HHmmmm... Just been checking my firewall logs, and all day long ubi Ubisoft entertainment have been port scanning me. What gives?

http://i86.photobucket.com/albums/k115/rollaphat1/NewBitmapImage.jpg
<a small sample>

I've not been playing any ubi games today, although I have made a couple of visits to the forum, but I'm reading around 5-20 access attempts every second. This traffic is an unwanted annoyance. What are you up to Ubi?

Cease and Desist... Otherwise you might find yourself in a sticky situation http://forums.ubi.com/images/smilies/winky.gif

Did a quick search and found this:
http://www.spywareinfoforum.com/lofiversion/index.php/t78620.html

There are many posts on this issue and it appears to be a normal practice with Ubisoft and is included in their EULA.

Sneeky!!

Holy <span class="ev_code_GREEN">*edit*</span> ... So Ubisoft are like the official spyware vendors of the video games industry then? Luvverly... trouble is this is happening when I'm not playing a game, and as you can see from the section of the log above, they are systematically scanning each and every port, one after another (trying to find a way in?)

The only time I've ever seen this much activity is during atacks by script kiddies and amateur hackers...

I tell you what Ubi, you tell me what the <span class="ev_code_GREEN">*edit*</span> you want, and I'll tell you if I can help or not. OK?

<span class="ev_code_GREEN">Please allow the forum to censor for you. Thanks http://forums.ubi.com/groupee_common/emoticons/icon_smile.gif</span>

This is why UBI is even blocked on my firewall. I don't play online and they have no business on my PC and I don't care whether that is legal or not http://forums.ubi.com/images/smilies/16x16_smiley-wink.gif.

But seriously though, anybody can hack me since I only use the default windows firewall, good luck to them if they find my porn, perhaps that will help with the stress they seem to be suffering and then, they can get back to work on fixing this damn game!!! http://forums.ubi.com/images/smilies/16x16_smiley-very-happy.gif

UBISoft to costumer...

http://forums.ubi.com/images/smilies/784.gif Knock , knock http://forums.ubi.com/images/smilies/halo.gif

E = <span class="ev_code_RED">Engage</span>
U = <span class="ev_code_RED">Under</span>
L = <span class="ev_code_RED">Low</span>
A = <span class="ev_code_RED">Acknowledge</span>

http://forums.ubi.com/images/smilies/10.gif


<span class="ev_code_YELLOW">=================</span>


j.k. http://forums.ubi.com/images/smilies/16x16_smiley-wink.gif



cheerios
http://forums.ubi.com/images/smilies/typing.gif

Originally posted by Want2Snipe:
But seriously though, anybody can hack me since I only use the default windows firewall, good luck to them if they find my porn, perhaps that will help with the stress they seem to be suffering and then, they can get back to work on fixing this damn game!!! http://forums.ubi.com/images/smilies/16x16_smiley-very-happy.gif

http://forums.ubi.com/images/smilies/88.gif

As to the original post, I will pass this on and hopefully you will get an answer! http://forums.ubi.com/groupee_common/emoticons/icon_smile.gif

Yer... hopefully...

It's been quiet since yesterday... Have they given up? I doubt it, they've just gone home for the weekend... Or maybe they've already compromised me, let's face it, it wouldn't be that difficult, they already know which ports I have open for playing the game, but then WHY bother port scanning me in the first place???

It's none of Ubi's business what other ports I have open.

Still no answer ??



mmmm http://forums.ubi.com/groupee_common/emoticons/icon_rolleyes.gif no good, no good .



Invading Privacy Ubisoft ?



cheerios
http://forums.ubi.com/images/smilies/typing.gif

Sure enough early hours of Tuesday morning it started again... lasted a couple of hours then stopped again... There was so much network activity coming from ubisoft that it slowed down video streaming... Obviously I'm getting rather peeved atm... http://forums.ubi.com/groupee_common/emoticons/icon_mad.gif

WOW !!!!


Still NO ANSWER !!!


funkymunky80 you better start worrying about http://forums.ubi.com/groupee_common/emoticons/icon_biggrin.gif they're running.... http://forums.ubi.com/images/smilies/16x16_smiley-wink.gif
(block them and reverse it) , right Ubisoft as you do to the costumer base.


But you know.... they can run but , they can't hide <span class="ev_code_YELLOW">The TRUTH !!</span>



They just been caught... again But this time is for REAL .
http://forums.ubi.com/images/smilies/784.gif



cheerios
http://forums.ubi.com/images/smilies/typing.gif

Well Ubi... So far you've caused over 200Mb in firewall logs, and it's not just my PC you're doing it to is it?

My girlfriends computer's getting similar hits, and she doesn't even have any ubisoft games installed!!!

My mates PC started getting port scanned by ubi, and he was only connected to my network for a LAN on UT3 for about an hour. His firewall logs registered over 2000 thousand hits from ubi in that 1 hour.

Your unwanted/unwelcome/possibly illegal activities are slowing down my internet connection. This is NOT acceptable. I suggest you fix the problem before this has to go any further.

ok, this has got me more curious now and a bit concern since I only use the Windows XP firewall. Can you tell me how to check my firewall logs so I can see if these good gentleman are hitting on me as well... don't they know that I am already married? http://forums.ubi.com/images/smilies/16x16_smiley-wink.gif

Maybe they are scanning peoples conputers so they can learn how to develop a game properly!! http://forums.ubi.com/images/smilies/disagree.gif

I wonder if any Federal agency would be interested in investigating??

Err... dunno how to check XP firewall logs http://forums.ubi.com/images/smilies/blush.gif

Things that might help though:

You can set your router to keep a log of all activity that goes through it.

Most third party firewall apps have an option to create logs.

IP filter software can also be used alongside a firewall for enhanced security. This should also create logs of every connection made.

Proxies can be setup to increase security.

Damn, I forgot I am behind a router that has logs... I'll check them out tonight when I get home.

Hoefully, I'll know how to find them http://forums.ubi.com/images/smilies/16x16_smiley-sad.gif http://forums.ubi.com/images/smilies/16x16_smiley-very-happy.gif

I can't find a way to check logs on Windows OneCare firewall, but I doubt they can hit me at school since most of the ports at our college are blocked.(gaming-related ones, at least)

curious... am i the only one that thinks that it's not Ubisoft that is portscanning him... but HIM trying to connect out?

i mean, HE'S the source, not the destination.

OK, but why would I be trying to connect out to Ubi? And blocking it?

Why would I be trying all my ports? I know what's open.

And no it's not spyware, I thought that maybe ubi had infected me with something, and that was what was trying to create the connection, but it's happening on all 3 PC's on my network. Including one that has no ubisoft software installed, it doesn't even have windows installed, it's Linux (Mandriva).

Another thing to point out; I was that convinced that my system had been compromsed that I physically removed all hard drives except a spare, which I formatted, and installed windows on. With no other software apart from my security apps, it took less than 2 hours for the port scanning to start again.

The attacks are happening on my PC regardless of what OS I boot into, XP, Vista, or Linux (Ubuntu).

And it's the 25 of May of 2008

and NO OFFICIAL RESPONSE TO THIS.

Someone outside this OFFICIAL FORUMS OF UBISOFT it's already VERY interested in see what's going on with this "Invasion of Privacy" and would be very happy to deal OFFICIALLY with it. http://forums.ubi.com/images/smilies/784.gif

Is not on our hands http://forums.ubi.com/images/smilies/halo.gif they Monitoring this forums so....

One Mod. answer to our post in the RSV2 forums here:

http://forums.ubi.com/eve/forums/a/tpc/f/1991064316/m/4281082166

saying that he was going to see what can it been done.

So far.... http://forums.ubi.com/groupee_common/emoticons/icon_rolleyes.gif


Since the 15 of May 2008, this is an Important issue, concerns the costumer base, so...

Are you really on to NO GOOD UBISOFT ?!! http://forums.ubi.com/images/smilies/784.gif



cheerios
http://forums.ubi.com/images/smilies/typing.gif

NightMares, we brought it up to the people we could bring it up to. We have done all we can really do...

Could it possibly be HTTP service for the ads and stuff that you get ingame? Maybe one of the ads has been infected with malicious code that's locked on to my IP?

(Guessing BTW)

What's the betting that ubisoft use Norton? http://forums.ubi.com/images/smilies/53.gif

First off, those are Checkpoint logs... Are you usint R6V2 at the office?

Secondly, this is not Ubisoft scanning you, this is you accessing their website. It's normal that your source port changes all the time like that, and it's sequential. That's perfectly normal. When a browser accesses a website, it'll use a lot more than 1 socket and that's what you see in your logs I think.

I've done a lot of checkpoint support and I'm pretty sure this is just your browser accessing the website or the forum site.

Oh, and those connections are probably allowed too because the destination port is 80. So NO, this is not Ubisoft portscanning you, this is you accessing their website.

If the 0.2 is not your workstation's IP address, perhaps it's a proxy server. I do tech support for a proxy company and it's quite common for a proxy to open a lot of ports like that to agressively pre-fetch the content of a website.

One thing i'm sure of, it's that THEY are not scanning YOU.

Originally posted by funkmunky80:
Well Ubi... So far you've caused over 200Mb in firewall logs, and it's not just my PC you're doing it to is it?

My girlfriends computer's getting similar hits, and she doesn't even have any ubisoft games installed!!!

My mates PC started getting port scanned by ubi, and he was only connected to my network for a LAN on UT3 for about an hour. His firewall logs registered over 2000 thousand hits from ubi in that 1 hour.

Your unwanted/unwelcome/possibly illegal activities are slowing down my internet connection. This is NOT acceptable. I suggest you fix the problem before this has to go any further.

I think if you check the EULA that it is UBI checking to see that game you are using s not installed on other machines.....ya know that DRM Millinium act that passed some years ago. Spark one up chief and read that user end agreement one more time.

Originally posted by Equinox45:
First off, those are Checkpoint logs... Are you usint R6V2 at the office?

<span class="ev_code_RED">NO. They're not checkpoint logs, They're PG2 logs. This is my home network. I don't play RSV2, I uninstalled it after I completed story mode on realistic in less than a day.</span>

Secondly, this is not Ubisoft scanning you, this is you accessing their website.

<span class="ev_code_RED">So why do I get a couple of hundred hits every minute that my PC is on, when I'm not connecting to their website? Either to view forums or play the game? This activity is going on all day long, and is happening to every computer on my network.</span>

It's normal that your source port changes all the time like that, and it's sequential. That's perfectly normal. When a browser accesses a website, it'll use a lot more than 1 socket and that's what you see in your logs I think.

<span class="ev_code_RED">Can you explain why it's doing it when I don't have a browser open?</span>

I've done a lot of checkpoint support and I'm pretty sure this is just your browser accessing the website or the forum site.

<span class="ev_code_RED">OK, if that's the case explain why it goes on all day long?</span>

Oh, and those connections are probably allowed too because the destination port is 80. So NO, this is not Ubisoft portscanning you, this is you accessing their website.

<span class="ev_code_RED">Again, I have to point out; No it's not. This activity starts as soon as any of the PC's on my network is turned on.</span>

If the 0.2 is not your workstation's IP address, perhaps it's a proxy server. I do tech support for a proxy company and it's quite common for a proxy to open a lot of ports like that to agressively pre-fetch the content of a website.

<span class="ev_code_RED">I don't use proxy server.</span>

One thing i'm sure of, it's that THEY are not scanning YOU.

<span class="ev_code_RED">Well I'm glad you think so. IMO though, something fishy is going on when I see the exact same activity on my Linux server, a computer I only use as a home file server. It has nothing to do with ubisoft - ever. In fact it's rarely even allowed access to the internet.</span>




Originally posted by takajim:

I think if you check the EULA that it is UBI checking to see that game you are using s not installed on other machines.....ya know that DRM Millinium act that passed some years ago. Spark one up chief and read that user end agreement one more time.

<span class="ev_code_red"> I'm fairly certain it doesn't give them the right to cause so much network activity that I can't even watch video streams (And I'm on a reasonably fast connection, up to 24mb down (realistically I get around 9/10mb), with a 1.4mb upload. I'm also pretty sure that it doesn't give them the right to assault other machines that have no ubisoft software installed. But as you suggest, I'll roll myself a phat philly blunt and have a look. If that's the case I WILL be boycotting Ubi in the future, I don't want this sort of unwelcome poking around on my network, it's a sh*tty pain in the backside
</span>

Think the guys still don't get it straight.

Read very close.

This Privacy Policy applies only to personal information collected on the websites where this Privacy Policy is posted, and does not apply to any other information collected by Ubisoft through any other means.

Does this mean that the information being sent from your computer is not covered under the EULA?

I get more technical and use a packet sniffer (Wireshark) to find out exactly is being sent by h5_game.exe (and/or the associated UbiStats.dll). The is data encrypted with OpenSSL so all I see is binary jibberish. Here are the results (or txt results). SendStats.exe runs only during game installation or when you install the Heroes 1.1 patch.
That is the story so far. Sounds paranoid, but as you can see below there are many unanswered questions. If enough people ask Ubisoft what is going on, then maybe they will answer us.

What to Do:
Post your comments on the Ubisoft Forum
E-Mail Ubisoft (List of contacts by country)
Contact Ubisoft Support
Translate this post
Spread the word
Get a free software firewall

Questions:
This is not covered by the EULA. Does that make it spyware? Is this legal?
Why don't they clearly and directly tell us that they will collect data?
Why don't they give us an option to opt out?
Why is it encrypted?
What exactly is being sent?
Why haven't they given us a real answer?

Resources:
Heroes V EULA
Ubisoft Privacy Policy
Wireshark Scan Results: h5.cap or h5scan.txt
SendStats and UbiStats.dll
Forum Thread: HOMMV secretly sending your info to UBI
Forum Thread: H5 = Spyware

===================

Clear as MUd as Ubisoft make their business and someone it's ALREADY Legally and Officially investigating this Ubisoft.


No Answer from you Ubisoft ...so you will get a respond.

We're not joking Ubisoft, one more black spot in the name of Ubisoft co. and in favor of the Costumer base and the MEDIA now is ON IT !!

IT'S ON !! http://forums.ubi.com/images/smilies/halo.gif http://forums.ubi.com/images/smilies/typing.gif


UBIDAYS are far to be truth http://forums.ubi.com/images/smilies/784.gif


Good "Lisa" and the rest of the "Official" Messengers enjoy the day , because maybe that's going to be the last one. http://forums.ubi.com/images/smilies/16x16_smiley-wink.gif as you know it .



cheerios
http://forums.ubi.com/images/smilies/typing.gif

I notice you're quoting old news from the HoMM forum from a couple of years ago, and only a small number of the more vocal/paranoid members were bothered about it, patch 1.1 for H5 added a patch updater to the game.
The majority of the rest of us were more interested in getting the bugs patched and the game balanced better, than in worrying about the stats that were collected during play.
Are you implying that similar systems that a lot of games have these days are ALL sending your deepest secrets to the respective publishers?
Or are you just fixated on the Evil Ubi Empire. http://forums.ubi.com/images/smilies/16x16_smiley-indifferent.gif

I don't care about game stats that get sent while I'm playing, I'm concerned about the activity that's going on when I'm not playing a game, not even browsing...

"I may be paranoid... It doesn't mean they're not out to get me though..."

I can't remember where I heard that, but it's stayed with me for years... And back in my teenage years it kept me out of trouble more than you'd believe...

Originally posted by funkmunky80:
I don't care about game stats that get sent while I'm playing, I'm concerned about the activity that's going on when I'm not playing a game, not even browsing...

"I may be paranoid... It doesn't mean they're not out to get me though..."

I can't remember where I heard that, but it's stayed with me for years... And back in my teenage years it kept me out of trouble more than you'd believe...

UBI must be run by the BU--SH--! admin http://forums.ubi.com/images/smilies/10.gif

Are you referring to the excrement of cows or that brainless gimboid texan?

Not much difference I suppose http://forums.ubi.com/images/smilies/53.gif

they r one in the same! http://forums.ubi.com/images/smilies/16x16_smiley-very-happy.gif

Funky, any word from the gods at UBI?

Nothing...

At all...

Something to point out though... while the servers are down and nobody can play a game online there's no activity whatsoever... All is peaceful...

Ubi, your servers are about as reliable as the arse of someone with Irratable Bowel Syndrome...

Your complete lack of customer support is frankly disturbing...

COMPLETELY SILENCE and it's the JUNE 4 2008.


That's UBI.



And you know what does silence means when the suspect don't want to speak.... guilty? or they are ONTO NO GOOD !!??



cherrios
http://forums.ubi.com/groupee_common/emoticons/icon_wink.gif

Yep... Silence is another form of admission.

So ubi, DO I need to discuss this matter with my legal represantative to take out an injunction against you?

June 13 2008


And legal paperwork on it's way to Ubisoft.co http://forums.ubi.com/images/smilies/halo.gif so they said.



cheerios
http://forums.ubi.com/images/smilies/typing.gif

and on Friday the 13th to boot... SPOOKY! http://forums.ubi.com/images/smilies/88.gif

http://forums.ubi.com/images/smilies/halo.gif



http://forums.ubi.com/images/smilies/784.gif



cheerios
http://forums.ubi.com/images/smilies/typing.gif

Wow. this thread seriously disturbs me. BTW did anyone else notice that the homepage got owned? http://forums.ubi.com/images/smilies/compsmash.gif

Originally posted by gmt2001:
Wow. this thread seriously disturbs me. BTW did anyone else notice that the homepage got owned? http://forums.ubi.com/images/smilies/compsmash.gif

Huh? What homepage? Are you reffering to the other weekend when the forums were taken offline for some imaginary repairs to be carried out?