Home Home



Have you ever been unsure
about a trade that seems a
little "iffy," or something that just
doesn't seem right?
This guide could help you decide
what to do when stuff like
that happens, and it
could one day save your account.

Important: First read CipSoft
Security Information Page



Last updated: February the 10th, 2004
By Sonoroman (typos)

What's 'Hacking?'
As defined in the dictionary, hacking is "to use one's skill in computer programming to gain unauthorized access to a file or network." If someone gets your account password, and they might take all of your stuff on your character, or possibly even your character itself.


What Bad Things are out There?
There are several ways someone can get your password to your account. Most can also do some bad things.

1. Trojans, Trojan Horses - These are malicious programs pretending to be a regular program. They can destroy data and send info back to the owner, such as passwords. The main difference between them and computer viruses is that they do not replicate.
2. Viruses - Bad programs made by people to (usually) do bad things to computers. They can be disguised as games, pictures, or regular programs. When executed they could destroy information.
3. Key Loggers - these are programs much like Trojans, but usually they don't destroy data. They keep track of every keystroke made, and then sends it back to the owner.
4. Worms - Worms are viruses that sit in the computer's memory, duplicating themselves. They can be sent to other computers through an email program, or IRC (internet relay chat), destroying data.
5. Spyware, Adware - Usually these come from programs with bundled software, like file sharing utilities. Both will track what sites you visit and what you do on them.
6. Guessing Passwords - although unlikely, if you have an easy password, someone could guess it, or -- automated scripts with common words dictionaries embedded can "break" your easy-to-figure password too!


How Can A Person Get These?
 With exception to #6, all the programs above can be gotten from a computer program. Sometimes they can be sent by email, a downloaded program, or a website. But, usually you will not find any of these things unless you're looking for a cheat to the game, or doing other... bad things.


Instant Messengers
 If someone asks you to be their friend, and then tries to send you a file, reject it. Especially files with a .exe, .cmd, .bat, or .scr extension. Even if they want to send you a picture of them self, I would advise not to accept it unless you absolutely trust the person.


How Not to Get Them?
 There are lots of ways to be sure not to get any of the bad things mentioned earlier. Using your common sense is a good start!

1. Don't download anything questionable, like character modifiers, add-on Tibia programs, or toolkits, unless its from a trusted fan site. Both tibianews and Tibia.de are run by official Tibia Gamemasters (Excessus and Ralgar respectively).

2. Never play Tibia from any computer than yours.

3. Never open an attachment from an email offering something in Tibia. It could be a dangerous program that I discussed above.

4. Remember that CIP will never send an attachment to you via email, and they will never have a clickable link in an email.

5. More importantly, CIP will never send you an e-mail! Ignore any message that claims to be from them, even if it says it's urgent, because it isn't from CIP. Common subjects of these fake e-mails are: "Tibia Poll", "Your Tibia Account", "Your Tibia Membership".

6. Make sure to have all updates for your Operating System (Windows, Mac OS, Linux, etc.)

7. Scan your computer for viruses using an antivirus program such as one of these:

• McAfee - can be bought in stores or online.
• Norton - can be bought in most computer stores or online.
• Trend Micro - a really good online virus scan.
8. Scan for Spyware using any popular program such as:
• Ad-Aware - an excellent program that will get rid of adware and spyware, along with other harmful programs.
• Spybot Search & Destroy - another great program to find and 'destroy' all those pesky programs, from browser hijackers to spyware and Trojans.


Guessing?
 Here are some tips to make your password almost un-guessable!

• Make sure you have a password of around 8-10 characters or even more.
• Don't use words from a dictionary. Instead, mix words together that don't make a real word, or even use a number or 2.
• Don't use your name or phone number for a password. don't use words that a friend could think of using (if you and a friend play Diablo, don't use 'diablo' for a password).
• Never give out your password - not even to a friend. Your 'friend' could turn out to be someone you don't know at all.

Myths & Facts
 Here are a few common myths about these things.

Myth: CIP or a Gamemaster needs my Account Number or Password
Fact: CipSoft will never ask you for your password, they do not need it. Nor a Gamemaster will do. Or a Counsellor. Or a Tutor.

Myth: Music files can have viruses in them.
Fact: Since music (mp3's, wma's) don't have executable code in them, they generally don't. But, you should be careful of files with strange file names, extensions like .exe, or unusual file sizes (extremely big or small).

Myth: I can't trust any websites anymore!
Fact: Not all sites are bad, and about 99.8% of the ones you can find are good, and want to help you out. Unless you want to find a cheat or something, you won't find the other .2%.

Myth: Having antivirus software and a firewall makes me invincible to bad stuff!
Fact: Although it does help a lot, you should still be careful.

Myth: If you get a virus, you need to buy a new computer.
Fact: Absolutely not! There's a number of things you can do to fix it. For one, try getting a program mentioned above, such as Ad-Aware and try scanning. If that doesn't work, you could always choose the 'road less traveled by' and reformat, but sometimes it takes awhile.

Myth: There are item duplicators.
Fact: If you read any post from people saying they have an item duplicator, or they contact you in-game saying they can duplicate your items, it's a guaranteed scam.

Myth: There are magical start editing hacks!
Fact: That's a nonsense. All they want is your password or keylog you.


How keyloggers work
There are lots of keylogging programs out there today. I've seen lots, and I mean lots. But, the people here tend to use 2 types of keyloggers. Sc-Keylog and BlazingTools Perfect Keylogger(or BPK for short).

1. Sc-Keylog: How this works; It is a file by itself, usually and .EXE. When you open it, you will see that nothing happens. Usually this means that the file is running in the background, and you can ALT+CTRL+DEL to find it in the 'Processes' tab.
2. BPK: This program works by binding to another program, say tibia.exe. The program will run fine, but what you dont know is that it secretly installed BPK into your system. BPK will either send it to a person's e-mail or upload it to an FTP. In order for this to work, you need to supply a User+Pass for the e-mail or the website which you are uploading to. There are programs out that will decrypt the infected file, and will find their User+Pass that the provided. Payback! :)


Despite everything.... "I am hacked!"
 We are sorry to hear you have been hacked. Before you can get your account back there are certain things that you must take care of. If you do not remove your security problem first you risk being hacked again.

1. Find out how the hacker got access to your account and remove the security problem. Carefully think over everything that has happened to your account and your computer during the last few weeks. Here are some questions that might help:

• Is it possible that you have a computer virus or a spy program on your computer? Please use one or two up-to-date virus scanners to check your computer. If a virus is found remove it before you do anything else.

• Did you share your account data with anybody? A person that knows your account data can easily hack you.Do not risk that again.

• Is your email address safe? Try to secure your email address by changing the email password. To find out more about possible security leaks read Tibia's Security Hints carefully. If you follow these guidelines your account should be well protected against any further hacking attempts. Remember, if you try to get your account back before the security leak is removed it is quite possible that the hacker will again get access to your account.

2. Get your account back. To get back access to your account you have to use the Lost Account Interface. Specify your problem there and follow the instructions. Please note that a new password will only be sent to the email address to which the account is registered. If you have lost access to this email address try to get it back. For example you can contact your email provider and ask for help. Once you have access to the registered email address the Lost Account Interface will work.


Disclaimer: please note that the only official website of Tibia is www.tibia.com
Any other websites are not official websites, including Tibianews.net, and any files
or information given there should be treated with utmost caution.
TibiaNews© TibiaNews team, 2008. Tibia is copyright CipSoft GmbH, 2006. Legal Notice
 

Short News
 Current shortnews
 Shortnews Archive
 Submitt Shortnews!

Guides
 Avoid Hackers Guide
 Avoid PKs Guide
 Bread Making Guide
 Fighting Guide
 Fishing Guide
 Treatises
 Roleplay Guide
 Rookgaard Guide
 Speed Guide
 Training&Skills Guide
 Test Servers Guide
 What spells to buy?

Community
 Concept Art
 Comic New!
 Forum
 GM Bannalot
 GM Banmore
 Horoscope
 Interviews
 Inside Tibia
 Picture of the Day
 Polls Archive New!

Encyclopaedia
 Experience Table
 Equipment
   Armour
   Amulets
   Boots
   Helmets
   Legs
   Shields
   Axe weapons
   Club weapons
   Sword weapons
   Distance weapons
   Rings
   Wands
   Rods
 Foods
 Keys
 Lingo
 Magic spells (Runes)
 Magic spells (Instant)
 Magic Levels
 Maps of Tibia
  Monsters/Bestiary
 Pricelist
 Rune Prices (NPCs)
 Shops/Prices
 Transportation


Level:
Exp:

Full Experience Table

Lookup Character :

Lookup Guild :

case sensitive!
Forum Quickjump :