Cases where game masters will not intervene

Our team takes malicious attacks seriously, and investigates these situations thoroughly. If the team is able to restore characters they will, and if they don't there's a reason why.

If you have evidence of this, please report it with as much information as you have so our team can investigate these situations.

Often players bring ticket #'s to my attention. When this happens, I'll sit down with CS to get information on those cases, and I offer additional information when it's needed.

While it's our policy NOT to share the details of any of our CS investigations, I will say this: whenever CS is able to help players that have lost items and characters to factors that are out of their control, they will.

Thanks for responding, Roshen.

Dang, you're on late tonight. How much aspirin/coffee do you consume in a day?

Inquiring minds want to know!

PM Sent

To sum it up, if a "hacker" is successfully able to exploit a server to gain access on a server level, and delete characters, then yes, they would try and restore the character, because it was an attack on their servers directly. I can not list every method how servers get hacked.

If the account is logged into normally through the website or the Everquest client with a single username and password attempt. It is NOT a hack, people need to stop trying to use that word in that way. Even if your personal computer was actually hacked into, and you had a plain text file with your account information on it and the hacker used that information to access your Everquest account and delete your character, it still would not be character deletion due to hacking.

If your guild's message board or website itself is exploited, and you had ever sent a PM with your account information and that PM was discovered by the hacker and used it to log into the Everquest client to delete your character, it still would not be considered a character deletion due to hacking.

Guild websites are really suspect to exploitation, CMS' like Drupa, Joomla, and Wordpress are constantly getting exploited, and once a security flaw in the code is discoverd, they usually are quick to make a upgrade. I see A LOT of guild websites that are running old CMS versions and BBS as well. Skilled attackers will not give any indication that your website was hacked until they are finished with your site, which may be never, if they uploaded a shell script and are able to issue commands directly to the server. and set it up to send out spam, or house malware, it just never ends.

Daybreak being hacked, and YOU being hacked are NOT the same.

Your account info, keep it safe, keep it secret, if more than one person knows it, it's not a secret.

Good to hear, I hope all the players mentioned in this thread who were hacked get their chars back.

https://forums.station.sony.com/eq/index.php?threads/char-restore-test-already-taking-place.218507/

That's what I heard.

I didn't hear precisely that. I heard:

Which I interpret to mean:

If you delete a character that's something under your control. Those who believe a single OK/Cancel confirmation box is inadequate protection against accidental deletion would still have this as an issue.

If a character is deleted, items stripped and sold, etc. by a malicious attack [BA: I assume a malicious attack on either Daybreak or a user even if normal computer security might have prevented an attack on the user(?)] Daybreak will restore.

If Daybreak does not restore there's a reason why.
...
I personally believe (and always will) that it's the user's responsibility to perform normal computer and account security. But the consequences of not doing so is subject to Daybreak's thorough investigation and determination if loss was a result of a malicious attack or something under the user's control.

I imagine is must be hard to prove a player was not in on an apparent hack though. Please consider the No Transfer Flag to FV or keeping gear moved to FV no trade. I I think those two options in conjunction would reduce a lot of these investigations you have to make.

Not sure sharing account information should be considered a hack. That leave the door open for people to do the transfer to FV and delete, sell all their gear or have somone sell it for them and make a ton of kornos on it. The problem here is that even with EQs current state as a 15 year old game people can still make good money at this as a hack or as a fake hack.

I still like a lockout period if a character is deleted and the zero possibilities of selling any prestige gear if a server transfer has happened for a period like 7 days. I think it would stop all the scared that has been going on.

I think the idea of no server transfers to FV is the way to go.
I have a sneaking suspicion that the latest round of "hacks" has something to do with the latest exploit. It is very likely that Daybreak is very much aware of this and is why they aren't giving those accounts back.

Two easy solutions to implement for most of this.

For "accidentally" deleted characters - Remove "deleting" a character. Instead, have "Set character inactive". From the inactive state, the only way to get rid of them is to go through the new character process, at which point then you can finally overwrite an inactive character slot. According to the EULA, no other person is to have access to your account credentials. It used to be bannable and enforced when it was discovered you shared an account. I don't care how close you are to whoever - I never even gave my "throw away" passwords to my fiance. Don't share credentials, don't click on links in emails. Use common sense and this solution will protect you from being stupid.

With regard to FV - flag all items on the character as "locked to character" for 30 days. This is a grace period during which time any active player will notice they can't log in and bring up the issue with CS through a ticket. Accepting the fact that items are locked to your character for 30 days are terms that simply have to be accepted by the community when desiring to transfer to FV.

Oh, and there's no better time than now to consider buying an authenticator if you don't already have one. Bonus - at this point, anything still branded SOE is a memento and collectors item.

They still should change the wording in the new CS policy to affirm protection for hacked characters.

Like what above posters have said. They need more safeguards. EverQuest I is not like EverQuest II and Planetside 2 which require you to type the character name to delete it. Instead, we have a simple "Yes" or "No" box which could be confused for "Return Home" button.

While it's certainly in a user's best interest to practice what you say, I personally believe that it's the responsibility of a provider/administrator to safeguard customers against common or likely acts of their own neglect or stupidity. In fact, entire industries are founded on this concept.

Likely a waste of already-limited resources, particularly if the process to perform recovery from these incidents exists.

This is probably too rigid. I'm sure many players have deleted characters in order to re-use the name.

I hate to break it too you, but it is literally impossible for you differentiate between a person whose account was maliciously accessed with a character being deleted and a player having accidentally deleting a character.

Signing in, after being offline for a bit of time, simply to delete a character and then signing back out without doing anything else, would be a pretty good indicator. A person with account access that wants to delete your toons isn't going to log in, go and socialize for an hour, then delete it. They're going to sneak in, do the dirty deed, and run.

And I hate to break it to you, but our team has pretty good tools that let them know who is who

Same-name toons would still be allowed under my proposed fix. The delete happens right before the new character is created, thus not incurring any overlap or integrity issue if the new character has the same name.

Yeah, I do statistical analysis all the time for my work. Not too hard to track down with a few queries. I think he was referring to someone physically accessing the same PC as the actual account owner. Then it comes down to behavioral analysis rather than simply logged IP addresses, billing history etc.

Yes, exactly. There are companies that make anti-virus products or that post computer security measures - MicroSoft, Comcast, etc. Companies who's interests and keeping you running multiple applications coincide.

Normal computer security is needed to have a machine that is capable of running EQ, your browser, MS Word, ... It's not a Daybreak must provide it feature set. They can't run it on your machine, it affects everything you run on your machine, and it isn't their business.

It's ...wait for it... a user responsibility shared by companies that want your multi-purpose platform to perform correctly.

EQ could do 200% of its job and if you do not perform normal computer security you can easily have a machine that can not run a perfectly fine EQ program and dataset - it's our responsibility, not Daybreak's,

I mean, I'm sure you can trace the login IP and maybe monitor programs that are running, but unless you're secretly monitoring our webcams, I don't see how would you determine whether deletions on my account are the result of:

• my intentional control of the account
• unintentional control of the account by a pet, or child when I go afk
• control of a computer via hypervisor, IPKVM or remote desktop session
• an upset significant-other after rendering me unconscious with a frying pan
• coerced control of the account at gunpoint or some other threat

Last I checked, EQ only challenges username/password during login, and does not require additional authentications when deleting gear or characters.

Heck, I'm not even aware of a basic account lockout policy.