what should my Friend do? Today his LFS account was stolen. He couldnt join online so i went online and someone was driving under his name, even braging his friend stole the account for him. He changed the gamepassword but still cant go online. He also changed all passwords he had

He is/was driving on LC server (he is driving right now) under LC|Tehit (LFSworld username: freeholder). Not to say NO ADMIN responded to him bragging he stole it. I wish i saved mpr

Prof of the bastard (sorry for my language):

He should contact devs
http://www.lfs.net/?page=contactus

He just did (i did in his name, his english is quite bad). Hope he gets that fixed soon :S

Quote from 'ru7 [SLO :

Hope he gets that fixed soon :S

Me too!

Any idea HOW they managed to steal it?

Not because I want ideas, but he may have done something himself, to give it out. If not, others might want to know, to be more secure.

if you havent joined any new servers since this incident, then the mpr will be saved as "temp mpr."

Provided he's not closed LFS

I'm pretty sure the dev's can fix that

They probally just have to recet the account (meaning they make one of these impossible to remember passwords, then he logs in and changes that)

But you said he changed password, and still they managed to steal his lisence? Do you then mean he could not change password, because it told it was wrong, or did he change it, and then they still managed to find that out?
If it's the last thing, my guess is that your buddy has a program running on his computer, that allows other people to see what he writes. Erh... I am so drunk now I don't remember the name of that program, either way - KEYLOGGER - that's the program lol, remembered it now. If he without knowing has this program, other people that want to know what he doing simply can open a text document to see everything he have written - so they could find the password.

What I do for really secure passwords, is type it backwards. Then CTRL+X/CTRL+V it to be the right way around. Takes an extra 10 seconds, but it can't be keylogged

Quote from dougie-lampkin :

What I do for really secure passwords, is type it backwards. Then CTRL+X/CTRL+V it to be the right way around. Takes an extra 10 seconds, but it can't be keylogged

or people can stop downloading porn from shady sites, or clicking on random links to exe files...

thank god i use linux... most of these crap applications won't even run with wine.

Quote from dougie-lampkin :

What I do for really secure passwords, is type it backwards.

OT

Sry but that's as secure as if you type your password the normal way.
Sophisticated tools can rapidly guess passwords that are based on words in multiple dictionaries, including words spelled backwards.

In general there are no secure passwords, only strong and weak passwords.

Combine letters, numbers, and symbols. The greater variety of characters that you have in your password, the harder it is to guess.
Simple as that.
But once you have a keylooger running on your system then there is already something completly wrong with your system security at all.

Sorry for the continued OT'ness here, but...

I found out yesterday just how rampant virii are on t'intertubes. I was using a temporary OS, I only needed it for a few hours while waiting for a mate to give me my Vista DVD back. I didn't bother installing an anti-virus, as there was nothing on it at all, I was only on t'interwebs. Within an hour, I got the MSN virus, the one that says "Is this you?" and gives a link to what looks like a JPEG, but is a virus. Yet after 6 months of using Avast on my old PC, I never got so much as a hiccup. Kind of scary really, the amount of crap your computer gets without you knowing...

As for the backwards password, I type my actual password backwards in the entry box (it's 12 character random letters, numbers and brackety sybmol yokes), and then re-arange it. So to a keylogger, the password is backwards. It's something anyway

An account cannot be stolen. It can only be "unintentionaly handed over" to someone else.

Quote from breadfan :

An account cannot be stolen. It can only be "unintentionaly handed over" to someone else.

Idiot.

Quote from Klutch :

Idiot.

x2

Quote from Klutch :

Idiot.

Why call him an idiot? Even if he is incorrect, that doesn't make him worthy of your abuse. Congratulations, you just made an idiot out of yourself.

... More helpfully. If your account is actually stolen, your best course of action is to use the Mail Us feature on the main LFS page, with some sort of reference number (Paypal #, Transaction ID from those emails). Then Vic can verify that you're legit, and restore the account back to your possession.

Hope this helps.

Quote from Gunn :

Why call him an idiot? Even if he is incorrect, that doesn't make him worthy of your abuse. Congratulations, you just made an idiot out of yourself.

Yeah, i'm an idiot because i know viruses and keyloggers exist, and what type of damage they can cause.

I'm such a retard, that i go around spreading false information and accusing people of giving out account details.

Yep, thats me alright.


I don't see how i made an idiot out of myself, i made myself look like a right arrogant ****, sure. But idiot? Doubtful.

I'm obviously not the only person who thinks he's an idiot either, read up.
And if i did make an idiot out of myself?

OH NOEZ LULZ
Its a ****ing forum.
Big deal.
I'm sure I'll get over it.

It's far more likely his password was just easy to guess. So many people use their username again or just "password" and it's not a shock when that happens.

See, I find it unlikely that someone running a keylogger would bother to steal a game login. And very coincidental that they either have it installed already or are willing to find it and download it to try those details.
Keyloggers want valuable info, and LFS just isn't high on the risk/reward scale.

Quote from Klutch :

Yeah, i'm an idiot because i know viruses and keyloggers exist, and what type of damage they can cause.

I'm such a retard, that i go around spreading false information and accusing people of giving out account details.

Yep, thats me alright.


I don't see how i made an idiot out of myself, i made myself look like a right arrogant ****, sure. But idiot? Doubtful.

I'm obviously not the only person who thinks he's an idiot either, read up.
And if i did make an idiot out of myself?

OH NOEZ LULZ
Its a ****ing forum.
Big deal.
I'm sure I'll get over it.

Have you ever actually USED a keylogger? You get a log - I have typed my LFS password in ONCE per OS it's installed on - even then the odds of the "big bad hacker" taking his LFS license (as a pose to having an app crawl through for bank details) are 0.

Most people who get accounts "hacked" on the internet have REDICULOUSLY weak passwords - fact.

idiot.

Hi, sorry for late reply. The account owner got it back once the "thief" went offline. My friend was lucky the thief didn't change the game password before he did

Epic theft fail :chairs:

Happy to hear the problem has been solved. But for the future (and for anyone who stumbles upon this thread via search later):

Assuming the original GAMEpassword has been guessed (or handed over), solving the situation isn't that hard. Just log on to www.lfs.net using your username and your WEBpassword and then change your GAMEpassword. You should never ever tell anyone your GAMEpassword, but you definitely must keep the WEBpassword to yourself. I should also point out, the two passwords MUST NOT be identical.

A thief can't really do anything without your WEBpassword. Sure, with your GAMEpassword (s)he can unlock content and go online, but after you notice the theft you just go and change you GAMEpassword.

The situation is completely different if the password is sent to the thief via a keylogger, but then again having your LFS account temporarily stolen isn't the biggest of your worries (and if indeed you have a keylogger running just to steal your LFS passwords, most likely it has been planted to your computer by one of your demo licensed friends..). After you clean your PC, you should go and change both of the passwords just in case. If you can't login to www.lfs.net (your WEBpassword might be stolen as well), there's always the last resort.

you will also know instantly if somebody has unlocked LFS as when you unlock LFS nowadays you get an e-mail notification. So the second you get that. go change those passwords.

and dont forget you should only use your password on OFFICIAL LFS WEBSITES: http://www.lfsforum.net/showthread.php?t=447

Only ever use your LFS Details on the websites listed in those threads.

Since the original topic has been resolved....

Quote from dougie-lampkin :

Sorry for the continued OT'ness here, but...

I found out yesterday just how rampant virii are on t'intertubes. I was using a temporary OS, I only needed it for a few hours while waiting for a mate to give me my Vista DVD back. I didn't bother installing an anti-virus, as there was nothing on it at all, I was only on t'interwebs. Within an hour, I got the MSN virus, the one that says "Is this you?" and gives a link to what looks like a JPEG, but is a virus. Yet after 6 months of using Avast on my old PC, I never got so much as a hiccup. Kind of scary really, the amount of crap your computer gets without you knowing...

As for the backwards password, I type my actual password backwards in the entry box (it's 12 character random letters, numbers and brackety sybmol yokes), and then re-arange it. So to a keylogger, the password is backwards. It's something anyway

How do you copy and paste so that what is on the clipboard is backwards from the original copy?

If you have a keylogger on your computer, what do you think "control-C" and "control-V" is? They are keystrokes. They are recorded by the keylogger just as typing your password in.

As for virus and such, it's amazing how clean your computer can be without having antivirus or anything else installed. You are not picking up random crap from the internet. I've been on the internet since 1996, have never had an antivirus program actively running (I have AVG installed and scan now and then, but not actively running) and have never got "so much as a hiccup" either. If you get an MSN message that says "Is this you", that is your first flag. If you do not know the person, that is the 2nd flag. The fact that it has a jpg image attached, that is your third flag. It isn't random, you must have clicked it.

12 years without a virus on 4 systems, 4 Windows systems, and 5 internet providers without running active antivirus, firewalls, and antispyware.