Defense & Opsec
Don't expect to research your way to a server nobody can crack. Everyone plays under the same daily version cap, so if your hasher is capped at 22.0 today, so is the cracker of the strongest player coming after you. You can't push your defenses past that ceiling while the cap is on, and it stays on for most of the round, so a strong player can break into almost any server, yours included.
What you can do is reach the ceiling yourself. A hasher and firewall pushed to the cap lock out anyone whose cracker and exploits haven't reached the cap too. It just won't stop someone equally equipped, and against that player defense turns into damage control: be cheap to ignore and quick to disappear. Keep a low profile so you're not worth hunting, keep your logs clean so a break-in doesn't cost you your bank, and keep an IP reset queued so you can vanish the moment someone gets in.
Out-versioning the whole field is a real thing, but it's an endgame move. The daily cap only lifts once doom is in play, and the research to climb past everyone gets steeply more expensive from there. It's one way a top player wins a round, not something a new player should plan around.
The game warns you about exactly one thing: a DDoS attack in progress drops an alert in your inbox with the attacker's IP. Nothing else makes a sound. If someone hacks in, runs an antivirus on your machine, plants a virus, or empties one of your accounts, no notification comes. The only trace is the log on your own localhost, so reading it is the only way you'll know you've been hit.
Get in the habit of checking it. The line that matters most is an intruder's first login, because logging in writes its entry before they can reach it. They won't leave it sitting there long: a log edit takes at least four seconds, a quick player clears that login in about five, and once inside they can hide everything they do afterwards in a fraction of a second by pre-queueing their tasks and bursting through them in the task manager. That first login is usually your one window, and it doesn't stay open long.
This is a small game, plenty of players clear their tracks cleanly, and you won't catch one of those unless you happen to be watching the moment they land. What regular checks reliably catch is the slower and the sloppier.
Logs aren't your only tell. An intruder's actions leave marks on your Software page that outlast a wiped log: software switched off, a virus you didn't install, a new text file, a file of yours gone missing or hidden. None is as reliable as catching the login, but they're what's left once the log is clean, so look your software over now and then.
A log you leave exposed is a payout for whoever reads it. The Log Parser under Utilities lifts bank account numbers and Bitcoin keys straight out of raw log text, so a collection left sitting in a log can be emptied in seconds. Clear sensitive lines as soon as you're done, and if an account number does get out, an IP reset won't save it: close that account and reopen it for a fresh number.
Resetting your IP is the panic button. You do it from the ISP website, it costs a bit (scaling up to a ceiling of $15,000), and it takes ten minutes to go through. When it lands your address changes and everyone who had you saved in their Hacked Database loses you. Their saved logins break, and nobody can come after you again until they track down and re-hack your new address. It isn't silent, though: anyone who had your old IP gets a notice that you moved, so a determined attacker knows you slipped away and may come looking.
The catch is the timing. A reset takes ten minutes, but a DDoS lands in five, so you can't outrun an attack that's already in flight. The play is to keep one queued ahead of time. The instant your logs show someone's been in, or an attack alert hits your inbox, you fire the reset that's already waiting.
One exception: clan servers can't reset their IP at all. Once a clan server's address leaks, it's usually exposed for the rest of the round, so guard that IP harder than your own.
A hider conceals inactive files; a seeker reveals concealed ones. Both have to be running on your own localhost to work, and they fight the usual version battle: a seeker only uncovers a file hidden by a hider at or below its own version. Hide something with a high enough hider and nobody sees it, not even the machine's owner.
Two limits worth knowing. You can only hide inactive files, never something that's actively running, so installed viruses, an antivirus sitting idle, and spare tools can all be hidden, but a running process can't. And hidden files still take up disk space; they're invisible, not gone.
The seeker has a defensive side worth using. Someone who breaks into your box can hide things on you: your antivirus, so you can't run it to clear a virus they left behind, or your own tools, to put them out of action. A hidden file won't show in your software list at all, so a seeker is how you bring it back into view, provided yours is high enough to beat the hider that hid it. It's the other half of looking your software over for tampering.
The everyday use is stealth on a machine you're farming. Hiding your installed viruses doesn't change what they earn, but it stops the owner noticing them and resetting their IP out from under you. The one thing that still finds them is a high enough seeker, so it's worth checking the Software Ranking page now and then to see whether anyone's seeker has climbed past the hider you're leaning on.
Advanced: hiding works on other people's files too. Hide a server's antivirus and nobody can run it to clear viruses; hide someone's idle tools and they're useless until found. It's sabotage that costs the target nothing to undo, but only if they spot it.
An antivirus wipes every virus at or below its own version off the machine it runs on, no matter who installed it and whether or not it's hidden. A v14.0 antivirus clears a v14.0 virus but not a v14.1. It runs on demand rather than passively, on your localhost or, by uploading it first, on a remote server.
Day to day it's cleanup. When a check of your software turns up a virus you didn't install, an antivirus at or above its version is how you get rid of it, and the same run reclaims the disk that big viruses eat.
Advanced: if you run an antivirus on a server to wipe everyone else's viruses just before you collect, that server tends to pay out as if you'd had it to yourself the whole time, not just from the moment you cleared it. Clear the competition, then collect.
Getting caught at the louder crimes (deleting software, stealing large sums, throwing big DDoS attacks) can land your IP on a public wanted list. It surfaces in two stages:
- Safenet โ shows a partial IP on its index page first. That's not real cover, because the full address sits in a text file once someone logs into Safenet.
- FBI โ posts the full IP on its own index, on the Wanted List in your Home tab, and pushes it to the HackerWars Discord with an alert. Plenty of players watch that feed for targets.
Once you're on it you're an easy mark, your address handed to everyone watching for one. So the move is to stay off it. Keep the noisy crimes rare, and if you do pull one, expect the attention and have your usual habits ready: logs clean, a reset queued.