forums.rs

Forums

Too many login attempts

Quick find code: 278-279-698-66169545

of 53
NexOrigin

NexOrigin

Posts: 2,592 Adamant Posts by user Forum Profile RuneMetrics Profile
Original message details are unavailable.
Is this what would happen if someone else was intentionally trying to log in with your username and incorrect passwords?

It seems to be account specific... so... is this what's going on?

I'm just gonna leave this here:
https://youtu.be/oQmbJZ5E0T0
I'm better than you, but that doesn't mean you're not great! :)

26-Nov-2020 01:46:02

Recolorscape
Jul Member 2015

Recolorscape

Posts: 3,604 Adamant Posts by user Forum Profile RuneMetrics Profile
It's truly appalling how far Jagex have fallen. I am certain the Gowers would be disappointed at the state of their company. It has been several months since this bullshit started for me. Even though I have submitted 10+ tickets to their non-existent customer support and reached out to them on twitter on more than 1 occasion, no support has been provided yet.

At least they made sure I won't be one of the people to buy their premier package, this bullshit company does not deserve it.

All we are asking is to know if this issue is actually being worked on or is Jagex waiting for this to affect even more players before taking action? It has been several months, that should be MORE THAN ENOUGH time to fix this crap.

26-Nov-2020 08:38:22

Mod Lyon

Mod Lyon

Jagex Moderator Forum Profile Posts by user
Recolorscape said :
All we are asking is to know if this issue is actually being worked on

Yes.

As I've repeatedly said it is being worked on. It continues to be worked on until the solution we need to do, is in place.

-----

While I haven't posted in a while on the forums, I've been discussing communication around this internally for a while and worth noting I'll no longer be commenting much if at all publicly either here or on Twitter etc. as in my view this has grown to the point Jagex should be commenting, not a random engineer within the team.

If anything changes and we stop working on this or something else happens, my expectation is Jagex comments, rather than myself or anyone else in my team.
Jagex Web Team

Twitter - @JagexLyon

26-Nov-2020 15:30:21

LovveL
Mar Member 2013

LovveL

Posts: 5,894 Rune Posts by user Forum Profile RuneMetrics Profile
Mod Lyon said :
Recolorscape said :
All we are asking is to know if this issue is actually being worked on

Yes.

As I've repeatedly said it is being worked on. It continues to be worked on until the solution we need to do, is in place.

-----

While I haven't posted in a while on the forums, I've been discussing communication around this internally for a while and worth noting I'll no longer be commenting much if at all publicly either here or on Twitter etc. as in my view this has grown to the point Jagex should be commenting, not a random engineer within the team.

If anything changes and we stop working on this or something else happens, my expectation is Jagex comments, rather than myself or anyone else in my team.
Not sure whether to laugh or cry... Making a self-claimed rare communication to say there will be no more communication.... We're doomed guys!! Rank #56 Overall. 8000/1****? Hard caskets stacked. 7000/8****? Elite caskets stacked.
31/37 boss logs completed - Ultimate Slayer achieved
Would you trust a Price-checking service that has bots running in W2 advertising themselves constantly? I wouldn't!

26-Nov-2020 16:20:44

Mod Lyon

Mod Lyon

Jagex Moderator Forum Profile Posts by user
Stoat King said :
But I get that that's not your job at all, so thanks for the update.

Indeed. An issue which is affecting many users who are, understandably, incredibly frustrated is meaning my words are often not as polished as an official statement might be, and are often causing more issues than helping, as the posts around this one show.

Behind the scenes we're still going to be working on this, and that's all I can really do in my position.
Jagex Web Team

Twitter - @JagexLyon

26-Nov-2020 16:28:02 - Last edited on 26-Nov-2020 18:24:23 by Mod Lyon

LovveL
Mar Member 2013

LovveL

Posts: 5,894 Rune Posts by user Forum Profile RuneMetrics Profile
At least you're saying "many" now instead of the usual "low" amount of users.
And I agree this should be Jagex replying to all of this, but isn't that who you're representing being an employee? It's not like we have the power or ability to get in touch with "them". You do though.
I also understand it must be tough to be the outside face for all of this, but at the same time you're the one saying this was working as intended...

This is very worrying and also seems shady in a way.
I'm happy your last two posts seem very sincere and honest compared to EVERYTHING else you've said in my opinion. Rank #56 Overall. 8000/1****? Hard caskets stacked. 7000/8****? Elite caskets stacked.
31/37 boss logs completed - Ultimate Slayer achieved
Would you trust a Price-checking service that has bots running in W2 advertising themselves constantly? I wouldn't!

26-Nov-2020 17:58:02 - Last edited on 26-Nov-2020 18:00:00 by LovveL

RebornMuscle
Sep Member 2018

RebornMuscle

Posts: 1 Bronze Posts by user Forum Profile RuneMetrics Profile
I have also been hit by this problem. It’s been almost 2 days since I first experienced this bug. I have tried to reach out to Jagex to lock my account in case it is an attempted hijacked and have not received any response.

Unbelievable that a paying customer has to deal with this. Especially since it has been a problem since half way through 2020.

26-Nov-2020 20:17:01

NexOrigin

NexOrigin

Posts: 2,592 Adamant Posts by user Forum Profile RuneMetrics Profile
Mod Lyon said :
As I've repeatedly said it is being worked on. It continues to be worked on until the solution we need to do, is in place. Do you guys have a solution that you're working on? Should we suggest solutions?

I mean, maybe some of us have some ideas that could be considered?

For example, you know this is being caused by a 3rd party automated system. They're not using the game clients or anything, they're directly making server requests to the login API.

So, what if you change how the login system works? That would temporarily prevent this from happening. That is, until they reverse engineer the client again, and rewrite their scripts to be adapted to the new login API.

But, what if you were to set up a rotating API that changed on a regular basis? This kind of concept was done during the bot nukes to mask the game item IDs from bot developers, right? They had to hard code the item IDs in the bots, and because of the rotating item IDs, the bots could no longer function without being recoded every time.


That what your goal should be here.

This isn't some login bug you're trying to fix, as most people here think. This is a botting issue. You need find a way to break the bots. If you can break the bots, they can't be used to prevent people from logging in.

Your goal should be to prevent the bots from functioning.

The first step to that would be by changing how the login API functions, and then finding a way to mask how it functions.

Monday: Login API expects a certain connection string. All other connections are ignored.
Tuesday: Different connection string, all others are ignored.
Wednesday: Another different connection string.
Etc, etc, etc.

You can't stop the bots completely, as it wouldn't take too long to simply change the bot's script after a bit of packet sniffing. But, you can temporarily break them. Every time you break them, someone has to spend time fixing them. I'm better than you, but that doesn't mean you're not great! :)

26-Nov-2020 22:02:07

NexOrigin

NexOrigin

Posts: 2,592 Adamant Posts by user Forum Profile RuneMetrics Profile
You'll never stop it completely if someone is dedicated to pursuing this. The fact that they're making money by selling their "lockout" service means they have some skin in the game, This isn't "just for fun". It's a business to them.

But if you can disrupt their login script, even temporarily, that means they have to shut their business down to fix the problem. The more often they have "fix the problem", the less service they can sell. The less service they can sell, the less customers they have. Eventually it becomes a question of "is it worth it to run this business still?".

Right now, they just have to let their website run, and everything is automated. People pay, the server raw sockets a bunch of packets to you, and the user is locked out of their account until the timer on the server runs out.

But if someone had to spend an hour or two every day to "fix the problem", that would change the dynamic of the automated system.

You can't actually "stop it" from your end, but, if you can make it enough of a pain that it is no longer worth it to them, then they'll "stop it" from their end.


If someone's product/service cost too much to manufacture/maintain, they will no doubt, on their own, stop offering those products/services. I'm better than you, but that doesn't mean you're not great! :)

26-Nov-2020 22:02:32

Quick find code: 278-279-698-66169545 Back to Top