POTW

BY:

Main

• Home
• About RSH
• RSH Chat
• Message Board
• RSH HighScores
• Links
• Movies
• Comic
• POTW Archive
• Site Staff

Runescape

• Guides
• Quest Guides
• Lore
• Experience Chart
• Playing Tips

Affiliates

• ET FireZone

Members

• Log In

Security guide

Of course, you could just go read Jagex's guide to avoiding password theft. In fact you might have done so already. But they probably didn't use such a cool word like 'Paranoia' in theirs. Anyway, I suggest you go read that too Read mine first though.

This guide is about avoiding common scams and 'hacks' in RuneScape. Hopefully, it will allow you to develop an attitude that will last longer than this guide is going to be updated and thus protect you from the depredations of the wicked. In other words, avoid those S-O-Bs.

This guide is divided into the following parts:

BASIC PARANOIA

The first thing to understand is that we're going to be using half-assed paranoia. Which means we are only going to defend ourselves from people, not preempt them. Also, don't believe in your own perfection. That's rude. So is treating everyone as your suspicions dictate. That said; prepare to sink yourself into the vortex of insanity!

First off, start out with the assumption that in varying degrees EVERYONE is out to get you. This is the great thing about paranoia, it self-justifies. If everyone is out to get you, its not insane. So if you believe everyone is out to get you, you've got no problem!

Next, consider honestly what ramifications on the person their action would have. Is this person a respected free-smith, poster, or what have you? Whose business and identity hinge on their honesty? If so, they are probably safe. Especially if they are an (unbanned) regular on an active board; those people have reputations they will not lightly throw aside.

You must rate first the person, then the action, and then together. Now, say you're trading with a high level, that's a couple points. That you've never heard of, that's negative points. You're trading for a blue party hat, big-ticket item but hundreds of such transactions go on every day right. So, high level, unknown, party hat. Stop right there, get out of this situation as best you can. It is WAY too risky when you could just find someone on a board. Take each situation as its parts, then its entirety.

IN GAME SCAMS AND TRICKS

  • Trade Scams:
    • The most common kind. There are all sorts of tricks that you can get stuck on. The most important rule of thumb is to allow a few seconds on the second trade window for a) Everything to get up-to-date b) read what you're buying.
    • There is a scam that hits party-hat traders these days, it somehow macros out the party hat at the last second scamming the person out of millions of gp.
    • Just because you haven't seen it doesn't mean it's rare! In fact, if you haven't seen it its probably just a new item. Several people paid thousands of gold pieces for Charcoal and new Gems when they came out. When, in fact, they were worth about 200 gp and under. Always give prices times to stabilize before you buy something new. If Jagex drops tradable holiday items again, just wait a day or two! Don't buy from the first newbie that sells for 100k.
  • Wilderness:
    • In the wilderness, we can be as paranoid as we want! DON'T TRUST ANYONE! In fact, some PKers are without honor and will say 'Peace!' as they charge down on you. Or if they're not up to outright lying they'll speak in a friendly, comforting fashion. Start potting, or running, based on the situation.
    • DO NOT join a big group of PKers just heading out. This is ALMOST ALWAYS a way to trick you into getting killed by a large group.
    • If your begging and someone leads you into an area full of dead trees and a skull appears in the corner of your screen, amend your begging ways and turn around.
  • Old Scams, the report abuse button has mostly solved these problems:
    • The trust test, some guy in full rune asks you to join his guild. Then he takes you aside and tells you that you have to complete a trust test. Usually he'll take you upstairs in the Player Castle where other full-rune players are waiting. They will then tell you that you must give them your three best items to join the guild, and then they'll give them back. If you fall for this, they'll certainly log and take you items.
    • Duplication would be bug abuse anyway, this way it is what I'd call 'dumb abuse'. They tell you to drop your item you want dupped, and then press ALT + F4. This actually just closes the window. They take your item and leave.
    • Transmutation of the elements; this is a really great one; they tell you they have received the power to change your wimpy iron weapons in black, or mith, or rune, or whatever you want! No, they are NOT mods, they can't do this. Mods ALWAYS will have 'mod' in their name, and won't change your items anyway.

SCAM SITES:

Dear Saradomin! How many of these have I had in my inbox?

Here's how it works, you go check you Email. In your inbox is a message from Jagex with a link in it. You click it and it takes you to a Jagex login page. You put in your username and password. Then it shows you some message. And volia! A thief has your username and password! Lets go over this, shall we?

"In your inbox is a message from Jagex"¨

No, its NOT from Jagex. Lets just start with that assumption. Check the email address, but it doesn't mean anything.

"with a link in it."

Jagex will NEVER EVER send you an Email with a link. I mean it, NEVER!

"You click it and it takes you to a Jagex login page. You put in your username and password."

There is a series of steps for checking this. First, check the url. If its not runescape.com it's a scam site. If it IS runescape.com that doesn't mean anything either. So next you should type in a fake username and password or your Username and a fake password. Don't type in a real password! No real passwords! No! It will probably say you've logged/signed up/joined/whatever successfully. This is because they can't check if your password is real or not. Look at the distinctive borders RuneScape.com uses and note them if they're on the scam site.

"Then it shows you some message. And volia! A thief has your username and password"

If you typed in your password and suddenly realized it was a geocities form, IMMEDIATELY get on RuneScape and change your password. Who knows? You might save yourself.

Ok, now the fun part. You've typed in your username and 'loluradumbwannabhaqer!' into their scam form. Now, check the URL, copy and paste it into a notepad application. You should be able to find out where its hosted by that. If the scammer bought a domain name (never happened in my experience) you can go to http://www.register.com and type in the URL and choose the extension they were using. Now you'll see it's bought and you'll be able to get the whois information. Near the bottom you'll be able to see what servers it is on.

Now, go to the host and look for a form or Email you can send to report abuse. The best way is to use FULL URLS and to emphasize that they've violated copyrighted images from RuneScape.com. Be respectful, they can't police every site. Be concise so the person that gets it doesn't have to go through a lot of work. Attach the Email if you want.

Now we've reported them to their host, its time to see about their ISP. At least you'll scare the heck out of the scammer. You want to view full headers, which includes the scammer's Email provider. In Outlook Express, select the message and go to FILE-PROPERTIES. The keyword to look out for is "Received: from" this will be followed by a lot of information that is very confusing to new users. Look for something like host2042.someIsp.com or mail.someIsp.com. Obviously, we type in http://someIsp.com and see what it gets us. If it takes you to an ISP website, again you must seek a form or Email address for reporting abuse and give it your best shot. Give the scam site URL, if you're a member explain that it is a subscription service and one of their members is trying to steal it from you, if the scam site uses RuneScape's images throw in copyright violation.

You're pretty much certain to get the site taken down. I doubt any ISP would ban someone for making a scam site though. It's worth a shot. Maybe if they do it enough and get reported enough the ISP will fine them or warn them at least.

Another kind of Scam site worth mentioning are free stat/item sites. Yes, these are always scams. If you're too stupid to believe me, enter your pass on them you cheater.

An important defense against losing your character completely is good recovery questions. WRITE THEM DOWN! You can use some common-sense basic ones but I'd also throw in something like a second password. Or lie for answers to all the questions, just make up stuff, as long as you WRITE IT DOWN. In short, it does you no good if someone figures out your recovery questions.

UBER 1337 HAXXORZ?

Whenever someone's character gets stolen, the victim is sure to say "I'VE BEEN HAKED!" or "HAQED!" or "hAxX0rZeDt! LOLOL!" When in truth, you haven't been 'hacked' or any of those, um, other ways of saying it, your password has been stolen somehow.

Other than simple scamming, there are two (normal) ways for someone to do this to you. First, trick you into downloading a Trojan. Second, trick you into downloading a keylogger. A Trojan is exactly what its name implies (if you still don't get it, I'd like to take this moment to say that you are an uncultured philistine), it provides a secret way for another person to get into your computer and probably monitor your keystrokes, thereby stealing your password. A keylogger does almost the same thing, it monitors keystrokes and intermittently sends a log of what key's you've pressed through the web, usually through Email.

In order to avoid this unsavory situation which may well result in stolen credit card numbers and so forth, you should take steps to protect yourself.

  • Email: Don't open an email over 100KB if it is unexpected. This is almost certainly a virus of some kind.
  • Web: Don't download Executables except from trusted sources, pretty much if you want to be 100% sure just don't download anything from fan sites.
  • Instant Messengers: Ok, if you have an instant messenger, which I can't imagine is very paranoid of you, NEVER accept ANY file over it. EVER!

Next, make sure you have a scanner of some kind. I really think the free version of http://www.pestpatrol.com will put most of your RuneScape related worries to rest. Most of the so-called hackers of RuneScape are using very old and well known Trojans.

Finally, if you want to be REALLY paranoid, head over to http://www.zonealarm.com and get the free ZoneAlarm personal firewall. A firewall hides the remotes accesses into your computer and monitors activity, incoming and outgoing. The only problem you might have with a firewall is that it blocks some applications and annoys your family. Learn how to configure it properly so it causes little disruption.

Password cracking refers to people being able to guess your password. Anyone can crack if the victim's password is obvious enough, in order to minimize cracking danger use a random set of numbers and letters, I'd suggest at least 8 characters. Or a phrase of as many characters that fit into the field if that's easier to remember. Believe me; its possible to crack passwords, my CIS teacher knows people who guess passwords inside 100 trials if they have some information about you. Fortunately, most people that write cracking algorithms are either working for the government or trying to hide from it. Which means as long as you're not using a password like 'runeguy' or 'password' or your first name, you're decently well off.

WHY CAN'T JAGEX HELP MEEEE?

This is so common, I decided I should address it quickly.

For starters, RuneScape has like 200,000 accounts and less than 30 customer support staff. They just can't follow up EVERYTHING with that kind of disparity. It's a wonder they get anything done. Go Customer Support! Anyway, the point is that if you don't have absolute straightforward no-nonsense proof of your identity, don't expect an account. They aren't handing them out! If they started giving away accounts because 10 people say so-and-so owns that account we'd be really messed up. Don't be surprised if it takes awhile or if you have problems. Patience and accuracy are the keywords hear.

Don't try to recover while you are Trojan-ed or keylogged either! That is a REALLY BAD IDEA!

More good things you can do is write down old passwords, and people on your friends and ignore list. Try to remember stats people might not know about you like quest points and combat stats. Maybe even items (like the first 3 or something) in your bank will help prove you had the account. Just make sure you know a lot of stuff about yourself and can tell it to Jagex.

Don't complain about that you can't get help from Jagex or that you've been 'hacked' on most boards, alright? Usually, I'm sorry to say, it's the victims own fault at least in part.

Security Programs

AdWare / SpyWare
Adaware
The first, this is a decent scanner not my choice....

SpyBot Search and Destroy
This too is a decent scanner but not my choice.

Microsoft Adware remover
Well this is my final one, I love this. This program picked up more stuff off my computer then anything else. This was originally from Giant, but Bill Gates bought thier product and slapped Microsoft's name on it.

Firewalls
ZoneAlarm
This I don't use but, I used it before. But its free and is the only one I know of that is free.

Sygate Personal Firewall
Note From Xpheyel: This is also a free firewall product and my first choice.

Symantec
This is a pay one, I don't use it either.

Anti-Virus
AVG
This i don't like, but its free but its better then nothing.

Norton
This is a pay program. I used this last year and my mom has it on hers its a really good program.

Mcafee
I don't use this never worked with it but it too is a pay program.

Windows Up-to-date
Windows update
Please make sure that windows is up-to date. If you have Xp and don't have service pack 2, GET IT!. It will save you, and when you get sp2 I think you get the built in firewall with it :).

Hijackthis
This is also a must. If anything is running in the backround this will spot it. Even if you use ctrl+alt+delete and nothing shows its running. This will find it out, so this is a must like I said to making sure your computer it a little more clean.

Internet Browser
Please get anything else then IE explorer. IE is the worst to use because of so many holes in it.

FireFox
This in my opinion is the best browser. I use it JAGeX them selves use it so:).

Opera
As some of you have seen some of our mods/admins have a link in thier sig. I have used this also. I thought it was good.

Like JAGeX has said before, you can never be 100% protected. But this will keep most out of your system and help it out.

"Trust no-one in the Wilderness" - Fender00

VALIDATE XHTML VALIDATE CSS OFFICIAL SITE SITE STATISTICS