Website & forum behaviors

[Dr. Doom]

I change between VPNs and travel with relative frequence, my IP changes as a result. Would there be a way to circumvent one of the new regulations? Maybe mail the new IP that will be used to an admin?

[Uzephi]

I change between VPNs and travel with relative frequence, my IP changes as a result. Would there be a way to circumvent one of the new regulations? Maybe mail the new IP that will be used to an admin?

Log into game, then log into forum.... Or you can have your browser keep you logged in which would make it where you will already be logged in upon having new IP. From what was stated on their end, as long as you log in showing you new current IP, you can log into the website with that account. It would be best to have your forum/website account and game account be different anyway. That is how most of us are still secure.

On our side, we have taken the following actions:
- the number of possible login attempts has been drastically reduced to 1 per minute
- it is only possible to login on the website from your last in-game IP-address. We took this decision because it should not affect a lot of players, and will make these kind of attacks more difficult in the future

[Eligius]

You should quickly change passwords if you have made accounts on the following private servers projects:
Kronos
Feenix <<<<<-- this one especially
Scriptcraft

Not sure if I am allowed to write the names down..

[Dr. Doom]

I change between VPNs and travel with relative frequence, my IP changes as a result. Would there be a way to circumvent one of the new regulations? Maybe mail the new IP that will be used to an admin?

Log into game, then log into forum.... Or you can have your browser keep you logged in which would make it where you will already be logged in upon having new IP. From what was stated on their end, as long as you log in showing you new current IP, you can log into the website with that account. It would be best to have your forum/website account and game account be different anyway. That is how most of us are still secure.

On our side, we have taken the following actions:
- the number of possible login attempts has been drastically reduced to 1 per minute
- it is only possible to login on the website from your last in-game IP-address. We took this decision because it should not affect a lot of players, and will make these kind of attacks more difficult in the future

Ah, good workaround. And yeah, they are different passwords and account names.
Thank you.

[Uzephi]

I have a suggestion, is there a way to send this announcement via email and/or in game mail linking this page so everyone is notified? I don't think 100% of the player base checks the forums.

[Imbaslap]

wtb coinlock feature like rift!
a frozen account is easier to investigate then a compromised and deleted account after damage has been done. or something similar if its possible.. may assist in preventing scams and such so GMs and Staff can review it overtime so characters aren't destroyed before the player and GMs can figure out the problem.

http://telarapedia.gamepedia.com/Coin_Lock

[Sloffanti]

Go to:
https://en.nostalrius.org/login

Type in your account name but leave password empty. Then click "Forgot your password?" text. Follow the instructions in the email you receive. You could add [email protected] to your email contacts.

The GM team.

Wait a second here Pottu, didn't nostalrius back then when you first launched it in march 2015 required no email to create an account ? How can I change my password then without having registered an email during the creation of my account ? Am I missing something ?

[Diametra]

I've wondered the same thing and posted it a couple places hoping someone had the answer. Dunno. As far as I know the ingame command to change PW is gone now.

I'm getting confused about this IP thing too. If your account's latest IP in game is on an account that was hacked, wouldn't the last IP be that of the hackers?

[Benevael]

In light of the hints of the bugtracker being bugged I would suggest the following things too:

- Split all passwords, bugtracker, forum and in-game should be different.
- Run in your current password here: http://www.passwordmeter.com/ I am currently sitting at 89% security with my in-game account, might actually tinker a bit and work towards getting 100%.

GM Edit: Be very careful on sites like this. You have to be sure it is not actually a front to collect your password information for future use. It's a good idea to test passwords *like* your password, but not your actual password itself.

[Thefilth]

Could you - if possible - post the name of the suspected private server in question? This would indeed help other people to know if they are in any immediate risk.

Who cares? It's their own fault.



Thanks for posting this update. Some of us were quite concerned, as I'm sure you've seen on the support forums.