I just caught a hacker...

Gratz on catching him before he nicked ur stuff

Only partially correct. Security is a two folded responsibility. The User and the provider.

I doubt it's the server that has got hacked, more likely it's the client which since it resides on a PC where it can be reverse engineered is by far the most vulnerable target(after the users PC).

There have been hacks to the client in the past, which allowed people to mess with others(such as crash their clients) so it's my suspicion that the recent spate of hacks we have been seeing is related to that.

Not everyone who has had their account broken into has no firewall, AV or spyware protection. Some are very well protected to the point where it being them is very unlikely.

Going back to the first point, Anet and NCsoft can't just point to the users and go it's your fault! They have a duty of care to ensure the security of their game, some of the security(or lack of it) in for plaync(for example) is shocking and has been an outstanding issue for well over 18 months.

Also, I made a discovery at official wiki: wiki.guildwars.com

I just downloaded TexMod from there (Main mirror and first secondary mirror), and my av get nuts, not in the usual form. Usually, it yells me that the file has some unidentified trojan, but now he is telling me that the file has a virus called: Lineage2.Keylogger. I'm putting on quarantine that downloads on wiki.

I'm not saying it shouldn't, but the point is - so should PlayNC's. Even more so because they are providing a service for their customers (us) to use.

QFT

I agree. ANet and NCsoft do have a duty of care, so they need to find out what is happening and stop it pronto. Also it is completely wrong to just blame the person with the game - a lot of people have good security. Even changing your password regularly doesn't help if someone is able to hack their way in.

So in the meantime, AB is a no go zone?

You are right. They don't use MySQL. They use MSSQL on W2k3. Google it.


Don't talk about stuff you have no clue about. If someone would have direct access to Anets DB there would no need to "hack" player-accounts.

And of course it is very hard to gain access there, so you probably take some sidesteps. How much do you think this DB here is worth? 16ok users... 5ooo$? 1ok? 2ok? ...

Ofc, they will use salts, but it won't matter, because there are enough users with passwords like 'gwen10' or 'gw12345'.

Exactly. That's how it's done in 80% of all cases if you really want a *certain* account. If you just want to make money with ebay tough, you have to catch as many stupid people as possible.

That's not possible and you have to thrust me on that one. Without going into deep details, i can asure you will get never direct connections to any player in GW. The server supervises all that. To tumb it down: Look at this forum - i won't get your IP-adress or anything if i am not allowed to know, because the forum software on this server manages it. Only people who are have permissions to know that stuff (like admins, mods, etc.) can see it. Of course there can be exploits, but as said - if you're on that level you would not need to hack "clients" - you would just abuse the server itself.

I won't drive THIS debate, but stuff like "personal firewalls" etc. are totally useless.

I never got "hacked" nor did anyone of whom i know that has some basic clue. I know how that sounds, but that's how things are.

The only connections I've seen between all hackies (by all their stories) is that they're GWGuru members.
I don't browse other fansites, but are there people on other sites getting hacked aswell? Additionaly, any info on alt GW sites regularly visited could be quite helpful.

Amen to that. You can't even use stuff like !@$% or _- for your password, it's only numbers, a's, and A's.

Where are you getting the download link from? I say this because the link I used originally:

http://wiki.guildwars.com/wiki/Guide...-game_graphics

...links to Texmod hosted on a FileFront server that doesn't even have mirrors for it. Just one link. FWIW, I just downloaded Texmod from that FileFront link, did a virus scan on it (and the Texmod.exe file inside) with Avast and a-squared free malware scanner, and compared the MD5 values with the original Texmod.zip I downloaded late last year, which is still on my hard drive. Same exact MD5, so Texmod, at least from this location, hasn't been sabotaged in any way.

Is this a different link than the one you used to get Texmod from? I ask because I have a friend in-game who was hacked this week (and lost a fortune). He thinks Texmod was the reason why it happened. I tried to tell him it couldn't have been, but if there are sabotaged Texmods going around with keyloggers inserted (not unlikely if you've ever tried to download other .exe or installers in the past from shady locations), then this is a serious issue. FWIW, Texmod is a standalone .exe file. You just open the folder and double-click the .exe to run it. There isn't an installer for it. If you download a version of Texmod that asks you for installation, DECLINE/REFUSE/CANCEL immediately.


Here's the MD5 of my "ok" Texmod.zip:

TexMod.zip
MD5: 2291F3095F14EFB847D366E2FBE4BE51

So what would you think about someone gaining access to your account, and deleting your characters? Titles... HoM... *poof*

Yes. I would like at least some reassurance that something is being done. Not just "one guy in Germany was caught and banned". Is the method he used now prevented from working? Otherwise, new account and IP and he's back in business, or maybe he passed the method to others.

But most of all I want A-net to take our account security SERIOUSLY

Why no lockout/delay after x failed attempts?

Why does a player gets kicked out when a second person gains access? I'd like to see an ingame message telling me that someone else just tried to log on, their IP address, and the option to /report instantly.

Why can't we set a character to "undeletable" or delayed deletion, so that even if we lose cash/items we don't also potentially lose our characters/titles?

Why does PlayNC password changer only allow numbers and letters, and not the extra characters from a regular keyboard?

FYI: anyone can get your ip (and ips of tons of guildwars playing people) by just posting link that those people will follow to forums or wikis.

Image is link that all browsers autofollow. all you need to put to post is transparent 1 pixel size image.

If you want IP address of someone specific, you just send him PM on forum with that image and check your server logs some time later.

One funny idea is that if (hypothetical, anet don't bother looking for it) remote attack on GW client exists people can get nailed down by browsing forums or especially wikis as they usually do it with client open and game running.

(Baseless Fiction Imagine if someone didn't need to break your password, only steal your session. They get you 007, they use reconnect and bingo, breached acc without them even needing to know your password/email.



IP is known, OS is known, browser is known (and more). And you know that that person has GWs installed, and is serious enough to post to forums, which means that he has stuff worth stealing.

Remember, attacking your machine directly is quite easy unless you are behind nat or firewall.

This is alarming.
Your quick reaction to reset the PW probably saved you, Jetdoc.

Should this not be stickied, thread title changed, people given a warning?
I did not really about read the account hacks of the last two weeks, I usually assume social engineering, carelessness or general stupidity.


But getting hacked while just playing in an Alliance Battle is really creepy.

This is much more serious than the usual "hacks" and really demands some official statements.

MSSQL? Ok didn't know that but it is worth a lol.

And I never said that someone had access or would go for it to gain access. I just commented on how hard it is to get in and some things involved with that. I even said that with access nobody would go for other players accounts but mod the own.

And 160k...well 5 million sold copies is 5 million unique and validated email addresses so it is worth a lot only for that. But still, there are other databases with unique accounts over 1 mil that are easier to aquire.

It's not important though, since it was just one of my examples to show that no "hacking" is involved at all especially seeing that only some ectos and gold were stolen.

I am still sure that ALL reported account thefts are results of either Social Engineering, keylogging or public email + easily guessable pass.

A lot of people use their name or forum name as plaync account name. So basically all you need to ask is the birthday. That alone would lead you to the form for the security questions and there are still a lot of people stupid enough to give correct answers there. All questions are perfectly designed for integration into a convo and that's what I meant with "user's security".

And again, I am sure that nobody would confess that he gave his info away, downladed something suspicous or bought gold with direct transaction onto his account.

As for the modified client...already said



Not going to happen. Excuse my badass painting skills please.

After some thought I think you are right.

That this happened while Jetdoc in AB was just coincidence. He must have fallen to the "usual" methods.

The idea that someone can hack random people that are online at will and hijack their accounts is more a nightmare than something that can really be possible without major effort.

You've escaped me for the last time, Jetdoc. You won't be so lucky next time.

I don't know a whole lot of the whole wiki page editing thing, but what's to stop anyone from changing links to valid, clean mods into links to mods with a trojan or keylogger payload?

Wiki doesn't sound like a place one should be clicking download links from.

Those are certainly the most likely causes. However, I don't take your "it's always the user's fault" head-in-the-sand attitude.

I use "strong" passwords, I don't ever tell people those passwords, or write them down, or store them in shortcuts etc. I use different passwords, email addresses, and login names for different things. I am aware of social engineering tricks, and I avoid giving out personal information of any kind in my everyday life. I have a lot of different security software running on my PC.

But despite all reasonable precautions, I still don't feel like my account is safe. I do not underestimate the resourcefulness of people determined to steal, or their ability to eventually find some way to get into other people's accounts. I am also not so arrogant as to believe I can *never* fall for a scam or my account can *never* be stolen. After all, I do use similar user names in various places, simply because it is convenient for friends to recognise me across all those places. I take that risk, and rely on different passwords for protection.

If I ever get my account stolen, people like you will tell me its my own fault for using similar user names - or even that I *deserved* to lose my account. Perhaps you'd be right. But I truly think it's unreasonable that ordinary people have to use different names everywhere they go, be constantly security-conscious, be careful of what they say and who they say it to... to make up for poor security in the things they access online. Especially when those things are just for games and leisure. Choosing a good password at each place and keeping it to yourself, *should* be all that's needed.

Most people are just gamers. They don't want to be computer/network security wizards, ever vigilant and defeating an unseen enemy. They just want to have fun. I think it's important to remember that - and A-Net should do everything they can to protect our accounts. Right now, they AREN'T doing that.

They can't stop people being stupid, using the same weak password for every login, telling it to somebody etc... but they CAN make it harder for other types of attack, and give us the ability to protect our characters from being deleted.

You should all form a big security company, you seem well aware of all technics used.

Unfortunatly since your main argument is "never been hacked therefore me>u", it's going to fail pretty bad when you'll discover that you know approximatly nothing to what's going on.

I'll quote myself:
http://www.guildwarsguru.com/forum/s...6&postcount=49
What's weird is that it didn't receive any answer. I wonder why.

I think it is obvious. Unknown keylogger/trojan.

There is no reason why antivirus software should be aware of this kind of software if it is very rare (say, someone wrote one in order to get someones specific account, or it was deployed in very small quantity - 10s of infections.)

AV softwares only chance of getting this is Heuristic scans, which are very unreliable and generally only work if author does something stupid that broadcasts "i am keylogger"