Capt_Jack said:

Nothing suspicious Here:

1. http://prntscr.com/cztfsu
2. http://prntscr.com/cztgba
3. http://prntscr.com/cztgrk
4. http://prntscr.com/czth5a

Not even the level of the players

No $ for cheats.

Lolz, thanks for posting this. The game is **** up now with all this scripting going on. Just waste your troops and leave afterwards  the game for good. Spend your money - if you did so - for another game. I recommend "Grepolis" or "Travian", "Forge of Empires", something that has not "Plarium" and "we tolerate cheaters" and "we need proof" all over it.

No $ for cheats.

Edited by Blasphemy - please watch the language

With intelekta.Russkie always been the most intelligent and educated.

F A R G O said:

Shiv will be back tomorrow and will write to u.  (Post)

AAAAnd open big secret  Wait :) 

"No $ for cheats" 

So F A R G O, i have a question for you SHIV and Adam Krab and all the other RuAL people,

Peter Blood said:

F A R G O said:

Shiv will be back tomorrow and will write to u.  (Post)

AAAAnd open big secret  Wait :) 

"No $ for cheats" 

So F A R G O, i have a question for you SHIV and Adam Krab and all the other RuAL people,

IF the Russian players hacked our server, the German one is next. So if Russian players attacked Germany from behind, do you think Greece would help?

https://www.youtube.com/watch?v=4m48GqaOz90

AdamKrab said:

Dalira said:

Just ignore them, please. They are just trying to compromise this thread, you won't get an answer from them.

No $ for cheats.

Wash, I answer all the questions.This means that you do not ask questions on the topic

Помоему, я отвечаю на все вопросы .Значит что вы сами задаете вопросы не по теме.

2 answers :

1 Have you solved the prize algorithm?

2 How many rubbies your members spend to have all his strengh.

I am stupid so i try to learn

No $ for cheats

Hi Blasphemy, You know me quite well and I will tell you upfront Tell Raul and destroyers im waiting on them and to Kiss my Azz as we will not pay no ransom. Maybe ill make them pay me

Marine

You know it's funny, because I just looked at RuAL's latest brag book and it seemed to leave out the attacks that failed. It is hard to tell because of all of the spam attacks that wiped out almost all of the battle reports. But there is one thing I know for sure...We won Team PvP over RuAL. That means we killed more of their units than they did of ours. How is that possible if all of their attacks were victories?

You can make fun of our old-fashioned raid and build style of play, our "work" ethic, our PvP skills. You can make fun of the fact that I enjoy our community that we have built here. But when you publish a brag book, you should include the losses too.

I have little to brag about. I am just a man travelling through space and time, with friends I have made from around the world, of different languages and religions, on a great pirate journey.

Smitten (still Lost and Found)

Marine said:

Hi Blasphemy, You know me quite well and I will tell you upfront Tell Raul and destroyers im waiting on them and to Kiss my Azz as we will not pay no ransom. Maybe ill make them pay me

Marine

Hello Marine, nice to see you still playing old friend

And it seems they're preparing to do it again.  

http://prntscr.com/czv1ug
http://prntscr.com/czv248
How is this not obvious to Plarium ?  

Like i said before whatever they are using plarium's server sweeper or whatever use isn't picking it up, so soon plarium will wake up a nd just ban the whole lot of them ...

In the midst of all this one wonders how it could happen, and not be real obvious. As a Job I had in the past required me to check our SQL Servers for known flaws such as SQL Injection (depending the SQL Database type) I would drag out my Laptop with my sniffer and plug it into the network.

Then I would open an instance to the SQL Server (such as in this case Plarium). The sniffer would record all the traffic between the Server and the workstation. It I can clearly see the Code of the game which is down loaded and the other information in the cookies. It also tells me what type of Database is being used. Now that I am connected to the SQL server I open another tool and select SQL Queries for known issues... and start running them.

What follows is very simplistic. The hours of work and SQL queries used would be volumes’. I get a report as each succeeds or fails. The ones that succeed can be used to open a doorway to the server which unless the Admin is sharp looking logs it might be overlooked. Next knowing how to get into the server, I look for the target I want.

The Best Fruit is rubies. with Rubies I can buy anything.

Now we take the same workstation and start recording a session to go get rubies.. All I need is 1 ruby. As that is complete I examine each step of the process, including the number and types of troops I have to complete the process. Next given there are according to what is displayed a certain number of rubies to be harvested at each ruby mine.

So now to construct the SQL Query to connect to the ruby mine with X amount of troops with Credentials of where to send the rubies. So a machine is used to log into the game and the SQL engine send the query which fails and then adds the injection that X amount of troops just land on ruby mine xxxxx and this is where to send when full…

This would be very hard to spot other than maybe a small error in the SQL Logs where there are so many transactions happening every second. even though the player only logged in everything would appear normal except he send no troops to the mine... the Server only thinks he did and returns the rubies to the right place in the right Database. So now I only need to know where the ruby mines are.

So a question might be asked what could one do with unlimited rubies. One could go start killing Prizes gain new ships and buying lost ones back. In a short time you would have a very powerful fleet. It would appear to be legit, but a lot of work. If I get tired of having to sit there I work on my SQL Queries to connect to the Ruby mines part of that database saying I have had this many ships there for this many hours and issue a recall query.. they move to the users database. over time I know the exact regeneration of the ruby mines and speed things up. Then I can collect even more rubies appearing to be legit.

Now if I have unlimited rubies what can I do to escalate my position. I can try to connect to the Prize database saying that I sent X amount of troops at the prize. Return what is left and what is won to this user. This could potentially bypass the transaction where the troops are actually put in the hold status waiting for the battle. Oh it becomes a troop doubler. I lost nothing of what was in my account but gained all these extras... Now use free rubies to buy back what was sent to be redeemed.

Utube is full of videos with successful exploits for various things. It is known that it can be done. How would you catch someone doing this... One way would be to look at the top Mission Holders. and how consistently they stay there. What this boils down to the SQL Admin needs to know what "holes" there are in his/her database server and how to close them. The Game Code needs to insure there are equal transactions that can be traced if not throw a BIG Flag for the Admin.

Every Legit Security Engineer gets training on how to be as smart as the Black Hat.

Obviously they don't have as skilled people working at Plarium as you are, Pappa. That's the problem and it will kill the game entirely.

The screenshot is just another part of the evidence. http://prnt.sc/czv248

Thanks for sharing this.

Dalira said:

Obviously they don't have as skilled people working at Plarium as you are, Pappa. That's the problem and it will kill the game entirely.

The screenshot is just another part of the evidence. http://prnt.sc/czv248

Thanks for sharing this.

No $ or € for Cheats.

Hi all, boring?

 Привет всем , скучили ?

All the honest players need to stop spending money and let Plarium see where their income really comes from. I have never seen them solve a problem without loss of money,

Pappa said:

In the midst of all this one wonders how it could happen, and not be real obvious. As a Job I had in the past required me to check our SQL Servers for known flaws such as SQL Injection (depending the SQL Database type) I would drag out my Laptop with my sniffer and plug it into the network.

Then I would open an instance to the SQL Server (such as in this case Plarium). The sniffer would record all the traffic between the Server and the workstation. It I can clearly see the Code of the game which is down loaded and the other information in the cookies. It also tells me what type of Database is being used. Now that I am connected to the SQL server I open another tool and select SQL Queries for known issues... and start running them.

What follows is very simplistic. The hours of work and SQL queries used would be volumes’. I get a report as each succeeds or fails. The ones that succeed can be used to open a doorway to the server which unless the Admin is sharp looking logs it might be overlooked. Next knowing how to get into the server, I look for the target I want.

The Best Fruit is rubies. with Rubies I can buy anything.

Now we take the same workstation and start recording a session to go get rubies.. All I need is 1 ruby. As that is complete I examine each step of the process, including the number and types of troops I have to complete the process. Next given there are according to what is displayed a certain number of rubies to be harvested at each ruby mine.

So now to construct the SQL Query to connect to the ruby mine with X amount of troops with Credentials of where to send the rubies. So a machine is used to log into the game and the SQL engine send the query which fails and then adds the injection that X amount of troops just land on ruby mine xxxxx and this is where to send when full…

This would be very hard to spot other than maybe a small error in the SQL Logs where there are so many transactions happening every second. even though the player only logged in everything would appear normal except he send no troops to the mine... the Server only thinks he did and returns the rubies to the right place in the right Database. So now I only need to know where the ruby mines are.

So a question might be asked what could one do with unlimited rubies. One could go start killing Prizes gain new ships and buying lost ones back. In a short time you would have a very powerful fleet. It would appear to be legit, but a lot of work. If I get tired of having to sit there I work on my SQL Queries to connect to the Ruby mines part of that database saying I have had this many ships there for this many hours and issue a recall query.. they move to the users database. over time I know the exact regeneration of the ruby mines and speed things up. Then I can collect even more rubies appearing to be legit.

Now if I have unlimited rubies what can I do to escalate my position. I can try to connect to the Prize database saying that I sent X amount of troops at the prize. Return what is left and what is won to this user. This could potentially bypass the transaction where the troops are actually put in the hold status waiting for the battle. Oh it becomes a troop doubler. I lost nothing of what was in my account but gained all these extras... Now use free rubies to buy back what was sent to be redeemed.

Utube is full of videos with successful exploits for various things. It is known that it can be done. How would you catch someone doing this... One way would be to look at the top Mission Holders. and how consistently they stay there. What this boils down to the SQL Admin needs to know what "holes" there are in his/her database server and how to close them. The Game Code needs to insure there are equal transactions that can be traced if not throw a BIG Flag for the Admin.

Every Legit Security Engineer gets training on how to be as smart as the Black Hat.

OK Q Whats the red button do?

Any chance we can have that in basic layman's language, for us no computer software engineers please.

Regards 
 

Dalira said:

Actually, to get on topic, can someone explain to me what this mysteriously "third party program controlling havens" is, that Plarium has talked about?

No $ for cheats.

Good point Dalira, can they tell me to please.

and what's all these big data bots ? what are they used for?

I thought I had joined a simple pirate war game, its becoming a full performance of The Pirates of Penzance

https://www.youtube.com/watch?v=3KRbCTFqTlE