REFER SPOT GROUP - EXPOSED

scrollock

Dormant account
Joined
Feb 4, 2005
Location
boro, uk
as some of you are aware a lot of players are having problems with this group, well first i will let you know my sign up experineces, until signing upto the the jupiter club i didn't have any problmems, next thing i know the software doesnt work, i have the bonus removed and hey presto the software works!!!!!!!!!!, then i get a bonus and the software doesnt work work.

well fact is, this is done on purpose by the refer spot group becuase i have been given the MG code to remove this alteration to the software.

anyway back to present things, after signing up to this group i didnt give them a sceond thought,( despite their reasonable reloads) because of the lack 24/7 support at the time.

as has been reported on several threads here, referspot disable neteller facillites, after several requests i was able to test this out myself last weekend and i can confirm that this is true.

now tonight i have went to deposit with this group and they have disabled my credit card facitlity.

going back to last week when i tried to deposit with neteller,i couldn't get into my account because they had read the reg keys on my computer system and replaced my account number in the bella vegas software with my jackpot city account (bellerock), so yes guys this group is reading your system and stealing acc no.s and passwords.

this group is abusing MG software bigtime and it is about time something is done about it.
 
This looks pretty serious!

There are two registry keys. One is simply MGS, and will most probably lie just above the "Microgaming" key. They are almost identical, but they seem to serve slightly different purposes. Surely reading account numbers from the registry for other MG accounts through altered MG client software is a serious breach of their licence. I don't think the passwords are in the registry, but in the password file. This will be in a standard place though, and can easily be nicked if access is available.

If anyone is worried there is a defence though. Construct an "include" file to clear sensitive account numbers from the keys, and another to selectively replace them as and when you play.

If this can be done by this group, perhaps all the trouble I and other users are having with some MG casinos are the result of some form of sabotage.

I am sure I had some "Refer spot" spam in the past!

Do you have any sort of test to see whether or not someone has been compromised by this group? Perhaps we should be thankful for disabled deposit options, withdrawal is probably the next function to be disabled!
 
i forgot to mention, i signed up for every casino in this group, lost 100's except for bella vegas, surpise surpise, i was locked out of bella vegas for "security reasons" but was alowwed to deposit at the others without a problem
 
Oh S**t

Nope, passwords ARE in the registry!!!!!!!!!!!!!!!!!!!! (A simple test demonstrates this).

If they can lift the account number they can lift the password! Even though it is encrypted it is no protection as anyone who has fixed a bug by editing the registry will know.
I would suggest that players who play at this group DISABLE the "Remember password" feature of all their MG casinos. This is a "bloody stupid" schoolboy programming error by MG! Passwords should be stored separately from other login information.
Stealing the "Thumper" registry key from a computer is enough to be able to access all a player's MG accounts from another computer. A firewall would prevent this (it would need to be a damn good one, as each MG needs to be able to access it's own "thumper" key, but not the keys for another casino), but as we know we are told to disable our firewalls to enable us to play!!!!!!
 
Note that Microgaming stores password info in two places in the registry.

a) HKEY_CURRENT_USER/MGS/thumper/Casino/CASINONAME/key
b) HKEY_CURRENT_USER/Microgaming/Thumper/CASINONAME/Key

You have to remove both to 'forget' the password.
 
You don't have to disable zone alarm to play, and you can control every single thing with zone alarm. It's the best firewall as far as I'm concerned.

I play at Lake Palace and Grand Bay and withdraw routinely with no problems. Nothing has ever been disabled either.
 
Rumors being what rumors are, there was one floating around some months ago, that this group was actually owned and run by MG itself. I have no clue as to whether this is factual, but suppositionally speaking, if it were true, they could basically alter the MG code however they choose w/o repercussion, could they not?
 
Definitely not owned by MG, and to be quite frank, there are always repercussions for your actions no matter who owns you, so to speak.
 
vinylweatherman said:
Stealing the "Thumper" registry key from a computer is enough to be able to access all a player's MG accounts from another computer. A firewall would prevent this (it would need to be a damn good one, as each MG needs to be able to access it's own "thumper" key, but not the keys for another casino), but as we know we are told to disable our firewalls to enable us to play!!!!!!
A firewall would not help (and you can run casinos with a firewall enabled, although you may need to open certain ports manually). A casino, like any other application, can do anything that the user running it can. If you can read the registry key or a file, so can the casino software. The casino software needs to be able to communicate with the server, it could send your password there if it wanted to. If you are worried about this, on an NT based system you could set up a different user account for every MG casino, and then you would not have to worry about one casino reading another casino's password.
 
Good Point

Unfortunately I have 98SE. I have heard many players with software trouble, and the advice from casino support is DISABLE any firewall and virus software. If a Migrogaming Licencee is up to no good it seems there is nothing much a user can do other than be aware of this problem and deal with it as best they can.
I had always thought the password was put in the "passwords" windows file in the system folder as well as being encrypted. It demonstrates that casino software is not as secure as they would like us to believe. There has already been a case of a rival group using malware to sabotage the functionality of another casino group (Royal Dutch or something similar). Ever since the botched Viper upgrades that started at the beginning of the year I have formed an intimate relationship with my Windows Registry, my activeX folder, and my system folders. Viper is just too "clever", and there is a lack of technical expertise at the disposal of the player. Even the casino tech support are often scratching their heads for weeks with some of these issues with little progress. The best we have are the various players sharing experiences, and perhaps one day one of us will come up with solutions to these various problems that will empower us, rather than leave us to the mercy of the operators who are "currently working on this issue".
Microgaming should also investigate if Refer Spot are misusing the software customisations by reading and writing registry keys outside of what is needed to effectively operate their OWN client interface; removing their licence if it is found to be the case.
At least I have DOS with my Windows. I can put a stop to this sort of marlarkey on my machine by injecting custom steps in the boot process, although I currently use registry "include" files for rapid adjustments to my MG casinos.
 
If you understand DOS and batch files, there's a simple workaround. If I'm not mistaken, even with 98, you can add/edit/delete keys in the registry from DOS. What you could do, if this is the case, (I know XP has this functionality, 98 should too), just create 2 batch files. 1 for starting the casino, which would first add the key (export the needed keys to casinoname.reg...this can serve as a backup if something goes wrong too :p ) needed to run the casino, then actually run the casino from that batch file. The 2nd one would be to go in and delete the keys again once you quit out of the casino.

This would definately solve the problem without creating multiple accounts, or as in your case, being on 98. You could just create a shortcut on your desktop for these batch files, and would just need to run them as needed ;)

As it was said earlier to just not store the password...well, that's not really good enough. Of course the password wouldn't be known, but they could still get your account number, and seeing as how they have the information you signed up with on file, they could still wreck havoc with your accounts at other casinos - including getting your password changed - without the current password.
 
Last edited:
vinylweatherman said:
Unfortunately I have 98SE. I have heard many players with software trouble, and the advice from casino support is DISABLE any firewall and virus software.
Are you serious? These casinos should be rogued for endangering their customers' computers for financial gain. It is very ill-advised to connect any Windows computer to the internet without a firewall. If you did this, your main concern should not be whether one casino can read another casino's password, but whether your computer is still owned by you or by some hacker.
 
Grandfather is entirely right. Do *not* disable your firewall *or* your virus software, that would be a huge mistake.

However, I would take any computer recommendation from casino support with a large grain of salt. Most of them have little clue as to how the software works, let alone how a computer works. The only reason they tell you to disable stuff is because, sadly enough, this is a common reason for why people cannot connect to the casino servers.

Virus software should never block access to the casino server. The correct recommendation, if at all, for dealing with the firewall is to whitelist the casino server, if you happen to know its IP or domain name. If casino support cannot or will not provide this information to you, tell them that you will not disable your firewall for the sake of gaining access to the casino and that they should immediately contact their senior management for a more satisfactory resolution of this problem.
 
In defence of casino tech support, it must be hard to diagnose problems remotely, especially when the user himself may not know much about computers, but advising the user to turn of the firewall and anti-virus programs is very irresponsible.

A firewall may require the user to open a port manually, this may be too much for the average user. An anti-virus program will slow down the installation, upgrade or starting of any program, but I have not noticed any difference in speed when a casino is running.
 
GrandMaster said:
In defence of casino tech support, it must be hard to diagnose problems remotely, especially when the user himself may not know much about computers, but advising the user to turn of the firewall and anti-virus programs is very irresponsible.

A firewall may require the user to open a port manually, this may be too much for the average user. An anti-virus program will slow down the installation, upgrade or starting of any program, but I have not noticed any difference in speed when a casino is running.

Having worked tech support at an ISP for a few years, I can definately say that trying to troubleshoot a remote machine is very hard. I have to agree that if they don't know the answer, they shouldn't bother to try. What we did if the user was having a problem with a 3rd party program (such as a firewall), we would give them the pertinant information required for them to solve the problem via tech support of the product in question. This is exactly what the casinos should be doing - not taking a stab in the dark and putting the end-users computer at risk. Can you imagine the implications and suits that would be brought up against a major ISP such as AOL, Earthlink, etc if they advised users to turn off their firewall, and in turn their identity stolen because of a hacker? That situation isn't really any different than the casino telling them to disable their firewall. It's just more likely that an ISP would be held accountable more than an online casino would be.

There's no reason anyone should be without a firewall nowdays. ZoneAlarm is free for personal use, and it's so easy to setup. Whenever you run a program that needs to access the internet, it'll ask you if you want it to allow access, and once you grant that it will open all ports neccesary so that the program will run without any problems.
 
Last edited:
Being a tech myself, I will also echo those sentiments.

However, what I should point is that casino support are NOT techs - they have zero clue as to how a computer works, and have been hired as *customer* support as opposed to *technical* support.
 
Speak of the devil... LOL... mind you this is not a Referspot (Grand Prive) casino.

Thank you for choosing xyz casino!

Please ensure that all Firewall and Spyware software is disabled at the time of accessing xyz casino.

I have listed a link below which will allow you to download the complete version of the casino which is more reliable and secure. Please uninstall the current software you have loaded on your system, then restart your computer and select the link below in order to download the complete version of xyz casino.

What's so silly about this is that I operate every other casino just fine - the error I was getting is only related to this casino - and almost certainly something to do with the fact that it can't handle more than one connection at a time from a computer (seems to be downloading stuff in the background) - and only occurred just recently - the error didn't occur over a few sessions while I was playing, but after a cashout, suddenly I started getting this error all the time (though the cashout was properly processed).
 
However, what I should point is that casino support are NOT techs - they have zero clue as to how a computer works, and have been hired as *customer* support as opposed to *technical* support.

Sure. But CS should escalate to the IT Support Desk if they are unable to resolve the problem to the customer's satsifaction. They do this at Ladbrokes.
 
I have downloaded every software out there just about with Zone Alarm running and had no problems whatsoever.

I have the program set to ask me for permissions and I always know exactly what is going on.
 

Users who are viewing this thread

Meister Ratings

Back
Top