- the StarOnion – FFXI Fenrir to FFXIV Excalibur - https://www.staronion.com/maiev/nfblog -

Update on Account Stealing!

From the FFXIAH Staff =P

First off, I’d like to briefly comment on the FFXIAH Ad(s). Although annoying and unacceptable by our users & admins, I just wanted to be clear that adware/spyware from an advertisement does not equate to a key stroke logger capable of stealing FFXI accounts. I’m not saying it’s not possible either, in this case it is just very slim.

However, there is some news to report. FFXI ]]DO NOT USE SOMEPAGE[[ is confirmed to have a hidden iframe (0x0px) that contains malicious javascript. I only ask people with technical expertise to attempt to load the page at this time. The iframe loads a page from “miorsocft.com”, it should be easy to find. This script is being looked into by our dev team already and some volunteers. (I’ll post some screenshots later)

Screenshot [1]

Despite the news above, we’ll still look into the ADs and have a full report on our website, because “account stealing capable” or not, we don’t want them installing annoying junk on your PCs

Source here [2] (near the bottom).

So yea, to protect yourself, don’t visit somepage since its already compromised (And don’t be curious and check it out!). There’s also been speculation that the people who steal accounts are using a flaw in Real Player, so if you have it just uninstall it for now.


Last but not least, having a web server compromised is pretty bad. (Eg Somepage). I’ve also been getting random spam from Chinese IP addresses. So I’d like to remind those that own a website and forums that is related to FFXI to keep it secured ‘.’ At the very least, strong passwords for your server and update your software. As an administrator of web services, you hold a lot of information about people (especially if you run a forum), and having those compromised not only will leak personal information, but will allow an attacker to modify the website to something similar to somepage and hurt all those users.

In general, the attacker is using a flaw from both the server and client (Real Player) to make this happen. Therefore, please update your programs (like all of it), patch Windows (there’s a patch yesterday for both XP and Vista, do a manual Windows Update) and use a secure browser.

Social Engineering – Careful

FFXI Social Engineering

Scamming Accounts?

A few days ago, I got this from Darkblood. From what I know, this dude sold his account, transferred owner a few times and the most important part, I don’t know him. Apparently he got my email and is trying to lure me into entering their forums.

I’m sorry if I offended anyone but… Darkblood’s Linkshell [3] (links to his FFXIAH Profile) has always been known to do shady things and this might be one of it. Also, I am not the only one who received this, and to the best of our knowledge, all of us never really signed up on his linkshell [3]. So to people on Fenrir, please becareful. I opened it under a secure location and it is a URL directing me to their website forums (which could be a fake URL that directs you to a compromised page, not willing to test further).

I’m not sure, but if you were to contact me, why use your own forums? Why not use FFXIAH’s PM system, my Blog? In-game? Email reminding me to check PM on “their forums” sounds very suspicious to me. Plus why would someone PM me (a user who never really reads their forum) on that forum? lol

Just imagine if a website tell you to login, the password doesn’t work so you keep entering and entering more passwords just to see the private message, and they were actually logging all the passwords. GG, you just gave them tons of passwords to try.

Just be very careful ^^; Also, everyone should be reading up on this topic. Knowing the source of how accounts are being compromised is ways to prevent/avoid yours being taken away. We all love our 0’s and 1’s so lets safeguard it ^^;

Ninjar Edit: There’s a post on BG about how to safeguard your account. Read it [4]!