|
|
|
|
|
|
|
|
|
 Posted: Sun Jul 17, 2011 3:07 pm
|
|
|
|
|
|
|
|
|
|
|
Posted: Sun Jul 17, 2011 3:11 pm
 |
|
|
|
What is the best way to prevent being hacked?
xxxxxxxThe best way to prevent being hacked is by using the newest account protection feature. It is called "IP Verification". Enabling it will make it so that if someone tries to log in to your account (from an unverified location), it will not log them into that account. A private message that looks like this will then be sent to you, along with an e-mail to your e-mail account listed in your account settings. The email address Gaia uses for this verification e-mail is verify@gaiaonline.com. The e-mail will then contain this message:
Gaia Online ----------------------------------------
Gaia Online
----------------------------------------
Hello ███████!
This email is being sent to you because an attempt was made to sign in to your Gaia account from an unfamiliar location (IP address). Using different IP addresses is common for many members, but it can sometimes indicate malicious activity is occurring on an account.
The IP address that attempted to login was: ██.██.███.███.
If you are trying to access Gaia from a new location, or from a computer you haven’t used for awhile, please click on the link below to verify that you are the true owner of the account. As always, if you weren’t expecting this email – because you’re not trying to access the account – you don’t need to click the link. As a general internet rule, never click on links in emails unless you’re expecting the email. We do recommend though that you change your password just to be safe the next time you access your account. The link below will expire upon use or 30-minutes after it’s sent, whichever occurs first.
To confirm that you are the owner of this account and that you wish to be able to login to Gaia , please click the following validation link:
http://www.gaiaonline.com/account/verifychange/█████/████████
Have a safe and fun time on Gaia!
The Gaia Online Administrative Team
----------------------------------------
Privacy Policy:
http://www.gaiaonline.com/info/index.php?mode=privacy
Terms of Service:
http://www.gaiaonline.com/info/index.php?info=tos
----------------------------------------
Gaia Online and all images associated with GAIA Online are (C) Copyright 2003 - 2011 Gaia Interactive, Inc. All Rights Reserved
Gaia Online P.O. Box 612680 San Jose, CA 95161-2680
No one will be able to log into your account from the unverified IP address until you accept it by clicking the link in the e-mail.
To enable this feature, go to your account settings page and scroll down to the very bottom. On the right side, there will be options that look like this:
Make sure the IP Verification option is checked, just like in the image and save your changes.
|
 |
|
|
|
|
 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Posted: Sun Jul 17, 2011 3:24 pm
|
|
|
|
A pop-up is asking me for my password! Should I give it?
Odds are, the pop-up looks basically like this:
xxxxxxxTo answer the question, no, NEVER enter your username or password into strange pop-ups. This here is called "password phishing". It is commonly found in forums, signatures, and comments on profiles. NEVER, under any circumstance, will Gaia create a pop-up requesting your username and password. The best thing to do when you find one of these pop-ups is to report it. If the pop-up is found in a forum thread, you will want to find the  button, and file the report as Password Phishing and explain what page you found the pop-up on. Reporting the thread will NOT get the thread owner banned (unless they are the ones posting the code that causes the pop-up to appear).
xxxxxxxIf the pop-up is found in a profile, you can follow these steps to find the hidden code and report the user who posted it.
xxxxxxxxx► Go to the profile and before canceling out of the phishing pop-up, copy the link in the pop-up (The part I have blurred in my example up top)
xxxxxxxxx► Cancel out of the pop-up then press Ctrl + U ( this will bring up the "page source" )
xxxxxxxxx► Press Ctrl + F (opens a search box) and paste the link from the pop-up into the box
xxxxxxxxx► That will take you directly to the place where the code is hidden. Look before the highlighted link and you will see a username. That will be the user who posted the code
xxxxxxxxx► Go back to the profile and click the report link associated with the comment and file it under password phishing
xxxxxxxxx►A moderator will get to the report soon enough, so don't report it more than once, otherwise you might get warned for abusing the report system.
OR
xxxxxxxxx► Go to the profile and cancel out of the phishing pop-up.
xxxxxxxxx► Click the "View All Comments" link in the comments section. Once again, close out of the phishing pop-up.
xxxxxxxxx► If it is your comments section, click the [view safe comments] link. If it is someone else's comments section, add &safe=1 to the end of the link and press your return/enter key.
xxxxxxxxx► Look for coding that looks suspicious. The usual phishing codes use the [color=white] or [img] codes in an attempt to hide the bad code.
xxxxxxxxx► Once you find the comment with the phishing code, click the Report link at the top right corner of the comment and report it for password phishing.
NOTE:
xxxxxxxA misconception about the pop-up is that if it is on someone's profile, or appears on someone's thread, it is the owner's fault. That is almost NEVER the case. It is usually someone trying to take advantage of a featured profile, or a very common thread, by posting a code so that more people will fall for it. The more visitors to a profile or thread, the higher the chance is that people will fall for the scam and give up their information.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Posted: Sun Jul 17, 2011 3:27 pm
|
|
|
 |
A mod/admin sent me a PM telling me I need to be investigated!
If you get a PM like this, 
FAKE ADMIN MESSAGE Official Admin private message
©Copyright serving Gaia since 2003 "Report Scanner". 2007 Gaia Interactive Device, Inc. All Rights Reserved.
Attention User,
We are sorry to inform you that your account has been brought to our attention. Your account has been REPORTED and needs to be investigated for further information. Like any other Gaian Administrator, we dont normally ask for this information but to clear your report we must. You will be asked a few questions to verify that this is your account. Please fill out the information requested. . If you were offline when you received this message, you have been given 15 minutes to reply to this message as of the time you logged in or this report will not be able to pass the maintainence.
IF YOU IGNORE THIS MESSAGE YOU WILL BE BANNED
User Name:
Password:
Verify Password:
Email:
Date Of Birth:
*REMEMBER* TYPE YOUR INFORMATION WITH A SPACE BETWEEN EACH LETTER
Please do not submit PM reports for swearing, attitude, or issues not covered in the Gaia Online ToS. Additionally, please DO NOT submit this form multiple times, abuse this reporting tool, or spam this form with meaningless information. Thank you for your cooperation. Sorry for this disturbance and please also take all of your items off the market for it will make it faster and easier for our staff. Your password will be set to GAIA123 and instantly change it again when you log back in.
Your sincerely,
-Gaia Administrator & Help & Support Team-
xxxxxxxThe above message is one hackers send around, usually on a mule account made to look like a moderator or admin. There are several things wrong with this message.
First, is that the username will NOT be colored. If the message is from an admin, the username will be orange and have a title directly under the name. Second is that there are several typos in the message. Admin would never send out such a poorly written message. Third, it asks for you to put spaces in your information. This is to get around the password protection Gaia has implemented into their PM system. If you were to normally type your password into a PM and try to send it, there would be an error telling you to remove your password from the message. Fourth, if you were reported, moderators and admin will never need passwords. They can access records without needing passwords or birthdays. Fifth, you can't be banned for not replying to a PM. That is pure rubbish. Sixth, mods will send you a warning or two telling you of the rule you have broken and how you can prevent being warned again. They wouldn't send a PM telling you that you're about to get banned.
ANOTHER FAKE ADMIN MESSAGE Hello,
I am a Gaia administrator
I am contacting you because we believe that this account
Has been connected to the recent hacking
We hope this is a mistake
But for your safety and the safety of Gaia
We are going to ask you to change your password to one of our mule passwords:
Password 1234
Exactly as typed
We ask that you do this again for yours and all of Gaia’s safety!
And we ask that you do this because if it is connected in anyway the connection should and will stop for the time being, so please follow those instructions
thank you,
**if you receive this private message please do reply**
Gaia warning #120292
xxxxxxxThis phishing technique is a poor attempt at stealing your account. This PM is missing more periods than a pregnant high school teenager. There are several grammar mistakes as well. Just because someone can use colored text does NOT mean they are an admin or moderator. If you change your password to the one included in the message, you are pretty much giving the user your account password.
Solution:
xxxxxxxClick the button above or below the message and report it under password phishing. A real moderator will eventually get to the report and take care of the user. You can delete the message after reporting it.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Posted: Sun Jul 17, 2011 3:31 pm
|
|
|
|
Someone in Towns is saying that my password is censored when I say it.
 Simply put, this is easy to fall for. Though, if you're smart enough, you would know that there is pretty much no filtering of words in any of the virtual worlds. It is very easy to do this. The user simply just typed a bunch of asterisks (*********). Yup, that means that they didn't type their password. All in all, just don't type your password into the chatbox in any virtual world (Towns, Virtual Hollywood, or games). If you ever see anyone doing this, hover your cursor over their avatar and click the little plus (+) sign. Select to report the user and explain that they were password phishing. Also, tell your friends who are with you that this supposed "censoring" does not work. You can say anything in the world and it won't be censored in virtual worlds.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Posted: Sun Jul 17, 2011 3:37 pm
|
|
|
|
What is a keylogger and how can I remove it?
xxxxxxxA keylogger is pretty much a virus that someone sends into your computer and it records keystrokes and sends it back to the person who gave you the keylogger. They can not only steal your Gaia account information, they can also steal personal information such as social security numbers, addresses, bank account log-ins, e-mail accounts, and any other private information you type into your computer.
xxxxxxxIf you are concerned that you have a virus, trojan, spyware, adware, or keylogger, go here and read that guide carefully to find out how to locate and remove it.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Posted: Sun Jul 17, 2011 3:41 pm
|
|
|
|
|
|
|
|
|
|
|
Posted: Sun Jul 17, 2011 5:44 pm
|
|
|
|
|
|
|
|
|
|
|
High-functioning Ladykiller
|
Posted: Sun Jul 17, 2011 5:48 pm
|
|
|
|
|
|
|
|
|
|
|
Posted: Sun Jul 17, 2011 5:53 pm
|
|
|
|
_xX Es-One Xx_ You should definitely define hacking vs. scamming. All of what you cover is scamming, not hacking. Fake login pages = phishing = scamming Virtual worlds sensor = phishing = scamming Keylogger = Hacking (real programming is involved.) Fake "item generator" pages = phishing = scamming Fake admin messages = phishing = scamming Pop-ups (also FLW or Fake login window) = phishing = scamming Not mentioned: Cookie/Session hijacking: When a real hacker uses a program to hijack cookies or sessions to obtain access to your account. Brute forcing: When a real hijacker forces his way into Gaia servers to recover hash info to then decode and obtain password. The two above are RARELY seen, as it takes a lot of effort, knowledge, and time. Also, the bottom of the two is illegal by federal law. Great guide though! It'll tell them how to report and what to watch for.
Sorry. sweatdrop
I'm just using Gaia's definition of hacking which is this:
"Hacking, on Gaia Online, refers to the unauthorized access of an account by someone other than the account owner. In most typical hacking cases, an unauthorized person enters an account which does not belong to him or her and takes items or gold from the account, often changing the account information so that the original owner can no longer access his or her account."
Most of what is in my guide is pointing to Gaia's definition of "hacking", so I call it a hack prevention guide. It is a guide teaching how to recognize hacking techniques (unauthorized people signing into an account, changing information, then getting the account banned).
Scamming, as defined by Gaia is this:
"Scamming is when another member of Gaia takes your gold or items, or tries to take your gold or items, by making false promises of giving you rare items, get-rich-quick schemes, or by any other deceptive means. Scamming generally involves a situation in which two members of Gaia make an arrangement to trade gold, items, or a Gaia approved service (e.g. avatar art commission) with each other and then one of the parties involved in the arrangement fails to live up to his or her promise of an exchange. Scamming does NOT involve the loss of your account or the direct theft of your items/gold. If you cannot access your account, or someone else has gone into your account and taken your items or gold, this is not scamming but hacking and needs to be reported using the Hacking Report Form."
So, sorry if it isn't the "proper" word I'm using, it is Gaia's terms that I'm using.
I can understand how the one technique where you "enter your username & password and get angelic halo/rare item" might be considered scamming, but really, it is password phishing due to being asked for a password.
So, pretty much if it asks for your password, it is considered phishing, which can lead to being hacked. |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Posted: Sun Jul 17, 2011 5:55 pm
|
|
|
|
|
|
|
|
|
|
|
Posted: Sun Jul 17, 2011 5:57 pm
|
|
|
|
|
|
|
|
|
|
|
|
|
Posted: Sun Jul 17, 2011 6:08 pm
|
|
|
|
|
|
|
|
|
|
|
|
|
