After 70 days of str8 up success, half of my igloo attack force was lost in action ... "This account was one of many being used by the same user to earn Neopoints and items." on a more happy note, the more important half of my accounts survived.. Oddly enough... Although they were just as involved and were all created on different IPs... It was only the accts with a certain password that got iced, my other 2 pws accts survived... I guess I had it coming, Good thing I only had like 500k on those accts! Thanks to naffler for buying 5 mil and saving me the loss ... Ok well If you wanna make a quick 200k, thats how much im paying to the kind soul who would like to make me up 6 new accts! I cant run an igloo attack force with only the 8 remaining!! Good luck all
Do I have to use 6 different proxies when making them? If not I can make 6 for you first time tomorrow morning.
Thanks for sharing, I see a pattern with being chain iced with the same password, I didn't know that. I'll make sure not to use the same password for my accts. o.o
That's both a relief, and upsetting at the same time. I've recently been using 3 4 month aged accounts for an igloo attack force. All three are set on the same IP, and have only attacked once, being today. They also have three different passwords for each, hopefully this wil prevent a chain icing, however, I've given all profits to one account. Is this something I should worry about, or do you think my accounts will be fine If I continue this igloo onslaught. (500K made in 1 day )
Heh, silly of me to make accounts with near same passwords. I thought that Neopets hashed all of their passwords, which is what any sensible site would do. But it appears that they are able to retrieve passwords from their database, so they're not hashed. Silly TNT, unhashed passwords are a big security vulnerability.
Zer0, does that mean you got iced for using accounts with close, and similiar passwords..? Although I have 3 accounts just for iglooing, 2 accounts are very similiar in their passwords. Sorry If I misunderstood the statement.. that's also a bit disturbing to know that neopets leaves that information out in the open.. and I thought they were "unhackable," lol. Looks like I'll be changing my password soon, although I guess it doesn't matter with what you said.
I don't know if I was iced for that, but it might have led me to be chain-iced. And I don't think they leave the passwords "out in the open". They could very well be encrypted even if they're not hashed. Oh, and password encryption has little to do with "hacking" in the loose sense. Even if they did leave the passwords in plaintext in their databases, average users have no way of getting to them. You first have to gain access to the databases before you can even see the passwords, hashed or not.
Zer0 isn't the average user though.. Thanks for the reassurance, I'm not familiar with what goes into website hacking, hashing etc. I'm just an average coder, not to good either. :nope:
I think they have the passwords stored and unhashed. It's one of the only logical explanations to why multiple accts can be frozen from the same IP. Yet the ones that had different passwords were safe.
Your logic is a bit flawed. If you have two accounts with the same password, they will also have the same hash. What I was saying is two similar passwords, which would (or should) result in completely different hashes.
I know that if your using a proxy from a public proxy list and someone else is using the same one and they get frozen you will be chained to them. So isn't that what is going on with passwords too?
So, for example anyone with the password 'Password15' could get frozen regardless if they have the same or different IP?
I would believe that to be untrue. I think they go a little deeper into it, like matching cookies as well. Afterall, the proxy may be completely different, but a cookie is quite similiar. Maybe Adam forgot to remove his cookies each time he used the igloo, yet wouldn't explain why some accounts still existed; basically it faults my theory I believe. I wish I knew exactly how the igloo did work, I even find it strange that it was actually able to use more than one account for my personal gain. I'm curious as to how it handles cookies, if any etc. Maybe expon will pop in, that is the devs name right, or has it changed?