generic image
Processing...
  • Games
  • Catalog
  • Develop
  • Robux
  • Search in Players
  • Search in Games
  • Search in Catalog
  • Search in Groups
  • Search in Library
  • Log In
  • Sign Up
  • Games
  • Catalog
  • Develop
  • Robux
   
ROBLOX Forum » Roblox » Suggestions & Ideas
Home Search
 

Re: ROBLOX account take-over alert.

Previous Thread :: Next Thread 
DesiredShark is not online. DesiredShark
Joined: 28 Jun 2012
Total Posts: 5123
16 May 2015 01:41 PM
I have never released any private credentials about my account. However, one day, I was hacked. Yes, an account on ROBLOX can be taken over. Don't deny it. Whenever you log on your e-mail account and check your inbox, ROBLOX sends an alert that your account is being taken over.

A confirmation should be sent with a receipt of purchases after ROBLOX sent the alert. If you say "no", then ROBLOX would freeze your account and IP ban the person who tried hacking your account. After the ban, you can safely resume normal activities on the account.

"Knowing others is wisdom, knowing yourself is Enlightenment." - Lao Tzu
Report Abuse
DesiredShark is not online. DesiredShark
Joined: 28 Jun 2012
Total Posts: 5123
16 May 2015 01:44 PM
B
Report Abuse
DesiredShark is not online. DesiredShark
Joined: 28 Jun 2012
Total Posts: 5123
16 May 2015 01:45 PM
B1

"Knowing others is wisdom, knowing yourself is Enlightenment." - Lao Tzu
Report Abuse
DailyPoutine is not online. DailyPoutine
Joined: 15 Nov 2014
Total Posts: 1647
16 May 2015 01:55 PM
[ Content Deleted ]
Report Abuse
mw2ismylife is not online. mw2ismylife
Joined: 23 Jun 2011
Total Posts: 1103
16 May 2015 01:57 PM
[ Content Deleted ]
Report Abuse
xDisturbance is not online. xDisturbance
Joined: 04 Feb 2013
Total Posts: 3665
16 May 2015 01:58 PM
So, if someone hacked into the account and changed the email address, they could IP ban the actual user?

NO!
Report Abuse
battlecruiser12 is not online. battlecruiser12
Joined: 24 Sep 2013
Total Posts: 939
16 May 2015 01:59 PM
They should make it so that you have to prove that you own the account to be able to change the email in my opinion.
Report Abuse
DesiredShark is not online. DesiredShark
Joined: 28 Jun 2012
Total Posts: 5123
16 May 2015 02:17 PM
"So, if someone hacked into the account and changed the email address, they could IP ban the actual user?"

No, no, no. I'm saying if someone hacked into the account and changed any credentials, they ban any account from the IP address who changed the credentials.
However, if anyone changed any credentials, a verification would be sent to the previous e-mail of the account.

"Knowing others is wisdom, knowing yourself is Enlightenment." - Lao Tzu
Report Abuse
Secretiveness is not online. Secretiveness
Joined: 02 Jan 2014
Total Posts: 2367
16 May 2015 02:37 PM
How will the system find out if someone has ”hacked” into your account? Witchcraft? Perhaps the same witchcraft that the thiefs ”hacked” you with? As the only ways they can ”hack” without you giving any important info anywhere are -
1 - Keyloggers - Malware which records what keys you press. Avoided by not downloading suspicious things or scanning your downloads.
2 - PW guessing - Avoided by not having something extremely obvious.
3 - Brute force attacks - Either manually or automatically lots of possible characters combinations are put in the PW section to find the PW. Avoid by making a long PW. A single extra letter can even multiply time taken by a lot. A 12 letter one can take literally over 2 billion times as long than a 6 letter one to be found this way.
Report Abuse
DesiredShark is not online. DesiredShark
Joined: 28 Jun 2012
Total Posts: 5123
16 May 2015 02:48 PM
'How will the system find out if someone has ”hacked” into your account?'

How does Chase's system find out if someone has hacked into your account? Or Anthem Bluecross? Or Target? Engineering and programming. Using sarcasm just triggers your lack of authority in a debate by the way.

"Knowing others is wisdom, knowing yourself is Enlightenment." - Lao Tzu
Report Abuse
MetricMagpie is not online. MetricMagpie
Joined: 19 Aug 2010
Total Posts: 7161
16 May 2015 04:33 PM
"Whenever you log on your e-mail account and check your inbox, ROBLOX sends an alert that your account is being taken over."
I would understand this properly if you re-worded it, but I'll ask these questions:
1. Does it send you an alert if someone logs in your account, or every time you open your inbox?
2. If the former in question 1 is the trigger for the alarm, does it require the IP to be different than your one?

I'll also list some scenarios below and question what would happen after them with this update:
Scenario A: Alice is out on vacation (this could also work if she is simply not online and ). Bob guesses Alice's log-in information and gets on Alice's account. The system picks this up and send an alarm to Alice, who isn't there to see it. Meanwhile Bob wastes all money on Alice's account, breaks rules with it and gets it terminated. Additionally, Bob may or may not be using a proxy to change his IP.

Scenario B - something if in scenario A the result would be Alice having her account re-given and her purchases given a rollback: Charlie is a mischievous trader with a semi-famous place. Charlie decides to abuse the system Alice used to recover her account. Charlie logs out and changes his IP. Charlie then trades every limited he has, later selling his traded limited for an extremely low price price. This lowers the RAP of those limited items and potentially collapses their value. Then he spends all of his money to purchase dozens of items of several different limiteds. They are all sold for a extremely low price, crashing the value of those limiteds. Now Charlie adds extremely inappropiate things to his place and spams the forums with it. He is quickly terminated.

Then Charlie changes his IP, says "no" on his alarm mail and claims he got hacked. His termination has been evaded and he is unpunished, as everyone would think a different "hacker" did it. It gets much worse when the rollback is done, with a cascading rollback taking place messing up other traders. The values of the ruined limiteds remain low for a long time. This is because there has been time for panicked owners to hastily dispose of the limiteds to minimise losses.
Report Abuse
kessi is not online. kessi
Joined: 28 Dec 2008
Total Posts: 313
16 May 2015 04:36 PM
Just like GMAIL it should block out a suspicous I.P and email you to allow or deny it. Simple.
Report Abuse
battlecruiser12 is not online. battlecruiser12
Joined: 24 Sep 2013
Total Posts: 939
16 May 2015 06:42 PM
@Metric
Scenario A wouldnt be possible since Bob only has the PW to the Roblox account, and not the email-account, which makes it impossible to get into the Roblox account since he can't access the authentication mail.
Report Abuse
dragon3668girl is not online. dragon3668girl
Joined: 20 Aug 2014
Total Posts: 224
16 May 2015 06:53 PM
No  
Report Abuse
MetricMagpie is not online. MetricMagpie
Joined: 19 Aug 2010
Total Posts: 7161
16 May 2015 07:02 PM
@battlecruiser12
In the scenario Bob doesn't go on Alice's mail. He gets Alice's account terminated, but Alice is offline so she can't see the alarm. Therefore the two options are:
Keep the account terminated, which dismissed the point of having this system.
or
Restore the account and therefore make scenario B a possibility.
Report Abuse
dragon3668girl is not online. dragon3668girl
Joined: 20 Aug 2014
Total Posts: 224
16 May 2015 07:12 PM
Agreed  
Report Abuse
NovaMagic is not online. NovaMagic
Joined: 28 Dec 2014
Total Posts: 135
16 May 2015 07:27 PM
i like kessi's idea
Report Abuse
RBXChris is not online. RBXChris
Joined: 05 Jan 2015
Total Posts: 341
16 May 2015 07:29 PM
"Just like GMAIL it should block out a suspicous I.P and email you to allow or deny it. Simple."

--

That's basically like two step verification. ROBLOX should implement one.
Report Abuse
battlecruiser12 is not online. battlecruiser12
Joined: 24 Sep 2013
Total Posts: 939
17 May 2015 04:05 AM
@Metric
What i mean, is that Bob can't access the roblox account at all since he can't access the authentication email.
Report Abuse
darkline1 is not online. darkline1
Joined: 12 Apr 2013
Total Posts: 1773
17 May 2015 10:13 AM
GUYS, I NEVER GOT HACKED, I JUST GAVE MY CREDENTIALS TWICE, OMG, THERE IS LITTERALLY NO, YES, LITTERALLY, NO *CENSORED* WAY TO GET HACKED, ONLY IF YOU EVER GAVE YOUR CREDENTIALS TO SEMEONE!!!!!!!!!!!!!1111 (CHANGE YOUR CREDENTIALS *YOUR LOGIN NOT USERNAME* TO BE SURE ONLY YOU KNOW IT!)
Report Abuse
DesiredShark is not online. DesiredShark
Joined: 28 Jun 2012
Total Posts: 5123
17 May 2015 11:34 AM
"GUYS, I NEVER GOT HACKED, I JUST GAVE MY CREDENTIALS TWICE, OMG, THERE IS LITTERALLY NO, YES, LITTERALLY, NO *CENSORED* WAY TO GET HACKED, ONLY IF YOU EVER GAVE YOUR CREDENTIALS TO SEMEONE!!!!!!!!!!!!!1111 (CHANGE YOUR CREDENTIALS *YOUR LOGIN NOT USERNAME* TO BE SURE ONLY YOU KNOW IT!)"

>I get hacked by some unknown third party
>I never gave out my credentials
>Security breaching/hacking is possible
>Your argument is invalid



"Knowing others is wisdom, knowing yourself is Enlightenment." - Lao Tzu
Report Abuse
IronForumer is not online. IronForumer
Joined: 08 Aug 2013
Total Posts: 9119
17 May 2015 11:36 AM
That, or you were just PGed.

expert of rustling jimmies
Report Abuse
xDisturbance is not online. xDisturbance
Joined: 04 Feb 2013
Total Posts: 3665
17 May 2015 08:50 PM
Scenario:
Jacob is doing really bad things on ROBLOX. He does good things at his house where parents are watching, but really bad stuff at his friend, Billy's, house, where he has nobody watching him. Jacob gets his account banned while he's doing bad stuff at Billy's house. He then claims that the IP that was in the account from Billy's house was some hacker, and he gets his account back. He keeps doing this as he pleases, and Billy gets IP banned. Jacob can do whatever he wants with the hacker excuse, but also, if Billy wanted to join ROBLOX, he can't because his IP has been banned.

That's one bad scenario.
Report Abuse
DapperNarwhal is not online. DapperNarwhal
Joined: 08 Jul 2009
Total Posts: 24119
17 May 2015 10:03 PM
[ Content Deleted ]
Report Abuse
6yoshi123 is not online. 6yoshi123
Joined: 21 Sep 2013
Total Posts: 3163
17 May 2015 10:04 PM
my internet almost broke from this raging hacker
Report Abuse
Previous Thread :: Next Thread 
Page 1 of 1
 
 
ROBLOX Forum » Roblox » Suggestions & Ideas
   
 
   
  • About Us
  • Jobs
  • Blog
  • Parents
  • Help
  • Terms
  • Privacy

©2017 Roblox Corporation. Roblox, the Roblox logo, Robux, Bloxy, and Powering Imagination are among our registered and unregistered trademarks in the U.S. and other countries.



Progress
Starting Roblox...
Connecting to Players...
R R

Roblox is now loading. Get ready to play!

R R

You're moments away from getting into the game!

Click here for help

Check Remember my choice and click Launch Application in the dialog box above to join games faster in the future!

Gameplay sponsored by:
Loading 0% - Starting game...
Get more with Builders Club! Join Builders Club
Choose Your Avatar
I have an account
generic image