Quantcast Malicious code in Atlas - Page 2 - ESOUI
Thread Tools Display Modes
01/16/15, 08:04 PM   #21
Sasky
AddOn Author - Click to view addons
Join Date: Apr 2014
Posts: 241
Originally Posted by BornDownUnder View Post
I full agree, there should be no place at all for people like that in any community, in the real world it is called fraud. There should be no difference in stance at all in any format just because this happened in a game.

Out of curiosity, what was the decision made and actions taken as a result of this incident?
I'm not sure the user on the ESOUI site was banned. However, it wouldn't make as much of a difference since account creation isn't tied to $$ like an account name. Also, I don't think the user has posted anything (forums or addons) since then.

On the ZOS side, they refunded the gold. After discussing with users and addon devs here (and I think the main site too), they implemented the confirmation box for sending mail with gold or attachments. They could have more drastically gutted the API for addons, but kept as much around for legitimate addons while still protecting users from this sort of action.

Originally Posted by Cerulean2013 View Post
I know people are complaining to this forum that he should be banned, but has anyone reported him to Zenimax?

If not people who were effected should report them.
I reported the account name to Zenimax. (For better or worse, I was probably one of the first people affected by it.) The @name was in the code directly to read, so it was fairly simple to find where the gold went. ZOS has a policy to not comment on banning/etc.

It's good policy to not comment on those, especially on something that can be as volatile as forums. Consider that there's no link established between ESOUI and an account name. While anyone who knows Lua can establish that the addon was deliberate and malicious, it's really not known who made it. The @name could've been someone else entirely that was being framed. Then again, they were rather sloppy in adding the code so perhaps they thought they'd get away with it.
  Reply With Quote
01/17/15, 12:08 AM   #22
Cerulean2013
Join Date: Mar 2014
Posts: 25
Originally Posted by Sasky View Post
I'm not sure the user on the ESOUI site was banned. However, it wouldn't make as much of a difference since account creation isn't tied to $$ like an account name. Also, I don't think the user has posted anything (forums or addons) since then.

On the ZOS side, they refunded the gold. After discussing with users and addon devs here (and I think the main site too), they implemented the confirmation box for sending mail with gold or attachments. They could have more drastically gutted the API for addons, but kept as much around for legitimate addons while still protecting users from this sort of action.



I reported the account name to Zenimax. (For better or worse, I was probably one of the first people affected by it.) The @name was in the code directly to read, so it was fairly simple to find where the gold went. ZOS has a policy to not comment on banning/etc.

It's good policy to not comment on those, especially on something that can be as volatile as forums. Consider that there's no link established between ESOUI and an account name. While anyone who knows Lua can establish that the addon was deliberate and malicious, it's really not known who made it. The @name could've been someone else entirely that was being framed. Then again, they were rather sloppy in adding the code so perhaps they thought they'd get away with it.

Good, sorry you were effected but glad you reported. If the @name was the coder or someone who took it over doesn't really matter. In the latter case they should have taken the time to verify the code before publishing it. Anyway hopefully justice was served.
  Reply With Quote
01/17/15, 09:21 PM   #23
Baertram
 
Baertram's Avatar
AddOn Author - Click to view addons
Join Date: Mar 2014
Posts: 2,582
About the @name inside code, and reporting it:

In 99% the person getting the gold in the LUA source code would be the addon developer.
But waht if the @name inside source code was NOT the one of the "bad guy" who changed the addon, and someone poor (just pick any @name you get known ingame, what is really simple) will get all that money/stuff and doesn't know why he gets reported ;-)
  Reply With Quote

ESOUI » Site Forums » News » Malicious code in Atlas

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off