• Visit Rebornbuddy
  • Visit Panda Profiles
  • Visit LLamamMagic
  • [Warning] PSA: New WoW Gold/Item scam can cost you dearly...

    Discussion in 'Honorbuddy Forum' started by chinajade, Jul 25, 2016.

    1. chinajade

      chinajade Well-Known Member Moderator Buddy Core Dev

      Joined:
      Jul 20, 2010
      Messages:
      17,540
      Likes Received:
      172
      Trophy Points:
      63
      An FYI from a friend...

      This...
      [​IMG]
      ...is a new safety measure in the WoWclient v7.0.3.22293 to prevent a nasty attack vector from other users. More info here:


      Scripts are legitimate things to run, but they can also be used for nefarious purposes as described in the article. The attack vector allows one player to steal pretty much anything from another. It can also be used to steal important information.


      If you see the popup, you should probably click on 'No'. Then, you should pursue what is causing the problem and have it corrected by the author. If you click 'Yes', the WoWclient remembers the decison and never asks again. This leaves you open to attacks from other users, if you get careless one day.


      [hr][/hr]
      [EDIT 26-Jul-2016 by chinajade]:
      As of Honorbuddy v2.6.15589.833, Honorbuddy will suppress this popup while the bot is running. This makes the WoWclient maintain backward compatibility with existing third-party profiles, plugins, combat routines, etc.

      You are still completely safe; just make sure never to enter strange looking chat commands from strangers.


      Be safe,
      chinajade
       
      Last edited: Jul 26, 2016
    2. Goshinki

      Goshinki Member Legendary

      Joined:
      Sep 9, 2011
      Messages:
      500
      Likes Received:
      12
      Trophy Points:
      18
      About two weeks late from even the public posted stuff :O

      Glad to see it posted here though :p
       
    3. IliketobotWow

      IliketobotWow Member

      Joined:
      Mar 1, 2013
      Messages:
      31
      Likes Received:
      0
      Trophy Points:
      6
      Is there a way to see the log of this action (meaning trying to determine which add on it was)? I was grinding and came back to see the warning message from WOW that I was trying to run a custom script. I could not have interacted with anyone to type in the script since I was away.
       
      Last edited: Jul 26, 2016
    4. eyesopen

      eyesopen Member

      Joined:
      Jul 24, 2016
      Messages:
      133
      Likes Received:
      0
      Trophy Points:
      16
      tks for sharing
       
    5. Dazzic

      Dazzic Member

      Joined:
      Jan 24, 2016
      Messages:
      53
      Likes Received:
      0
      Trophy Points:
      6
      Found the line of code set to "1" in my files. Made sure to delete it.
       
    6. MaiN

      MaiN Moderator Staff Member Moderator Buddy Core Dev

      Joined:
      Jan 15, 2010
      Messages:
      1,017
      Likes Received:
      35
      Trophy Points:
      48
      This is probably the result of a profile, bot base, plugin or combat routine doing some things ingame in a special manner. It does not mean you were hacked.

      Honorbuddy needs to do this for compatibility with some profiles. However, you are safe as long as you don't enter any chat commands from strangers, so no need to be disconcerted with this!
       
    7. BotOperator

      BotOperator Well-Known Member

      Joined:
      Jan 17, 2012
      Messages:
      5,649
      Likes Received:
      74
      Trophy Points:
      48
      Bump!

      This scam still works and it is used by Honorbuddy or 3rd Party Honorbuddy Products from illegal places.
      If you download a *****ed copy of HB or addons this can happen to you so be smart buy your license here and only use checked stuff from our store.
       
    8. givemhell

      givemhell Member

      Joined:
      Nov 4, 2012
      Messages:
      60
      Likes Received:
      1
      Trophy Points:
      8
      ive been doing extensive testing with this, i found alot of cool tricks, some things that could be used to help others
      however there is more harmful & sinister things that it can be used for....

      i do not want to speak of some of the things i was able to find,
      i fear it may cause people to become cancer to the community

      id be extremely careful on using any addons that haven't been around awhile as they may run the script on you
      but you could always check the addon lua with the search function

      stay safe everyone, you cant even imagine how deep this rabbit hole goes...

      i do have a question for the buddy team if they care to comment

      1) does running HB bypass HW and security checks in some of the api code?
      2) if so then wouldn't it put hb users at a higher risk being exploited by code that requires HW input & security checks?

      such as forcing a player to accept the trade? (HW protected code)
       
      Last edited: Jul 27, 2016

    Share This Page