Path of Exile Dev Tracker

To keep this forum from getting too cluttered with stickies we're consolidating a number of excellent threads to be accessible from this post. Thankyou to everyone who has contributed to these topics.
_______________________________________________

~Keeping Informed~

FAQ Read This Before Asking a Question
An extensive list of answers covering multiple topics such as skills, quests, items and general info about Path of Exile, by Dark0mens

[Dev. Commentary] ... Read more

To keep this forum from getting too cluttered with stickies we're consolidating a number of excellent threads to be accessible from this post. Thankyou to everyone who has contributed to these topics.
_______________________________________________

~Keeping Informed~

FAQ Read This Before Asking a Question
An extensive list of answers covering multiple topics such as skills, quests, items and general info about Path of Exile, by Dark0mens

[Dev. Commentary] ... Read more

To keep this forum from getting too cluttered with stickies we're consolidating a number of excellent threads to be accessible from this post. Thankyou to everyone who has contributed to these topics.
_______________________________________________

~Keeping Informed~

FAQ Read This Before Asking a Question
An extensive list of answers covering multiple topics such as skills, quests, items and general info about Path of Exile, by Dark0mens

[Dev. Commentary] ... Read more

To keep this forum from getting too cluttered with stickies we're consolidating a number of excellent threads to be accessible from this post. Thankyou to everyone who has contributed to these topics.
_______________________________________________

~Keeping Informed~

FAQ Read This Before Asking a Question
An extensive list of answers covering multiple topics such as skills, quests, items and general info about Path of Exile, by Dark0mens

[Dev. Commentary] ... Read more

"

tungall wrote:


i don't know join event, can u hepl me?

You need to create a new character in the race league. The option to create a character does not enable until 30 minutes before the race league starts.

Please be aware of these phishing attempts - GGG staff and moderators will always use blue or yellow text in chat, and please never click external links sent to you, especially if they are not under the www.pathofexile.com domain.
If you're ever unsure, just email us at [email protected] and we'll look into it for you.

" steven_mcburn wrote: 1. How would they even know my email is associated with this game? How would they even know I'm playing, especially from this email? It's not like it's publicly flaunted.

The same way they have been finding other users information - by going through an enormous list of email/password combinations, most of which do not have PoE accounts associated with them. They just got lucky on yours (as they do with other users they compromise, they are playing the odds here).

" ...

Read more

Morgawr, AzraelX, as you both presented fairly compelling cases I decided to investigate your accounts to make sure there wasn't anything unusual going on (as I have done with other random accounts when I get the chance). I wanted to share my findings with you in the hopes that it helps explain the situation.

In both cases your accounts were compromised during a sweep of login attempts, and in both cases yours were the only logins that succeeded from the respective IPs performing the login attempts (out of the half-dozen or so accounts they tried in each attempt). In each case only 1 login attempt is made per account, suggesting they are using a list of email/password combinations and are not brute forcing the passwords. None of the other accounts they tried even have PoE accounts associated with them, suggesting this list did not come from us.

A quick google search of your registered email addresses shows that both are used elsewhere on the internet. I cannot... Read more

The people who were compromising the majority of the accounts have:
a) A botnet with at least 270,000 IPs we've seen so far.
b) A list with over 5 million email addresses and passwords, almost all of which are not people who have ever heard of Path of Exile.

They try the passwords on our website and are IP banned pretty quickly, which is when they change IP.

This email and password list has not come from us. It contains users from many other web services and is probably a concatenation of stolen lists from dozens of sites and games. They are trying it against Path of Exile because it gives them free accounts if they do stumble in to any. This is why it's important to use a unique password. I'm not saying every compromised account came from their use of this list, but it's certainly the bulk of them.

Since we deployed the security patch in 0.10.1d, the rate of account compromise dropped off almost completely because they have no way to log into... Read more

" a19850710 wrote: so you think no good english people is hack. why you so pomppous

i'm legal player i just think GGG casual banned my account i feel that is not reaonable

they are not trace my trade recording and give me a reason explain

they are just direct banned my account

If you believe you have been banned by mistake then please contact [email protected] with the name of the account and they will investigate the claim.

" Boem wrote: is there anybody on this forrum that knows, if my provider gives me a new ip adress durring a PoE session wil i get kicked because of the new anti hack protection in place?
i noticed this afternoon i got a new adress and i was kicked and had to get a delock key from my e-mail adress. If this is the case a lot of people wil be unesecarly allarmed i think, because they would assume they were hacked while in fact they just got a new ip adress and poe misttakes it for a hack attempt and asks for a delock key....(also if poe autokicks when ure provider gives u a new ip adress a lot of people in HC mode are about to die in ...

Read more

" TheHeffNerr wrote:

" Chris wrote: We do lock out accounts for multiple incorrect password attempts! The threshold is higher than 3 though, because users often legitimately take quite a few attempts to get their password right. There's no way they can effectively brute-forc...

Read more

" MonstaMunch wrote:

" darkro90 wrote: Just tested and found that the PoE doesn't prevent re-entry of password should a user entered the wrong password 3 or mote times.

I guess we now know what's the exploit is. Brute-forcing is never been this easier before. ...

Read more

" Dreggon wrote:

" Chris wrote: After a lot of investigation, I worked out that it was the same password I used for my bitcoin account at Mtgox. Their entire site had been hacked the year before, revealing all the passwords. I managed to find the mtgox leaked password list, and su...

Read more

Another thing to consider is that attackers can purchase bulk lists of leaked passwords from various services that have been hacked before. It'd make sense for them to go through those lists of email/password combinations to see which ones correspond to valid Path of Exile accounts.

True story time:
One day last year, I was playing Diablo 3 and I got kicked off my account because someone logged into it. I logged back in and changed the password, interrupting the theft of whatever bad items my D3 character had. I knew that I had never run any malware or clicked any bad links, but yet they had my password. After a lot of investigation, I worked out that it was the same password I used for my bitcoin account at Mtgox. Their entire site had been hacked the year before, revealing all the passwords. I managed to find the mtgox leaked password list, and sure enough, mine was on it. I obviously changed all my passwords in response to this and there were never any other pro... Read more

A couple of weeks ago I posted here explaining the common ways that users are having their passwords compromised by attackers.

We're now seeing an increase in the rate at which the attackers are stripping these accounts of their valuable items. As soon as we had the realm stability issues sorted out, we started work on new account security measures that should make it difficult for attackers to use stolen passwords to access your accounts.

I want to be completely clear - our security has not been breached. If our database had been compromised, the accounts that attackers would target first would be the most wealthy players, the high profile streamers or the developers. Imagine how much it'd be worth to compromise my account? Kripparrian's? The top people o... Read more

In any online game with an economy, in-game items have value. These items are often sold on external real-money trading sites, and we’re doing what we can to stop these affecting Path of Exile. We're attacking their spam and the way that they get items to sell.

Unfortunately, one of the ways these shops obtain items is by stealing them from other Path of Exile players. We have received several reports of people losing items, and we can see from our logs that these end up on accounts (generally accessed by Chinese IPs) that are used to supply RMT item sites.

After several days of painstakingly investigating these cases, we've identified quite a few ways that players are having their passwords stolen. I'd like to go through them one by one and explain how players can keep themselves safe and what we can do on our end to make these attacks more difficult.

I should stress that these problems are common to most online games and that they're problems that p... Read more

Real Money/External Trading



Buying and selling items or accounts for real money or external currencies (such as Forum Gold) is not allowed and we will ban people who attempt to engage in it in-game or on the pathofexile.com forums.



The following things are examples of behaviour that could get you banned under this rule:

• Posting a trade thread where you ask for things other than Path of Exile items in exchange for your gear.


• Offering people money or external currencies in exchange for their Path of Exile items or accounts.


• Advertising external item sales sites. It's best to avoid mentioning them by name.


• Running a service where you sell items or accounts to people for things other than Path of Exile items.

Self-promoting forum threads



We've had numerous posts being promoted by aut... Read more

I've moved this thread to the Beta General forum because the Events forum is now used for the Event ladders only.

"

arrrgh wrote:


A quick question. Do the prizes get wiped at open beta start?

When we enter Open Beta later this year, all items will be wiped apart from "Demigod's Presence (Unique Amulet)".