Have you ever been unsure
about a trade that seems a
little "iffy," or something that just
doesn't seem right?
This guide could help you decide
what to do when stuff like
that happens, and it
could one day save your account.
Important: First read CipSoft
Security Information Page
Last updated: February 20th, 2011
As defined in the dictionary, hacking is "to use one's skill in computer programming to gain unauthorized access to a file or network." If someone gets your account password and account number, they might take all of your stuff on your character, or possibly even your character itself.
What Bad Things are out There?
There are several ways someone can get your password to your account. Most can also do some bad things, not only to your Tibian account, but to your computer as well.
|1. Trojans, Trojan Horses - These are malicious programs pretending to be a regular program. They can destroy data and send info back to the owner, such as passwords. The main difference between them and computer viruses is that they do not replicate.
2. Viruses - Bad programs made by people to (usually) do bad things to computers. They can be disguised as games, pictures, or regular programs. When executed they could destroy information.
3. Key Loggers - these are programs much like Trojans, but usually they don't destroy data. They keep track of every keystroke made, and then sends it back to the owner.
4. Worms - Worms are viruses that sit in the computer's memory, duplicating themselves. They can be sent to other computers through an email program, or IRC (internet relay chat), destroying data.
5. Spyware, Adware - Usually these come from programs with bundled software, like file sharing utilities. Both will track what sites you visit and what you do on them.
6. Guessing Passwords - although unlikely, if you have an easy password, someone could guess it, or -- automated scripts with common words dictionaries embedded can "break" your easy-to-figure password too!
How Can A Person Get These?
With exception to #6, all the programs above can be gotten from a computer program. Sometimes they can be sent by email, a downloaded program, or a website. But, usually you will not find any of these things unless you're looking for a cheat to the game, or doing other... bad things.
If someone asks you to be their friend, and then tries to send you a file, reject it. Especially files with a .exe, .cmd, .bat, or .scr extension. Even if they want to send you a picture of them self, it'd advised not to accept it unless you absolutely trust the person. Ask them to upload it on a trusted image uploader instead.
How Not to Get Them?
There are lots of ways to be sure not to get any of the bad things mentioned earlier. Using your common sense is a good start!
1. Don't download anything questionable, like character modifiers, add-on Tibia programs, or toolkits, unless its from a trusted fan site. CipSoft has deemed what they consider trusted fansites on their fansites page. Even then, please use extreme caution.
• McAfee - can be bought in stores or online.8. Scan for Spyware using any popular program such as:
• Ad-Aware - an excellent program that will get rid of adware and spyware, along with other harmful programs.
Here are some tips to make your password almost un-guessable!
• Make sure you have a password of around 8-10 characters or even more.
• Don't use words from a dictionary. Instead, mix words together that don't make a real word, or even use a number or 2.
• Don't use your name or phone number for a password. don't use words that a friend could think of using (if you and a friend play Diablo, don't use 'diablo' for a password).
• Never give out your password - not even to a friend. Your 'friend' could turn out to be someone you don't know at all.
Myths & Facts
Here are a few common myths about these things.
Myth: CIP or a Gamemaster needs my Account Number or Password
Fact: CipSoft will never ask you for your password, they do not need it. Nor a Gamemaster will do. Or a Counsellor. Or a Tutor.
Myth: I can't trust any websites anymore!
Fact: Not all sites are bad, and about 99.8% of the ones you can find are good, and want to help you out. Unless you want to find a cheat or something, you won't find the other .2%.
Myth: Having antivirus software and a firewall makes me invincible to bad stuff!
Fact: Although it does help a lot, you should still be careful.
Myth: If you get a virus, you need to buy a new computer.
Fact: Absolutely not! There's a number of things you can do to fix it. For one, try getting a program mentioned above, such as Ad-Aware and try scanning. If that doesn't work, you could always choose the 'road less traveled by' and reformat, but sometimes it takes awhile.
Myth: There are item duplicators.
Fact: If you read any post from people saying they have an item duplicator, or they contact you in-game saying they can duplicate your items, it's a guaranteed scam.
Myth: There are magical start editing hacks!
Fact: That's a nonsense. All they want is your password or keylog you.
How keyloggers work
There are lots of keylogging programs out there today. I've seen lots, and I mean lots. But, the people here tend to use 2 types of keyloggers. Sc-Keylog and BlazingTools Perfect Keylogger (or BPK for short).
1. Sc-Keylog: How this works; It is a file by itself, usually and .EXE. When you open it, you will see that nothing happens. Usually this means that the file is running in the background, and you can ALT+CTRL+DEL to find it in the 'Processes' tab.
2. BPK: This program works by binding to another program, say tibia.exe. The program will run fine, but what you dont know is that it secretly installed BPK into your system. BPK will either send it to a person's e-mail or upload it to an FTP. In order for this to work, you need to supply a User+Pass for the e-mail or the website which you are uploading to. There are programs out that will decrypt the infected file, and will find their User+Pass that the provided. Payback! :)
Despite everything.... "I am hacked!"
We are sorry to hear you have been hacked. Before you can get your account back there are certain things that you must take care of. If you do not remove your security problem first you risk being hacked again.
1. Find out how the hacker got access to your account and remove the security problem. Carefully think over everything that has happened to your account and your computer during the last few weeks. Here are some questions that might help:• Is it possible that you have a computer virus or a spy program on your computer? Please use one or two up-to-date virus scanners to check your computer. If a virus is found remove it before you do anything else.
• Did you share your account data with anybody? A person that knows your account data can easily hack you.Do not risk that again.
• Is your email address safe? Try to secure your email address by changing the email password. To find out more about possible security leaks read Tibia's Security Hints carefully. If you follow these guidelines your account should be well protected against any further hacking attempts. Remember, if you try to get your account back before the security leak is removed it is quite possible that the hacker will again get access to your account.
2. Get your account back. To get back access to your account you have to use the Lost Account Interface. Specify your problem there and follow the instructions. Please note that a new password will only be sent to the email address to which the account is registered. If you have lost access to this email address try to get it back. For example you can contact your email provider and ask for help. Once you have access to the registered email address the Lost Account Interface will work.