It Has To Be One Of The Private Servers

You're both off topic and instigating. Reported

I've topicbanned you both. Let that be the end of it.

Honestly, the whole topic is just entirely unsubstantiated slander because people couldn't get their horizon hate out in the first thread. Shutting down the first thread because bad actors wanted to ***on it seemed to be in poor taste too. You're basically de-facto siding with those who hate horizon by removing the place for people who don't to talk about it.

Oh boy, my favorite game, "Guess which side Rooks is taking". How I missed you, P+R section.

I made it clear in the followups that Horizon discussion wasn't forbidden. That particular thread, though, was beyond saving; if there's another one that gains some traction and people are shitheads in it I'll deal with them then.

For what its worth the specifically shitting on horizon is much better on bg.

I just bring this up because it seems like a hell of a coincidence. It's just so obvious. Too obvious. The logic just flows perfectly.

Old accounts, the perfect target for a legacy server, with shady credentials, suddenly starts posting phishing links, right after it starts up.

You can't get more straight forward than that if you tried.

Horizon launched in November, these hacks started in the last week. Just because FFXI itself moves slowly doesn't mean everything else does. Neko-Sentai went down recently. FFXIAH probably has the same security practices in place from 10 years ago. There was a chain of discord hacks starting 2 days ago:
https://www.ffxiah.com/forum/topic/57116/warningcompromised-ffxi-discord-accounts/#3653653

It's not impossible that the things are related, but if you're trying to see a pattern you'll see one. There's not any meaningful evidence to actually back the idea that they are.

It just makes too much sense that all 12 or 13 accounts have been ~12 years old.

If you were going to hack a database and upon it there were dozens of accounts that played ffxi 10+ years ago and quit, where would you attack.

Neko-Sentai would fit that description perfectly. Hasn't been relevant in years because most of us grew out of video game porn. Has accounts dating back to 2008 or earlier, and more of them than Horizon most likely. Just went down with little explanation a couple weeks ago. Bonus that the accounts were likely created at the same time as these XIAH accounts, so more likely to have password overlap(granted I'm sure there are people still using the same password for everything now in 2023, not as many as were in the days of neko-sentai).

LiveJournal

It's not often that one single post makes me recall such an embarrassing time in my life, but you just pulled it off.

Damn I miss the LiveJournal days

Horizon launched December 17

You clearly avoid the main forum page^^

You clearly avoid the main forum page^^

That's still a pretty lengthy gap, and, let's be real clear about something - a lot of risk (if they're found out) vs... what reward? It doesn't really make any sense.

If Horizon is involved at all, it'd almost have to be some leak/hack on their side, but the notion that they're responsible is just... irresponsible.

Honestly, data leaks are commonplace enough now that it might not even be the same source; it could be multiple sources, and our new guest is just the only one who decided to take the time actually write a spambot for AH.

[Edit: removed speculation on source of leak]

Every private server out there seems to make use of XiLoader, which does happen to send usernames and passwords in plaintext over an unencrypted connection. Any sort of network log, if kept, would have this information available in plaintext as well.

The database itself stores encrypted passwords, which could be brute-forced if obtained. The database itself has several SQL vulnerabilities, so this could be achieved without all that much work if someone had the time, resources, and motivation.

I'm not saying it's necessarily the case this is a result of a private server vulnerability, but it wouldn't surprise me either.

nekosentai hasn't existed in website form for like 7 years now. remember gulk making a big deal about it in the bg discord when the plug got pulled

i'll ask him if there's any way that user data could've been leaked

Horizon is already breaking the law by running an illegal pirate server, using stolen assets and offering a service that attempts to rob a company of money from the service they offer. People fob this off but it's actually no better than pirating a video game.

This is no different than me hiring an amazon server and setting up "my netflix" and offering links to pirate torrents for movies for free. Wat bro I'm not even doing anything wrong!?!

If they hack your computer, if they steal your stuff, if they do anything you have nobody to blame but yourself because they are already breaking the law and they owe you nothing anyway. You think the cops are going to do anything if they steal your stuff?

"so let me get this straight, you're downloading something from some people that are offering a service for free that you're supposed to pay for and you're surprised they ripped you off and stole your bank details?!"

Having said that, I don't think they did anything intentional but it's known their security is terrible and they have been told as much and ignored it (and I think banned people that pointed it out even). So you're ultimately trusting people that don't really know what they're doing, which is fine unless you use the same password for your horizon account as everything else.

Also these are not some kind of master developers, they took a game actual video game developers made and server software someone else spent years figuring out and uploaded for others to use and and made a launcher.

The only real development they did was the launcher, which is as secure as your grannies 30 year old underwear.

Why do you think they are so many of these servers running, it's not hard to do this stuff and you don't need to be all that technically proficient to do it. All the actual hard work was done by other people years ago.

Even calling them developers is a joke in the fist place, larping is what it is.

If nekosentai were to blame, BG would be compromised as well.

Those telegram pr0n selling posts are from bots and exist on every popular YT video out there.

No one's out to get you - it's just business as usual. Low hanging fruit.

That's all really cool. I hope it works out well for everyone involved. I'm just gonna keep hating myself and play retail and mind my own business.

The problem is that this would taken some focused effort to obtain those then try and use them here since there is no direct tie to this forum from the private server, meaning someone would have done it manually. These posts are likely generated from automated tools given the number of search results matching the same pattern. There are also far better use cases for exploiting a private server SQL bug than someone spamming a retail AH server with posts that will be taken down and likely ignored. The correlation from dumped passwords on a private server to try and use here isn't something I'd expect one of these automated tools to do.

Most of the posts I found on Google that match the same pattern are from the last few days, so more than likely it's from a password dump that had ffxiah passwords as part of the dump and the timing is just a coincidence, although it does seem awfully convenient.

How likely are you to leave ffxiah.com password on your browser storage for 10 years after you stop posting.

As soon as you upgrade, you're starting over and not lurking here. So I mean. How many people are still using the same pc for 10+ years.

There is nothing that's going to link you the human to you the ffxi player aside from it being the same login credentials on something ffxi related. I don't know how many of you use your ffxi name somewhere else lol.

dude just posted a manifesto

It doesn't have to exist in your personal vault or on your system to be part of a stolen password dump. Most of these spammers buy these dumps, it's possible or likely the dump they bought contained a lot of older data. If you look at some of the forums where this is popping up, they are older and more obscure, so the data they are using is likely just ancient and still relevant because these inactive users never updated their passwords.

There are also ~143k hits on the exact phrasing, so this isn't something specific to ffxiah or targeted here, it's pretty widespread across the last 3 days.