Guide to Prevent Hacking


Faylen Sol

Recommended Posts

So after another Masor fell victim to a hack last night, I felt the need to post this guide in an attempt to thwart our clan from hacking or at least reduce the attepts (I can't stop you from making stupid choices, but I can educate you to hopefully prevent them).

  • Step 1: Non-Guessable Password

Passwords like, well, "password" are not good. If it's easy to remember, it's easy to guess. Do NOT use your name, birthday, dogs name, boyfriend/girlfriends name, mothers name, etc. as a password. Ideally, a series of numbers with some lowercase and uppercase letters is ideal. I used "iNb4tldr" at work as a pass (not even close to my RS pass =p).

Yes, I know it wont be easy to remember as 01281988 (my bday) but it will keep people who know you decently from guessing your password. Most hacks happen from people you know more than random strangers.

Also, do NOT use the same password for Runescape as you use for say... oh I don't know, a forum site or any other website. The admin of ANY forum can find out your password EASILY. Hell, just anyone with Admin ACCESS can easily get your account password for that site. Better to be safe than be sorry.

  • Step 2: Have a different Login Name than your Display Name

Faylen Sol is NOT my log in name. It's not even close. My Log in Name is something no one will know as it is a security measure. If your hacker doesn't know your log in name, they cannot log into it. Simple. It also puts that barrier in front of random people who know you well enough to guess your password, but don't know your log in name. Never give out your log in name, period.

  • Step 3: Bank Pin

Used to be an inconveiniance, but Jagex updated it so that the pins react MUCH faster. Do yourself a favor and do not use your actual IRL bank pin as your RS bank pin. We'd hate for a hacker to get both.

  • Step 4: Chrome Up!!!

Yes, Firefox is pretty, Internet Explorer is Easy and Safari is Apple Happy. But Chrome is safer. Why? Sandboxes. Google Chrome has a Sandbox feature that treats each tab like it's own browser. Sure it's RAM heavy, but it's safe. That means no single window can interact with another window. It also auto-blocks any site attempting to download software to your computer without your permission AND utilizes Googles non-safe site section. Know how when you click a link on Google and it lets you know if the site is known for malicious content? Chrome automatically does that for every website and auto-translates ALL websites into your preferred language. Okay, the last bit wasn't a security measure, but it's damned nifty.

Chrome no longer supports Java. Firefox is now your best choice for browser based Runescape needs. I still recommend Chrome for browsing. The RS Client is also a great choice for playing the game.

  • Step 5: Anti-Virus away!!

Most basic Anti-Viruses will catch your basic keyloggers. Keyloggers aren't the most advanced tech and most people using them are Script-Kittys. People utilizing already made and designed keyloggers rather than one they wrote themselves. It is VERY rare for an ACTUAL hacker to be, well, hacking. Most of them are using others scripts and just sending them in trojans. It's not hard, but a basic anti-virus will block most of these as they are usually old and out of date.

FREE anti-viruses however are not foolproof and are not updated as often as one should (Due to the lack of paid employees, etc.) and many free ones download spamware into your computer to help pay for the free services.

A good PAID anti-virus is KASPERSKY. In fact, it's well known as the best. If you're willing to pay for extra protection, go with them and make sure to update regularly.

  • Step 6: Windows Isolation

This is a very basic step and CAN stop basic hackers (real ones) and some remote computer access hackers (amatures) as well as some Script-Kittys.

-Create an Admin User
-Set a password
-Create a non-Admin User
-Use that account from now on, forever.

From this moment on, anytime anything accesses your windows folder, ever. It will prompt you for a password. The problem with being logged into the Admin is it will never ask you for one. It assumes you want it to happen. So being logged into a Non-Admin account helps prevent that. You are not limited, just need the pass anytime the computer makes a big change.

  • Step 7: Clean MSCONFIG

Typically, it's easy to sot a virus under CTRL+ALT+DEL, Task Manager, Services because they use up a fair bit of RAM and Proccessor. They also tend to name themselves something official sounding like "WIndows Essential Thingy" or something important sounding so you know not to mess with it. Cleaning out "Msconfig" and familiarizing yourself with the real stuff is good, as you can call out the fake stuff easier.

So, go to Msconfig (Hit Run, or go to the search bar for Vista/7 Users, type msconfig and hit enter) then go to Services, hit Hide all microsoft services and then disable all. Re-enable anything to do with your graphics card or Anti-Virus of choice. Then hit Apply and Okay/Enter. Reboot.

Once you've cleaned MSCONFIG then it will be easy to learn which services under Task Manager are and are not important. Remember them and learn them. Play with them (You wont break your computer by ending them, once you reboot it will all go back to normal). This best way to learn is from trial and error. Once you've familiarized yourself with the important stuff, when something tries to run that isn't important then you know it. Many viruses, keyloggers, etc. will often show up under the Services tab in Task Manager. If it stands out as something bad, it more than likely is.

  • Step 8: Do NOT go to the following types of sites

-Non-renowned fan sites (Runescape wiki, Tip.It, MaSors, etc. are fine)
-Sites promising free items
-Sites promising Modship
-Personal Server Sites
-Links to fishy looking RS sites
-RWT Sites
-Botting Sites
-Myspace (it's Open Source, I could put any code I want on my profile)
-Links in RS youtube vids
-Links in comments
-Links from ANY person you don't trust/know very well that plays RS
-Links from anyone who plays RS to any-site you are not familiar with

  • Step 9: Familiarize yourself with the Account Help forum on RSOF.

There is a topic there called "Account Clean" that can assist you greatly. It helps you get your account back if you are in a tug-of-war match with someone. Remember, some hackers want your account forever, not just for your items.

  • Step 10: Secure your Network

So ya know, if you and I are on the same internet connection, I can easily access every file on your computer. It's not hard and Windows 7 made it easier by listing everyone I'm networked with. SO if you have any essential info on your computer that could help me hack your account, I could find it by connecting to your network the same time you were on. Now, this is only useful to people who live in your local area, know you play RS, know where you live and know how to do this. But still, better to be safe than sorry.

  • Step 11: FIRE!!!!

Make sure your firewall IS enabled. Firewalls will prevent some unauthorized users from accessing your computer and it's files. Having it strict will prevent most websites from accessing it as well. But many script-kittys will be stopped by a strict firewall, but don't be dumb and disable yours. You'll only INCREASE your odds of being hacked.

  • Final Step: Recovery Questions.

Update these regularly. Don't do the once every five years crap. These are your last line of defense if everything else goes wrong. Write down your membership agreement number and hide it somewhere safe (off of the computer). If you don't have these set or can't remember them and your account is hacked, password is changed.... then you don't have much you can do but beg Jagex on the forums only to have your thread locked by Forum Mods like myself telling you there is nothing that can be done and you should post in the Account Clean thread and pray Jagex assists you.

FAQ

What about Brute Force Hacks?

No such thing. A brute force hack would either imply one of the following; a program that would guess your password over and over again until it got it correct or a program that hacks Jagexes system to crack to password. Both are impossible at the level of security Jagex has put on the log in system. The first wont work because you have a limited number of false tries before you can't try anymore for an hour (five tries an hour can take a year before you go through every single possible password). The second is impossible due to the inability to access the server content.

You cannot access the login servers because you lack and cannot gain the following without physically being at the servers:

Log in Server WAN IP Address (can be obtained with a ping, but it isn't enough)
Server LAN IP Address (Cannot be obtained without physically being there)
MAC Address (Ditto)
Admin Log-In ID
Admin Password

Not to mention only specific IP adresses are allowed to access the server, so you would need the IT departments IP address along with the above information.

In other words, unless you work for Jagex you can't do it. Even if you were a wizard (like had magic and real life hacks) and did it, they can figure out who did it, when, where and find out about it. Proxies are easy to work around and you will be sued. Hacking (real hacking, not being a script-kitty who pretends to be a hacker) is illegal in most countries and is a felony.

Why would you say I'm more likely to be hacked by someone close? I trust everyone!

Greed. Someone who knows you well enough can guess your info easier. Ever hear the saying, "The closer a pesrson is the shorter knife they'll need to betray you" or something along that line.

Be careful of whom you trust.

Edited by Faylen Sol
  • Upvote 2
Link to comment
Share on other sites

  • Step 8: Do NOT go to the following types of sites

-Non-renowned fan sites (Runescape wiki, Tip.It, MaSors, etc.)
Aha, a paradox!
I like it.
I feel like overall this was a very well written guide and would recommend it to others for reading. A needed guide. It'll serve it's function well.
I only saw one strange wording that could confuse someone:
  • Final Step: Recovery Questions.

Update these regularly. Don't do the once every five yours years crap.

Kaspersky is such sound software. I've also heard some great things about ESET (NOD32) and Malwarebytes as alternatives. Just wanted to throw that out there so it's not like people only have one software to turn to.

You sir, get a +1 in my book ;) great work!

  • Upvote 1
Link to comment
Share on other sites

Aha, a paradox!

I like it.

I feel like overall this was a very well written guide and would recommend it to others for reading. A needed guide. It'll serve it's function well.

I only saw one strange wording that could confuse someone:

Kaspersky is such sound software. I've also heard some great things about ESET (NOD32) and Malwarebytes as alternatives. Just wanted to throw that out there so it's not like people only have one software to turn to.

You sir, get a +1 in my book ;) great work!

Fixed muh typos. Typing guides at 3 AM works, but there will always be issues. =D

Link to comment
Share on other sites

For free software security essentials is actually not bad. AVG has been quite trendy as well however I am not personally much of a fan. Honestly though, just as Faylen recommended, try not to rely on free software; the general golden rule is "you get what you paid for."

Frightening, huh?

Once again. A very good guide, I like it.

Link to comment
Share on other sites

  • 1 month later...
  • 2 weeks later...

[*]Step 8: Do NOT go to the following types of sites

-Non-renowned fan sites (Runescape wiki, Tip.It, MaSors, etc. are fine)

-Sites promising free items

-Sites promising Modship

-Personal Server Sites

-Links to fishy looking RS sites

-RWT Sites

-Botting Sites

-Myspace (it's Open Source, I could put any code I want on my profile)

-Links in RS youtube vids

-Links in comments

-Links from ANY person you don't trust/know very well that plays RS

-Links from anyone who plays RS to any-site you are not familiar with

    U forgot dirty filthy sites, they contain lots of viruses. 4chan also gots lots of viruses :P

    Link to comment
    Share on other sites

    Yes, but those sites aren't going to target a Runescape player and hack your account.

    Also, 4Chan wont give you viruses unless you clicked on a posted link to a site that WILl give you a virus.

    Edited by Faylen Sol
    Link to comment
    Share on other sites