Log in | No account? Register!
A word on hacking

A word on hacking

Written by Korni on Saturday 21 July 2012
Introduction
One of the most serious problems each online game faces nowadays are hacking attempts. The game changes with time, and so do ways of getting access to another player’s account. This article focuses on hacking methods – the well-known ones as well as some which you might not have been aware of yet.


The Internet – risks and duties
Tibia is a massive multiplayer online roleplaying game. By definition, these games require some sort of network connection, mostly with the biggest, worldwide system of networks called the Internet. While this allows players to spend their time online with people from all over the world, it also exposes them to multiple risks that arise from the use of the global network.

At the very beginning of a player’s experience with Tibia, a game account has to be created. While the account actually belongs to CipSoft, players are given the right to use and administer it fully according to their needs, of course for as long as their actions comply with the Tibia Rules. Paraphrasing a well-known saying, with some power comes some responsibility. It is the player who is held responsible for keeping the account safe at all times.


Money, money, money…
The very first creature you kill might contain some pieces of an item, which almost all Tibia players crave for – gold. In fact all the items have some value, which can be represented in either a small or large amount of gold pieces. One of the goals of the game, beside gaining levels, skills, fame and friends, is to become rich – both in valuable items and gold pieces. Some players will try to achieve this goal in a fair manner, some will not. There are two groups of players that are hated within the Tibia community because of the way they chose to become rich in-game: botters and hackers. Let’s focus on the latter group.


Tibia website and game client
While some players access the game using the Beta Flash Client, which is available on the official website, most of them still download the old-style stand-alone one. Whichever you choose, you face one or two security threats. First one is called website spoofing. Every time you log in to your account on the website, you should make sure that the address you are visiting starts with https://secure.tibia.com/. There should also be an image of a padlock displayed next to the address bar or even inside it – this ensures that you are visiting the official Tibia website and that your login data is encrypted so you are safe to log in even while using an open Wi-Fi network. There are numerous fake websites which look just like the official Tibia website, so either always type the address manually, or check the address bar if you have followed a web link.

If you are among the group of players who use the stand-alone client, you should always download it from the official website. Even if fansites offer client downloads, you should not use those – there is always a risk that someone has manipulated those files by hacking such a fansite. Now that you know how to log in safely, let’s discuss in-game hacking attempts.


Ban? No, please…
Breaking the Tibia Rules may lead to a banishment. Most players would do almost everything in order to avoid getting banished, and hackers know it. There are several tricks they use in order to hack players only using that knowledge. Most of these tricks require the hacker to impersonate an employee of CipSoft – a gamemaster, community manager, an imagined “ban list administrator” or anyone else they can think of. Many players will be so scared when hearing about a banishment, that they will not even think it is a hacker who talks to them. What you need to know is that CipSoft will not contact you concerning a banishment. They do not send in-game letters, they do not discuss banishments in private messages. If you are ever contacted this way, be sure it is a hack attempt.

You have probably heard about the bot detection system. It automatically detects players who gain unfair advantage over other Tibians by using unofficial software to play. Some hackers send multiple in-game letters or contact players directly through the private message system, telling players they have been detected botting and they will be banished unless they visit a certain website in order to remove themselves from a list of botters. Again, if you are ever contacted this way, be sure that it is a hacker who talks to you – there are no lists of botters, and in no case would CipSoft contact players about the bot detection system. Never, ever. If the detection system catches someone, a banishment or account deletion will follow and there is no way to avoid it. Don't use bots, be sure that you are a fair player, and you will be safe from both the banishments and hackers.


Free premium time? Yes, please!
New continents, creatures, hunting places... These are just some of the features available to players who have some active premium time on their accounts. How tempting it is to follow someone's advice, visit a website which looks just like the official Tibia website and grab some premium time for free? As great as this could sound, you may be sure you would have found your account hacked the very next day after accepting such a generous offer.

Here again, hackers send in-game letters, in which you are told you have won a lottery by CipSoft or a fansite, or that CipSoft is giving some premium time for free and you can claim your prize by logging in to a certain website - and no surprise here, the website which you are asked to visit is created with one intention only - stealing your account data. The same goes for advertisements which you may find in one of the public channels. Do never believe such offers.

If CipSoft ever decides to give you some premium time for free or as a reward for participating in a contest, poll or feedback form, you will not need to log in anywhere - they can add premium time directly to your account. Whenever this happens, players are informed about it on the official website.


Trading Tibia gold
It is usually enough to open the Advertising channel in order to find someone advertising a "completely safe" gold buying/selling website or a worldtrade service. Isn't it surprising to you that each day it is a different character who advertises it? Hackers will do their best to ensure that there are enough players visiting their hack websites to make the business profitable, unfortunately at your cost. That's why those ads are sometimes posted by high level characters, which later turn out to have been hacked.

If this warning does not discourage you from visiting such websites, please do never provide your Tibia account data anywhere on the website. Keep in mind that even opening a website can be dangerous if the hacker knows how to use security holes in your web browser. Also, never accept so-called Java applets - no website related to Tibia needs to use them. If a pop-up window appears asking you to accept such an applet, leave the website immediately. Accepting it would surely lead to your system being infected.

If you ever decide to trade your gold from one game world or another, do never visit websites that are being advertised in the game. Check the trade board of your game world or the one which you are transferring to - you can usually find many offers of players willing to trade with you. Some of them also run so-called worldtrade services - trade only with those, who gained enough feedback on the forums already. While there is still a risk of getting scammed, you are quite safe from hacking attempts while completing the deal in the game with a real player. Alternatively, the fansite Tibia ML offers its users a safe worldtrade service called Smuggler.


Bots
You may sometimes come across players advertising unofficial software, designed to help you level your character faster and gain gold while you are away from keyboard, so-called bots. As tempting as the idea may seem, downloading the bot is like inviting its creator to search through your computer and install anything he wants. You will never know what actions does such software perform in the background. So, not only you risk a banishment or an account deletion in case you are caught using such an illegal help but also creators of such bots will usually punish you much faster by stealing your items.


Let's sum it up
As you see, hackers possess an entire arsenal of methods which can be used against players in order to gain access to their accounts. The most general tip you may receive is - be cautious and suspicious. Whenever someone offers you things so good that they seem almost impossible... maybe they simply are impossible?


Stay safe!