• 955 Players on Java
  • us.mineplex.com
  • 9393 Players Online
  • 8438 Players on Bedrock
  • eu.mineplex.com
!
Attention Internet Explorer Users
To have the best user experience on our site please consider upgrading to Google Chrome or Mozilla Firefox

Forum Account Security

Discussion in 'Mineplex Guides' started by _Prof_, May 20, 2019.

  1. A user that was on the top 20 in the posts leaderboard mysteriously disappeared. I will reveal the truth right now. Someone got into his account and submitted a support ticket to have his everything on the Mineplex forums deleted. If I remember correctly, they have had about 500 posts or so. I would be pretty mad if someone hacked into my account and deleted it without my permission as that throws away all the work I put into it. Enough of that, let's jump right into how to protect your Mineplex forums account from being hacked or used with authorization.

    1. Enable the 2-step verification process: This adds two more lines of defense from hackers. Other than just your email and password, your account security is upgraded with the verification code and email confirmation process. The verification code works like many other logins. This ensures that you are not a robot as they cannot use a cellular device. The email confirmation requires you to confirm via login email every time you log in from a new IP address. You must go to your email you log in to that account with and confirm it is you logging in. When someone just happens to guess your password (already very unlikely), they will need to have access to that email too, which is close to zero.

    2. Have a rather long password than variety: In the world we live in today, people do not just blatantly guess passwords with the human mind anymore. There are such things like brute force hacker attacks that uses a computer to guess passwords for them. Those programs can generate up to billions of different password combinations per second, how common does your password feel now? For every new character you add to your password, the amount of combinations grows exponentially. There are over 100 different characters and if your password just contains several, it will not take very long, if not, instantly for those machines to guess it. Use online password generators to generate them for you, save it somewhere personal and copy and paste it when you log in. If your password takes over a qudrillion years to guess, you are safe.

    3. Avoid using common passwords: Passwords like "password," "12345," or "abc" are all too breachable. Whenever you create a password, it gets saved to the website's database hashed through an algorithm as usually SHA1, MD5, or MD6, never as plain text. A hashed passwords is very long with a combination of lowercase letters and numbers. Every possible password combination of characters has a specific hashed version that represents it. Hackers use a device called rainbow tables that store all the common passwords with their hashed and plain text form. They would then use a website (unapproved link, sorry) to convert the hashed password into plain text.

    4. Protect your computer: If your computer is wireless or does not use any antivirus software and is used not just by you, your email address and password is completely at risk.Using wireless isn't the safest form of using the Internet, as it can be hacked by people using network sniffers. If you have no other choice, make sure you have a WPA key on your wireless Internet connection. You can change or add one by going into Connections -> Your Wireless Network -> Wireless Map -> Your Router -> Properties -> Device Webpage. Then click Wireless Security Settings and then "WEP/WPA Key". Personally, I use both, Avast and Kaspersky as an antivirus to guard my computer. Hackers can create viruses that track everything you type, send it over, and they will eventually guess your login information.

    5. Do not save passwords by any means: Someone can physically still get into your account without having to know neither you username/email or password. If you already have it saved for them, all they have to do is click "login." This would then give them full access and freedom of what they can do with your account, just like someone from the internet hacking into it.

    6. Use secure shells when sending messages: Everyone should at least know what a VPN is. If you do not, the following is not for you to read. SSH stands for secure shell, which is a protocol for tunneling TCP connections. VPN is used widely for connecting to all kinds of ports, while SSH is more for remote connections. As far as I know, you can only setup SSH on your desktop, which is why it is more secure. The secure shell forwards any traffic from your computer and tunnels it through a random TCP. As you can see, this is similar to a VPN, but more tedious to setup. Why it is more secure than a VPN, though, I am not sure. I can just assure it is. PGP stands for pretty good privacy, and involves a public key that you and your recipient have, and a private key that only you have. This is really just for messages, or any type of data communication. Let's use an example with the names Noob and Scrub. Assuming they both have PGP software, Scrub creates a public and private key, and gives his public key to Noob. Noob would encrypt messages with this public key, making it unreadable to anyone intercepting the message. it would then be sent, and scrub would decrypt the message using his private key. And if scrub wanted to send a message back, the process would be flipped, and scrub would have to create a public an private key, and only give his public key to noob. It is a very tedious and confusing process at first, so I would only use it if you really can't afford to have certain messages read. Although, if you want to do this with every message, that is on you, and you will get used to it.

    7. Stay away from sketchy links: Always question links sent to you, as you can very easily get your IP grabbed from a simple website. People who do this often use a basic website name, like the Mineplex website, and change it just slightly to the point where you wouldn’t really notice and click without thinking. Example: Mineplex.net. This isn’t a real website that will grab your IP, but just an example of what can happen.

    8. Never reveal your password or authentication under ANY circumstance: This is rare and usually happens to 2 kinds of people: young, or people who have problems like not getting shards. someone can ask you your authenticator number and password. This can happen in DMs on Discord. Discord responds immediately so it is more likely on that. Say they will give something like free gems or shards, or free chests (if this was not in a Giveaway). Do not fall for this as you are then giving full access to your account.

    Account security should be taken seriously. Those who have gained unauthorized access to your account may do whatever they want with it and it probably would not be something you wished for. Because everyone else thinks it is you, they can do anything embarrassing with your account so that you get crap for it, not them. There are many other terrible things hackers can do with your account, like we saw recently.
     
    Posted May 20, 2019,
    Last edited May 26, 2019
  2. Thank you for making this thread! Account security is incredibly important, and the situation that you mentioned is an example of what happens if you don't secure your account properly. I have enabled 2FA on my account, and hopefully other players will follow suit. Thank you again!
     
    Posted May 20, 2019
    xOeuf, CupAWup and _Prof_ like this.
  3. This is a thread that I don’t see too often, and it is definitely important. I don’t know too much about the situation you described, but it does sound like an occurrence that can happen to anyone. Internet safety is something we all have to take more seriously when it comes to playing video games and chatting online. A lot of this playerbase are younger individuals who are a little too naive to understand the threats of online communication. There are a lot of dangers when it comes to this sort of thing. Creating this way for users to look back and fix a few things to tighten their security is a good thing.

    One thing I would add is to never click any suspicious links if you do not know the person. Always question links sent to you, as you can very easily get your IP grabbed from a simple website. People who do this often use a basic website name, like the Mineplex website, and change it just slightly to the point where you wouldn’t really notice and click without thinking. Example: Mineplex.net. This isn’t a real website that will grab your IP, but just an example of what can happen.
     
    Posted May 20, 2019
    CupAWup and _Prof_ like this.
  4. This is actually very useful, and 1, and 5 are the most useful. 1 is useful as the authenticator changes like every 40 seconds, and is 6 digits. 5 is useful, as a sibling can get in and do something you might not like
    --- Post updated ---
    First, when does it grab your ip? When you log in? Second, how do you detect a suspicious link?
     
    Posted May 20, 2019
    _Prof_ and cerns like this.
  5. I disagree with this point. Saving passwords usually isn't that big of a deal, especially when you consider exactly what software you're using to save the passwords. Google's password protection, in particular, is ridiculously overpowered for security. All in all, as long as you don't let anyone onto your device without your permission, you should be completely fine. Other than that, it's a good guide.
     
    Posted May 20, 2019
  6. There are many websites that can generate a very large password. Also, make sure that when you are signing into a site that it has an SSL lock meaning it is the real site do to the certificate that is nearly impossible to get.
     
    Posted May 20, 2019
  7. The problem is, you could be using a school computer and saving your passwords. Then someone random can walk up to the computer and log in using your information to do whatever they please with no repercussions, except you're the one with them. I never save passwords on any computer and I never will. Saving passwords greatly increases the chance of someone getting into your account and I don't suggest doing so.

    @_Prof_ wonderful guide! I agree with all of the points you make on this guide. I have a decently large password that is above ten digits so there would be around 69^11 different passwords that could work with eleven characters. I suggest having a password that is long (10-12 characters) and is a combination of lowercase letters, uppercase letters, numbers, and symbols. I think this guide is very useful for those that want to have a secure account.
    --- Post updated ---
    IP grabbers are when someone asks you to click a link and it'll grab your IP and give it to whoever sent you the link. Any links that seem suspicious would be any link that looks awkward and isn't from a trusted website. If you see a link that seems suspicious, DO NOT click it and ask for help from me or any staff that's available to help you and report it.
     
    Posted May 20, 2019
    _Prof_ likes this.
  8. Would like to clear up some murkiness of this post.
    What is an IP grabber?
    In simplest terms, and IP grabber is a shortened URL or link that will 'grab' a code unique to your WiFi connection.
    Are IP grabbers bad?
    No, IP grabbers are not necessarily a bad thing. Companies and organizations use them quite frequently in order to provide basic services. Despite this, usually, IP grabbers are an internet substance best avoided.
    Can I be IP grabbed?
    If one has properly configured antivirus software, then no, chances are whoever wants to obtain the IP will be unable to. Another way to avoid being IP grabbed is to use a reliable VPN.
    What can an IP grabber do to me?
    In relatively, IP grabbers will only be able to get an approximation of your current location. An IP grabber alone will generally not be able to steal all your information, nor hack you in any form or way.

    If anyone has other questions concerning IP grabbers feel free to dm/pm me or respond to this thread.

    There is always a risk with saving data on the internet, and saving passwords is no outlier to this trend. If merely one person gets into your account and you have any saved passwords, then they are theoretically able to access all of your other accounts. As someone who has experienced this first-hand, I can assure you that this is no joke; saving passwords in association with an internet browser is rarely a good idea.

    I feel like this post is extremely useful, as such I will add some of my own input.
    Always use https webpages
    In essence, HTTPS is an encrypted protocol that makes common web browsing between the host server and internet user secure. It is literally extra protection and practically no cost, so I would personally recommend always using it.
    Get a trustworthy VPN and AdBlocker
    VPNs are literally an extra layer of security as they normally add extra encryption to your web browsing and conceal your location. Naturally, use a dependable VPN, as having a suspicious or outdated VPN can be even worse than having no VPN at all. AdBlockers are exactly what they sound like; they block ads. Not only will this boost overall browsing speeds, but downloading one will clean up ads that could lead to a site that will instantly download malware on your system.
    Purchase an antivirus application
    No one is perfect and we all make mistakes; however, a solid antivirus should take care of all anomalies and future weaknesses in one's system. In fact, most computers come with preinstalled antivirus applications, so I would personally recommend making good use of them.
    Use common sense
    This category is fairly straightforward. If you see something or are on a website that doesn't look safe, don't click it. I would advise trying to be the smartest internet user you can be and by making proper decisions online.

    I could drown on and on with more examples and extra security measures; however, that would be a really long post that very few would want to read. As such, I think it's best if I end it here. Also, if you would like to use any of these examples in your original post, feel free to add them @_Prof_ . Naturally, feel free to change them as you see fit.

    Per usual, if anything is incorrect or unclear in this post, feel free to respond to this thread or shoot me a pm/dm. Thanks!
     
    Posted May 20, 2019
    CupAWup and Jaekub like this.
  9. We have a post leaderboard? Is that why there are so many dummy threads... Also who's so petty over posts that they would hack another player's account to delete it smh

    Anyways, certainly some helpful tips for keeping your account secure, thanks for sharing.
     
    Posted May 20, 2019
    CupAWup and _Prof_ like this.
  10. Also, I don’t think it was for over posts. Plus that could have happened to @Jkaebub or @Vocaloiid
     
    Posted May 20, 2019,
    Last edited May 21, 2019
  11. I think he means how off topic posts make up a good amount of posts on the website
     
    Posted May 20, 2019
    Jaekub and PapiKirito like this.
  12. Account security is definitely superior. I really don't see topics like this often. Usually, when I'm making an account for a website (almost every) it recommends me a safe password which I hope it does for others because that can be extremely useful as well.
     
    Posted May 20, 2019
    _Prof_ likes this.
  13. Any advice to protect against brute force/dictionary attacks? It's easy to get kali linux and attack a target from all kinds of directions, using a lot of different methods.

    EDIT: It can be tedious, but if you're sending a very important message that you want little, if any risk, of it getting intercepted, don't just use a VPN. Use a SSH, and once you get either of those, implement PGP.
     
    Posted May 20, 2019
  14. Agreeing with Vocaloiid here, I don't think he was necessary targeting you but just simply stating that there are some threads here on the forums that shouldn't be here, whether it be an off topic thread or one that is repeatedly discussed. I don't think your account was taken down by some hacker or someone else, @Cupi, but someone who, just for your safety, might have disabled the account because they didn't think you needed it. This could have been anyone that has access to your device as you probably don't need to sign in every time you access the forums. Your threads aren't considered "dummy" threads as your threads are mostly unique, original ideas that you've come up with, which belong here on the forums. I hope I cleared everything up for those that may seem confused.
     
    Posted May 20, 2019
    _Prof_ likes this.
  15. @AsianJesus just gave a 6th point to this thread. Credit to him for doing so!
     
    OP OP
    OP OP Posted May 21, 2019
    CupAWup likes this.
  16. Thanks for creating something to help out the community!
     
    Posted May 21, 2019
    _Prof_ and CupAWup like this.
  17. Sorry @happilycam, I just now realized that you added another point to my thread. Their contributions to the OP has been added accordingly.
     
    OP OP
    OP OP Posted May 25, 2019
  18. Also stay away from websites with http instead of https. The extra s is for security
     
    Posted May 25, 2019
    _Prof_ likes this.
  19. My password will NEVER be broken.
     
    Posted May 25, 2019
  20. Simply going on the website can grab your IP address, I’ve had it happen to myself long ago. Suspicious links, as I briefly explained, can be anything from anyone you don’t normally talk to. Question most things sent to you. Along with that, slight changes to popular website you may go to can also grab your IP or try to trick you into giving up your username/password.
     
    Posted May 25, 2019
    _Prof_ likes this.

Share This Page