Metin2Pl,Us I Inne Całkowicie Niszczone Przez Hackerów

[majdix]

Zapoznajcie sie z calym ty tematem i poczytajcie głupie wymówki GM'ów że był to event

http://board.metin2.pl/index.php?page=Thread&threadID=991514&pageNo=1

ludzie na Plu zaczynają sellać Hwangi czy to prawda niewiem ale dam ss

http://img375.imageshack.us/img375/1139/zbrojahwang.jpg

[andrzejt17]

Śmieszna sprawa z tym jest, ciekawe co i jak z tym jest. Śledziłbyś te info na bieżąco i dawał aktualizacje?

[arko]

Ja sledze ale przez proxy bo mam perm po ip

Dla umiejacych anielski to cala prawda o dzisiejszym "evencie":

 

Hacks have always existed for Metin2 in some degree or another, but these have almost always been client side hacks. They worked by altering the way the client behaved on the player's computer. However, we are receiving reports and confirmation from staff of various Metin2 servers that a whole new (and much more dangerous) exploit is now in use.

 

Such an exploit is this time server side. This means that the Metin2 server software itself or accompanying tools have been compromised. In the screenshot above, hackers have been able to notify players with gold site spam.

 

Don't take this news lightly - with the server itself being compromised, this makes many things possible for hackers that should not be. Metin2 [GM]s have varying levels of power, and via this exploit, hackers can achieve the highest level of [GM] power. Some of the things that have already occurred on various servers:

 

 

•Character Creation - One server has reported new characters being created via unauthorized commands. They were within minutes level 80+.

•GM - As is visible above, actions that are normally locked down and only available to [GM]s can be exploited by spammers. This includes notices, and likely the summoning of monsters, teleportation and various server settings.

•Item Mall Vulnerabilities - This will quickly become a nightmare for server operators. The hackers can control all aspects of the item mall - giving themselves however much item mall points as they want, or directly depositing items.

•Skill, Item and Gold Modification - Servers that have had accounts created have also found them kitted out with billions in gold, and godly statted / leveled items.

 

At the moment, servers that have suffered confirmed attacks include Metin2 DE, Metin2 ES and Metin2 PL. Servers that have not been confirmed exploited by their staff, but have likely also suffered from this security hole likely include pretty much every Gameforge server, Metin2 SG, as well as G4BOX's Metin2 US.

 

This is a serious new threat for all official Metin2 servers. So far, many illegitimate characters have been created. Thousands of illegal items have been created, and a staggering amount of mall points (or mall points' worth of items) have been disseminated. Think hundreds of thousands, possibly going into the millions as this exploit remains unpatched.

 

Metin2 SG's website is down for various planned upgrades of core systems, including security enhancement. Multiple non-critical Gameforge servers have also been shut down, though forums and so on should remain up. Registration has also been disabled for many servers.

 

YMIR, the creator and developer of Metin2, is already aware of the issue, and has acknowledged its existence. Worryingly, their English speaking contact revealed that currently YMIR's team is still not sure as to exactly how this is possible.

 

For now, the best thing for players to do is take screenshots of all of their precious items, and play carefully. As always, do not visit or attempt to use gold/yang or item/account selling services. This exploit can give attackers partial access to the server's database also, so we would recommend that players change their passwords to something unique (we aren't sure what encryption is used, if it is even the same for all servers), and currently do not make any new payments for mall points.

 

Hopefully, this vulnerability can be quickly discovered and patched before more damage is done. Staff of more popular servers will surely have a lot of cleanup to do.

 

Update 29 June 4:30 PM UTC: One particular popular server's staff have so far discovered over 25 million illegitimate mall points. The number is continuously increasing.

Update 29 June 5:00 PM UTC: Metin2 US staff have started tests and investigations to see if their server has been affected.

Update 30 June 3:00 PM UTC: The problem has been tracked down to online user-facing interfaces.

 

 

•Metin2 US appears to not be vulnerable to this exploit, due to extensive rewriting of those systems in a new programming language by Z8Games[1], instead of the standard supplied ones from YMIR.

•Metin2 SG has been affected, and their website remains down until the vulnerabilities can be removed. The damage in-game (illegitimate characters, gold, TP, Items etc) is/has been undone.[2]

•Gameforge Metin2 servers all use near-identical user-facing systems, and since confirmation of breaches have been leaked from some servers, this means that all have possibly been attacked.

 

Sources: Various submissions via our contact form and other communications (identities confirmed, though anonymity requested)

[1]G4BOX/Z8Games Tech Team

[2]Anon. SG Staff Member

 

To jest cytat ze strony metin2.us jest on też na forum polskiego musicie sami sobie tłumaczyć

[EmpiUfo]

z tym hwangiem to w cheat engine się robi wiem bo ja tak robilem

[arko]

Zgadza się - nowe marmury (smoki, mikołaje etc) trafiły do niektórych graczy na serwerze nr 9.

 

Co trzeba było zrobić, aby otrzymać wyjątkowy marmur?

Praktycznie nic. Wystarczyło - będąc w mieście - podnieść marmur z ziemi.

 

Co prawda był to event raczej spontaniczny, który nie został wcześniej zapowiedziany, jednak dzięki temu mogliśmy zaobserwować ciekawe reakcje graczy. Prace nad organizacją eventu w podobnej formie na skalę globalną (wszystkie serwery) już trwają.

 

EDIT: chciałbym od razu zdementować plotki o tym, że ktoś włamał się na konto GM. Na postaci, która wyrzucała marmury był członek Zespołu Metin2.

 

Zajebista wypowiedź xaara

[andrzejt17]

Haha Kto taki mądry?

 

[arko]

Co w tym śmiesznego ?

[ShadowTiger]

andrzej patrz co napisali o dmg hacku ;P

 

 

"Nie zapominaj o Kamerze1337 i andrzejt17 tworcy moda i tego co zmodyfikowal em2 by chodzil na pl

Up to jest nowa produkcja kamera walisz po 3-4 razy z jednego skilla"

[arko]

Coś nowego dostarczam

[andrzejt17]

arko94 - a to, że pewnie jakiś user z MPC się wypowiedział, dyskretnie i samo to, że wszyscy wiedzą o co chodzi mnie już bawi

ShadowTiger - daj ss jak możesz Zrobię zobie sygne!

 

EDIT:

już nie trzeba ;]

[arko]

A co myślicie o tym ss co wstawiłem kolejna zabawka hackerów ?

[PRISONWARS]

buhaha

[kleinuss]

arkon ile miałeś w ogóle yang normalnie ?

 

a tak pozatym metin się sypie ;x

[arko]

To nie moj ss ktos go wrzucil na forum polskiego ja na pl nie gram od roku :DD

Ps. Andrzej autorem tego niezbyt madrego postu na forum pl jestem ja

[kleinuss]

ja bym im radzil sellać postać na allegro bo coś czuje, że niedlugo upadnie ;]

[Kaspie]

Temacik już jest ;D

 

http://www.mpcforum.pl/topic/167995-metin2-hackniety/

[Detronix]

To taki bug http://www.youtube.com/watch?v=zqXvoRKCf_g