Putting the 'role' back in role-playing games since 2002.
Donate to Codex
Good Old Games
  • Welcome to rpgcodex.net, a site dedicated to discussing computer based role-playing games in a free and open fashion. We're less strict than other forums, but please refer to the rules.

    "This message is awaiting moderator approval": All new users must pass through our moderation queue before they will be able to post normally. Until your account has "passed" your posts will only be visible to yourself (and moderators) until they are approved. Give us a week to get around to approving / deleting / ignoring your mundane opinion on crap before hassling us about it. Once you have passed the moderation period (think of it as a test), you will be able to post normally, just like all the other retards.

Increase in hacked accounts posting advertising content

DarkUnderlord

Professional Throne Sitter
Staff Member
Joined
Jun 18, 2002
Messages
28,505
Since the start of this year, we've noticed an increasing number of accounts of users posting out-right advertising content. Usually the accounts are a bit older (a few years) and haven't posted for a while since their registration.

Accounts affected so far:
Bishamonten (visit website and win smartphone!)
Ghost Creations (best crypto pumps on telegram Make 1000% and more within 1 day, join channel)
OrcHeart
Musaab
Torian Kel
YanBG

It's possible they're some kind of long-term advertising strategy but we highly suspect these users use the same username / password combo on other websites which have been hacked, and bots are trawling the web for their accounts and trying to log in with them to post advertising content.

We encourage people to enable 2 factor authentication before your account ends up advertising crypto, or whatever the latest ponzi scheme is the cool kids are getting into these days. And also don't re-use passwords you nubs.

This isn't related to yesterday's down-time. We haven't been hacked in any way.
 

LostHisMarbles

Learned
Joined
Apr 28, 2021
Messages
956
I remember Musaab i think, definitely not a plant, proper user. So yeah, most likely hacked accounts (if not a coincidence).

Perhaps you can if possible 'freeze' the accounts, but not delete them? In case the rest of them have been hacked too; sooner or later, we all return to the codex after all.
 

Semiurge

Cipher
Joined
Apr 11, 2020
Messages
7,372
Location
Asp Hole
How does the built-in 2FA work, will it require a code sent to your email at every login or is it more sophisticated? Or is it what Steam has, a separate authoring app of your choice?
 

Vic

Savant
Undisputed Queen of Faggotry Bethestard
Joined
Oct 24, 2018
Messages
5,678
Location
[REDACTED]
I use a password manager that generates and saves unique and secure passwords for any site. I recommend doing the same. Bitwarden is a good free one.
 

LostHisMarbles

Learned
Joined
Apr 28, 2021
Messages
956
Yeah guys, that's smart.
Let a third party app, run from people you neither know nor can control, manage or provide your credentials. Today of all times. Uh huh. Best deal.

Or, if it's that hard, google password tips and follow common logic. Dangerous territory right there, i hear it doesn't even scale to our level :)
 

Vic

Savant
Undisputed Queen of Faggotry Bethestard
Joined
Oct 24, 2018
Messages
5,678
Location
[REDACTED]
Let a third party app, run from people you neither know nor can control, manage or provide your credentials. Today of all times. Uh huh. Best deal.
bitwarden is open source, you can check the code here:

https://github.com/bitwarden

Also you can self-host it on your own machine, plenty of people self-host their password manager for the exact reason you mentioned.

Personally, I'm not gonna trust my own amateur skills over their company servers so I'm fine with just the browser extension that does all of that for me :P
 

LostHisMarbles

Learned
Joined
Apr 28, 2021
Messages
956
Other things have been open source and all the people, good boys, their momma loved them, contributed. Until the one bad actor came along and people started getting fucked, but hey, open source amirite? You wanted it free. End of the day, it's only your fucking bank account, why not risk and live a little!

Or, and that sounds even better my man, buy a second computer, learn how to host this software, do so, so that next time you format your main PC you can still have your credentials. Simple and in no time at all!
Right after of course you build a third PC, to host a virtual OS through which you host your own private VPN through which you connect via TOR.
All that assuming you don't lose or forget your cell phone, in which case you're fucked and can do absolutely fuckall all day long.
I mean really, let's use technology to simplify our lives and save time.

..For real dude? :)

Just figure out a very tough setpiece, only with a variable in it, variable being the only thing to remember per site, can even make it easy. Like, setpiece being:
ut;76a#(83
For everything.
And for the Codex (this being your variable), use something stupidly simple, like RPD
ut;76a#(83RPD for Codex
ut;76a#(83GWT for Watch

That's it. Most folks can remember a single, set strings of characters.
(if that's not "safe" enough for you and for some people it really isn't, odds are you need to RTFM about how to use the internet)
 

Falksi

Arcane
Joined
Feb 14, 2017
Messages
10,918
Location
Nottingham
1. Install Authy on your phone

2. Every month, Codex tells you to enter the code from Authy

3. Enter the code from Authy

4. Go back to 2.

Me trying to use this advice...

s1IpQvC.png
 

Fedora Master

STOP POSTING
Patron
Edgy
Joined
Jun 28, 2017
Messages
31,162
Dear Sir:

I have been requested by the Nigerian National Petroleum Company to contact you for assistance in resolving a matter. The Nigerian National Petroleum Company has recently concluded a large number of contracts for oil exploration in the sub-Sahara region. The contracts have immediately produced moneys equaling US$40,000,000. The Nigerian National Petroleum Company is desirous of oil exploration in other parts of the world, however, because of certain regulations of the Nigerian Government, it is unable to move these funds to another region.

You assistance is requested as a non-Nigerian citizen to assist the Nigerian National Petroleum Company, and also the Central Bank of Nigeria, in moving these funds out of Nigeria. If the funds can be transferred to your name, in your United States account, then you can forward the funds as directed by the Nigerian National Petroleum Company. In exchange for your accommodating services, the Nigerian National Petroleum Company would agree to allow you to retain 10%, or US$4 million of this amount.

However, to be a legitimate transferee of these moneys according to Nigerian law, you must presently be a depositor of at least US$100,000 in a Nigerian bank which is regulated by the Central Bank of Nigeria.

If it will be possible for you to assist us, we would be most grateful. We suggest that you meet with us in person in Lagos, and that during your visit I introduce you to the representatives of the Nigerian National Petroleum Company, as well as with certain officials of the Central Bank of Nigeria.

Please call me at your earliest convenience at 18-467-4975. Time is of the essence in this matter; very quickly the Nigerian Government will realize that the Central Bank is maintaining this amount on deposit, and attempt to levy certain depository taxes on it.

Yours truly,

Prince Alyusi Islassis
 

ERYFKRAD

Barbarian
Patron
Joined
Sep 25, 2012
Messages
29,588
Strap Yourselves In Serpent in the Staglands Shadorwun: Hong Kong Pillars of Eternity 2: Deadfire Steve gets a Kidney but I don't even get a tag. Pathfinder: Wrath I'm very into cock and ball torture I helped put crap in Monomyth
We encourage people to enable 2 factor authentication before your account ends up advertising crypto, or whatever the latest ponzi scheme is the cool kids are getting into these days. And also don't re-use passwords you nubs.
Or do not log off. :M
 

NecroLord

Dumbfuck!
Dumbfuck
Joined
Sep 6, 2022
Messages
13,225
Dear Sir:

I have been requested by the Nigerian National Petroleum Company to contact you for assistance in resolving a matter. The Nigerian National Petroleum Company has recently concluded a large number of contracts for oil exploration in the sub-Sahara region. The contracts have immediately produced moneys equaling US$40,000,000. The Nigerian National Petroleum Company is desirous of oil exploration in other parts of the world, however, because of certain regulations of the Nigerian Government, it is unable to move these funds to another region.

You assistance is requested as a non-Nigerian citizen to assist the Nigerian National Petroleum Company, and also the Central Bank of Nigeria, in moving these funds out of Nigeria. If the funds can be transferred to your name, in your United States account, then you can forward the funds as directed by the Nigerian National Petroleum Company. In exchange for your accommodating services, the Nigerian National Petroleum Company would agree to allow you to retain 10%, or US$4 million of this amount.

However, to be a legitimate transferee of these moneys according to Nigerian law, you must presently be a depositor of at least US$100,000 in a Nigerian bank which is regulated by the Central Bank of Nigeria.

If it will be possible for you to assist us, we would be most grateful. We suggest that you meet with us in person in Lagos, and that during your visit I introduce you to the representatives of the Nigerian National Petroleum Company, as well as with certain officials of the Central Bank of Nigeria.

Please call me at your earliest convenience at 18-467-4975. Time is of the essence in this matter; very quickly the Nigerian Government will realize that the Central Bank is maintaining this amount on deposit, and attempt to levy certain depository taxes on it.

Yours truly,

Prince Alyusi Islassis
The Niggerian Government.
 

As an Amazon Associate, rpgcodex.net earns from qualifying purchases.
Back
Top Bottom