How to avoid getting your minecraft account stolen.

Discussion in 'Minecraft Server Tutorials' started by carson378, Sep 25, 2013.

  1. carson378

    carson378 Active Member

    Joined:
    Jan 15, 2012
    Messages:
    276
    Likes Received:
    76
    There are many ways that people can "Hack" or "Crack" your Minecraft password. One most used way is through a server itself.

    Ip roaches.
    Many times on the server, you will see people posting and spamming these ip addresses in the chat. These are what I like to call, Ip Roaches. They are roaches for they scrounge the bottom of the barrel for gullible players to visit these addresses. Some players may even want to be vindictive, their favorite server is getting spammed! Why not go there and grief, spam, and raise mayhem on your own? Well here is why.

    These Ip roaches only need you to visit their server for one second before they have your Ip address, your username, and if you are new to Minecraft and type your real password into their own personal "Login", then your password as well.
    Here is one case itself, posted on Planet Minecraft: http://www.planetminecraft.com/forums/warning-password-stealing-servers-t78694.html One gullible admin goes onto this server thinking what most of you do, Revenge is good. The next day they log on his account, their server, and grief and ban everyone on it. This is why you must be weary of these Ip Roaches.

    Another way is by using common passwords and common usernames.

    Common info.
    Never use the same username and password as your Minecraft username and password on other sites. This is a given, sites CAN access your password if the owner sets this up at his own will. All he has to do is try it out on Minecraft and bam! He has a free account. There is more on ways to protect yourself password wise on a post by BC517 here: http://www.minecraftserver.com/forum/threads/how-to-defend-yourself-from-hackers.1856/

    The last way I know of that I can warn you of is through identification theives.

    Stolen Id.
    Most of the time when people are trying to get your identification info, they are far more malicious than just wanting a free game account. It could be your best friend, or some stranger on a website. Common password retrieval is a few questions. Your mothers maiden name, your first dog as a child, your first bedroom's color. These people can get you all snug and trusting of them. "Hey so what was your last name? Oh (Random name here)? Well what about your mom? What was she before your dad? Mine was (Random fake name here). Why am I asking? Ah well, I'm just trying to make small talk. Oh really? sanders? That's pretty cool. What country are you in? America? Cool. What state? Oh really? Nebraska? Me too! Ive lived here about 12 years now, moved from new jersey. I still remember my bedrooms color, white. I miss that. Oh really? yours was white too? What about a dog? Did you ever get one? Oh really? Scruffy? Cool! Well I had better be off, cya tomorrow." And you never saw him, nor your account again. You see? It is that easy for someone to take advantage of you. Never give your personal information out, never trust ANYONE at all in on your details. Now stay safe, play safe, and have fun everyone.
     
    • Informative Informative x 2
    • Like Like x 1
    • Friendly Friendly x 1
  2. imme

    imme Well Known Member

    Joined:
    Jan 17, 2012
    Messages:
    756
    Likes Received:
    330
    Turns out that when you type your password in the box here is puts it into stars

    ********

    See? Try it yourself!





    I prefer the easy approach to stealing accounts
     
  3. carson378

    carson378 Active Member

    Joined:
    Jan 15, 2012
    Messages:
    276
    Likes Received:
    76
    Isecr3tlyH0p3H1tl3r15ntD3ad Holy crap it does wo- ahhh crap...
     
    • Funny Funny x 1
  4. BC519

    BC519 Active Member

    Joined:
    Aug 4, 2011
    Messages:
    300
    Likes Received:
    136
    With the "ip roaches" all they can do is get your ip address. For them to actually get a password, he had to download some software or otherwise they wouldn't of got his password.

    Or they could of did a man-in-the-middle attack, which is more probable. (Not really, kind of sophisticated)

    IP address don't store any information, they are just a "physical location" for your computing activities.

    What stores information is encrypted packages known as bits or packets, depending on where you're from.
    Now if you try to capture these you wont get any information unless your computer can process a terabyte of data an hour.

    They are almost impossible to decipher without detection of you snooping them.


    With this upcoming update, I recommend making a new username. I am pretty sure the account name will stay the same, however you can change your in-game name. Less chances of someone brute-forcing your password.
     
    • Disagree Disagree x 1
  5. carson378

    carson378 Active Member

    Joined:
    Jan 15, 2012
    Messages:
    276
    Likes Received:
    76
    I think I will quote myself for the words are response enough. Ip address, your username, and if you are new to Minecraft and type your real password into their own personal "Login", then your password as well.
     
    • Disagree Disagree x 2
  6. BC519

    BC519 Active Member

    Joined:
    Aug 4, 2011
    Messages:
    300
    Likes Received:
    136
    See that is actually not the same thing you are thinking. That is a phishing attack. If you are ever prompted a login for a new server, one that someone has invited you to, don't join.

    People get taken everyday with these kinds of attacks. In real life too.

    Education is the best defense.


    p.s. Education is what you learn outside of school.
    Schooling is just there to teach you remedial stuff (Language, Maths, etc...) Makes you a better employee.
     
    • Agree Agree x 1
    • Disagree Disagree x 1
  7. carson378

    carson378 Active Member

    Joined:
    Jan 15, 2012
    Messages:
    276
    Likes Received:
    76
    That is exactly what I said! You don't know what I am thinking and you never will, you just want a foothold on your own defense that is false and wrong so you make up your own idea that I am not thinking what I obviously stated. Stop... Just stop...
     
    • Disagree Disagree x 2
  8. BC519

    BC519 Active Member

    Joined:
    Aug 4, 2011
    Messages:
    300
    Likes Received:
    136
    Honestly I don't know who pissed in your cheerios this morning but attacking me will get you no where. It is a phishing attack whether you like it or not.

    From the wiki
    I am not here to make you look like an idiot. I have been in the computer security(or anti security) field since 2006 and have been using a computer since 1994. I think I know what I'm talking about.

    As for stealing passwords THROUGH your ip address they would need to execute a man in the middle attack.

    Yes that is the ONLY way possible for anyone to hack you with your IP Address. Unless someone wants to sit near your router for at least a month collecting packets.

    Unless you can provide documentation (From a reputable and checkable source, Wiki counts) of anything you claim I will disregard your statements as ignorance to terminology.
     
    • Dislike Dislike x 1
    • Agree Agree x 1
  9. carson378

    carson378 Active Member

    Joined:
    Jan 15, 2012
    Messages:
    276
    Likes Received:
    76
    Here we go, lets quote your idiocy and show you how much shit you are making up.
    Phishing: I never said it wasn't phishing and you never said it was, you just put a random word in there and said "Its phishing whether you like it or not" Stating as if I had once said it wasn't.

    "I have been in the computer security(or anti security) field since 2006 and have been using a computer since 1994. I think I know what I'm talking about."Did you just want to brag, or shove that in there?

    "With the "ip roaches" all they can do is get your ip address. For them to actually get a password, he had to download some software or otherwise they wouldn't of got his password."
    How about my response? "I think I will quote myself for the words are response enough. Ip address, your username, and if you are new to Minecraft and type your real password into their own personal "Login", then your password as well."

    You are making up shit to make it look like I am ignorant and disregarding your statements. I never once said it wasn't phishing, which you act like I did. I'm not "Attacking you" I am attacking your idiocy. I mentioned how they could get your password and you found it your obligation to not read that part, comment on here that they couldn't take a password through just the ip, and when I tell you how I already cleared that up before you commented, you claim that I am not saying what I am thinking.

    Not saying what I am thinking? Come on man, you are smarter than that. As I had said once before, Stop... Just stop.
     
    • Dislike Dislike x 1
  10. Lego90210

    Lego90210 Active Member

    Joined:
    Aug 13, 2012
    Messages:
    546
    Likes Received:
    93
    My simple response, use a password only YOU would know.
    Don't give it out, or use it over and over.

    As for the IP, That is just an identifier for the computer, the network, etc .(even printers have IP's).
    It takes more than just the IP address to actually hack into any one particular unit, especially if that unit is protected. Also the network itself (some can be protected by firewall) can have it's own IP, but have a slurry of individual IP's for each unit accessing the internal network so long as the individual units have the credentials to access the internal network. In turn, if the network is protected by a firewall and/or white list, it's going to take a lot more than just the IP to break into a single unit, let alone the network itself to obtain passwords, login info, and so on.
     
  11. carson378

    carson378 Active Member

    Joined:
    Jan 15, 2012
    Messages:
    276
    Likes Received:
    76
    You too? Let me make myself clear. I never once said that anyone can obtain your password from your ip address. I said that when you log onto a server, some will have personal log ins. You put in your username and a random password of your choosing and it saves your profile to it, if you put your minecraft password on it, they will be able to see what your password is and test it on minecraft.
     
    • Dislike Dislike x 1
  12. BC519

    BC519 Active Member

    Joined:
    Aug 4, 2011
    Messages:
    300
    Likes Received:
    136
    You obviously cannot convey a message in a clear, concise and polite manner.
    You really have not one fucking iota of a clue of what you are talking about.

    What's your background? Ever hack any sites? Ever load up a key-logger to someone else's computer before?
    Have you even figured out how to get into someone's Facebook?
    I was quoting my knowledge on the situation. I have been using a computer longer than you have been alive. I'm sure someone out there knows more than me about it. Fact of the matter is, I have 8 years doing computer security related shit. You haven't even hit an 8 year half-life.

    You are 14. I know what it's like to be 14, I was 14 once. I knew it all as well.

    When I finally admitted that someone knew something more than me and I learned extensively.

    "IP Roaches"
    IP Roaches - Made up name. Scare tactic. You will be a great news writer in the future.

    Stolen ID - You are not old enough to know what it is like to have your identity stolen yet.

    I've had mine stolen and it went nothing like you described. In fact it didn't even happen through me giving any information out but some how, someone got my CC number and bought a lot of Xbox points with it.

    I honestly think my Uncle's computer was Trojan'd.

    Look, identity theft can happen in a multitude of ways. Your way just happens to be exactly how my mother told me to avoid creepers when I was first using the computer.
    If anyone is asking you personal information like that, red flag. They are hopping you aren't Chris Hansen.

    But it doesn't have to happen that exact way.
    Trojan's, key-loggers, e-mail hacking, social network hacking, etc... are all easy ways to get what ever information you want.


    Those spammers btw... they are usually just kids who want people to come play on their "new" server because no one does. It's been that way for years.

    Also, your article link doesn't provide enough information to be considered a reputable source. Anyone can lay down a smear campaign on another server.
     
    • Like Like x 1
  13. BC519

    BC519 Active Member

    Joined:
    Aug 4, 2011
    Messages:
    300
    Likes Received:
    136
    Now on to you.

    You are headed in the right direction if you want to be InfoSec. You have a good head on your shoulders. I'm not mad at you in any way, shape or form.

    You just need a little guidance. I suggest you start reading what ever you can, again, if this is the route you want to take.

    Also pay attention in English. Space your sentences better, I hardly read the entire post until today because of the HOLY WALL OF TEXT symptoms.

    Stop being so damn angry at people you've never even met.

    Best of luck

    Signed
    -A very mean person

    By the way...

    Take my insults with a grain of salt.
    I am a cold and bitter person because of wasting my time trying to get into a InfoSec career. I am also that way because of older people acting the same way you did in this thread except on a daily basis.

    Needless to say, I am not going down that path anymore.

    To each their own
     
    • Like Like x 1
  14. carson378

    carson378 Active Member

    Joined:
    Jan 15, 2012
    Messages:
    276
    Likes Received:
    76
    Who said I was angry at people Ive never met? To be stern is different from angry.
     
    • Like Like x 1
  15. Legopossible

    Legopossible Active Member

    Joined:
    Aug 2, 2013
    Messages:
    303
    Likes Received:
    188
    My minecraft account was just stolen. ._.
    I think I was "Ip roached."
     
  16. HarryTurney

    HarryTurney Forum Legend

    Joined:
    Feb 13, 2012
    Messages:
    1,612
    Likes Received:
    501
    you can get it back.
     
  17. Legopossible

    Legopossible Active Member

    Joined:
    Aug 2, 2013
    Messages:
    303
    Likes Received:
    188
    I know, but somehow I stopped getting emails from mojang in my email, so I have to wait for support to help fix it. :I
     
  18. carson378

    carson378 Active Member

    Joined:
    Jan 15, 2012
    Messages:
    276
    Likes Received:
    76
    Hmm... Well now that I hear Ip Roach in a sentence, its quite catchy instead of "My minecraft account got stolen" It can be "My minecraft account got Ip Roached". Lets make this happen! :D And also sorry about the account :/
     
  19. Lego90210

    Lego90210 Active Member

    Joined:
    Aug 13, 2012
    Messages:
    546
    Likes Received:
    93

    Hope it goes well, I know they have good heads on their shoulders and will do everything to help you.
     
  20. Legopossible

    Legopossible Active Member

    Joined:
    Aug 2, 2013
    Messages:
    303
    Likes Received:
    188
    I need the "Transaction code" that is lost in an email I got some 2 - 3 years ago. I'm going to look for days.
     

Share This Page