This topic is closed

On the edge of quitting the game due to massive cheating and hacking

525 Replies
Capt_Jack
27 October, 2016, 10:08 PM UTC

Nothing suspicious Here:

  1. http://prntscr.com/cztfsu
  2. http://prntscr.com/cztgba
  3. http://prntscr.com/cztgrk
  4. http://prntscr.com/czth5a

Not even the level of the players


No $ for cheats.
UTC +4:00
Dalira
27 October, 2016, 10:21 PM UTC

Capt_Jack said:


Nothing suspicious Here:

  1. http://prntscr.com/cztfsu
  2. http://prntscr.com/cztgba
  3. http://prntscr.com/cztgrk
  4. http://prntscr.com/czth5a

Not even the level of the players





No $ for cheats.

Lolz, thanks for posting this. The game is **** up now with all this scripting going on. Just waste your troops and leave afterwards  the game for good. Spend your money - if you did so - for another game. I recommend "Grepolis" or "Travian", "Forge of Empires", something that has not "Plarium" and "we tolerate cheaters" and "we need proof" all over it.


No $ for cheats.


Edited by Blasphemy - please watch the language

UTC +7:00
Peter Blood
27 October, 2016, 11:05 PM UTC
Жорик said:

With intelekta.Russkie always been the most intelligent and educated.

Yes Stalin, Lenin, Peter the Great...umm wait..LOL
UTC +8:00
Peter Blood
27 October, 2016, 11:16 PM UTC

F A R G O said:


Shiv will be back tomorrow and will write to u.  (Post)

AAAAnd open big secret  Wait :) 


"No $ for cheats" 

So F A R G O, i have a question for you SHIV and Adam Krab and all the other RuAL people,

IF the Russian players hacked our server, the German one is next. So if Russian players attacked Germany from behind, do you think Greece would help?
UTC +8:00
Blasphemy
Moderator
27 October, 2016, 11:28 PM UTC

Peter Blood said:


F A R G O said:


Shiv will be back tomorrow and will write to u.  (Post)

AAAAnd open big secret  Wait :) 


"No $ for cheats" 

So F A R G O, i have a question for you SHIV and Adam Krab and all the other RuAL people,

IF the Russian players hacked our server, the German one is next. So if Russian players attacked Germany from behind, do you think Greece would help?

https://www.youtube.com/watch?v=4m48GqaOz90

I am a daughter of a High King who is not moved by this world for my God is with me and goes before me, I do not fear because im his
UTC +2:00
dac2491
27 October, 2016, 11:33 PM UTC
to the mighty CHEATING ruaI, I have been playing this game for nearly a year and do to the time requirement for researching discoveries and upgrading them and the buildings used in this game, there is NO POSSIBLE way at all, other than CHEATING to complete all discoveries AND produce over 1 billion points of offense in a months time even with 160 members ALL playing 24 hours a day  seven days a week. So please explain to us with all your mighty wisdom and superior playing ability how you managed to do just that? Plarium  has been shown numerous times how you are cheating and still they do nothing to stop it. Either they are the ones behind this outrageous activity or they do not care. either way they are driving more and more players away from this game. this perceived lack of action by them will serve just the opposite condition that they desire which is to generate an even larger income stream from players trying to rebuild and recover from the decimation that the cheating brings about. I personally know of over a thousand players who have sworn to spend not a single penny more on this game and to leave the game forever if the cheating is not stopped and the cheaters banned from the game forever. I too am one who will not spend another penny on the game and when all my troops have been destroyed fighting the cheaters then I am also done with the game forever.
UTC +5:00
Zandoli
27 October, 2016, 11:37 PM UTC

AdamKrab said:


Dalira said:


Just ignore them, please. They are just trying to compromise this thread, you won't get an answer from them.


No $ for cheats.

Wash, I answer all the questions.This means that you do not ask questions on the topic


Помоему, я отвечаю на все вопросы .Значит что вы сами задаете вопросы не по теме.

2 answers :

1 Have you solved the prize algorithm?

2 How many rubbies your members spend to have all his strengh.

I am stupid so i try to learn

No $ for cheats

 
UTC +4:00
Marine
28 October, 2016, 12:28 AM UTC

Hi Blasphemy, You know me quite well and I will tell you upfront Tell Raul and destroyers im waiting on them and to Kiss my Azz as we will not pay no ransom. Maybe ill make them pay me


Marine

UTC +0:00
Smitten
28 October, 2016, 12:39 AM UTC

You know it's funny, because I just looked at RuAL's latest brag book and it seemed to leave out the attacks that failed. It is hard to tell because of all of the spam attacks that wiped out almost all of the battle reports. But there is one thing I know for sure...We won Team PvP over RuAL. That means we killed more of their units than they did of ours. How is that possible if all of their attacks were victories?


You can make fun of our old-fashioned raid and build style of play, our "work" ethic, our PvP skills. You can make fun of the fact that I enjoy our community that we have built here. But when you publish a brag book, you should include the losses too.


I have little to brag about. I am just a man travelling through space and time, with friends I have made from around the world, of different languages and religions, on a great pirate journey.


Smitten (still Lost and Found)

UTC +0:00
Blasphemy
Moderator
28 October, 2016, 1:11 AM UTC

Marine said:


Hi Blasphemy, You know me quite well and I will tell you upfront Tell Raul and destroyers im waiting on them and to Kiss my Azz as we will not pay no ransom. Maybe ill make them pay me


Marine

Hello Marine, nice to see you still playing old friend


I think you did well telling them your self.... 
I am a daughter of a High King who is not moved by this world for my God is with me and goes before me, I do not fear because im his
UTC +2:00
Alexis
28 October, 2016, 1:12 AM UTC

And it seems they're preparing to do it again.  

http://prntscr.com/czv1ug
http://prntscr.com/czv248
How is this not obvious to Plarium ?  









UTC +6:00
Blasphemy
Moderator
28 October, 2016, 1:15 AM UTC

Like i said before whatever they are using plarium's server sweeper or whatever use isn't picking it up, so soon plarium will wake up a nd just ban the whole lot of them ...


An IP Ban from this server and theirs,  
I am a daughter of a High King who is not moved by this world for my God is with me and goes before me, I do not fear because im his
UTC +2:00
picframer
28 October, 2016, 1:18 AM UTC
Must be nice to have most of a Brotherhood in a nice straight North South line, same levels (59/60)+/- 1, no states to speak of same layouts....very interesting at -1844 by -1020
no € for cheaters
UTC +4:00
Pappa
28 October, 2016, 1:23 AM UTC

In the midst of all this one wonders how it could happen, and not be real obvious. As a Job I had in the past required me to check our SQL Servers for known flaws such as SQL Injection (depending the SQL Database type) I would drag out my Laptop with my sniffer and plug it into the network.

Then I would open an instance to the SQL Server (such as in this case Plarium). The sniffer would record all the traffic between the Server and the workstation. It I can clearly see the Code of the game which is down loaded and the other information in the cookies. It also tells me what type of Database is being used. Now that I am connected to the SQL server I open another tool and select SQL Queries for known issues... and start running them.

What follows is very simplistic. The hours of work and SQL queries used would be volumes’. I get a report as each succeeds or fails. The ones that succeed can be used to open a doorway to the server which unless the Admin is sharp looking logs it might be overlooked. Next knowing how to get into the server, I look for the target I want.

The Best Fruit is rubies. with Rubies I can buy anything.

Now we take the same workstation and start recording a session to go get rubies.. All I need is 1 ruby. As that is complete I examine each step of the process, including the number and types of troops I have to complete the process. Next given there are according to what is displayed a certain number of rubies to be harvested at each ruby mine.

So now to construct the SQL Query to connect to the ruby mine with X amount of troops with Credentials of where to send the rubies. So a machine is used to log into the game and the SQL engine send the query which fails and then adds the injection that X amount of troops just land on ruby mine xxxxx and this is where to send when full…

This would be very hard to spot other than maybe a small error in the SQL Logs where there are so many transactions happening every second. even though the player only logged in everything would appear normal except he send no troops to the mine... the Server only thinks he did and returns the rubies to the right place in the right Database. So now I only need to know where the ruby mines are.

So a question might be asked what could one do with unlimited rubies. One could go start killing Prizes gain new ships and buying lost ones back. In a short time you would have a very powerful fleet. It would appear to be legit, but a lot of work. If I get tired of having to sit there I work on my SQL Queries to connect to the Ruby mines part of that database saying I have had this many ships there for this many hours and issue a recall query.. they move to the users database. over time I know the exact regeneration of the ruby mines and speed things up. Then I can collect even more rubies appearing to be legit.

Now if I have unlimited rubies what can I do to escalate my position. I can try to connect to the Prize database saying that I sent X amount of troops at the prize. Return what is left and what is won to this user. This could potentially bypass the transaction where the troops are actually put in the hold status waiting for the battle. Oh it becomes a troop doubler. I lost nothing of what was in my account but gained all these extras... Now use free rubies to buy back what was sent to be redeemed.

Utube is full of videos with successful exploits for various things. It is known that it can be done. How would you catch someone doing this... One way would be to look at the top Mission Holders. and how consistently they stay there. What this boils down to the SQL Admin needs to know what "holes" there are in his/her database server and how to close them. The Game Code needs to insure there are equal transactions that can be traced if not throw a BIG Flag for the Admin.

Every Legit Security Engineer gets training on how to be as smart as the Black Hat.

UTC +5:00
Dalira
28 October, 2016, 2:02 AM UTC

Obviously they don't have as skilled people working at Plarium as you are, Pappa. That's the problem and it will kill the game entirely.

The screenshot is just another part of the evidence. http://prnt.sc/czv248

Thanks for sharing this.



No $ or € for Cheats.
UTC +7:00
Pappa
28 October, 2016, 4:14 AM UTC

Dalira said:


Obviously they don't have as skilled people working at Plarium as you are, Pappa. That's the problem and it will kill the game entirely.

The screenshot is just another part of the evidence. http://prnt.sc/czv248

Thanks for sharing this.



No $ or € for Cheats.

Hopefully at this point they have notified the FBI and the FTC to investigate with Screen shots of the Extortion message. Then Operations in the US can be totally shutdown and Assets Frozen. They can then notify European Officials... The side Benefit is that All Plarium games will be shutdown at the same time. Meaning an entire loss of income...
UTC +5:00
AdamKrab
28 October, 2016, 5:50 AM UTC

Hi all, boring?


 Привет всем , скучили ?



/
UTC +2:00
GrayBeard53
28 October, 2016, 6:14 AM UTC
All the honest players need to stop spending money and let Plarium see where their income really comes from. I have never seen them solve a problem without loss of money,
UTC +6:00
СНАЙПЕР
28 October, 2016, 9:35 AM UTC
GrayBeard53 said:

All the honest players need to stop spending money and let Plarium see where their income really comes from. I have never seen them solve a problem without loss of money,
No money - No play !!! Go play in Sparta!!!
UTC +0:00
Raventor
28 October, 2016, 10:03 AM UTC

Pappa said:


In the midst of all this one wonders how it could happen, and not be real obvious. As a Job I had in the past required me to check our SQL Servers for known flaws such as SQL Injection (depending the SQL Database type) I would drag out my Laptop with my sniffer and plug it into the network.

Then I would open an instance to the SQL Server (such as in this case Plarium). The sniffer would record all the traffic between the Server and the workstation. It I can clearly see the Code of the game which is down loaded and the other information in the cookies. It also tells me what type of Database is being used. Now that I am connected to the SQL server I open another tool and select SQL Queries for known issues... and start running them.

What follows is very simplistic. The hours of work and SQL queries used would be volumes’. I get a report as each succeeds or fails. The ones that succeed can be used to open a doorway to the server which unless the Admin is sharp looking logs it might be overlooked. Next knowing how to get into the server, I look for the target I want.

The Best Fruit is rubies. with Rubies I can buy anything.

Now we take the same workstation and start recording a session to go get rubies.. All I need is 1 ruby. As that is complete I examine each step of the process, including the number and types of troops I have to complete the process. Next given there are according to what is displayed a certain number of rubies to be harvested at each ruby mine.

So now to construct the SQL Query to connect to the ruby mine with X amount of troops with Credentials of where to send the rubies. So a machine is used to log into the game and the SQL engine send the query which fails and then adds the injection that X amount of troops just land on ruby mine xxxxx and this is where to send when full…

This would be very hard to spot other than maybe a small error in the SQL Logs where there are so many transactions happening every second. even though the player only logged in everything would appear normal except he send no troops to the mine... the Server only thinks he did and returns the rubies to the right place in the right Database. So now I only need to know where the ruby mines are.

So a question might be asked what could one do with unlimited rubies. One could go start killing Prizes gain new ships and buying lost ones back. In a short time you would have a very powerful fleet. It would appear to be legit, but a lot of work. If I get tired of having to sit there I work on my SQL Queries to connect to the Ruby mines part of that database saying I have had this many ships there for this many hours and issue a recall query.. they move to the users database. over time I know the exact regeneration of the ruby mines and speed things up. Then I can collect even more rubies appearing to be legit.

Now if I have unlimited rubies what can I do to escalate my position. I can try to connect to the Prize database saying that I sent X amount of troops at the prize. Return what is left and what is won to this user. This could potentially bypass the transaction where the troops are actually put in the hold status waiting for the battle. Oh it becomes a troop doubler. I lost nothing of what was in my account but gained all these extras... Now use free rubies to buy back what was sent to be redeemed.

Utube is full of videos with successful exploits for various things. It is known that it can be done. How would you catch someone doing this... One way would be to look at the top Mission Holders. and how consistently they stay there. What this boils down to the SQL Admin needs to know what "holes" there are in his/her database server and how to close them. The Game Code needs to insure there are equal transactions that can be traced if not throw a BIG Flag for the Admin.

Every Legit Security Engineer gets training on how to be as smart as the Black Hat.


OK Q Whats the red button do?


Any chance we can have that in basic layman's language, for us no computer software engineers please.


Regards 
 


“In the midst of chaos, there is also opportunity” Sun Tsu
UTC +7:00
1721353 users registered; 42659 topics; 271367 posts; our newest member:hawklady