Hacked READ

[heyaiam]

Hello to all fellow botters,
I recently got hacked for over 8m of resources when I was botting fletching at pest control using this script.
http://villavu.com/forum/showthread.php?t=98699

I have not used any other bot, put my username or password, or clicked on any suspicious link to get my account hacked from another source.
I can confirm 100% that it was simba and it was most likely this script.
As much as I like this script, I have decided to continue using it but with caution. I am not typing my username or password in the script to auto log me in.
That was the only place I typed in my username and password.
Now what does this mean for us? You can't trust any botting websites. The best you can do is transfer your resources over everyday from your botting accounts, Secure them with JAG and a bank pin, etc.
Please don't tell me that it could have been something else or Jagex because if it was jagex then it would have been banned and + I did get a notification saying that the person that was trying to log on my account was indeed from the US. I did use the same PW for my email and for my runescape login which was quite unwise but then again, I thought I could trust this client because it was open source.
Conclusion, don't put your username or password in the auto login, follow the steps above to be safe and never get hacked, always bank your items when you log out and always have a pin.
Thanks.

[Flight]

I just checked the script and there's absolutely nothing malicious in it. Now, a couple questions for you: where did you download Simba/SMART/SRL-OSR? And did happen to record the IP address of the last person who logged in? If so you can provide that to a moderator or administrator and they'll run it through the full list of everyone in this community for matches.

[bob_dole]

Hello to all fellow botters,
I recently got hacked for over 8m of resources when I was botting fletching at pest control using this script.
http://villavu.com/forum/showthread.php?t=98699

I have not used any other bot, put my username or password, or clicked on any suspicious link to get my account hacked from another source.
I can confirm 100% that it was simba and it was most likely this script.
As much as I like this script, I have decided to continue using it but with caution. I am not typing my username or password in the script to auto log me in.
That was the only place I typed in my username and password.
Now what does this mean for us? You can't trust any botting websites. The best you can do is transfer your resources over everyday from your botting accounts, Secure them with JAG and a bank pin, etc.
Please don't tell me that it could have been something else or Jagex because if it was jagex then it would have been banned and + I did get a notification saying that the person that was trying to log on my account was indeed from the US. I did use the same PW for my email and for my runescape login which was quite unwise but then again, I thought I could trust this client because it was open source.
Conclusion, don't put your username or password in the auto login, follow the steps above to be safe and never get hacked, always bank your items when you log out and always have a pin.
Thanks.

For the time being nobody can say for sure how your account got hacked, but to state that it was Simba without a doubt is just plain wrong.

If you used the same password on both email & rs account, chances are you have used the same password on any of the millions of services that prompt you for a password; any of which could have been linked to your rs account resulting in your account getting hacked. Even if you used the same password only once & it was 3+ years ago, that is enough to come back and bite you in the ass one day.

You claim that you can 100% confirm that the hacking was due to Simba, but you also state that you used the same password for your e-mail. Although it is extremely unlikely, it is possible that someone with access to the email provider's database was able to view your password and link it to your RuneScape account. Again, this is extremely unlikely, but the chances are above 0 which means you cannot be 100% sure that the hacking was Simba. You say to not 'tell you it could have been something else', but evidence from your own post proves that it could have in fact been something else.

I personally believe you exposed your ass in other ways which you are not able to recognize at the moment and that is what caused the hacking. If this truly was Simba, chances are there would be a lot more pissed off victims spamming the forums with these types of threads. I also looked over the script in question and failed to find anything malicious. Another possibility is someone else using your computer accidentally downloaded a keylogger or perhaps even installed one with the intentions of hacking your account. Maybe someone saw you type in your password. Maybe someone is running a packet sniffer on your network and sniffed out your Runescape details. Maybe you are on the FBI watch-list and an agent going through your records plays Runescape. Maybe aliens used technology beyond our comprehension/imagination to hack your account from 92 million light-years away.

The amount of unknowns are way too high to accurately isolate Simba as the culprit, but if nothing else the experience is an opportunity to learn.

[Justin]

You claim that '100% that it was simba and it was most likely this script.' Yet you provide 0 evidence to back it up

[dzpliu]

botting was never safe in the first place with any client.
i never put in my pass/id in my bot cos i can always get back <6hrs.

[bob_dole]

botting was never safe in the first place with any client.
i never put in my pass/id in my bot cos i can always get back <6hrs.

It's not always about passwords you know. I wrote a script that can remote control your SMART window (and your account) without you even knowing. It can be packaged/disguised into any functioning script & on-command temporarily pauses the script while I do whatever I want with your account.

[dzpliu]

It's not always about passwords you know. I wrote a script that can remote control your SMART window (and your account) without you even knowing. It can be packaged/disguised into any functioning script & on-command temporarily pauses the script while I do whatever I want with your account.

well that will only work for those who doesnt understand a thing with scripts. i am not good at scripting but i definitely able to spot suspicious function/procedures.

[The Killer]

well that will only work for those who doesnt understand a thing with scripts. i am not good at scripting but i definitely able to spot suspicious function/procedures.

Not necessarily. It's fairly easy to hide code where its hard to spot.
(hiding code is against the rules on scripts posted on srl)

[Austin]

well that will only work for those who doesnt understand a thing with scripts. i am not good at scripting but i definitely able to spot suspicious function/procedures.

Why don't you put your pass in scripts then?

[rj]

It boggles my mind as to how 4,681 people have downloaded the script in the past 4 months and your the only one to claim that it was from the script :/

[dzpliu]

Why don't you put your pass in scripts then?

lol why the hate against me? btw i mentioned my reason like 3 or 4 posts above you.

[Flight]

It boggles my mind as to how 4,681 people have downloaded the script in the past 4 months and your the only one to claim that it was from the script :/

This is actually a good point; think about it.

[Austin]

lol why the hate against me? btw i mentioned my reason like 3 or 4 posts above you.

You said it wasn't safe, but the only way it wouldn't be safe is if there was something phishy in the script.

I'm just saying.

[rj]

lol why the hate against me? btw i mentioned my reason like 3 or 4 posts above you.

Hes not hating on you hes just pointing out that you won't put your username or password in scripts yet you can spot malicious procedures/functions just doesn't make sense

[dzpliu]

Hes not hating on you hes just pointing out that you won't put your username or password in scripts yet you can spot malicious procedures/functions just doesn't make sense

i'm just trying to play safe, i'm really thankful for all the scripts here but i think i can manage reloading RS every 6Hrs. i had no problems with any scripts in villavu regarding password thieving or watsoever, just trying to lessen the risk.
Everyone has their own way of playing/botting right?
it doesn't mean that if anyone liked to fill in passwords into the scripts so i should follow anyone who does that right :/

[samerdl]

Sorry to hear that you were hacked, i know the feeling.. It sucks.

A moderator could help you by trying to find if the IP (given the premise the hacker didn't use a vpn/proxy) matches any of the users ip's on srl forums.

It would be truly helpful if you could take a screenshot of the email sent to your inbox from Jag showing the ip that was blocked while trying to login to your eoc account (or just pm it to a moderator, that works too).

Hopefully you manage to bounce back up and not let this deter you from playing 07scape.. Jagex needs to improve security on that game..

[Big Tom]

I'd really like to see some proof to this because I botted to 99 with that script and never had any issues or saw anyone on the forums saying that they had stuff stolen. I'll back up that script any day because its the best script I've seen for 07

[heyaiam]

I don't have the IP at the moment.

[Ian]

I don't have the IP at the moment.

Do you think that you will later?

[Turpinator]

I thought I could trust this client because it was open source.

Oh this one... Thats false. This argument/comment always comes up when someone alleges that they were hacked by simba. Yes you can go look at the code and read through it all, but have you? Who else has? Probably not many.

[NKN]

Oh this one... Thats false. This argument/comment always comes up when someone alleges that they were hacked by simba. Yes you can go look at the code and read through it all, but have you? Who else has? Probably not many.

Heck, the source might not have a virus, put the compiled version for download might, I assume 99% of people here don't read the source and then compile it.


Not saying Simba does, because it doesn't.