All right I’m pissed.

Someone actually hacked me. Let me start by saying that I’m not in any way looking for handouts. I just need to vent for a bit. Yeah, I can probably figure this out on my own, but, advice never hurt anyone. For those of you looking for my questions, skip down a bit, I’ll get back on topic in a bit.

Yes, I’m sure I was hacked. I came home from work, loaded up the game and noticed that my sorc was green on the char selection screen, not purple like normal. Hmmm I thought, maybe I died last time and forgot to get my body. Nope. I started checking my other char’s, thinking maybe some of my gear poofed in a ruststorm or something. I’m pretty good about only trading on the forums, but lets check. No, some of the items I found myself were gone too. I can’t think of any explanation, other than someone guessed my password. I don’t visit gaming websites (other than this on and the arreat summit), I don’t use MH, I’m not stupid enough to tell someone my password… What other explanation could there be? It was even a fairly complex password (letters, numbers, didn’t spell anything, etc) What’s weird is that I lost items from my two of my char’s, and from their item section, but I didn’t loose anything from my stashes or from my merc’s. That and it’s weird that someone would steal, some of my items, but not all. Both my Tal Helm and Armor were named too. If you see anyone around with “sorc_chick’s tal armor” – just pk them for me. Here’s what I lost.

Tal armor (socketed P Topaz)
Tal helm (socketed P Topaz)
Spirit Monarch (35% FCR)
2x Ist’d Ali baba
3x Ist’d monarch (never got around to buying that 4th Ist)
2x Nagel Rings (30%’s)
Magefist (2x Up’d)
Gheeds, 40%
Sorc Torch (can’t remember stats, but it was low, like 10/12)
Anni (also very low 10/12)
Paly Torch (mid stats 15/17)
Anni (mid stats 15/16)
AP Enigma (1256 def)
Shako (socketed P Topaz)
Mara’s (28% resist)
Hoto (40%)

What really surprised me is what they left behind.

Tal armor (socketed 4/4 fire facet)
Tal orb (2/2/2, socketed 5/5 fire facte)
Tal amy
Eth Andy’s Visage
Eth Obedience
Leviathon
45 Resist Base, Elite Paly Spirit (32% FCR)
Gul rune
Um rune
Pul rune x2
Lots of lower runes
Gheeds 25%
Eth Stone AP
Reapers Toll (15%)
Vamp Gaze (8/8/18)
Realy nice FCR ring (10 FCR, 12% resist all, 11 str, life, mana)
About 25+ keys
Lots of Pgems/Junk jewels/Rals, etc
Lots of low level items

Why take most of my good items, but not all. Why steal a Tal Helm, but not the Amy? They left good runes, and items that would easily sell for multiple hrs. It makes me think this was some punk kid.


All right, that’s enough *****ing, on to my questions.

1. Any thoughts on what I can do to prevent this from happening again. I already changed my password, and reran my virus/spyware programs. Anything else?

2. What do you think I should do with what I have left? That is, what items should I get that will give the most benefit, for the least cost? This is kinda a weird place to try to build a char from.

Here’s what I’m thinking so far. Rebuild the sorc first (meteorb, lvl 90), leave the paly (hammerdin, lvl 88) for later – after I can start MFing with the sorc again.

- I already traded some pgems for another tal helm (that any my extra tal armor means I have a complete set again)
- I had some non-up’d magefists in my stash
- Try to get a cheap S torch
- Buy a cheap Nagel ring.
- Buy a 4os monarch – build a spirit
- Work on getting magefist up’d (2x)
- Keep my FCR ring until I get a 35% spirit (then drop it for another Nagel ring)
- Buy a low anni

3. What (if anything), of my remaining items, should I sell off – to rebuy needed gear for step 2?

4. How should I prioritize these lists?

5. What am I forgetting about?

Thanks for reading to the end of all this – I realize it’s a rather long post (even by my standards). Yeah, I realize that some of you will probably get a kick out of hearing how some fairly rich guy is whining about only having 2 hrs’s worth of spending power.

Once again, please – no free item offers. I’m still richer than a lot of people, who need more help than I do. I built my wealth once, I can do it again – I may even enjoy it.

Odd, I wonder if you can email blizz and ask them if anyone logged onto your account between the times you actually logged into your own account.

Maybe you forgot to log off one time, and some malicious sibling deleted those items?

Im thinking you got keylogged or something. If I were you I would reformat just to be safe, and sure there arent any keyloggers kicking around on your p.c.

Make your new PW something good and solid: ASCII characters in it.

Re Rebuilding: You can do this easy enough actually. Take those leftover keys and make a couple Organ Sets or Torches (Unid) you can get easily acquire HRs in this fashion. If you need help with them organs hit me up on East or get someone on your buddy list to help.

You aren't starting from scratch so you are already ahead in the game. Since you almost have your sorci re-equiped you can start on re-acquiring your wealth.

I was gonna offer some itamz too... Nothing gOdLeH though...

Edit: Reformat sounds like a dandy idea too if you have no idea how the PW was acquired.

You should be safe if you follow the following:

1. What AntiVirus/Firewall are you using?
2. Most probally you need a better one ^, Get pro versions. Im not saying it is not legal, but google is your friend (Winks*), im not condoning anything.
3. Is your Comp, publically acesesible? If so make sure its not? Also make sure no one was looking at you type your pass in when you were logging in.
4. Do you write your pass anywhere on somthing to remind you? If so destroy.
5. No one sends you malicious files? IE: MSN, YAHOO, AIM?

Sorry to hear that, but people rarely actually get "hacked" these days.

Are you sure you didn't use any programs to attempt to cheat?, or perhaps fall for the /dnd trick?

I say just mf with your hammerdin for now, perhaps cow for a bit with a suitable character. Rebuilding a sorc doesn't take too much, especially if you want to wear tal set again.
Sorry for your loss, at least they left behind things.

Thanks for the thoughts all,

I've had a VERY sucessful night of trading. For those of you on US East [L] there's a post in the trading forums where someone is paying HRS for 60-70 pgems. Don't get me wrong, he's been around a lot longer than I have, and I'm sure he knows what he's doing - but I traded my d keys for pgems, pgems for hrs, hr -> 2 um -> 4 pul -> sell puls for pgem on open channels and repeat. Selling three puls got me two more hrs. Nice profit%. Sorry - little off topic.

It's harder to MF with bad gear on my hammerdin (no enigma = slow), sorc's aren't as item dependant, so I'm starting with her again. (that and I already have a ful tal set again :smiley: ) I must admit - it's weird running without a torch and anni anymore. I actually run out of mana sometimes. Until I can get a new spirit shield I'm casting and going through hit recovery much slower too.

Here's where I'm sitting now.

Helm - Tal (no socket yet :tongue: )
Armor - Tal (socketed 4/4 facet)
Wep - Tal (socketed 5/5 facet)
Shield - Rhyme (build in a grim shield, its not bad, but I really need a spirit again)
Belt - Tal
Amy - Tal
Ring1 - Nature's peace (I'll give this back to my hammerdin as soon as I can get a 25+ Nagel)
Ring2 - 10% FCR (+resist all/str/life/mana - really nice, but this will go back to hammerdin when I get a get/craft a 35% fcr spirit)
Gloves - magefist (still need to up these)
Boots - 47% War Trav's (better than what I had before)
Switch – Ali baba (not socketed) + *empty* (I’ll move the Rhyme back here as soon as I get a Spirit again)

I sold my 21% gheeds for the 47% war trav’s (yeah I know, that was mean)
I also sold most of my D keys for pgems or puls
So now I just have some assorted 5% FHR, 5% MFSC’s, and fire resist sc’s.
I haven’t had to sell any of my merc’s gear, so they are still killing nicely
I bought a nice 4os eth armor (1K+ def) so one of them will be upgrading armor soon enough

For spending power I now have
Gul
2x Um
2x Pul
Lem
40+ pgems
20+ assorted T / H keys.
I also landed a decent 3os 13% ed armor, so that will become my hammerdin’s enigma later.
Finally I scored a nice Shako for pul – so the hammerdin is starting to come back to life too.


My priority at this point is a Spirit Shield, I’m bidding a few monarch’s in the trading forum. If that goes well (cheap), I should have at least a low spirit soon.

From there I’ll try to pick up a cheap S torch for Gul + 2x Um – that should get me something, right? If not I can throw in my puls, I should be able to get to 2+ hrs value.

I’m also trying to buy a Nagel to replace my Nature’s Peace. I don’t like to run D keys with my sorc (tried, kept dying – I think my merc is too strong, he keeps killing everything), so it’s not doing me much good right now.

After I have these three things taken care of, I can really start running again. I’ll start improving my MF again. First buy a decent gheeds. Getting a P Spirit will allow me drop the FCR ring for another Nagel, then it’s time to start saving for an anni. I think I’ll try for another anni before I start Ist’ing my alibaba or start building a 4x Ist shield.

---

For the record - I am a 30 year old, married with 1.5 kids (yeah, you won't see me online much after August 15th when #2 is born). I'm a computer security professional. Yes, I actually do computer netork defense and information assurance/operations for the Gov't. I have a good defense posture at home, Cisco Pix firewall, Cisco routers, Professional Anti Virus (I run McAfee AV and firewall on my PC's, but Norton on my server). My wife's a smart computer person, but she doesn't play games. She has her own computer too. My three year old - uh, no. It's safe to say no one else has been on my computer.

I do travel quite a bit, and it's possible I picked up a key logger or something up by plugging in to a hotel somewhere, or got some bogus email. I'll probably reformat this weekend anyway just to be safe. No I don't use a MH/bot program or anything like that. Hmm, I had been following someones bot doing baal runs the other day. Just about all the "baal run" games on the channel are bots now. I thought that was safe, istn't it?

Well. Well. This was incredibly similar to my situation. See thread:

http://forums.diabloii.net/showthread.php?t=447503

Even the age and kids thing LOL. Uncanny. Thank goodness i've bounced back and even better than ever!!

Question: Do you use the same BNET password that you use for this forum or for RPG Traders .net??

Well. Well. This was incredibly similar to my situation. See thread:

http://forums.diabloii.net/showthread.php?t=447503

Even the age and kids thing LOL. Uncanny. Thank goodness i've bounced back and even better than ever!!

Question: Do you use the same BNET password that you use for this forum or for RPG Traders .net??

I'll reply here, rather than in your thread as it looks like that ones pretty much closed out.

I think it's sad that I'm happy to hear that it has happened to other people. I'm sorry it happened to you, but kinda glad I'm not the only one. At least no one has given me the inquisition. Sorry, you really got put through the ringers, twice. First by loosing your stuff, then by posting.

You know, working with all the guys here has kinda put me into false sense of insecurity. You ever wonder what happens to the kids that get arrested for hacking into their high school? They come work here. I guess I've kinda gotten to the point where I felt like, if nothing is safe, then why bother protecting it?

Seriously, there is no such thing as a hack proof windows machine. Do a search for "rainbow tables" and you'll see what I mean. Every password is stored somewhere. You can either try to hack the location where the pasword is stored (not too hard if you know what you're doing) or hack the password as it's in transit (easier).

The Army has finally changed from a usernam/password system to username/password/physical token/pin. Now we have a access card and pin that has to match our username and password. The next step it to include a biometric reader - we're working on fielding that now.

Everytime you log into a web site that is storing cookies, you're credentials are stored in an unsecured folder. Real easy to copy/paste.

I was pretty bad about using the same logon/password for a number of different systems. (Yes I know better). I remember registeing at RPG traders, but I never liked their format - too hard to find stuff. I probably used the same logon/password there. And yeah, I used to have the same password here (acctname is different though). Just lazy on my part - and I guess I got burned.

That ascii trick may help some. At least I've learned something from all this.

I'm bouncing back pretty quickly too. It's not that hard the second time around.

Nice post. Good luck with the rebuilding. If you ever need help with rushing, items, ubers,etc.. - Look me up.

*ddelmarsmith