Page 1 of 9 123 ... LastLast
Results 1 to 10 of 87

Thread: How People Are Getting Banned From 5 Minutes of Effort

  1. #1

    Default How People Are Getting Banned From 5 Minutes of Effort

    So at least 6, probably twice that many on CA1 have been banned this week and the method being used is SO SIMPLE that nearly everyone could do it in 5 minutes to absolutely anyone if they know 2 very easy to get pieces of info. The player's server and their email address.They fabricate a link to buy a pack using paypal and then recall the payment. Within 3 days that user will get banned and the response from evony is that we are supposed to:

    1. Ask that person to please resend the payment
    2. If we cannot contact that person we should send the payment ourselves.

    Evony ceased to reply when asked the question of "Even if I DO pay off this unwanted, fraudulent pack, how can I STOP that person from just buying another? Or 10 more? And continuing until I am unable or unwilling to continue paying for orders that I did not buy?" For this reason I absolutely will not start the slippery slope of just paying it off.

    Where EVER is a person held responsible for orders that they did not place? In this case the proof we did not place would be easy to get, some of the players got the paypal address used to place the fraudulent order and all of them on all the accounts appear to have been placed by the same person who lives in a completely different country than the players whose accounts were sabotaged. How can it be so hard to REMOVE the fraudulent packs from the accounts and then maybe hire some coder to make it so you have to be actually logged in to purchase game items.

    It's not hard to get player's emails as most players are using the same email for their facebook and their evony account as well as other accounts like documents. This is not a case where players were cheating and that cheating backfired. We're practically FORCED to use facebook to make the game playable and if we use facebook with the same email as our account then dozens or hundreds of allies have access to info that can permanently shut our accounts. Once the enemies have that info we are helpless to stop them and evony offers NO solution beyond holding our accounts ransom for however much our enemy decided to fraud us for.

    Please Evony, take some action to fix this, this is beyond ridiculus.
    Last edited by ElfFromSpace; 08-21-2014 at 08:37 AM. Reason: Removed sample link per request
    Give Straight Amulets, Remove the Packaging from Facebook Gifts!
    http://www.causes.com/causes/574667

  2. #2

    Default

    This can be done with just the number from a fb ID too. I do wish you would edit your post a little to not be so specific on how to do it. Like, maybe remove the pay link?
    NA60- NaFianna
    NA55 - Humility (Retired)
    NA50 - Softer (Retired)
    NA36 - Thursday (Retired)
    NA7 - Shiva (Retired)

  3. #3

    Default

    Well right now evony is completely ignoring the problem. They respond saying it's not their mistake and pretending there IS no problem. Until they admit there is a real problem all the people who are victim to it will remain banned. So I am showing how ridiculously easy it is, how extreme the problem is.

    Honestly I haven't really been playing lately. I put a TON of effort into my account but the game lost it's fun for me some time ago. I have 0 interest in investing more into it, but I'm very angry that all my work is just gone and that evony thinks they can blackmail their players into paying more money for something that is a clear and obvious security hole.
    Give Straight Amulets, Remove the Packaging from Facebook Gifts!
    http://www.causes.com/causes/574667

  4. #4
    Join Date
    Nov 2010
    Location
    New England
    Posts
    1,297

    Default

    This is an issue that I've been working with my CS guys since last week on.

    We're directly addressing malicor's alleged activity, and the greater issue as a whole.

    I'm also discussing with my legal department what we can do in the future if someone takes it upon themselves to act so fraudulently.

    Flaming CHICKEN!
    Courtesy: Sturm

  5. #5

    Default

    THANK YOU!

    Does this mean that myself and the other victims of his latest activity will be getting our accounts back WITHOUT being forced to pay for packs we did not order?
    Give Straight Amulets, Remove the Packaging from Facebook Gifts!
    http://www.causes.com/causes/574667

  6. #6

    Default

    Quote Originally Posted by davemata View Post
    This is an issue that I've been working with my CS guys since last week on.

    We're directly addressing malicor's alleged activity, and the greater issue as a whole.

    I'm also discussing with my legal department what we can do in the future if someone takes it upon themselves to act so fraudulently.
    That page is also susceptible to a xxs attacks and sql injections but those can be easily deterred. I can actually provide object-oriented code in almost any language to show that you can simply get the return a player's FBID with From Facebook in a JSON object and concatenate it on the end of this string: "http://pay.evony.com/index.do?PageModule=PaySelect&SID=368&user=" and you will have a program to ban multiple people if you know how to automate the payment process(es).

    All you need to do is create a PHP session or a JSON state (more scalable) and hide the FBID in that so the user will not see it and you just encode the URL so only you can decode it. This way malicor will not be able to apply funds to our accounts and reverse the transactions.

    As for the malicor fraudulent transactions, here is payment receipt that shows his IP address and financial information on someone else's account. He is the one who trashed the Kilk account on ca1.
    Last edited by T800RR; 08-18-2014 at 12:25 PM.

  7. #7

    Default

    Quote Originally Posted by davemata View Post
    This is an issue that I've been working with my CS guys since last week on.

    We're directly addressing malicor's alleged activity, and the greater issue as a whole.

    I'm also discussing with my legal department what we can do in the future if someone takes it upon themselves to act so fraudulently.
    Thank you Dave for a response. It is much appreciated.

  8. #8

    Default

    We've been telling evony for over a month about this loop hole. Yet i and others remain banned. And far more annoying we remain ignored.
    I'm still banned with no communication from evony and the CS tickets just deleted along with my payment history.

  9. #9

    Default

    Quote Originally Posted by davemata View Post
    This is an issue that I've been working with my CS guys since last week on.

    We're directly addressing malicor's alleged activity, and the greater issue as a whole.

    I'm also discussing with my legal department what we can do in the future if someone takes it upon themselves to act so fraudulently.
    This is all very wonderful...BUT, we still have people without access to their accounts because of this fraudulent activity. Other games with better security are being investigated. Entire large alliances are on the verge of quitting because nothing has been done to help the victims. Folks won't play and won't spend money if they are afraid their account will be locked because of someone else's double dealings.

  10. #10

    Default

    Quote Originally Posted by davemata View Post
    This is an issue that I've been working with my CS guys since last week on.

    We're directly addressing malicor's alleged activity, and the greater issue as a whole.

    I'm also discussing with my legal department what we can do in the future if someone takes it upon themselves to act so fraudulently.
    Don't you think it would be a nice gesture to your customers if the results of his fraudulence were reversed?

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •