Bot Malware Alert

124 posts / 0 new
Last post

We have received reports that the MTGO Library Bot software contains a security issue, which is allowing malicious users to drain the contents of accounts running the MTGO Library Bot software.


This is just one of a number of security issues that have been linked to MTGO Library Bot (and its predecessor CBSbot). We strongly urge users to discontinue using this software. Please be aware that continuing to use this software may lead to the loss of the contents of your account(s), and may pose additional security risks to your computer.


Please see the threads below for previous posts regarding this software:


WARNING – BOT MALWARE ALERT
New information regarding the CBS Bot
MTGOLib Bug/Security Problem/Fraud  


Pursuant to the Terms of Service, Wizards of the Coast is not responsible for any losses or damages you may incur as a result of running third party applications in conjunction with Magic Online.


If you believe that you have been a victim of this, or any other scam, please report it at our Report Suspicious Behavior Link.  

Edit:
This information is also cross posted to the MTGO Blog and in-game, please spread the word!

I don't think it is just limited to the bot owners accounts solely.  I think that partial tix credits may have been taken from users of the bots.  I used one of the mtgolibrary member bots for a couple of years with no problems.  Sometime between 10/2/11 and 10/8/11  my partial credit on the VW_Bulk_Buyer bot dropped from 0.699 credits to 0.024 credits unexplained.


The problem I have with a number of bots is that they usually do not have an email address or other contact information listed.  

Dear WotC_Xan,


 I confirm that we had a security issue two days ago, around midnight. We had a brute force attack on our servers and a couple of weak passwords (such as password = username, or password = "1234") got stolen.
We already fixed the issue, but we are also coding a better registration screen to force the user to choose a long and secure password (for example with a minimum number of characters and/or at least a number in between).


I would also remind the uses with a short password to change it. If you have problems with the procedure, just email me and I will be happy to do this for you. 


 If I can be of further help to find the scammer, please contact me. 


Sincerely,
Albert from mtgolibrary.com

I just wanted to comment on this issue, or at least the one that we should be commenting on.   MTGO has a problem, and I'm not sure if it's cause is by design, or preserving the status quo is in the best intererest of wizards/hasbro.  BOTS are the problem, or the lack of them, built into the client.  Either all users should be able to fascilitate automated trading or none should.  Where is the line drawn? If you can run a 3rd party client, there is NO TELLING what that client can do, and that is unfair advantage, and also risky security wise as shown above.  (although, I know a friend who runs a giant chain will remain un-named, and he uses mtgo library for years now, he has thousands of dollars on there with no issues.)  What I mean by that is, somebody can run just a simple bot to fascilitate trading yes.  But very skilled programmers can write applications that replace the mtgo client, with something that isn't even concerned about ever playing the game, but focused on trading, predicting prices, and making sure that players cannot fascilitate "fair trades" between themselves as often as they should.   Why is making an elite-class of trader healthy for magic?  The only thing I could come up with is the extra advertising these secondary market kings bring in. Sometimes they get big enough to even sell retail product.  Which is good for wizards/hasbro.  However, look at the guys over at channelfireball, they sell retail product, and they're just pro players and fan boys of the game.  Does magic need an elite trading class in it's digital product?  I understand the need for retailers and card shops in real life, but mimicing it online, is it necessary?  Can we not just have a promise it will come to an end, make mtgo v5 with some sort of an automated trade.  You guys will sell more clients! You can effectively capture this market.    For the 99% of you reading this not in a decision making capacity, please take from this any ideas and repost them, tell them to wizards, take away this unfair advantage!
I know a friend who runs a giant chain will remain un-named, and he uses mtgo library for years now, he has thousands of dollars on there with no issues.


Thank you for writing this :-)  

But very skilled programmers can write applications that replace the mtgo client


This happened, but it is something totally against toc 
My friend used three of the mtgolibrary member bots for two years with no problems.Password is too short to be cracked is their problem.
The problem, in addition to weak passwords is the within the MTGO community there are greedy thieves among us as in any walk of life. I hope the illicit trades can be traced, stock recovered and scum banned for life. Let's not blame wotcs trading interface, or users weak passwords when the real culprit is a greedy thief.
Looking forward to Hex TCG MMO
Is it a problem to make auction just like in WOW? You place your lot and set a price for it, and there's no need to be in classifieds all the time, you dont even need to be online. I think, it's just someone who wrote the game was interested to leave this hole.
The topic of this thread is DO NOT USE MTGO LIBRARY BOTS!

All these replies coming from 1 post-count accounts seems like an attempt to derail the warning and change the topic. Just sayin'.
I can't spare a moment for the dog faced boy I won't lend another hand to the worm girl of Hanoi Don't deplete my oxygen for the guy who's turning blue But ask me, and I'll do anything for you

All these replies coming from 1 post-count accounts seems like an attempt to derail the warning and change the topic.



I can assure you the above are real posts

Getting back to the original topic, as you can read in the first post, this is not the first time warnings have been issued about Mtgolibrary.

 It used to be called CBS Bot, but the name was quickly changed after the first round of warnings against the bot were posted.
DCI Certified Level 2 Judge
Deja vu. Didn't we have this exact same thread before? When I first saw the title I was thinking "another necro'd thread." 

On the other hand, I also remember some people saying they had no problems ml library, so is it a case of weak passwords? Is there anyone affected by the loss willing to share their password strength? Wink
Just to clarify:

This specific issue is not due to weak passwords or a third-party security breach to this bot. These accounts were accessed via the administrator of the MTGO Librarybot through a specific mechanism built into that bot.  Again, we urge anyone running this software to discontinue immediately, as your account contents are at risk.
 This specific issue is not due to weak passwords or a third-party security breach to this bot. These accounts were accessed via the administrator of the MTGO Librarybot through a specific mechanism built into that bot.



With all the respect Xan, I have logs documenting a brute force attack. There is no "build in" mechanism. I hope you agree with me that a similar mechanism will be counter-productive.

Another way to see this is: "why bigger bots have not been violated"? If some exploited the "mechanism", why use it on small fish rather than large chains? :-)

Mtgolibrary should be treated with extreme caution, as should all bots.

It is way past time that WotC recognises the clear need of users for a way to trade without user interaction. Bots are the fungus that grew in the cracks; seizing an opportunity that should have never been there in the first place. Their only justification is the fact that there is nothing better, currently.

The sooner wotc obsoletes them, the better.
Free Speech
Free speech is the right to speak your mind without government censorship and without fear of extralegal retaliation like harassment or violence. That’s all! Free speech doesn’t include the right to speak your mind on any forum anywhere. The government may not prevent you from speaking, but private parties, like blog owners or corporations, aren’t required to let you use their property as your platform. Free speech doesn’t include the right to be believed or to be taken seriously. People may mock, ridicule or laugh at what you say, or they may reject it outright. Free speech doesn’t include the right to be listened to. People who don’t desire to hear your opinion can hang up on you, block you on social media, change the channel, close the browser tab. Free speech doesn’t give you the right to bombard people with harassing messages or otherwise force them to pay attention to you against their will. And free speech doesn’t include the right to suffer no consequences whatsoever for your expressed opinions.
I'm a real player, my in game name is Glyph Alias, I play pauper mainly, I'm on alot.
Just curious, how can you say with absolute clarity mtgolibrary is a scam bot?   I was thinking about it fairly deeply.. (might be shallow for others, so bear with me)   I know that MTGO has the capacity to record trades, knowing this, I could understand that a pattern of some size could be used to establish the fact that bot X is a scam bot.  But what kindof evidence do you guys have? That would go a long way in getting people to stop using the bot, which would be the best course of action if it was really a threat.  

Again, give bots to the normal 99% (yay, random poltically charged terms!) of us users!
 This specific issue is not due to weak passwords or a third-party security breach to this bot. These accounts were accessed via the administrator of the MTGO Librarybot through a specific mechanism built into that bot.



With all the respect Xan, I have logs documenting a brute force attack. There is no "build in" mechanism. I hope you agree with me that a similar mechanism will be counter-productive.

Another way to see this is: "why bigger bots have not been violated"? If some exploited the "mechanism", why use it on small fish rather than large chains? :-)




i respect Xan, and the applaud the specificity of what he/she said.

as to mtgolibrary's responses:

a brute force attack on your servers that exploited or revealed a security flaw, since fixed. i do not have any reason to disagree with you that this very well could have happened; it happens all the time on the internets. yet, you pass the blame to those with weak logon credentials. how many of those users will now, or ever, go and change their logon info? unless you do what you have said, and make a strong password necessary and required for every existing user. i imagine that many of them will also need to be made aware of this change through an email.

seperating your bot software from the big fish is disengenious and misses an important part. most of the big fish have their own homebrewed or the occasionally shared coding schemes. yet your bot software is the most prevalent in the "pool" tht is the secondary bot market 'lake' of mtgo. by analogy, think of the big fish as /trophysport fish breeds like walleyes, northern pike large mouth bass - the kind you would stuff and mount to put on your wall. your bots, on the other hand, are not mere bait fish, chum, or minnows. as a whole, your bots and those bots using your software comprise the majority of bots on mtgo, imo. you are the medium-sized fish, who are just under the legal size to keep. the ones that get thrown back; the nonkeepers. the ones who need a few more years to grow. you are not the little fish that the big fish use as food. you are the types that steal our worms and swim around our fishing boats. and no, i do not mean to insinuate that one tickets are worms and that you are stealing them.

to turn your question on its head, you asked, why use it on small fish rather than large chains?" i ask you, "why use the exploitable mechanism on the few larger bot chains when you can use it on many more, and repeatedly, on the smaller fish?" there are always more smaller fish in the pond than there are of the larger sorts. raiding 50 of the larger bots <= raiding 1000 of the smaller bots.

Just curious, how can you say with absolute clarity mtgolibrary is a scam bot?   I was thinking about it fairly deeply.. (might be shallow for others, so bear with me)   I know that MTGO has the capacity to record trades, knowing this, I could understand that a pattern of some size could be used to establish the fact that bot X is a scam bot.  But what kindof evidence do you guys have? That would go a long way in getting people to stop using the bot, which would be the best course of action if it was really a threat.


Repeatedly over the years WotC has come out with warnings that the owners of the bot will access licensee's accounts and take product without permission. As usual, this has nothing to do with people who interact with the bot to buy cards, but rather those who are operating the bot.

Magic and Magic Online Volunteer Community Lead. On Strike

I'm trying to make my official VCL posts in purple.

You posted saying my thread was moved/locked but nothing happened.


Show
Unfortunately, VCLs do not currently have the tools necessary to take moderation actions directly. VCLs submit their actions to ORCs, who then actually perform the action. This processing can take between a few minutes and several hours, depending on how busy/attentive the ORCs are.

If you see something that needs VCL attention, please use this thread to make a request and a VCL will look at it as soon as possible. CoC violations should be reported to Customer Service using the "report post" button. Please do not disrupt the thread by making requests of either kind in-thread.

General MTGO FAQ

Yes, the Shuffler is Random!
The definitive thread on the Magic Online shuffler.

Magic Math Made Easy
Draw probabilities, Swiss results, Elo ratings and booster EV

Event EV Calculator
Calculate the EV for any event with a fixed number of rounds and prizes based on record

Dual means two. A duel is a battle between two people. Lands that make two colors of mana are dual lands. A normal Magic battle is a duel.
Thanks to PhoenixLAU for the [thread=1097559]awesome avatar[/thread]!
Quotables

Show
"While a picture is worth a thousand words, each lolcat actually produces a negative wordcount." -Ith "I think "Highly Informed Sarcasm" should be our Magic Online General motto." -Ith "Sorry, but this thread seems just like spam. TT is for off-topic discussion, not no-topic discussion." -WizO_Kwai_Chang "Stop that! If you're not careful, rational thinking may catch on!" -Sax "... the only word i see that fits is incompitant." -Mr44 (sic) "You know a thread is gonna be locked when it gets to the hexadecimal stage." -Gathion "It's a good gig" - Gleemax "I tell people often, if you guys want to rant, you've certainly got the right to (provided you obey CoC/ToS stuff), and I don't even really blame you. But if you see something you think needs changing a well thought-out, constructive post does more to make that happen." - Worth Wollpert
Wouldn't libbot servers having their licensee's passwords be a violation of the ToS/CoC anyway?

Magic and Magic Online Volunteer Community Lead. On Strike

I'm trying to make my official VCL posts in purple.

You posted saying my thread was moved/locked but nothing happened.


Show
Unfortunately, VCLs do not currently have the tools necessary to take moderation actions directly. VCLs submit their actions to ORCs, who then actually perform the action. This processing can take between a few minutes and several hours, depending on how busy/attentive the ORCs are.

If you see something that needs VCL attention, please use this thread to make a request and a VCL will look at it as soon as possible. CoC violations should be reported to Customer Service using the "report post" button. Please do not disrupt the thread by making requests of either kind in-thread.

General MTGO FAQ

Yes, the Shuffler is Random!
The definitive thread on the Magic Online shuffler.

Magic Math Made Easy
Draw probabilities, Swiss results, Elo ratings and booster EV

Event EV Calculator
Calculate the EV for any event with a fixed number of rounds and prizes based on record

Dual means two. A duel is a battle between two people. Lands that make two colors of mana are dual lands. A normal Magic battle is a duel.
Thanks to PhoenixLAU for the [thread=1097559]awesome avatar[/thread]!
Quotables

Show
"While a picture is worth a thousand words, each lolcat actually produces a negative wordcount." -Ith "I think "Highly Informed Sarcasm" should be our Magic Online General motto." -Ith "Sorry, but this thread seems just like spam. TT is for off-topic discussion, not no-topic discussion." -WizO_Kwai_Chang "Stop that! If you're not careful, rational thinking may catch on!" -Sax "... the only word i see that fits is incompitant." -Mr44 (sic) "You know a thread is gonna be locked when it gets to the hexadecimal stage." -Gathion "It's a good gig" - Gleemax "I tell people often, if you guys want to rant, you've certainly got the right to (provided you obey CoC/ToS stuff), and I don't even really blame you. But if you see something you think needs changing a well thought-out, constructive post does more to make that happen." - Worth Wollpert
MLbot doesn't store mtgo passwords on it's server as far as I know. Mlbot users create a Ml password to log into a web based system to view transaction history credits of bot customers etc. This is what appears to have been compromised. Has product been stolen. If so how did the ml password compromise lead to lost product. Surely any movement of product can be traced and account details of those involved investigated. It sounds like someone has illegally and maliciously exploited a security weakness.
Looking forward to Hex TCG MMO

make a strong password necessary and required for every existing user. i imagine that many of them will also need to be made aware of this change through an email.



I should have coded the registration screen better, in order to reject unsafe passwords.


All these replies coming from 1 post-count accounts seems like an attempt to derail the warning and change the topic.



I can assure you the above are real posts




What?!

How can YOU tell us that those posts are real?  Why do you think you have some special ability to know that?

I had a difficult to guess password for my MTGO Library account, and I still had tickets stolen. It would have taken a brute force attack a long time to figure out what my password was, but it seems like more than just simple passwords were taken. Everybody who uses the service should be changing their password in my opinion.
@ MTGOJeff - sucks man.

@ bubba077 - really, you're a community organizer?  The mtgo library doesn't store account passwords, the passwords that Albert is talking about are the passwords to the accounts in his website, if gained access to these accounts can give credit to users, those users can then take tickets at will. 

@ whover said they applaud the specifity of the information provided by wizards here, you idea of transparency must be the iron curtain.

If they can say that the IP's and accounts that stole the tickets can be linked to those with autority, and that when you follow the money trail, that leads back to the admin over at mtgo library, then we have something. 
While this whole ugly incident is being debated, anyone think this might just be another shining example of why Wizards *absolutely* needs to implement an onilne auction trading system (ideally with partial tickets) like, oh, I don't know.... every massive online game since 1998?

Wizards says not to use the bots - and for good reason - but people are making easy money off the rest of us because there's no simple way for human users to buy/sell/trade cards... which encourages the same (sketchy) bot use that Wizards is trying to discourage.

Coolio.
^^^^ I agree 100%
I had a difficult to guess password for my MTGO Library account, and I still had tickets stolen. It would have taken a brute force attack a long time to figure out what my password was, but it seems like more than just simple passwords were taken. Everybody who uses the service should be changing their password in my opinion.


Anecdotal opinion is worthless. If you want to convince us then please check the password that was hacked against a checker, e.g. this one and report back on how long it would take to crack it.

My own password gives this:
Time Required to Exhaustively Search this Password's Space:
















Online Attack Scenario: (Assuming one thousand guesses per second)4.37 thousand centuries
Offline Fast Attack Scenario: (Assuming one hundred billion guesses per second)1.59 days
Massive Cracking Array Scenario: (Assuming one hundred trillion guesses per second)2.29 minutes




p.s. I actually think discussion of password cracking by brute force is a bit unrealistic, it's more likely you could intercept data passing between the bot site and the mtgo server using wirefish or similar in much less time.
I just ran it for my password, and mine showed the exact same results.


Time Required to Exhaustively Search this Password's Space:
















Online Attack Scenario:
(Assuming one thousand guesses per second)
4.37 thousand centuries
Offline Fast Attack Scenario:
(Assuming one hundred billion guesses per second)
1.59 days
Massive Cracking Array Scenario:
(Assuming one hundred trillion guesses per second)
2.29 minutes



Cool, thanks. I know enough about intrusion to know that there are many shortcuts to finding passwords that don't involve brute force attacks. Sorry you got ripped off btw.
Thank you for continuing the discussion, please understand that there are many details here that I can't share publicly.

Rest assured that these cases have been fully investigated and the links are solid. Based on our findings, we are urging users to discontinue use of this bot, and to change all passwords affiliated with accounts that have run it. This is especially important if you have used the same password for any other sites and services. If you've done this, please pick a new, strong password, which is not reused across multiple services.

Please bear in mind that even if your account is not one of those which has lost items, by running this software you are exposing both your Magic Online account and your personal data to risk.

Also, please use care if you're putting your password into any third-party site (even to check how secure your password is.) While I can't speak to the specific site being used for this, fraudsters are shifty, and sometimes these sites are set up with malicious intent. In order to stay safe, please change your passwords if you've done this.


edit:
Fixed a typo. Pesky extra letters!
I just ran it for my password, and mine showed the exact same results.



Time Required to Exhaustively Search this Password's Space:
















Online Attack Scenario:
(Assuming one thousand guesses per second)
4.37 thousand centuries
Offline Fast Attack Scenario:
(Assuming one hundred billion guesses per second)
1.59 days
Massive Cracking Array Scenario:
(Assuming one hundred trillion guesses per second)
2.29 minutes


I'm pretty certain that you have a 9 character password that includes at least one uppercase letter, at least one digit, and no symbols. These are the results you get for any 9 character password consisting of any mixture of that includes upper, lower, and digits. If you were to replace one or more characters with a symbol, the result is:

















Online Attack Scenario:
(Assuming one thousand guesses per second)
2.03 hundred thousand centuries
Offline Fast Attack Scenario:
(Assuming one hundred billion guesses per second)
2.43 months
Massive Cracking Array Scenario:
(Assuming one hundred trillion guesses per second)
1.77 hours



While this whole ugly incident is being debated, anyone think this might just be another shining example of why Wizards *absolutely* needs to implement an onilne auction trading system (ideally with partial tickets) like, oh, I don't know.... every massive online game since 1998?
Wizards says not to use the bots - and for good reason - but people are making easy money off the rest of us because there's no simple way for human users to buy/sell/trade cards... which encourages the same (sketchy) bot use that Wizards is trying to discourage.
Coolio.

 
 
Who are the people that are making easy money off the rest of us?  Are you referring to the hackers we are discussing, or to bots in general? You're stream of thought seems to be confusingly mushing the two topics together. 

If you are arguing that bots in general are doing this, you need to rethink your analysis.  Bots provide a service of being able to quickly and easily either sell off your existing cards or buy the cards you need immediately for a small % difference between the buy and sell prices. Without bots and their competition stabilizing prices, we would be back to where we were before bots where you would have to "casual around" to various dealers/players until you found someone that had the cards you were looking for and really had to spend a lot of time making sure you didn't get ripped off. (of course we have all seen bots which sell a 5 ticket card for 15, or try to buy it for 0.03, but within a short time one gets to know the bots that will be fair - most of them actually are - and avoid the crazy ones)

The online auction trading system you dream of would be super nifty of course, and would do away with the need for most bots, but ask yourself how realistically possible a development of that scale would be at the snails pace that new functionaliy is added to the Magic Online client. And most importantly, what does wotc gain from their investment of such a development that would likely cost a ton of money.
Also, please use care if you're putting your password into any third-party site (even to check how secure your password is.)...

This is very good advice, please heed it! I didn't actually enter my password, rather I entered a string with the same upper/lower-case and digit profile.

There are phone apps for generating and keeping track of very strong passwords. A 15-character password consisting of random upper/lower-case and digits will require 248,000 years to crack using the Massive Cracking Array Scenario according to the tool mentioned previously.

Rest assured that these cases have been fully investigated and the links are solid. Based on our findings, we are urging users to discontinue user of this bot, and to change all passwords affiliated with accounts that have run it. This is especially important if you have used the same password for any other sites and services. If you've done this, please pick a new, strong password, which is not reused across multiple services.

  
Great idea to change your password for your account, given the events that have unfolded. I'm not arguing that.

However, could someone confirm to me that the hacking of the users Magic Online account was not the issue, but that the ML-Bots main system was hacked and the hacker added credits to his account at certain bots. Then, after giving himself 10,000 credits he traded with these bots  and "bought them out".

Yes, no?

Thanks       


Yes, we can confirm that this was not a breach or hack of Magic Online accounts, but rather a direct result of running the third-party software.

That said, if you are putting your password into ANY third party software, you are also exposing your account to risk. You wouldn't share your password with a stranger, don't share it with strange software either!
@ bubba077 - really, you're a community organizer?  The mtgo library doesn't store account passwords, the passwords that Albert is talking about are the passwords to the accounts in his website, if gained access to these accounts can give credit to users, those users can then take tickets at will.


How would I know that? Without ever having used libbot, it certainly sounded like MTGO passwords were involved. After repeatedly warnings by WotC over the years (the only bot they've made official warnings against), I no longer give libbot any benefit of doubt.

Magic and Magic Online Volunteer Community Lead. On Strike

I'm trying to make my official VCL posts in purple.

You posted saying my thread was moved/locked but nothing happened.


Show
Unfortunately, VCLs do not currently have the tools necessary to take moderation actions directly. VCLs submit their actions to ORCs, who then actually perform the action. This processing can take between a few minutes and several hours, depending on how busy/attentive the ORCs are.

If you see something that needs VCL attention, please use this thread to make a request and a VCL will look at it as soon as possible. CoC violations should be reported to Customer Service using the "report post" button. Please do not disrupt the thread by making requests of either kind in-thread.

General MTGO FAQ

Yes, the Shuffler is Random!
The definitive thread on the Magic Online shuffler.

Magic Math Made Easy
Draw probabilities, Swiss results, Elo ratings and booster EV

Event EV Calculator
Calculate the EV for any event with a fixed number of rounds and prizes based on record

Dual means two. A duel is a battle between two people. Lands that make two colors of mana are dual lands. A normal Magic battle is a duel.
Thanks to PhoenixLAU for the [thread=1097559]awesome avatar[/thread]!
Quotables

Show
"While a picture is worth a thousand words, each lolcat actually produces a negative wordcount." -Ith "I think "Highly Informed Sarcasm" should be our Magic Online General motto." -Ith "Sorry, but this thread seems just like spam. TT is for off-topic discussion, not no-topic discussion." -WizO_Kwai_Chang "Stop that! If you're not careful, rational thinking may catch on!" -Sax "... the only word i see that fits is incompitant." -Mr44 (sic) "You know a thread is gonna be locked when it gets to the hexadecimal stage." -Gathion "It's a good gig" - Gleemax "I tell people often, if you guys want to rant, you've certainly got the right to (provided you obey CoC/ToS stuff), and I don't even really blame you. But if you see something you think needs changing a well thought-out, constructive post does more to make that happen." - Worth Wollpert
Stupid question, but, should people that use the bots (customers, not owners) be worried about anything?  What about if we have credit left on these bots (<1 ticket or so)?
Stupid question, but, should people that use the bots (customers, not owners) be worried about anything?  What about if we have credit left on these bots (<1 ticket or so)?


You don't have to worry about anything that is in your account now being at risk. Any credit residing on a bot could of course be at risk, but that is true anytime you rely on the dealer to retain credit.

Magic and Magic Online Volunteer Community Lead. On Strike

I'm trying to make my official VCL posts in purple.

You posted saying my thread was moved/locked but nothing happened.


Show
Unfortunately, VCLs do not currently have the tools necessary to take moderation actions directly. VCLs submit their actions to ORCs, who then actually perform the action. This processing can take between a few minutes and several hours, depending on how busy/attentive the ORCs are.

If you see something that needs VCL attention, please use this thread to make a request and a VCL will look at it as soon as possible. CoC violations should be reported to Customer Service using the "report post" button. Please do not disrupt the thread by making requests of either kind in-thread.

General MTGO FAQ

Yes, the Shuffler is Random!
The definitive thread on the Magic Online shuffler.

Magic Math Made Easy
Draw probabilities, Swiss results, Elo ratings and booster EV

Event EV Calculator
Calculate the EV for any event with a fixed number of rounds and prizes based on record

Dual means two. A duel is a battle between two people. Lands that make two colors of mana are dual lands. A normal Magic battle is a duel.
Thanks to PhoenixLAU for the [thread=1097559]awesome avatar[/thread]!
Quotables

Show
"While a picture is worth a thousand words, each lolcat actually produces a negative wordcount." -Ith "I think "Highly Informed Sarcasm" should be our Magic Online General motto." -Ith "Sorry, but this thread seems just like spam. TT is for off-topic discussion, not no-topic discussion." -WizO_Kwai_Chang "Stop that! If you're not careful, rational thinking may catch on!" -Sax "... the only word i see that fits is incompitant." -Mr44 (sic) "You know a thread is gonna be locked when it gets to the hexadecimal stage." -Gathion "It's a good gig" - Gleemax "I tell people often, if you guys want to rant, you've certainly got the right to (provided you obey CoC/ToS stuff), and I don't even really blame you. But if you see something you think needs changing a well thought-out, constructive post does more to make that happen." - Worth Wollpert
Awesome.  Thanks for the quick response.  
Stupid question, but, should people that use the bots (customers, not owners) be worried about anything?  What about if we have credit left on these bots (<1 ticket="" or="" so="" quote="" br="" class="mbQuoteSpacer">



never ever ever save over 1 ticket credit on any bot, mine included.


As for the calls for a "auction house". Couple of problems with that. One, those other markets rarely have real worl value backing them up and certainly nothing like MTGO has. IE redemption(gold standard). Second, auction house is GREAAAT if you are a constructed player since it will drive prices lower. If you are a drafter though Auction house is a wash, or more likely a loss since it very likely lowers average value per pack opened.


Most of the people posting here are likely constructed players, you can infer this from the fact that to care enough to post implies you have value tied up in MTGO, rather than draft occasionally.
Owner of TheCardNexus chain on mtgo.