Jump to content
Frequently Asked Questions
  • Are you not able to open the client? Try following our getting started guide
  • Still not working? Try downloading and running JarFix
  • Help! My bot doesn't do anything! Enable fresh start in client settings and restart the client
  • How to purchase with PayPal/OSRS/Crypto gold? You can purchase vouchers from other users
  • DBlauncher is compromised


    Car2oonz

    Recommended Posts

    Hello Community,

    I figured I would write this post as a way to introduce a potential issue with the DBlauncher client. I woke up this morning to boot up my script, but unfortunately noticed my character was in a different spot and my items were gone. I realized my account security was compromised and I was 'hacked'. I'm fairly computer savvy, and don't click on any fake ads, fake BS, weird guides online. I stick to consuming any RS-oriented content via you-tube. I don't explore account buying or gold buying websites. 

    The thing that I do use, quite frequently as a matter of fact, is DBlauncher to use scripts. I currently run two different highly rated scripts on my account, despite an inherent risk, I felt fairly confident that my account would remain secure.

    I dont know how else I could have possibly been targeted by a 'hacker' other than my account being introduced to my profile via the DBlauncher client. My account is fairly new, low skills etc,  which is why I don't understand how it was compromised, how a password was obtained - if not because the DBlaunchers security is compromised.

    I am not sure if the Dreambot Staff are currently aware that a problem with the client security might exist, but i am hoping this post can shed some light on a potential issue, or maybe draw attention to an issue that I see fairly frequently on the forum. I love using this product, and engaging with a scripting community, but I want to feel like all facets of my account are secure, including my dreambot interactions. 

    Note: I know that many posts like this have been met with comments such as "You lost your account due to your own neglegence" - but if that's the case, it would be helpful to know how accounts are compromised, as the only 'alternative play'  or 'sketchy behavior' that i'm engaging in is the Dreambot service, which by process of elimination prompts me to think that the lack of security is the reason for this dilemma. 

     

     

    Link to comment
    Share on other sites

    Dreambot does not store or send your login information of your account, the only time its stored is locally when you add accounts to the account manager, its possible a private script might have done this, but all scripts that are on the SDN are screened and reviewed for this type of thing for a reason, Dreambot did not hack your account or gave you login details away, its possible it could have been a friend or it was just unlucky bruteforce. 100% not Dreambot's doing.

    Link to comment
    Share on other sites

    1.) always use an authenticator when available, you are stupid if you dont

    2.) use a password manager so every password on each website and for every account is unique

    3.) Scripts on DreamBot are uploaded as source, meaning the developers have the ability to look at what exactly is going on in every script before it is compiled and available to the end-user (you). Doing this ensures there are no class droppers or malicious key logging.

    4.) "I stick to consuming any RS-oriented content via you-tube." some of the most sketchy shit i've ever encoutered is on youtube - good old "OSRS IS MAKING THIS CHANGE;GO TO THE FORUM NOW TO VOTE AGAINST IT!!" or enter a "giveaway by answering these questions" then proceeds to ask you the exact questions needed for recovery or the millions of runescape private servers that are keyloggers.

    5.) any other questions about opsec and how you failed at it?

    Link to comment
    Share on other sites

    2 minutes ago, falloutr said:

    1.) always use an authenticator when available, you are stupid if you dont

    2.) use a password manager so every password on each website and for every account is unique

    3.) Scripts on DreamBot are uploaded as source, meaning the developers have the ability to look at what exactly is going on in every script before it is compiled and available to the end-user (you). Doing this ensures there are no class droppers or malicious key logging.

    4.) "I stick to consuming any RS-oriented content via you-tube." some of the most sketchy shit i've ever encoutered is on youtube - good old "OSRS IS MAKING THIS CHANGE;GO TO THE FORUM NOW TO VOTE AGAINST IT!!" or enter a "giveaway by answering these questions" then proceeds to ask you the exact questions needed for recovery or the millions of runescape private servers that are keyloggers.

    5.) any other questions about opsec and how you failed at it?

    OPSEC??? U prior mil bro?

    Link to comment
    Share on other sites

    When was the last time you changed your password? 

    Do you frequent any sites that you use the same credentials or similar credentials to the ones that you play Runescape with?

    Database leaks happen all the time...

    Link to comment
    Share on other sites

    2 hours ago, falloutr said:

    1.) always use an authenticator when available, you are stupid if you dont

    2.) use a password manager so every password on each website and for every account is unique

    3.) Scripts on DreamBot are uploaded as source, meaning the developers have the ability to look at what exactly is going on in every script before it is compiled and available to the end-user (you). Doing this ensures there are no class droppers or malicious key logging.

    4.) "I stick to consuming any RS-oriented content via you-tube." some of the most sketchy shit i've ever encoutered is on youtube - good old "OSRS IS MAKING THIS CHANGE;GO TO THE FORUM NOW TO VOTE AGAINST IT!!" or enter a "giveaway by answering these questions" then proceeds to ask you the exact questions needed for recovery or the millions of runescape private servers that are keyloggers.

    5.) any other questions about opsec and how you failed at it?

    I don't care about any forum related garbage on youtube, only guides by some popular youtubers. No giveaways, no nothing.

    I'm only pointing out an issue that seemingly occurs often. If you type into google "Dreambot Hacks" You will see a plethora of posts that report similar issues. I don't think my particular script is the issue, and I do acknowledge the possibility of people being stupid with their information, therefore having nothing to do with Dreambot.

    My experience with dreambot has been great so far, other than this breach of security, which leads me to believe they most likely arent the issue, but the lack of other explanations is why I post here in the first place. Just trying to get to the bottom of this. 

     

     

     

     

    Link to comment
    Share on other sites

    16 minutes ago, Koschei said:

    When was the last time you changed your password? 

    Do you frequent any sites that you use the same credentials or similar credentials to the ones that you play Runescape with?

    Database leaks happen all the time...

    Password was changed prior to downloading dreambot client. Very possible that this is a database leak from another website, but from which company? seems unlikely because Its only my RS account that is compromised. 

    Link to comment
    Share on other sites

    Sorry to hear that your account got hacked.

    As has been pointed out, Dreambot does not send your account information anywhere. It stays locally to your PC, and your PC only. If you had sent any Dreambot files (under botdata) to other people, then there's probably a chance they could get something from that.

    If you use a dedi, or if your PC is available to be accessed by someone that is not you, then your account information would be at risk to them. The DBLauncher, even if it were to be hacked (it isn't) would still also not be able to access your account information.

    If you use local scripts, they *CAN* definitely get your account information through various calls in the client. This is why it's suggested to use SDN scripts instead, as they're verified before uploaded or compiled.

    If you'd like to be extra sure, you're free to send me the names of the scripts you used and I'll go back through their code tonight. I can assure you that there won't be anything malicious in the scripts, though.

    Like others have also suggested, I'd recommend you go through and change passwords to everything else as well, just in case you somehow did get compromised, or a database somewhere was leaked. Changing passwords is something you should try to do regularly, and you should definitely not reuse passwords.

    Link to comment
    Share on other sites

    Archived

    This topic is now archived and is closed to further replies.

    ×
    ×
    • Create New...

    Important Information

    We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.