Forum Settings
       
Reply To Thread

Coin Lock Added to Stop Rift HackersFollow

#1 Mar 14 2011 at 11:59 AM Rating: Good
Avatar
**
777 posts
Interesting fix... I haven't heard of this type of fix before.

Quote:
We are aware that there are still issues with some of you being hacked. This is a top priority for us here at Trion and the team has been working to address the situation. As we posted last week, there have already been a number of updates put in place. We are also introducing another function that should make it into the game early this week.

Coin Lock

Users will be coin locked if they log in from a significantly different location. When their account is coin locked, they will be sent an email to the address that they have on their account (their login email) with a code to enter into the game.

Users will see the Coin Locked icon in the spot where their tutorial button shows up. Deactivating the tutorial tips will not turn off the Coin Locked button.

While in a Coin Locked status, users will have the following limitations:
• No access to the auction house
• No ability to SEND mail. Users can still receive and view mail as well as remove items from mail
• No ability to SELL to vendors. Users can still purchase items from vendors
• No ability to salvage, runebreak or destroy items
• No ability to trade
• Users can continue to play and gain coin and items, but cannot get rid of them.

If you are Coin Locked, simply click on the Coin Locked icon and enter the code found in your email from Trion.

If you log in and your account is coin locked, check your email! Someone may have logged in from another location with your account.

If you do not receive the email, please click on the Coin Locked icon and click the “Resend” button to have the email resent to you.

If you cannot access your email or you are otherwise unable to change your Coin Locked status, please contact Customer Service.

We’re also working on the addition of two-factor authentication at the login level, which will let you use an app or a cell phone as a way to ensure that you’re the one logging on. (You may have heard of this in other products as a SecurID or an Authenticator.) We’ll be sharing specifics on that as soon as we can as well.


Relevant link: Coin Lock Added to Rift to Stop Hackers
#2 Mar 14 2011 at 12:14 PM Rating: Good
***
3,272 posts
I wonder what significantly different location all entails.
____________________________

(V)(;,,;)(V) Why not Zoidberg?
#3 Mar 14 2011 at 12:35 PM Rating: Decent
**
272 posts
More than likely it will be a geoloc check for N+ miles away. (maybe 200 I'd say)

You can always check against theoretical distances like cross-border (state/prov and country) but that's really ineffective.
____________________________
Always check for black-on-black text.
#4 Mar 14 2011 at 2:53 PM Rating: Good
***
3,272 posts
The problem with geo location of wan ip addresses is people who tunnel services.

Mind you there is a pretty small number of people out there doing it, its just the fact the problem exists.
____________________________

(V)(;,,;)(V) Why not Zoidberg?
#5 Mar 14 2011 at 2:58 PM Rating: Good
*****
10,563 posts
That's why all you have to do is enter the passcode from your email in-game to reactivate it. Seems like a fine solution to me until they get an authenticator system running.
____________________________
◕ ‿‿ ◕
#6 Mar 14 2011 at 3:01 PM Rating: Decent
**
272 posts
The problem with using the internet at large is absolutely everything is spoofable and obfuscatable.

Heck, you can spoof and obfuscate GPS signal data traffic and shutdown bank atms and major airports these days.

It's always better to have something in place to catch most of it.
____________________________
Always check for black-on-black text.
#7 Mar 14 2011 at 3:04 PM Rating: Good
***
3,702 posts
SwiftAusterity wrote:
The problem with using the internet at large is absolutely everything is spoofable and obfuscatable.

Heck, you can spoof and obfuscate GPS signal data traffic and shutdown bank atms and major airports these days.

It's always better to have something in place to catch most of it.


Certainly true, however this fix would force malicious parties to have to put forth a LOT more effort to get someone's account. Keeping in mind too that when an account is compromised it generally has to be gutted in a very short period of time to avoid alerting the owner who can then get it locked down and re-secured.

It's a fascinating solution to the problem, one I've not heard of before frankly, and I'm really curious to see the success rate
____________________________
svlyons wrote:
If random outcomes aren't acceptable to you, then don't play with random people.
#8 Mar 14 2011 at 3:05 PM Rating: Excellent
Inkie in Disguise
*
239 posts
The only issue I see is this: If you're coin locked that means they have your login info, no? Which is your email...and they send the unlock code to that email. *poof* The offending party can unlock you.
____________________________
Creepy Girl Extraordinaire
#9 Mar 14 2011 at 3:08 PM Rating: Good
***
3,702 posts
Kaasha wrote:
The only issue I see is this: If you're coin locked that means they have your login info, no? Which is your email...and they send the unlock code to that email. *poof* The offending party can unlock you.


Possibly.. your email password would have to be the same as your Rift password.. who does that? Smiley: rolleyes
____________________________
svlyons wrote:
If random outcomes aren't acceptable to you, then don't play with random people.
#10 Mar 14 2011 at 3:09 PM Rating: Decent
**
272 posts
http://xkcd.com/792/

:)
____________________________
Always check for black-on-black text.
#11 Mar 14 2011 at 3:10 PM Rating: Good
Sage
***
1,440 posts
And on their notice about the Coin Lock system they advise you against using the same password for both Rift and your E-Mail.
____________________________
Final Fantasy XIV
~ Decoy Embra - Balmung
50MNK
Final Fantasy XI(retired) - CO - STO - Marvel Heroes - Rift
#12 Mar 14 2011 at 3:42 PM Rating: Decent
*****
11,576 posts
I think it's a big step in the right direction. It handles the issue of people logging in with IPs vastly different from what the legitimate account holder uses most frequently, but still leaves room for people who may be traveling and feel like logging in on the road.
#13 Mar 14 2011 at 3:46 PM Rating: Good
***
3,702 posts
As a general security point I'd recommend never duplicating your email password to any other service for this exact reason.

We all read the articles that say use a different password for EVERYTHING, but I find this to be highly impractical as the number of services I sign up for increases every year. So I have a pool of about half a dozen passwords that I use of varying strength, and then I have another one for my email
____________________________
svlyons wrote:
If random outcomes aren't acceptable to you, then don't play with random people.
#14 Mar 14 2011 at 3:58 PM Rating: Decent
**
272 posts
You could always write (or get) a keyring type application. I think there are some out there for android and iOS. I wrote one for my phone. I don't trust free apps that need network access ;)
____________________________
Always check for black-on-black text.
#15 Mar 15 2011 at 7:53 AM Rating: Good
Ghost in the Machine
Avatar
******
36,439 posts
Archmage Callinon wrote:
Kaasha wrote:
The only issue I see is this: If you're coin locked that means they have your login info, no? Which is your email...and they send the unlock code to that email. *poof* The offending party can unlock you.


Possibly.. your email password would have to be the same as your Rift password.. who does that? Smiley: rolleyes


Who remembers their passwords? Thank god for browsers that offer to store my passwords and automatically sign me in. Smiley: inlove

SwiftAusterity wrote:
You could always write (or get) a keyring type application. I think there are some out there for android and iOS. I wrote one for my phone. I don't trust free apps that need network access ;)


Smiley: tinfoilhat

Edited, Mar 15th 2011 3:54pm by Mazra
____________________________
Please "talk up" if your comprehension white-shifts. I will use simple-happy language-words to help you understand.
#16 Mar 15 2011 at 9:45 AM Rating: Decent
*
64 posts
i would say prob just a diffrent ISP would make the most sense.
#17 Mar 15 2011 at 10:31 AM Rating: Decent
**
272 posts
Naw, tinfoil hat is the fact that my keyring app startup on my phone requires me to enter a timestamp-encrypted code that gets sync-generated by one of the free WoW authenticator dongles I got at the 2008 Blizzcon that I reverse engineered to discover the algorithm for so I could use it for more than just my blizzard account.

I used to do corewars as a kid, I don't trust anything with a breadboard and a microchip in it ;)
____________________________
Always check for black-on-black text.
#18 Mar 15 2011 at 10:35 AM Rating: Good
***
3,272 posts
Quote:
Naw, tinfoil hat is the fact that my keyring app startup on my phone requires me to enter a timestamp-encrypted code that gets sync-generated by one of the free WoW authenticator dongles I got at the 2008 Blizzcon that I reverse engineered to discover the algorithm for so I could use it for more than just my blizzard account.


This is why authenticator protected accounts are able to be used for autologins with different bots for wow. I say, lets use the CRYPT function!

Timestamp rng isn't rng!
____________________________

(V)(;,,;)(V) Why not Zoidberg?
#19 Mar 15 2011 at 1:36 PM Rating: Good
Terrorfiend
*****
12,905 posts
#20 Mar 15 2011 at 2:11 PM Rating: Good
Ghost in the Machine
Avatar
******
36,439 posts
What KT said.
____________________________
Please "talk up" if your comprehension white-shifts. I will use simple-happy language-words to help you understand.
#21 Mar 15 2011 at 4:05 PM Rating: Default
8 posts
I see a problem with this though - if the hackers get your account info from visiting certain web addresses(such as mod sites and whatnot), they would already have your IP and could spoof it without having to know where you actually are. Or if they're using an advanced keylogger to steal your info it prob wouldn't be too hard for it to send your IP address to them too, and thats even assuming it wouldn't be obvious to begin with.
#22 Mar 15 2011 at 4:09 PM Rating: Good
***
3,702 posts
tounces wrote:
I see a problem with this though - if the hackers get your account info from visiting certain web addresses(such as mod sites and whatnot), they would already have your IP and could spoof it without having to know where you actually are. Or if they're using an advanced keylogger to steal your info it prob wouldn't be too hard for it to send your IP address to them too, and thats even assuming it wouldn't be obvious to begin with.


You're completely right.

That's why I said it would create more work for them to steal an account, because you're adding steps and adding preparation. We never said it would become impossible to steal an account with this system, anyone who knows anything about security knows that the worst assumption you can make is that you're entirely safe
____________________________
svlyons wrote:
If random outcomes aren't acceptable to you, then don't play with random people.
#23 Mar 15 2011 at 4:23 PM Rating: Default
8 posts
Considering how advanced the programs are that they use to steal things with(In WoW I think they can wipe out every item of value you have in like what, a minute?), I'm not even sure this would be a speed-bump for them.

I mean we're not fighting individuals here, we're fighting entire corporations designed simply to steal from people.

I'd be all for being able to manually lock your account so it cannot have items transfered off it though. It's not like I sell so often that I couldn't just disable it every few days or so and unload. Or even better, require an "approved" list for who your account is allowed to give/send items to that you manage through e-mail or something. It'd all be optional of course.
#24tounces, Posted: Mar 15 2011 at 5:44 PM, Rating: Sub-Default, (Expand Post) I would seem that Zam ITSELF is part of the problem, just got hacked after visiting this website.
#25 Mar 15 2011 at 6:04 PM Rating: Excellent
Avatar
***
1,330 posts
tounces wrote:
I would seem that Zam ITSELF is part of the problem, just got hacked after visiting this website.


Amazing! So you got hacked by Rift and Ibuypower advertisements?

#26tounces, Posted: Mar 15 2011 at 6:10 PM, Rating: Sub-Default, (Expand Post) Actually I would say most likely by the owners of the website. I got hacked right after I created an account. And I've heard this website is owned by IGE....which happens to be a gold-seller.
#27 Mar 15 2011 at 6:47 PM Rating: Good
11 posts
No, ZAM's parent company is a corporate shell which used to be a gold-seller, then diversified, then ditched the gold-selling business. The actual ZAM stuff is fansites that have always been fansites.

Quite simply: No matter how evil you think they may be, they're making more money off running legitimate fan sites. I don't remember how it happened, but I once saw an episode of Pokemon, in which the villains had an elaborate scheme that required them to disguise themselves as vendors. Their scheme failed but they made more money pretending to be vendors than they had ever made on their evil schemes. It's like that.

The problem with "I visited ZAM and then I got hacked" is the problem with "I ate bread only a few hours before I was mugged".
#28 Mar 15 2011 at 7:00 PM Rating: Excellent
tounces wrote:
Actually I would say most likely by the owners of the website. I got hacked right after I created an account. And I've heard this website is owned by IGE....which happens to be a gold-seller.

Edited, Mar 15th 2011 8:13pm by tounces


Uh, no. ZAM did not hack you, nor are we owned by IGE.
____________________________
XIV Campsite Wikibase - Community Built Camp List
[ffxivsig]400681[/ffxivsig]
#29 Mar 15 2011 at 7:28 PM Rating: Good
***
3,702 posts
tounces wrote:
Actually I would say most likely by the owners of the website. I got hacked right after I created an account. And I've heard this website is owned by IGE....which happens to be a gold-seller.

Edited, Mar 15th 2011 8:13pm by tounces


I sympathize with your situation but correlation does not necessarily equal causation.

I've had an account with Zam since 2004, in that time I've played half a dozen different MMOs, and I've never had a problem.

Oh and in case you're wondering if maybe they just don't attack people who pay them? I've only been a premium member for a little under 6 months
____________________________
svlyons wrote:
If random outcomes aren't acceptable to you, then don't play with random people.
#30tounces, Posted: Mar 15 2011 at 8:30 PM, Rating: Sub-Default, (Expand Post) Let me Reiterate -
#31 Mar 15 2011 at 9:01 PM Rating: Excellent
***
3,702 posts
So you logged into Rift.... and then created a Zam account.

You don't see an issue with the order of events here?

Once again, I'm not unsympathetic, I want that perfectly clear. However... Zam has been around for many many years in one form or another and literally hundreds of thousands, if not millions, of people use its various services every day.

I can only imagine the ad-based revenue that's generated from all of that, notwithstanding the people like me who directly give them money because we like the service so much (heck, I gave them money when I was excited about FFXIV... and boy was that a bomb, didn't see any reason to stop though). My point here is they simply don't NEED to steal things from people like yourself in order to make money.

I hope you've contacted Trion about this so they can at least start the rollback procedure on your account so you can get your stuff back.

Also I'm sure you realize this already but, a few basic security steps to help prevent things like this from happening in the future:

1: Never sign up for any service with the same password you use for your email
2: Never sign up for related services with matching passwords (in this case, game and website for same game)
3: Keep antivirus and antimalware software up to date
4: Keep OS patches up to date
5: Keep Flash up to date (this is actually the one most people don't think about, and it gets more people then you'd think)
6: Never never NEVER assume you're 100% safe. The only safe computer is the one that's not plugged in.
____________________________
svlyons wrote:
If random outcomes aren't acceptable to you, then don't play with random people.
#32 Mar 15 2011 at 9:44 PM Rating: Excellent
*
226 posts
You were not hacked because of this site. Additionally the only relationship we have to IGE was that we shared the same parent company until nearly 3 years ago, when IGE was sold.

Fun fact, even the people who made this site cannot see your password. It's encrypted immediately when created. The only thing we can do is reset your password.

People ultimately believe what we want. Currently this site is by far the biggest Rift site around (to the point you can combine every other Rift fansites traffic and it would about equal ours). It's very easy to point to the site as the source, because everyone uses it. We also have quite a few people who dislike the site either due to being competition, ex-employees, or people banned from our site that like to pitch in. Just last night an ex-employee of our EQ2 site who was let go due posted on the official forums about how we're owned by IGE. Four year long grudge. Kind of epic.

We're a business that has over 60 employees, our business model is advertising and premium services. We've been in business for over 10 years now, in one shape or another. Working with hackers/goldsellers in anyway, would be terrible for our business, and while it may lead to a short term profit boost, it would kill us in the long-term. Not something our investors (which include Goldman Sachs) would want.

I'm sorry you got hacked, but please, stop believing everything you read and think about the bigger picture.

-Drak
____________________________
Ryan "Draknorr" Bohmann
#33 Mar 15 2011 at 9:56 PM Rating: Default
8 posts
Well from researching other threads about this, the only other theory is that Trion worlds itself was compromised.

Zam is almost the -only- database on Rift right now. There's virtually no mod sites, no major fan sites out there right now.

And yet an extremely large number of people are being hacked, and a large amount reference this site.

So the question is, if it is not Zam itself involved, where -are- these hacks coming from? Advertisement script?

A crime is being committed, and the line-up is pretty small this time since Rift is very new. Trion doesn't want to take blame, Zam doesn't want to take blame, and while the customers themselves may be lax with security, the culprit still has to come from somewhere.

There's no doubt this is coming from Corporations and not individuals, considering the extent and scope of it.
#34 Mar 15 2011 at 10:10 PM Rating: Excellent
*
226 posts
One of two things IMO.

Most (80%+) are coming from WoW username/password databases. There are over 50 million WoW accounts that have been made. Over the years I have no doubt that hackers have collected at least 5% of those accounts. Remember that while authenticators exist, they don't prevent hackers from getting your username/password - they just don't let them get in.

Every game that comes out they take any username/password combos from prior games, in WoW's case, millions of combos, and try them on the new game. Unfortunately Rift also used email/password combo and on top of it, attracted a lot of WoW players.

The other 20%+ is the more basic ways. Keyloggers (I think this is less then 5%) and brute-force attacks (I think this is surprisingly high, but I have zero proof here).
____________________________
Ryan "Draknorr" Bohmann
#35 Mar 15 2011 at 10:20 PM Rating: Default
8 posts
Can't be the first one - different e-mail used for WoW, I was extremely secure with my WoW account for those reasons. Rift concerns were slightly less due to having very little of value in-game in the first place.

Second have already checked for. Also run Google chrome with Java turned off anyway.

Third...not sure how "Brute Force" attacks work.

I actually rather question the motives of hackers here. Hitting so early on in the game isn't very smart long-term, unless their goal was to destroy Rift before it gets off the ground like a competitor would do.

Fail on Trions part for not creating Authenticators -before- the game was released...
#36 Mar 15 2011 at 11:19 PM Rating: Excellent
Avatar
******
29,911 posts
As part of our alleged master plan to apperently hack all posters on this sites rift accounts using our leet invisable keylogger program, please note our comprehensive "how to keep your computer clean from all forms of malicious programs, and how to clean them if you do get infected" document...

http://rift.zam.com/forum.html?forum=25&mid=130025123118577481

Kaolian Drachensborn - helping all our site users remove and prevent hack jobs since June 2000.
____________________________
Arch Duke Kaolian Drachensborn, lvl 95 Ranger, Unrest Server
Tech support forum | FAQ (Support) | Mobile Zam: http://m.zam.com (Premium only)
Forum Rules
#37 Mar 16 2011 at 3:21 AM Rating: Decent
1 post
Hey Zam. When are they going to put this system in to work? Have any idea about that? I cant wait to log back on to the game sence they block my IP addy here in SKorea. LOL I'm stationed here with the Military.
#38 Mar 16 2011 at 5:39 AM Rating: Decent
**
272 posts
Brute Force simply means they discovered your login and attacked the login sequence with random strings until one worked. It's only the most common because it's the easiest to do. Normally they utilize a region language dictionary attack because just like in WWII even one time bingo cage crypt pads were crackable due to sociolinguistic theories.

It's also impossible that ads on any of the Zam sites (or any other site) installed keyloggers if you run with scripting fully turned off.

Granted there are still ways to get malware on your machine even if scripting is off in a modern browser. Only way to truly prevent it is to run in ip whitelist mode.
____________________________
Always check for black-on-black text.
#39 Mar 16 2011 at 8:05 AM Rating: Decent
**
526 posts
If you get unlocked then you know it was a keylogger. Unless they can bruteforce yahoo or
gmail or any of the other e-mail providers now which is doubtful at best.
#40 Mar 16 2011 at 8:08 AM Rating: Decent
**
526 posts
Draknorr wrote:
One of two things IMO.

Most (80%+) are coming from WoW username/password databases. There are over 50 million WoW accounts that have been made. Over the years I have no doubt that hackers have collected at least 5% of those accounts. Remember that while authenticators exist, they don't prevent hackers from getting your username/password - they just don't let them get in.

Every game that comes out they take any username/password combos from prior games, in WoW's case, millions of combos, and try them on the new game. Unfortunately Rift also used email/password combo and on top of it, attracted a lot of WoW players.

The other 20%+ is the more basic ways. Keyloggers (I think this is less then 5%) and brute-force attacks (I think this is surprisingly high, but I have zero proof here).


Basically this. Most of you guys had your e-mails/passwords leaked probably months ago. Notice those cool gold site spam e-mails you get? Yeah that means you are on a big list.
#41 Mar 16 2011 at 9:06 AM Rating: Good
*****
10,563 posts
Puremallace wrote:
If you get unlocked then you know it was a keylogger. Unless they can bruteforce yahoo or
gmail or any of the other e-mail providers now which is doubtful at best.


I'm not sure what you mean here. Are you referring to bruteforcing the email account name, or the password, or the providers themselves? I don't know about the last one, but the first two seem like they would be very possible, just a matter of time.
____________________________
◕ ‿‿ ◕
#42 Mar 16 2011 at 12:49 PM Rating: Decent
**
526 posts
Vataro wrote:
Puremallace wrote:
If you get unlocked then you know it was a keylogger. Unless they can bruteforce yahoo or
gmail or any of the other e-mail providers now which is doubtful at best.


I'm not sure what you mean here. Are you referring to bruteforcing the email account name, or the password, or the providers themselves? I don't know about the last one, but the first two seem like they would be very possible, just a matter of time.


I am saying after this system you will know for sure if it is a keylogger or not. If you are coin locked, then you know someone has your e-mail and password.

So bam change those fast. If you get coin locked again. uhohhh somewhere on your system you have a keylogger.

This system is practically a Chinese hacker/crackers nightmare because it lets you login, but you basically can not do anything and then I guarantee it reports your info to Trion for you to be banned.

I doubt they will even be able to use you to mail or spam trade chat. It just locks you down
until the real user gets around to logging on.
#43 Mar 16 2011 at 1:14 PM Rating: Good
*****
10,563 posts
Puremallace wrote:
Vataro wrote:
Puremallace wrote:
If you get unlocked then you know it was a keylogger. Unless they can bruteforce yahoo or
gmail or any of the other e-mail providers now which is doubtful at best.


I'm not sure what you mean here. Are you referring to bruteforcing the email account name, or the password, or the providers themselves? I don't know about the last one, but the first two seem like they would be very possible, just a matter of time.


I am saying after this system you will know for sure if it is a keylogger or not. If you are coin locked, then you know someone has your e-mail and password.

So bam change those fast. If you get coin locked again. uhohhh somewhere on your system you have a keylogger.

This system is practically a Chinese hacker/crackers nightmare because it lets you login, but you basically can not do anything and then I guarantee it reports your info to Trion for you to be banned.

I doubt they will even be able to use you to mail or spam trade chat. It just locks you down
until the real user gets around to logging on.


Ah, I see what you're saying. Is it really that difficult to bruteforce an email account password though? Especially if it's at all similar to the account password... You're right though in that if you catch it fast and change it and they still get in, then it's definitely a keylogger.
____________________________
◕ ‿‿ ◕
#44 Mar 16 2011 at 1:46 PM Rating: Decent
**
272 posts
Depends on the email client really.

Google's requires a mechanical turk solution (which Amazon gracefully provides at a cost) or some absurdly advanced image reading software. Granted, I can't even understand their stupid captchas manually never mind automatically. The obfuscated audio is also a bit of a boggle.

Yahoos and MS' are a bit easier.
____________________________
Always check for black-on-black text.
#45 Mar 17 2011 at 11:59 AM Rating: Good
Scholar
*
71 posts
I've been defending zam on trion's forums but sometimes it hard to get people to see reason when they obviously lack reading comprehension. There is a post on the Trion forums that clearly demonstrate that the support site that trion contracted transmits the login credentials over clear text with no encryption whatsoever.

I am of a mind that that is where the compromises are occurring.
#46 Mar 17 2011 at 12:04 PM Rating: Decent
**
272 posts
That would do it for sure.

I wont name names, but one of the largest consumer tracking vendors in the states sends creds over clear text as well. (I've had to work with their services before)
____________________________
Always check for black-on-black text.
#47 Mar 17 2011 at 1:29 PM Rating: Excellent
***
3,702 posts
thorrandTB wrote:
I've been defending zam on trion's forums but sometimes it hard to get people to see reason when they obviously lack reading comprehension. There is a post on the Trion forums that clearly demonstrate that the support site that trion contracted transmits the login credentials over clear text with no encryption whatsoever.

I am of a mind that that is where the compromises are occurring.


Wait wait wait wait..... wait............... wait

You're telling me that... wait

You're telling me that every time someone logs in to Trion's support site, it sends their login information in the clear, and this is causing accounts to become compromised.

Your words are strange and confusing.

That would mean there's no evil corporation to blame for this except the one that made an actual mistake? That just defeats the entire point of the internet sir, and I think you should be ashamed of yourself for injecting logic into a problem
____________________________
svlyons wrote:
If random outcomes aren't acceptable to you, then don't play with random people.
#48 Mar 18 2011 at 6:42 AM Rating: Decent
6 posts
Gmail (Google Email) can be hacked, I just had that happen to me about a month ago. Luckily I know better than to keep similar passwords, and my WoW account was left untouched.
Reply To Thread

Colors Smileys Quote OriginalQuote Checked Help

 

Recent Visitors: 23 All times are in CDT
Anonymous Guests (23)