As the security of our players remains a priority for us, we are now investigating the source of compromised accounts, number of which has increased in the last few days. The result is that our systems are still safe and working as intended. Our logs however show multiple attempts to login on our website with wrong credentials. While the investigation is still ongoing, we decided to share with you the results so far and what you can do to protect your account, as well as what has been done on our side.
至于我们球员的安全是最重要的,我们正在调查的账户泄露源,其中一些已经在过去的几天增加。结果是,我们的系统仍然是安全工作的打算。我们的日志却显示多次尝试登录我们的网站与错误凭证。虽然调查仍在进行中,我们决定与你分享的结果到目前为止,你可以做些什么来保护您的帐户,以及在我们这一边所做的。
It appears that these "brute force" login attempts were not made with a random username / password combination, since the "hackers" can not simply guess a complex passwords of 7 letters or more: it would take them few years for even a single account. We believe that at least one well known private server had in the past (and possibly still has?) security issues resulting in the passwords of thousands of accounts being leaked. The bad guys are simply trying these passwords on Nostalrius Begins and that is how dozens of accounts got compromised.
看来,这些“蛮力”的登录尝试并不是一个随机的用户名/密码组合,自“黑客”不能简单地想复杂的密码至少7个字母:需要几年,甚至一个单一账户。我们相信,在过去的至少有一个众所周知的私人服务器(可能还有吗?)安全问题导致账户被泄露的密码千。坏人都在这些密码nostalrius开始就是几十个账户得到妥协。
This is why we will repeat once again the rules for choosing a good password to keep yourself safe:
- use a unique and complicated password with at least 7 characters but no more than 16, including at least one letter, one number and if possible, one symbol
- never use a password you are already using somewhere else - this is especially true for other private servers, which sometimes are not really well secure
- your password is not easily guessed, in essence not an every-day word in any common language
这就是为什么我们会再重复一次选择一个好的密码来保护自己的安全规则:
使用一个独特而复杂的密码至少7个字符,但不超过16,其中至少有一个字母,一个数字,如果可能的话,一个符号
不要使用一个密码,你已经使用了别的地方--尤其是其他私人服务器,有时是不是真的很安全
你的密码不容易被猜到的,在本质上不是一个每天一词在任何共同语言
On our side, we have taken the following actions:
- the number of possible login attempts has been drastically reduced to 1 per minute
- it is only possible to login on the website from your last in-game IP-address. We took this decision because it should not affect a lot of players, and will make these kind of attacks more difficult in the future
在我们身边,我们采取了以下措施:
-可能的登录尝试次数已大幅减少到每分钟1
这是唯一可能的登录你的游戏IP地址的网站。我们把这个决定,因为它不应该影响了很多球员,并将这些攻击在未来更难
Furthermore, all the attempts to gain from these hacks have been traced and the corresponding accounts banned. These hacked accounts are usually used to gather gold that is then sold for real money. Be aware that buying gold on Nostalrius for real money will lead to an account closure. As we detect new ways to avoid our Gold Detetor, we update it and run it again on previous actions of each account. If you already bought gold once, you might get away with today but end up with your account permanently banned next week or even months down the line.
此外,所有试图从这些黑客获得了追溯和相应的帐户被禁止。这些黑客账户通常用来收集黄金,然后出售真钱。注意,在真钱nostalrius购买黄金会导致账号被封。当我们发现新的方法来避免我们的黄金探测器,我们更新和重新运行在每个账户先前的行为。如果你已经买了黄金一次,你会走到你的今天,但永久封禁账号的下一周甚至一个月下来就行了。
Best regards(诚挚的问候),
Nostalrius Begins
小编的编辑器确实太渣了,如果有厉害的华人朋友愿意帮忙的话,请留下QQ或者邮件nfuwow#qq.com (将#换为@)