I'd love to see a deletion lock on our characters however it's something that has been brought up many times before in Sardelac and Gaile responded there and said it ain't happening, so I think we can forget about that option.
I seriously would not want the x times to enter a password then locked out option. This is really a bad idea. It sounds good at first, but think about it.
How many enemies do you have ingame? Are you an officer in a guild? Have you ever kicked anyone from the guild? Encountered any immature twits while pugging? Been flamed on the forums? I bet you have. I bet a few of them even know your e-mail.
The average player does not know how to hack your account and the odds are that those enemies you've made wouldn't even know how to start trying to hack you, but if the lockout option was implemented they wouldn't have to hack you to "get even". Someone else already mentioned it in this thread, but it bears repeating. Some little twit that has an axe to grind could just enter your e-mail at the login screen and some random characters in the password field until your account is locked. You're the one who will suffer.
I just caught a hacker...
TheRaven
Bront
Quote:
|
Originally Posted by TideSwayer
Where are you getting the download link from? I say this because the link I used originally:
http://wiki.guildwars.com/wiki/Guide...-game_graphics ...links to Texmod hosted on a FileFront server that doesn't even have mirrors for it. Just one link. FWIW, I just downloaded Texmod from that FileFront link, did a virus scan on it (and the Texmod.exe file inside) with Avast and a-squared free malware scanner, and compared the MD5 values with the original Texmod.zip I downloaded late last year, which is still on my hard drive. Same exact MD5, so Texmod, at least from this location, hasn't been sabotaged in any way. Is this a different link than the one you used to get Texmod from? I ask because I have a friend in-game who was hacked this week (and lost a fortune). He thinks Texmod was the reason why it happened. I tried to tell him it couldn't have been, but if there are sabotaged Texmods going around with keyloggers inserted (not unlikely if you've ever tried to download other .exe or installers in the past from shady locations), then this is a serious issue. FWIW, Texmod is a standalone .exe file. You just open the folder and double-click the .exe to run it. There isn't an installer for it. If you download a version of Texmod that asks you for installation, DECLINE/REFUSE/CANCEL immediately. Here's the MD5 of my "ok" Texmod.zip: TexMod.zip MD5: 2291F3095F14EFB847D366E2FBE4BE51 |
there are other places to grab texmod, I suggest you check there.
fenix
AVG seems to be picking up that TexMod link as a false-positive, because NOD32 doesn't detect ANYTHING on the one I got, unless someone changed it since I downloaded. Then again, it seems everyone is using AVG when it detects it.
Bront
Quote:
|
Originally Posted by Jetdoc
Norton never picked up anything. I ran another scan last night after the attack, and made sure my definitions were updated, and nothing appeared.
|
Try AVG free, Avast, or even Trend Micro's Housecall
Bront
Quote:
|
Originally Posted by fenix
AVG seems to be picking up that TexMod link as a false-positive, because NOD32 doesn't detect ANYTHING on the one I got, unless someone changed it since I downloaded. Then again, it seems everyone is using AVG when it detects it.
|
If Texmod was a keylogger, there'd be far more theft going on that not, but it doesn't hurt to be careful.
VanDamselx
Pretty damn scary.
I don't really play GW anymore but I would be pretty pissed off to find my shit gone.
Good luck, Jet. I hope something actually comes out of this.
I don't really play GW anymore but I would be pretty pissed off to find my shit gone.
Good luck, Jet. I hope something actually comes out of this.
Maria The Princess
Quote:
|
Originally Posted by HuntMaster Avatar
1st off, I am sorry about the response you got jet, thats complete crap and shows me that we could all get hacked and nothing would happen, Anet just doesnt care.
Here's another idea, its a bit of a pain in the ass, but humor me. Anet could add these security features. Log in password (which we have) Character passwords (each character has its own password that must be input before it can be accessed.) yes this would take people a few extra seconds to get to playing, but it would add more security, and if like jet, we got booted cause someone hacked our log in pw, then we could get back on, change our log in pw before they hacked a character password. (this would make hacking passwords more time consuming, and we could log back in, boot them out, and change log in password, so they have to start all over again from the begining. I doubt anyone can hack two different passwords in less than 5 minutes (without a program) Add in a Lock feature for characters so they can not be deleted. I would love to lock my warrior, I'm never going to delete him ever, I would buy more character slots if need be, but after the work and time i put in on him, Hes never ever getting deleted. Each password change needs to be confirmed through email, this way no one can change your passwords without access to your email. In-game password. Once you finally get in the game on a character, you have another password you have to enter, you have 120 second (2 minutes incase of lag) to enter this password, or you are disconnected for 5 minutes. This way even if they get two passwords correctly, they have to get the third quick or be shut out for 5 minutes, plenty of time to reset ALL passwords if need be. for each failed attempt, the account would be disconnected for 5 minutes, so 2 failed tries would result in a 10 minute lock out, 3 tries means 15 minutes and so on. Yes this is a pain in the ass, as I said, but it would be very effective in protecting our accounts. Anet says we are responsible for our security but then gives us very few ways to protect ourselves, And then when our protections fail, they say they wont help because its not their responsibility! Another option would be a internal false key and password, so when a program tries to read it, it will only get the fake key or password. I would rather it take and extra couple of minutes to get into each character and log on, than log in quickly and find all my items gone or characters deleted. Because of this very real and very common problem I am taking a break from GW until it can be resolved. I am going to play other games and do other stuff. But if this keeps up I see people getting sick of doing everything over again to regain their items or characters and finally quitting the game, and if anet/ncsoft keeps treating their playerbase like they have with jet, I see people refusing to purchase ncsoft products in the future. Including gw2. No point in getting into something that will only leave you frustrated in the end. PS: Jet, If you are willing, You should call the police and report this, with all the information including the response, and then post what the police have to say, send the polices response to ncsoft and then post there counter response. Also look online for free legal advice and explain the situation, See if there is any action we the consumers can do to either persuade or force ncsoft to do their job and safeguard their product. It seems very shady that we spent our money on something that will fail in the end, almost as if the provider is scamming its customers. This just smells bad on all ends. Everyone who has been a victim of this (hacking) should also do the same. With enough support something will get done. |
i mean, im all for extra security. on SArdelac, there is a thread that suggests adding a PIN or password to storage box, you should see what people come up with just to QQ and not say they are too lazy to type in a PIN and make up a security question.... i still dont get why they REFUSE security but whatever.......
Edge Martinez
Just to touch on the lost connection thing mentioned earlier. I've noticed that the only times I ever get lost connections are when I've been playing in Random Arenas and Alliance Battles, and usually after I've been doing it for awhile.
And also, just life in general, if someone wants to screw you, they will find a way. Just walk through the internet with the same kind of mentality you'd have if you were walking through Times Square. Do the pw changes. Keep your av up to date. Run the mostly useless firewall. My parents computer had so many viruses and infections on it, I think I caught AIDS and cancer when I visited them. And they only do email and check news sites (or so they say ;>). Now they do the basic security stuff we all know we should do, and they've been ok.
And suggestions are good. I'm anal enough to appreciate the pw for each individual toon idea. A sticky note on the desk, and ten seconds of my time is a small price to pay for added protection. Maybe have it as a user option to use it or not. Hopefully Anet takes some suggestions to heart. I know they can claim the GW1 is done argument, but they're the ones who decided to tie it to GW2.
EDIT: Oh, and that contact the police thing is lame ANet. Take a cue from eBay and have a working relationship with the authorities, and you guys..., a company that hopefully contributes to the community and is recognized, file the appropriate reports. It might be us getting hosed, but it's your product being attacked. It'd be worth the while to add extra security, too. Just add up all the hours spent handling these cases and figure out how much your cost savings would be. Kind of like a half assed six sigma for computer geeks... of which I'm happily one.
And also, just life in general, if someone wants to screw you, they will find a way. Just walk through the internet with the same kind of mentality you'd have if you were walking through Times Square. Do the pw changes. Keep your av up to date. Run the mostly useless firewall. My parents computer had so many viruses and infections on it, I think I caught AIDS and cancer when I visited them. And they only do email and check news sites (or so they say ;>). Now they do the basic security stuff we all know we should do, and they've been ok.
And suggestions are good. I'm anal enough to appreciate the pw for each individual toon idea. A sticky note on the desk, and ten seconds of my time is a small price to pay for added protection. Maybe have it as a user option to use it or not. Hopefully Anet takes some suggestions to heart. I know they can claim the GW1 is done argument, but they're the ones who decided to tie it to GW2.
EDIT: Oh, and that contact the police thing is lame ANet. Take a cue from eBay and have a working relationship with the authorities, and you guys..., a company that hopefully contributes to the community and is recognized, file the appropriate reports. It might be us getting hosed, but it's your product being attacked. It'd be worth the while to add extra security, too. Just add up all the hours spent handling these cases and figure out how much your cost savings would be. Kind of like a half assed six sigma for computer geeks... of which I'm happily one.
Shai Lee
If people don't like the idea for the extra individual toon password or the option to lock a character for 30 days, then there could also be an option to exclude that.
- Enable Character Locking (No Delete) for 30 Days on this account
- Disable Character Locking (No Delete) for 30 Days on this account
- Enable Individual Toon Passwords for 30 Days on this account
- Disable Individual Toon Passwords for 30 Days on this account
That way, those that don't want to bother with the extra security or losing 30 seconds of their life in inputting another password, don't have to. Those that would rather have it, get the option. I added the option to Disable also, so that if someone else does gain entry into their account, they can't create passwords on their toons that the owner didn't set up themself. The idea is pretty raw, no doubt it can be tweaked, but it does give both sides the options they're looking for.
I look forward to thoughts.
- Enable Character Locking (No Delete) for 30 Days on this account
- Disable Character Locking (No Delete) for 30 Days on this account
- Enable Individual Toon Passwords for 30 Days on this account
- Disable Individual Toon Passwords for 30 Days on this account
That way, those that don't want to bother with the extra security or losing 30 seconds of their life in inputting another password, don't have to. Those that would rather have it, get the option. I added the option to Disable also, so that if someone else does gain entry into their account, they can't create passwords on their toons that the owner didn't set up themself. The idea is pretty raw, no doubt it can be tweaked, but it does give both sides the options they're looking for.
I look forward to thoughts.
Friday
Here is one possible solution to a lot of anxiety people have for their accounts:
http://www.guildwarsguru.com/forum/s...php?t=10248665
This poll was stuck away in Sardelac so got minimal response. But after the spate of "hacks" reported, I think a lot of people would feel more at ease if their characters were "safe", even if they lose items/gold.
And these are two other threads about the same issue:
http://www.guildwarsguru.com/forum/s...php?t=10278183
http://www.guildwarsguru.com/forum/s...php?t=10200422
Somewhere (can't find a linky right now) Gail did respond to say it was not going to be provided, but I think this needs to be urgently revisited by Anet, given that their response to Jet was.... just.... "inadequate" (to be polite).
Anet/NC-Soft need to take the security fears of their player base seriously, and they need to be seen to be doing something material to help their players in this regard. If they wish their future earnings ie GW2 to be a sure thing - then they need to do some PR work on the perceptions that are rife right now. And those perceptions in this particular portion of the community are not good for their future. They may dismiss us here as only a small representative portion of the total GW player base, but what they seem to forget is the many many others who will experience such a "hack" or unexplained block or ban and simply uninstall and never return or buy GW2.
Personally, I am more than a little disappointed by the attitude displayed on Anet/NC-Soft's part in relation to this. It doesn't help anyone's agenda here to say "it's the player's responsibility to secure their account" and then not provide an effective and manageable way to do so - simply witness the problems encountered when trying to change your password.
http://www.guildwarsguru.com/forum/s...php?t=10248665
This poll was stuck away in Sardelac so got minimal response. But after the spate of "hacks" reported, I think a lot of people would feel more at ease if their characters were "safe", even if they lose items/gold.
And these are two other threads about the same issue:
http://www.guildwarsguru.com/forum/s...php?t=10278183
http://www.guildwarsguru.com/forum/s...php?t=10200422
Somewhere (can't find a linky right now) Gail did respond to say it was not going to be provided, but I think this needs to be urgently revisited by Anet, given that their response to Jet was.... just.... "inadequate" (to be polite).
Anet/NC-Soft need to take the security fears of their player base seriously, and they need to be seen to be doing something material to help their players in this regard. If they wish their future earnings ie GW2 to be a sure thing - then they need to do some PR work on the perceptions that are rife right now. And those perceptions in this particular portion of the community are not good for their future. They may dismiss us here as only a small representative portion of the total GW player base, but what they seem to forget is the many many others who will experience such a "hack" or unexplained block or ban and simply uninstall and never return or buy GW2.
Personally, I am more than a little disappointed by the attitude displayed on Anet/NC-Soft's part in relation to this. It doesn't help anyone's agenda here to say "it's the player's responsibility to secure their account" and then not provide an effective and manageable way to do so - simply witness the problems encountered when trying to change your password.
Paul thy god
i still fail to see the point of hacking accounts, i mean people cannot be bothered to make money or getting to level 20 so they decide to take someone elses account. I was selling off a 10 hour NF trial key, to a guy (wait is that even allowed, but either way, i had 2 NF campaign keys in the box, so why not make use of em) anyway he tried to tell me that HIS character was locked despite the fact the character he was in had FoW armor, and that if i gave him my username and password he would make the money appear. i didnt trust him due to his poor english, and repeated use of the phrase " I will not deceive you i give you my Word". i mean honestly people need to pick up their game. if you cant be bothered leveling one account, why should you risk a PERMA ban and having to fork out another 50 bucks to get another copy of the game due to lazyness.
Faer
TL;DR:
ArenaNet and NCSoft have utterly shit security. They have had utterly shit security for years. Their utterly shit security has been exploited time and time again. They have not done anything to truly protect the community, such as fixing their utterly shit security. Ergo, they don't care, and we're the suckers.
But enjoy the PvE/PvP separation, guys. Heard it shows they really listen to us.
ArenaNet and NCSoft have utterly shit security. They have had utterly shit security for years. Their utterly shit security has been exploited time and time again. They have not done anything to truly protect the community, such as fixing their utterly shit security. Ergo, they don't care, and we're the suckers.
But enjoy the PvE/PvP separation, guys. Heard it shows they really listen to us.
Stockholm
Quote:
|
Originally Posted by Faer
TL;DR:
ArenaNet and NCSoft have utterly shit security. They have had utterly shit security for years. Their utterly shit security has been exploited time and time again. They have not done anything to truly protect the community, such as fixing their utterly shit security. Ergo, they don't care, and we're the suckers. But enjoy the PvE/PvP separation, guys. Heard it shows they really listen to us. |
zamial
4 million + copies sold and all of 10 I got hacked posts. I do feel for the victims but the odds are in your favor to never be hacked.
Faer
Quote:
|
Originally Posted by zamial
all of 10 I got hacked posts
|
cosyfiep
Quote:
|
Originally Posted by zamial
4 million + copies sold and all of 10 I got hacked posts. I do feel for the victims but the odds are in your favor to never be hacked.
|
Most of the 'I got hacked' threads get DELETED since there is not much we can do about it ----and it seems that anet/ncsoft doesnt give a ratsass about it either.....
so you can do a search, but you wont find many ---and most of those will be closed with the 'contact support--we cant do anything for you' logo.
(and who says that all the people who have been hacked post on guru?????)
Thizzle
I have been watching the and see people say "There has been an increase in account hacking lately". I somehow think that it just has been reported more and that this has always happened. The main possible ways of getting your account stolen is sharing passwords, power leveling (oh man idk what to say if you pay for that), and keyloggers or phishing. I think a lot of it is just software bundled with things that you don't want and eventually your account is empty.
Tyla
Well if people will post their current situation, how often they scan for viruses / spyware, what they've been going on etc. (Which is highly doubtful, because I believe that can lead to hacking too, not sure because my knowledge on this thing is BAED.).
If this can be found out by other means, I hope my absense from Guild Wars doesn't get my account robbed...
(Especially because I've bought about 12 character slots, NF and Factions CE...)
If this can be found out by other means, I hope my absense from Guild Wars doesn't get my account robbed...
(Especially because I've bought about 12 character slots, NF and Factions CE...)
Chestnut
Gonna have to disagree. Reports in the last 1-3 months have sky rocketed and alot of the people have done none of these things.. however one thing does seem in commmon we all use guru.
Thizzle
There are possible malicious programs that can set your host list so that your antivirus doesn't update and then it can deploy a newer virus then the one your database in it and things like this has happened before. I got one before that changed my host list, but I don't care if someone gets on my account. I mean the only true way to monitor if it has increased is read the reports made by players to anet, but that isn't going to happen unless we use an anet employee to do it.
whitedragon
wait.... how does power leveling get your account hacked or stolen
Nemo the Capitalist
another useless thread.....j/k
informative ty
informative ty
Mocisme
Quote:
|
Originally Posted by Chestnut
Gonna have to disagree. Reports in the last 1-3 months have sky rocketed and alot of the people have done none of these things.. however one thing does seem in commmon we all use guru.
|
Now, i don't know how guru is run or how many people have admin rights. Nor do i mean to point fingers, but remember, they might also have access to your e-mail and a password you use for guru. If these are the same as your UN and PW for guildwars... well, you know.
Dylananimus
Quote:
|
Originally Posted by Mocisme
to this, i might ask, has anyone checked other guild wars fan message boards to see if they have a surge in account thefts/hacks as well?
Now, i don't know how guru is run or how many people have admin rights. Nor do i mean to point fingers, but remember, they might also have access to your e-mail and a password you use for guru. If these are the same as your UN and PW for guildwars... well, you know. |
I would suggest everybody changes the email address they use at forums to something different to their username login for GW. And hide all private data at forums, including your date of birth.
Longasc
Quote:
|
Originally Posted by Mocisme
to this, i might ask, has anyone checked other guild wars fan message boards to see if they have a surge in account thefts/hacks as well?
|
A real hacking spree.
Inde
Everyone, we have checked the security on our side. We looked at our logs (hey, I'm not beyond paranoid either). There is nothing suspicious. We would have the IP and log of anyone who was trying something on our server. Not to mention we have at least 2 levels of security through everything so it would take more then a username and password for someone to get onto our server, FTP, even our little forum admincp.
I will state for the 3rd time, NO ONE ON GURU HAS ANY ACCESS TO ANYONE'S PASSWORDS. The only people with server access, no this doesn't include your passwords either, include 3 people and I'm sorry to tell you that not one of them plays Guild Wars. Even I don't have our root server access.
There is no way for anyone to install a program or unecrypt your passwords on this site without us knowing about it. I honestly hope that will STOP all the paranoia about it being Guru. We happen to be the largest GW forum. Most items of note are posted here first regardless of what they are and that we have been a source for a lot of people posting their hacking stories only tells me that many more accounts then this have been accessed.
I don't know what else I can do to reassure everyone. I have tried to make you feel secure that it's not coming from Guru. I can't say what Anet is doing because they've been silent, if Jetdoc's letter is an indication of things different from 2 weeks ago is that perhaps they won't be taking action until they are subpoenaed. All assumptions but I haven't seen anyone from Anet tell us they are looking into anything.
I don't mean to sound harsh but from this point forward I will not entertain anyone else pointing a finger at us. I have looked into this from Guru's end. I have verified what I all ready knew that it is NOTHING that Guru is responsible for. This includes the recent ads we had 2 weeks ago that did infect some user's systems and that some claimed as a keylogger, which it was not. Not one of these user's has reported their account being accessed. Also taken into account that many user's who have had items stolen from their accounts have run varying virus' scanners and nothing is detected on their end.
If you feel that you might have any information to contradict this please PM me or email at [email protected] But we have at least looked into this thoroughly, I can't repeat myself over and over so any post even suggesting that Guru is connected to this will be deleted as it is wild speculation and has no basis.
I will state for the 3rd time, NO ONE ON GURU HAS ANY ACCESS TO ANYONE'S PASSWORDS. The only people with server access, no this doesn't include your passwords either, include 3 people and I'm sorry to tell you that not one of them plays Guild Wars. Even I don't have our root server access.
There is no way for anyone to install a program or unecrypt your passwords on this site without us knowing about it. I honestly hope that will STOP all the paranoia about it being Guru. We happen to be the largest GW forum. Most items of note are posted here first regardless of what they are and that we have been a source for a lot of people posting their hacking stories only tells me that many more accounts then this have been accessed.
I don't know what else I can do to reassure everyone. I have tried to make you feel secure that it's not coming from Guru. I can't say what Anet is doing because they've been silent, if Jetdoc's letter is an indication of things different from 2 weeks ago is that perhaps they won't be taking action until they are subpoenaed. All assumptions but I haven't seen anyone from Anet tell us they are looking into anything.
I don't mean to sound harsh but from this point forward I will not entertain anyone else pointing a finger at us. I have looked into this from Guru's end. I have verified what I all ready knew that it is NOTHING that Guru is responsible for. This includes the recent ads we had 2 weeks ago that did infect some user's systems and that some claimed as a keylogger, which it was not. Not one of these user's has reported their account being accessed. Also taken into account that many user's who have had items stolen from their accounts have run varying virus' scanners and nothing is detected on their end.
If you feel that you might have any information to contradict this please PM me or email at [email protected] But we have at least looked into this thoroughly, I can't repeat myself over and over so any post even suggesting that Guru is connected to this will be deleted as it is wild speculation and has no basis.
Witchblade
Make this post a sticky, Inde 
IrishCB
I bet at least 50% of the ones who were hacked use the same password for Guild Wars and their Email, who's fault is it really? The USER!!
Alleji
I love how NCSoft's response is basically "we don't care unless you take this to the police".
This game has horrible customer support...
This game has horrible customer support...
Arkantos
Quote:
|
Originally Posted by Alleji
I love how NCSoft's response is basically "we don't care unless you take this to the police".
This game has horrible customer support... |
Mewcatus
Quote:
|
Originally Posted by Arkantos
I love it too. What's really funny is the police would most likely do little to nothing to help. They have way more important things than people "hacking" MMORPG game accounts.
|
SerenitySilverstar
I said it in the other thread: Just because there are more anecdotal evidence of hacking coming up on discussion forums, does not mean it is worse than any other time.
A greater number of people may be talking about it, but it could only be a greater percentage of the same number.
A greater number of people may be talking about it, but it could only be a greater percentage of the same number.
Mewcatus
Quote:
|
Originally Posted by SerenitySilverstar
I said it in the other thread: Just because there are more anecdotal evidence of hacking coming up on discussion forums, does not mean it is worse than any other time.
A greater number of people may be talking about it, but it could only be a greater percentage of the same number. |
Well, i tend to agree with you. I read anything with a pinch of salt, especially if it is on an issue which merits hard mathematical facts to determine actual gravity.
But to the OP, congrats on you managing to outwitting the intruder in time.
DarkFlame
Quote:
|
Originally Posted by Alleji
I love how NCSoft's response is basically "we don't care unless you take this to the police".
This game has horrible customer support... |
They are saying that they have not detected anything wrong on their end, or at least they haven't been informed of anything. So the problem must be somewhere else and since you believe you're the one being hacked, you should go call the police.
Quote:
|
Most of the 'I got hacked' threads get DELETED since there is not much we can do about it ----and it seems that anet/ncsoft doesnt give a ratsass about it either..... so you can do a search, but you wont find many ---and most of those will be closed with the 'contact support--we cant do anything for you' logo. (and who says that all the people who have been hacked post on guru?????) |
fusa
Quote:
|
Originally Posted by DarkFlame
They are saying that they have not detected anything wrong on their end, or at least they haven't been informed of anything. So the problem must be somewhere else and since you believe you're the one being hacked, you should go call the police.
|
FeroxC
Fusa apparently nobody has gained illegal access to A-nets servers or Gurus. Nothing is wrong, so they won't do anything.
Sounds like if you got hacked tough luck it must have been your own fault.
Sounds like if you got hacked tough luck it must have been your own fault.
Leetwalrushunter
Quote:
|
Originally Posted by slowerpoke
i take it these are brute force password attacks if the user hasnt given away the password (in)directly?
would have guessed they have an account lockdown after x many failed attempts and how exactly long would it take to crack a 13 char(max length) string of random chars? |
Stockholm
Quote:
|
Originally Posted by fusa
The person/people hacking the players accounts are using the accounts to illegally gain access to A-net's servers. This is against the federal laws covered in 18 U.S.C. 1030. A-net has repeatedly stated that selling gold/items for real money is against the EULA since its their property. I really don't understand why they wouldn't have a more proactive stance with people's gold/items. Especially since its most likely gold sellers doing this.
|
kazjun
An AB weekend this week. Should be interesting if the hack was from AB. Unless anet nailed it with that unknown exploit update.
fusa
Quote:
|
Originally Posted by Stockholm
And what if the hacker is from a country outside the US? Then US federal laws mean ZIP DODA.
|