Like us on FaceBook
Live Gold Swaps on Twitch
Add an Event
Event Calendar
Deputy Discussion
| Welcome to the National Guard of Runescape. You must be registered to access the forums. |
| 2010/Oct/06 - High Security Threat: Keylogger Found | |
|---|---|
| Tweet Topic Started: Oct 6 2010, 08:51 AM (833 Views) | |
|
|
Oct 6 2010, 08:51 AM Post #1 |
![]()
Classic Veteran
|
Everyone should be well aware NEVER to trust misleading URLs which redirect to places OTHER than what the link itself shows. Even times you shouldn't visit the link shown. Below is an on-forum inbox I just got from something that according to the current board settings should NOT even be possible. A "validating" user sent me a PM containing the questionable link that ISN'T the same as the one I copied/pasted below. It was a URL masking to another URL that could quite possibly be a keylogger. DO NOT CLICK THE LINK -- SIMPLY DELETE THE INBOX soon as you see it. The banned scammer name is u has logged. Everyone knows fair well official inboxes by NG are ONLY sent by ranked/registered members of the board. And/or through our bulk e-mail under the name nationalguardofrs@yahoo.com (this board's e-mail address listing). So if you got the below PM at your inbox -- delete it and do not click the link. We've already banned his account so that should give a hint it isn't legit if/when you open your inbox to review it.
The outward shown URL simply links here: http://services.runescape.com/m=poll/c=OFZR7B2F*d0/index.ws But the hidden URL which we believe to be a keylogger website links here: runescape.6x.lt FireFox tells us the following about this website:
The irony of it the banned name is u has logged as in "you have been keylogged". Quite the elaborate prank by some troll of NG. But just as he entered he got banned on first attempt to scam passwords of our members. Fail scam is fail. No doubt as you try logging into the fake RuneScape website there is the image below the log in window showing "only enter your password at {JaGeX Limited (GB)} http:/secure.runescape.com". Edited by Kire667, Oct 6 2010, 09:12 AM.
|
![]() "When I came into the game they didn't do nothing but doubt me. Now the whole game's changed and it ain't nothing without me." About Me
| |
![]() |
|
|
|
Oct 6 2010, 10:10 AM Post #2 |
![]()
NGoR Elder
|
Can you not delete the inbox's sent from this user in Admin CP? Also it seems incredibly easy for someone to do this again is there some way we can prevent this happening again? Perhaps send an inbox to all members as well warning them not to click the link, I almost voted as the first thing i saw was an inbox before reading the shoutbox. Also I can't find the delete, I can only Archive, Mark as read or Mark as unread :s Edited by Alex, Oct 6 2010, 10:15 AM.
|
|
Inventor Of Fish Tanks. | |
![]() |
|
|
|
Oct 6 2010, 11:25 AM Post #3 |
|
MotM Oct'09
|
I didn't get this email. Was the email sent to only a few people? And I have no idea how they managed to do this. All the settings are set restricting this. |
![]() |
|
|
|
Oct 6 2010, 04:18 PM Post #4 |
![]()
NGoR Elder
|
Was sent to me Ok so I clicked on it and it takes you to a rs login page which looks legit so then I logged into it with emerald cause hes perm banned soooo idgaf if he gets hacked but yeah. I voted on the poll (NGOR isnt even on there) and then I clicked "return to the RuneScape homepage" or whatever and got this: http://imgur.com/BEXmu.png Edited by Kire667, Oct 6 2010, 10:49 PM.
|
![]() ![]() ![]() ![]() ![]()
| |
![]() |
|
|
|
Oct 6 2010, 10:45 PM Post #5 |
![]()
Classic Veteran
|
Samboza: It is not an e-mail. It is a PM inbox on the board. The user was under the user group Validating and those can't make posts or read the forum or inbox or even bulk inbox others. So how in the **** this happened I haven't a clue. Someone is pro at hacking Zetaboard settings and allowing himself to use the features of inbox without admin accepting the account access to forum. Alex: To remove an inbox from your folder check the box to the side of the inbox, then click "archive". Open your "archive" folder, check the box once more and click "delete". It is like your on-forum recycling bin for all inboxes so you only delete something if you delete it twice to insure you don't lag and delete something on accident. I use community news and shoutbox to bulk warn users about this threat. I have NO idea how to bulk inbox PM others. I merely know that once every 24 hours I am allowed to bulk e-mail all registered members (even banned names). So if and when I find how that is done at Admin CP I will use that as well for warning about potential hackers/scammers/keyloggers/botters that pose a threat to us. Spread the word around. This is the first keylog attempt by a user since the "hacked" accounts by Liam| in January 2009. Over 1 full year gone by and finally they are trying us again thinking out members are retards and about to fall for that JaGeX preach day in day out -- only trust your account information at secure.runescape.com and no place else. If the green bar labeled "JaGeX Limited (GB)" does not appear next to the URL http://secure.runescape.com then leave the page immediately! Jake: The warning appears AFTER you voted? I couldn't load the site redirect URL without clicking "ignore this warning" to get past the warning FireFox gives due to so many reports against that scam website. Edited by Kire667, Oct 6 2010, 10:49 PM.
|
![]() "When I came into the game they didn't do nothing but doubt me. Now the whole game's changed and it ain't nothing without me." About Me
| |
![]() |
|
|
|
Oct 7 2010, 04:45 AM Post #6 |
![]()
NGoR Elder
|
I think you might need to look at the restrictions for Trial members as me and Antonio are able to inbox each other and he's a trial member :O
Edited by Alex, Oct 7 2010, 04:46 AM.
|
|
Inventor Of Fish Tanks. | |
![]() |
|
| Deleted User | Oct 7 2010, 06:36 PM Post #7 |
|
Deleted User
|
thats what my comp tells me it also says its a malware hosting site.![]() jake posted this before me thats what i get for not reading before i post :p |
|
|
|
|
Oct 7 2010, 08:36 PM Post #8 |
![]()
Classic Veteran
|
Alex: Trail members can. Validating should not. Validation is the user group for everyone NOT approved by forum admin at Admin CP. The names are listed for 7 days before auto-removed under the Admin CP section "Authorization List." Trial Member is a completely different thing that users go into AFTER approved for Validation. Then 10 posts later they become Full Member. This change was made AFTER a single user produced 1000 accounts and spammed the same post 10000 times in 10 minutes. (Then tried inboxing me if I wish to buy the bot from him. What a **** wad!) We locked future accounts without BOTH e-mail and admin approval. All Trial Members were no longer allowed to post since the accounts were below the minimum to auto-promote to Full Member for the following 3 days until we locked/hid/deleted all of the adult-rated spam topics. Edited by Kire667, Oct 7 2010, 08:38 PM.
|
![]() "When I came into the game they didn't do nothing but doubt me. Now the whole game's changed and it ain't nothing without me." About Me
| |
![]() |
|
| 1 user reading this topic (1 Guest and 0 Anonymous) | |
| « Previous Topic · Community News · Next Topic » |
| Track Topic · E-mail Topic |
3:51 AM Jul 11
|

National Guard of Gaming, National Guard of Runescape, Clan MF-D and all logos are trademarks of Webtronix Design, ©1998. All Rights Reserved. View our ToS for more details. Runescape™ is a trademark of JaGeX Ltd ©1999. Andrew Gower and Jagex, Ltd. Forum banners by Bobbydown. Forum design by Ackerben. Team Speak by Gaming Heavens.














3:51 AM Jul 11