GMod
TS3
SVN
Filedump
HAX – obviously
Steam: Verify E-Mail
Today, during a party of L4D‘s new campaign “Crash Course” my pal Stealthrider suddenly disconnected. Well, I thought he just doesn’t want to play anymore but: It was worse. Some idiot hacked his steam-account. They switched his password and E-Mail. He now has to contact VALVE fixing it. Another strange thing was Zidane’s account just got hacked ten minutes after Stealthrider’s. And the frightening part now is: We all three played on the same server at the same time when all this happened. I suspect this server to cause havoc with our clients and read out the PW somehow (e.g. by downloading the ClientRegistry.blob, which stores all account relevant data such as autologin signatures)
After both got their accounts hacked (Zidane got his back, because he acted fast before the hackers could change the E-Mail. This made him able to reset the changed PW), I switched my login password and made my account verified. This seems to be a new feature of VALVE/Steam to verify an E-Mail address. After you did that, your account is bound to that Mail and if someone (or yourself) tries to change the Password,Mail or Security-Question, a Mail is first sent to your address. In it, you’ll find a link you have to click before the actions take place. This is a very good security feature in my opinion. So you all better do this soon! Right click on the Steam-Try-Icon and go to Settings/Account/Verify email address. This should keep the idiotic crackers out.
Interesting…
I also tried to join you some times, but the game failed while loading…
15 minutes later someone tried to log in my account.
While I was logged, in a message appeared that someone from a unknown pc is trying to login.
So I changed my pw n’ stuff.
Result: Great! Scammers are not enough! Now we have phishing server!!!11
Also this verify thingy is there since 2 month I think.
There were alot of threads about that.
So this is a real threat. I really want to know how this works, so I can tell valve on how to stop it.
Mayb a bit off-topic but while searching for some files that SHOULDN’T be in my L4D folder I found the reason for my wierd binds…
I insta deleted it so I don’t have the code anymore.
But the main part was just an table with a load of concmd’s and keys and a for loop to change ALL keys at a time.
Also it was in the lua/autorun/client folder(i didn’t create it.)
lua folder in l4d.. Funny though.. I’ll check my L4D folder now.
Very interesting, thanks for mentioning that option!
I noticed : My ClientRegistry.blob was gone after my account was almost hacked… And i do know it was that server with the fucking Return to Lobby blocker.
Have the IP?
hostname: =Friends= Black2uesday.com
version : 1.0.1.5 3979 secure
udp/ip : 208.167.234.179:27015 [ public same ]
os : Linux Dedicated
map : l4d_garage01_alleys
players : 1 humans, 0 bots (4 max) (not hibernating) (unreserved)
# userid name uniqueid connected ping loss state rate
# 2 1 “[YaS] Zidane” **** 00:52 191 0 active 20000
# 3 “Zoey” BOT active
# 4 “Bill” BOT active
# 5 “Francis” BOT active
I quickly connected and disconnected, But i’m going to change my Password again because i’ve joined..
Owned.
Verified my email -.-
Steam is crap.
You need dun dun dun, Dr HAAX!