twisting our words again. Nobody said it's OK, only that it doesn't mean compromised security ("hacking"). Having alts, run by people or bots, is still against the rules and thus not OK.
5 листоп. 2016, 10:4805.11.16
5 листоп. 2016, 10:49(відредаговано)
21.09.15
905

Ok so you know it is not okay but still we have

BIGBIGDATA bots & lots of others.


We have 30+ Limeys

and 20+ Blimeys & they are all active.


Despite knowing the fact it is not okay still they are active in game (because no action was taken). What does this communicate to a player?


Does this mean plarium is taking any action? Or is it vice versa?


5 листоп. 2016, 14:3905.11.16
27.03.14
1660
FaZi said:

Ok so you know it is not okay but still we have

BIGBIGDATA bots & lots of others.


We have 30+ Limeys

and 20+ Blimeys & they are all active.


Despite knowing the fact it is not okay still they are active in game (because no action was taken). What does this communicate to a player?


Does this mean plarium is taking any action? Or is it vice versa?


Im sure plarium support is being swarmed with messages give it time, these kinda things can't be done over night 
5 листоп. 2016, 15:2505.11.16
1

Blasphemy said:


FaZi said:


Ok so you know it is not okay but still we have

BIGBIGDATA bots & lots of others.


We have 30+ Limeys

and 20+ Blimeys & they are all active.


Despite knowing the fact it is not okay still they are active in game (because no action was taken). What does this communicate to a player?


Does this mean plarium is taking any action? Or is it vice versa?


Im sure plarium support is being swarmed with messages give it time, these kinda things can't be done over night 

For a decent tech, it should take about a minute to switch them all off. What takes longer is for whoever is in charge to make the decision that switching them off is the RIGHT thing to do. Apparently that decision has not been made which is what concerns the legitimate players in this game.


And, the longer that decision gets put off or that we are not given an adequate explanation the worse it gets for this game.
5 листоп. 2016, 16:0305.11.16
5 листоп. 2016, 16:08(відредаговано)
75

Maybe the support / CM should think about giving us more Information.


We, the Players, can't understand why the outcome of the "investigations" can't be told. Is there actually a need to protect the privacy of "bots" ? And if not - which reason do you have not to tell us which bots are banned? The only reason which comes to our mind is that you can't ban them, or dont want to ban them or wont ban them at all ... i hope that you understand this, thx.


5 листоп. 2016, 16:2905.11.16
27.03.14
1660

bernd said:


Maybe the support / CM should think about giving us more Information.


We, the Players, can't understand why the outcome of the "investigations" can't be told. Is there actually a need to protect the privacy of "bots" ? And if not - which reason do you have not to tell us which bots are banned? The only reason which comes to our mind is that you can't ban them, or dont want to ban them or wont ban them at all ... i hope that you understand this, thx.


its easy to find out who and what has been banned watch out for inactiveness, and if they come back to life...

its what i do anyway.....

5 листоп. 2016, 17:0105.11.16
21.09.15
905

Blasphemy said:


FaZi said:


Ok so you know it is not okay but still we have

BIGBIGDATA bots & lots of others.


We have 30+ Limeys

and 20+ Blimeys & they are all active.


Despite knowing the fact it is not okay still they are active in game (because no action was taken). What does this communicate to a player?


Does this mean plarium is taking any action? Or is it vice versa?


Im sure plarium support is being swarmed with messages give it time, these kinda things can't be done over night 

that is their problem, not mine nor anyone else's who pay $ to pay for their salaries. 


They need to increase the work force, if they can't than they should think about selling the company to some one who actually care.


Additionally if they are now swarmed with messages that is their fault because they were dead for multiple weeks.



Additionally Blas, i think your CM should lead from front here, She shouldn't hide on backs of MODS. 


Give the link to her because sometimes such threads are gone into invisibility mode (for her) & hence no reply by COMMUNITY MANAGER.

5 листоп. 2016, 17:0205.11.16
5 листоп. 2016, 21:31(відредаговано)
75

sorry i cant believe these bots used to "log in" daily (for what? they didnt do raids at all ...), so them being inactive is no real proof for me ,especially as some of them liberate themselves now after being blocked more then one week. Nobody of us knows which tool is used by RuAl, so nobody can say for sure that These accounts can be banned at all.


the only Thing i can see ingame is that plarium has shut down the "real bots" which were useful for us Players, so most of us cant get enough ressources now anymore. Rual wont care, their bots didnt raid at all.


So as we all cant trust Plarium anymore we want to know which / how many bots are banned - or at least an Explanation why those informations cant be forwarded to us. We see no Need to protect the privacy of non-human bot-accounts.

1 серп. 2019, 01:5101.08.19
20.11.18
3

As of July 24th, I was hacked - I have been using paypal and players, including European players (euros used) tapped into my account. So far the game has done nothing. Paypal says I gave permission to the game to charge me whenever anything is bought. So I am not getting help there. The only hope I have is my credit card who notified me of the hacking in the 1st place.


The owners of the game make money off the buying of virtual items. Yes, they got money items purchased thru my account by someone else. But in the long run, they will get less money from me in the future.


A warning to others, when the box asks to remember you and what way you are paying, don't click it.


I am thinking of prepaid debit cards, but I am not sure what the game will accept. I see 2 prepaids accepted - they are not available to me. So I am leary of putting out money for a prepaid card that may be rejected by the game.


So from the above - the owners of the game need to take a good look at their system if they really want us to spend money. Because right now I am spending nothing.
CrowbarModerator
1 серп. 2019, 07:0801.08.19
07.03.16
2355

tso said:

As of July 24th, I was hacked

Or someone has guessed your password or learned it in some other manner. Here is why I'm sceptical whenever someone claims that there was a "hack": if the game is so easy to hack, how come it happens so rarely (i.e., the person doing it is not doing it all the time) and it doesn't happen again to people who change their password and put something hard to guess? The whole point of "hacking" is to gain access regardless of what someone's password is.

Speaking of which, did you change your password? If not, do so now.

You can check how safe your password is on numerous sites like this one (this particular one never submits what you type, plus it is unaware of what the password is for, so it's safe).

tso said:

 - I have been using paypal and players, including European players (euros used) tapped into my account. So far the game has done nothing. Paypal says I gave permission to the game to charge me whenever anything is bought. So I am not getting help there. The only hope I have is my credit card who notified me of the hacking in the 1st place.
The owners of the game make money off the buying of virtual items. Yes, they got money items purchased thru my account by someone else. But in the long run, they will get less money from me in the future.

If you didn't spend any of the bought stuff, you might get some help here. Pick "Accidental Purchase".

tso said:

A warning to others, when the box asks to remember you and what way you are paying, don't click it. 

This is good advice. Personally, I have no idea how safe the game is from real hacking, so - despite the fact that my password is very strong - I never link my PayPal to the game. Yes, it's a bit less convenient to buy rubies that way, but convenience should never be put before security.

tso said:

I am thinking of prepaid debit cards, but I am not sure what the game will accept. I see 2 prepaids accepted - they are not available to me. So I am leary of putting out money for a prepaid card that may be rejected by the game.

Just don't link your PayPal with the game and no one entering your acc will be able to do any more damage than mess up your game stuff.

8 серп. 2019, 16:1008.08.19
8 серп. 2019, 16:33(відредаговано)
20.02.17
184

I'd like to bring up a point here on this.  I feel much the same as Crowbar.    I don't want them to remember my paypal info.  I have to "uncheck" the box when I use paypal to purchase something.  EVERY TIME?  Really?  How about reversing that automation and allowing me to "check" the box if I want to be remembered?


tso:   " A warning to others, when the box asks to remember you and what way you are paying, don't click it."


crowbar: "This is good advice. Personally, I have no idea how safe the game is from real hacking, so - despite the fact that my password is very strong - I never link my PayPal to the game. Yes, it's a bit less convenient to buy rubies that way, but convenience should never be put before security"



Also someone said  "Giftcards"  I used to use them a lot more often.  For security it's the way to go if you can get one the game accepts.  imo

CrowbarModerator
8 серп. 2019, 18:3208.08.19
07.03.16
2355

Keel D. Haul said:

I'd like to bring up a point here on this.  I feel much the same as Crowbar.    I don't want them to remember my paypal info.  I have to "uncheck" the box when I use paypal to purchase something.  EVERY TIME?  Really?  How about reversing that automation and allowing me to "check" the box if I want to be remembered?

When the current interface was introduced, you could uncheck and it would remain unchecked, but the second purchase went through as if it was checked.  I reported the bug and suggested they keep it unchecked by default, but their fix was to just default it back to checked.

In short: I don't think we'll get "unchecked by default", because it was already considered and obviously rejected. Not really surprising... given how we have to claim daily quest rewards, we already know they love to make us do dull clicking.