Just so you guys know, we occasionally twitter beta keys...

" Centaur31 wrote: Twitter page has a pic of Closed Beta DVD for PAX. Will you have your own stand at PAX, or are you guests on someone else's stand? And what about Gamescom in Germany? Will you be there too?

We will have our own stand at PAX. Unfortunately we can't make it to Gamescom :(

" Bulkathos wrote:
also ,can we expect CB start at 10-15 august ?

Hopefully!

Updated July 9th, 2012!Some companies say that they'll post new trailers/screenshots/announcements when they get some certain number of Likes on their FaceBook page. We'd rather post things as soon as we can and rely on the community to follow us on social networks if they want to.Having said that, we'd really like you to follow us on the following services, if you use them. Please tell your friends, as well :)Twitter: We frequently post small bits of wisdom to Twitter that only get mentioned on the forums in passing (it'd be weird to start a whole new thread to repeat one funny thing heard in the office). Service updates (patches, downtime, etc) are generally posted on Twitter as they happen. We also occasionally answer questions about the game on Twitter.Facebook: I'm one of the few people in the world who don't actually have a personal Facebook account, but I hear that our Facebook page is super awesome and we're going to run more cool competitions and other awesomesauce.Reddit: ... Read more

The people who were compromising the majority of the accounts have:
a) A botnet with at least 270,000 IPs we've seen so far.
b) A list with over 5 million email addresses and passwords, almost all of which are not people who have ever heard of Path of Exile.They try the passwords on our website and are IP banned pretty quickly, which is when they change IP.This email and password list has not come from us. It contains users from many other web services and is probably a concatenation of stolen lists from dozens of sites and games. They are trying it against Path of Exile because it gives them free accounts if they do stumble in to any. This is why it's important to use a unique password. I'm not saying every compromised account came from their use of this list, but it's certainly the bulk of them.Since we deployed the security patch in 0.10.1d, the rate of account compromise dropped off almost completely because they have no way to log into an account from a different location.There is ... Read more

" MonstaMunch wrote:

" darkro90 wrote: Just tested and found that the PoE doesn't prevent re-entry of password should a user entered the wrong password 3 or mote times.

I guess we now know what's the exploit is. Brute-forcing is never been this easier before.

Just tested and confirmed. JtR would have a field day with this :|

We do lock out accounts for multiple incorrect password attempts! The threshold is higher than 3 though, because users often legitimately take quite a few attempts to get their password right. There's no way they can effectively brute-force passwords in an online manner, and we'd be able to see that in our access logs.

" oBLACKIECHANo wrote: Chris, did you not say before that you track every item? Would it not be very simple to delete ...

Read more

" Dreggon wrote:

" Chris wrote: After a lot of investigation, I worked out that it was the same password I used for my bitcoin account at Mtgox. Their entire site had been hacked the year before, revealing all the passwords. I managed to find the mtgox leaked password list, and sure enough, mine was on it.

Can you tell me/us how you did this?

It was indexed by google.Before I worked out where they got my password I was 100% convinced that it wasn't my fault. Then 100% convinced that it was :-(

" Hotcooler wrote: Chris

You're mostly talking about items, and I can sort of understand why you cant restore them (though I bet you will be able to trace all the transactions in the future (since I bet you have logs, just no tools to automate parsing them for this s...

Read more

Another thing to consider is that attackers can purchase bulk lists of leaked passwords from various services that have been hacked before. It'd make sense for them to go through those lists of email/password combinations to see which ones correspond to valid Path of Exile accounts.True story time:
One day last year, I was playing Diablo 3 and I got kicked off my account because someone logged into it. I logged back in and changed the password, interrupting the theft of whatever bad items my D3 character had. I knew that I had never run any malware or clicked any bad links, but yet they had my password. After a lot of investigation, I worked out that it was the same password I used for my bitcoin account at Mtgox. Their entire site had been hacked the year before, revealing all the passwords. I managed to find the mtgox leaked password list, and sure enough, mine was on it. I obviously changed all my passwords in response to this and there were never any other problems. This is exactly... Read more

A couple of weeks ago I posted here explaining the common ways that users are having their passwords compromised by attackers.We're now seeing an increase in the rate at which the attackers are stripping these accounts of their valuable items. As soon as we had the realm stability issues sorted out, we started work on new account security measures that should make it difficult for attackers to use stolen passwords to access your accounts.I want to be completely clear - our security has not been breached. If our database had been compromised, the accounts that attackers would target first would be the most wealthy players, the high profile streamers or the developers. Imagine how much it'd be worth to compromise my account? Kripparrian's? The top people on the ladder? These people have not lost their passwords. There has been a 0% rate of developer accounts being accessed by overseas IPs. The accounts that are being targeted are generally mid-low playing accounts, typically associated ... Read more

" Boem wrote: is there anybody on this forrum that knows, if my provider gives me a new ip adress durring a PoE session wil i get kicked because of the new anti hack protection in place?
i noticed this afternoon i got a new adress and i was kicked and had to get a delock key from my e-mail adress. If this is the case a lot of people wil be unesecarly allarmed i think, because they would assume they were hacked while in fact they just got a new ip adress and poe misttakes it for a hack attempt and asks for a delock key....(also if poe autokicks when ure provider gives u a new ip adress a lot of people in HC mode are about to die in an awfull mather....myself included, i fear for this know o.O )

If your ISP changes your IP, that will disconnect you from everything on the internet. This isn't related to PoE. Read more

In any online game with an economy, in-game items have value. These items are often sold on external real-money trading sites, and we’re doing what we can to stop these affecting Path of Exile. We're attacking their spam and the way that they get items to sell.Unfortunately, one of the ways these shops obtain items is by stealing them from other Path of Exile players. We have received several reports of people losing items, and we can see from our logs that these end up on accounts (generally accessed by Chinese IPs) that are used to supply RMT item sites.After several days of painstakingly investigating these cases, we've identified quite a few ways that players are having their passwords stolen. I'd like to go through them one by one and explain how players can keep themselves safe and what we can do on our end to make these attacks more difficult.I should stress that these problems are common to most online games and that they're problems that players can prevent with good internet... Read more

Tool-assisted Pantheon Mod Farming

In this post I want to discuss an illegal third-party program which allows players to see what Pantheon Archnemesis Mods are preloaded in a map, in order to farm the valuable ones. This has been a hot topic in the community and there is a lot of misunderstanding related to it. I will describe the mitigations we took proactively during implementation and a hotfix that we made today that solves the issue entirely.The short explanation is that we had already considered and mostly mitigated this exploit when we implemented Archnemesis mods, so it wasn't of much value to take advantage of, but we have now completely eliminated it.Here's the longer explanation, if you're interested in technical details:
Some Archnemesis modifiers are more valuable than others because they perform drop conversion (for example, converting all the drops to currency items). These modifiers are the ones attached to Pantheon mods, and hence have quite large visual ... Read more

What Happened with Items

Lake of Kalandra saw a number of balance changes that were not properly communicated before release. After a week of addressing feedback with hotfixes, we have written this post to explain what our intention was, what went wrong, how we have fixed it, and to reassure you about the direction we intend to go in the future.There's a bit of backstory to explain. I want to start by describing three philosophies that have been guiding our decisions recently:

Philosophy One: Reward mechanisms should scale properly with Item Quantity and Rarity bonuses

For the last few years, we have been using what we internally call item templates to control what drops from league content. This is where a monster (often with a reward symbol over its head) drops a specific type of item when it is killed.But Path of Exile is a game about opting-in to more difficulty in exchange for more rewards. You can roll your maps to be harder or add sextants to them. You can play wi... Read more

Nerfing Defensive Archnemesis Modifiers

In a patch in the next day or so, we will be reducing the impact of a lot of defensive Archnemesis Modifiers. This post explains why and lists a preliminary version of the changes.Archnemesis modifiers are meant to make combat more challenging. Even more so when two synergistic mods stack together to create an especially dangerous emergent behaviour. However, this philosophy is mostly meant to apply to offensive mods, rather than defensive ones.We want defensive modifiers to exist, and these implicitly make rare monsters harder for certain builds to kill. However, we absolutely agree that it's frustrating when multiple similar mods stack together and extend the length of the fight exponentially. A build affected by this has no way to get around the mods, other than enduring a long fight or running away from the monster.We have nerfed many defensive modifiers. Our primary goal is so that when two similar defensive modifiers stack t... Read more

Nerfing Defensive Archnemesis Modifiers

In a patch in the next day or so, we will be reducing the impact of a lot of defensive Archnemesis Modifiers. This post explains why and lists a preliminary version of the changes.Archnemesis modifiers are meant to make combat more challenging. Even more so when two synergistic mods stack together to create an especially dangerous emergent behaviour. However, this philosophy is mostly meant to apply to offensive mods, rather than defensive ones.We want defensive modifiers to exist, and these implicitly make rare monsters harder for certain builds to kill. However, we absolutely agree that it's frustrating when multiple similar mods stack together and extend the length of the fight exponentially. A build affected by this has no way to get around the mods, other than enduring a long fight or running away from the monster.We have nerfed many defensive modifiers. Our primary goal is so that when two similar defensive modifiers stack t... Read more

Improvements to Item Drops

We will deploy a patch soon that significantly improves item drops throughout Path of Exile. This post broadly describes the major changes. Detailed patch notes will be posted later.We have massively increased the rarity bonus for items dropped by monsters with multiple Archnemesis mods. This is proportional to difficulty, so there's a moderate improvement for two mods, a large improvement for three mods and a huge improvement for four mods.We have massively increased the rarity of items dropped by Map Bosses. They now act like late Act Bosses, dropping fewer normal and magic items but many more rare and unique items.We have globally increased the drop rate of unique items by 33%. In addition, with the massive item rarity bonuses added to map bosses and multiple-mod rare monsters, they will drop many more uniques than before. We have globally increased the base drop rate of currency items by 25%. Because we removed some drops from past league ... Read more

Improvements to Item Drops

We will deploy a patch soon that significantly improves item drops throughout Path of Exile. This post broadly describes the major changes. Detailed patch notes will be posted later.We have massively increased the rarity bonus for items dropped by monsters with multiple Archnemesis mods. This is proportional to difficulty, so there's a moderate improvement for two mods, a large improvement for three mods and a huge improvement for four mods.We have massively increased the rarity of items dropped by Map Bosses. They now act like late Act Bosses, dropping fewer normal and magic items but many more rare and unique items.We have globally increased the drop rate of unique items by 33%. In addition, with the massive item rarity bonuses added to map bosses and multiple-mod rare monsters, they will drop many more uniques than before. We have globally increased the base drop rate of currency items by 25%. Because we removed some drops from past league ... Read more

What's Next for Archnemesis Modifiers

So far we have numerically reduced their difficulty and have reduced the quantity that spawn on rare monsters. There are two more areas of feedback that we'd like to address.

Specific Mods (and how they affect certain builds)

So there are a few things we're doing here.Firstly, we have prepared a list of what all the mods actually do. While we usually try to have a sense of exploration with new content, we're seeing a lot of misunderstanding about how certain mods affect specific builds and feedback that players would like more clarity about them. For example, the Mana Siphoner mod doesn't affect melee characters as much as some players think, as it has a donut-shaped area of effect. If you get close enough, it doesn't apply to you. We can understand that this is unclear without an explanation. The full list of mods is at the bottom of this post.Secondly, we're doing a full pass through all the mods, taking into account feedback we ha... Read more

What's Next for Archnemesis Modifiers

So far we have numerically reduced their difficulty and have reduced the quantity that spawn on rare monsters. There are two more areas of feedback that we'd like to address.

Specific Mods (and how they affect certain builds)

So there are a few things we're doing here.Firstly, we have prepared a list of what all the mods actually do. While we usually try to have a sense of exploration with new content, we're seeing a lot of misunderstanding about how certain mods affect specific builds and feedback that players would like more clarity about them. For example, the Mana Siphoner mod doesn't affect melee characters as much as some players think, as it has a donut-shaped area of effect. If you get close enough, it doesn't apply to you. We can understand that this is unclear without an explanation. The full list of mods is at the bottom of this post.Secondly, we're doing a full pass through all the mods, taking into account feedback we ha... Read more

Archnemesis Rare Changes (Part 2)

After making some numerical balance changes yesterday, we are now making a functional change to how Archnemesis Modifiers spawn on rare monsters. Previously, rare monsters you encountered generally had two Archnemesis mods, but could spawn with as many as three or four. Now, they will default to one modifier, with a chance of having two or three. Update: This patch has been deployed as a serverside hotfix.Archnemesis mods are designed so that certain pairs are very challenging to overcome. And we are generally pretty happy with the difficulty of those particular encounters if they occur infrequently. However, modern Path of Exile is pretty liberal with spawning rare monsters, and with a default of two modifiers each, these intense encounters were occurring far too often.With this change to a default of one modifier, the complexity and difficulty of rare monster fights will be lower. You'll still occasionally encounter modifiers that pro... Read more