Do hackers ever stop here?

Test the strength of your password:
http://www.microsoft.com/protect/you...d/checker.mspx
http://www.securitystats.com/tools/password.php
http://rumkin.com/tools/password/passchk.php

Use a password manager (such as PasswordSage, among the many that exist). Check these tips.

I've seen before people telling me that they never shared their password, only to realise they had it written on a piece of paper put somewhere where colleagues, friends or less friendly people could see it.

To do a full thorough security check of your PC: first of all, do it offline with your antivirus and the standard antispywares; then download another antivirus, such as the trial of NOD32 or Kaspersky, and try another check, again offline.

Regina: it's worth investigating, there seems to be a lot of strange events happening.

This is very troubling news. I've also had troubles recencly with a trojan that just seemed to appear on my computer. Not to assume it's the same one, but it's not impossible. It's sad that RMT and hacking has escalated to something so bad. MMO companies need to start installing things in their own product to prevent against this sort of thing, should take note of Perfect World's security system that lets you lock down your account. This prevents character deletion as well as trading/selling/buying/dropping or destroying of any kind until a timer is up.

I suggest to everyone to do the following:

Download Firefox if you don't have it
Download the Noscript addon if you don't have it
Download one or all of the decent free AV programs. Avast, Spybot: Search and Destroy, Ad-Aware (the basic version) are all free. There are also others that do well.

Best of luck to the folks out there, getting hacked can't be fun, especially when there is only so much that Anet can do. It's sad that we can't kill the problem at the source... Yet.

Do you use IE or Firefox?
How strong is your password?
Do you click on any other GW links?

I use Firefox
I make sure that my passwords are at least 10 characters and have special characters, numbers, upper and lower case. Also i dont use this password for any other thing (email, porn, bank, etc.). Also changing your password periodically helps prevent slip ups.

"[email protected]" is an example of a strong password.

Logged on my account just to check, i have obsi + chaos gloves so i might looked rich. But all the poor hacker got was 1k and 1 zkeys.
xD

thats what you get for watching porn

Ah, it is working indeed! No need to go to PlayNC anymore, very helpful.

@ Shayne Hawke: Hope you can think up on a hard to crack password.

Does anybody still use Ad-Aware lol. Not sure what is out there for free firewalls though (you left that out)... Online Armor, Zone Alarm, Comodo... but Agnitum Outpost is BY FAR the best firewall if you have money... fully customizable, easy to use, fast, presets for everything, life time licenses are out for it now I think too.

Not according to Microsoft:

Either way, I'd like Anet to implement some kind of extra barrier to prevent the hackers from accessing your characters after they've brute-forced their way into your account. The permanently locking of characters has been suggested before, as well as temporarily suspending your account after 3 failed login attempts.

Because losing all your money and Zkeys is indeed horrible, losing your character that's nearly 4 years old is on a whole different scale of loss...

Getting a bit paranoid here...

My friend got hacked yesterday as well, what's weird is that the only thing they took was straight cash. Had ectos, rubies, sapphires, elite armors - they weren't touched - but instead he lost ~175k. He worked with computers; he knows what he's doing with this stuff. He filed a support ticket last night. He doesn't use any forums.

I'm curious to hear if this is above the normal amount of hacks, or if everyone on Guru is just suddenly saying something at once?

Editing with the great list Shayne posted:

I think the best thing to do is leave this thread open for Regina (and perhaps someone should post it on her wiki), judging by how many people are saying they have been hit. it probably is a good idea to investigate it.

The best way to prevent it probably is if they modify the client to make it lock out after 5 failed attempts (since a brute force would need more than 5 attempts to hack into it) and it would lock out for about 30 mins to 1 hour (best way I can think of to protect the persons account but not keep owner of the account locked out for a long time)

I think it's safe to say that the only hackings that we're really trying to consider follow these criteria:

- Happened recently.
- One character was moved to the Great Temple of Balthazar.
- Many items of value that were not tied to the character/account were taken/lost. i.e. Undedicated minis, Z-Keys, uncustomized weapons.
- Items of much less value will sometimes be left in place of what was taken/lost.
- No characters were deleted.

I personally feel that I've done nothing to warrant access to my account by someone else, and it seems many others here who have been hit by this feel the same way. To me, this sounds like some dangerous trend starting to form.

That's what it does now, Gaile said a while ago. If you get the password wrong a few times, it kicks you out for an exponentially increasing amount of time, so brute forcing won't work. This must be keylogging or some packet manipulation or something.

More likely an addiction to kinky pornography.

Some things to check:
- is your password same for GW game client and Xunlai Predicitons
- is your password + email same for GW game client and email (like Gmail or other)
- do you suspect you might have clicked anything suspicious on the internet (nooo {puts away the handkerchiefs} )
- does your AntiVirus software report any malicious software (I'd like to point out that there are some popular AV not quite competent, not naming any...)
- do you use IE6 and your latest Service Pack for Windows XP is SP1 *

*
websites (GWguru amongst them) were infected with iFrame malware that spreads with ads.
About iFrame exploit

And about passwords -> ¬itt1e.sTar¤ w0Ot
Alt+0172 = ¬
Alt+0164 = ¤

Eight years of online rpg/mmorpg and I never been hacked. I download files everyday from a certain site that's known for trolls uploading keylogger, trojan, virus but none has ever worked cause I'm just that awesome.

According to microsoft theres been a increase in online games trojans this month, although Guild Wars are not mentioned as one of the top targets. You can see more details about the attacks by following this link

Not trying to point blame to anyone. But do you have the same email/password for GW as same as the one you have on Guru? Maybe whoever is doing this is picking off the information from Guru and using it on GW to see if they access it?

This seems to happen at least once a year. For those who are paranoid (hey, you have every right to be) I'm going to review the incidents that have happened.

The last slew of "hacked" accounts was on 05/05/08... this was a specific hacking that went around involving 2 accounts that were used to hack into players accounts. It was suspected that the guilty party were using a key logger or a fake website to obtain account information. Anet was very helpful in this case and reported that they had banned the accounts.

There was another incident right after this on 05/28/08. Anet stated that they did not see any increase, more then normal, in hacked accounts. They always say that if it was a problem it would be more widespread. See below for more on that.

The hacking incident that parallels this one was actually about 2 years ago. We had at least 25+ reported hacks. Zkeys being stolen and the like. Here was Anet's response:

And Skullcrasher, it's suggested every single time. You'll get a mixed response of people that do and people that don't. For all the people that swear they use great passwords and protect themselves, even on Guru I can tell you that there are over 900+ forum users who have "password" or their username as their password. VBulletin has a great lil' feature that displays the # of vulnerable accounts (no it doesn't give me access to view which accounts). So yes, from that alone you can just imagine how many people do the same with their Guild Wars accounts. I am, of course, not suggesting that those above were careless or that this is even them but it shows you that many players do not secure their accounts. Why does this keep happening? It happens in all games. Go to any MMO forum and you'll see reports of hacked accounts. Sometimes you will never know why. With every safeguard in place, it seems that some are still vulnerable. Which either tells us they are smart and subtle or that there is no protection. Forums can be hacked, yes. Though I can tell you that our server admin has been on our servers for the past 3 straight days and I can assure you that no suspicious activity happened. Game clients can be hacked, yes. Good luck getting any developer or company to admit to this unless it's catastrophic.

And just to answer all the other questions, because they come up every single time...

No one, not even an admin has access to the password you use on this site. To be more specific VBulletin uses a non-standard encryption method. Consisting of taking the md5 hash of the password, concatenating a salt string and taking a second md5 hash. What does this mean? This is a multi-encrypted password that no one can read.

In your email program have a rule set up that removes all emails to trash bin with words "guild" and does not come from NCSoft's or ANET's valid email domains.

Well, I got hacked and 2 weeks later I got a permanent ban.

I have send numerous support tickets and they don't want to change it back because it seems he used a third party program.

Do you think this is fair? K, I am responsible for my account, I don't really care that there are items gone, lots of cash, but that they give me a permanent ban for what that guy did isn't fair.

I paid 250 euros for my account, I am a long time member (from the World preview events) and they just give me a ban... I had 11 characters... Played lots of PvP.

This makes me sick, that they don't want to listen. Yes I am just one of the many millions, bah it makes me sick.

I am trying to contact regina etc, because support doesn't want to listen anymore.

Quit going to gw porn sites and im sure that some of those people that say they never goto those gw websites to buy $ or other things is just full of shit. this is one of the biggest ways of getting hacked. a good anti virus solves key logging..etc.. so many poeple ive seen and heard gived "friends" account information and blam..supplies are gone. DTA= dont trust anyone..

If you have a good anti-virus, dont give out account info and stay away from gw wanna be sites wont have problems getting scammed or hacked. come on people use your common sense.

I agree with Anets response above.. if you get hacked its your own fault and stupidity. dont blame anet or anyone but yourself. I think anet does a great job and why all the hate against anet.. they didnt give you a shitty, easy to hack password nor did they tell you to goto these 3rd party sites to get hacked nor did they tell you to tell your friends your account info in case you forget the info..all so u can turn around and yell at anet.. sounds logical to me.. thats exactly want anet wants to deal with more idiots that just bitch and complain to them. u got hacked your own fault..take some responsability.

Pro tip - use a different email for your games than you do for any forum or other similar online activity. Whether or not your password is secure is irrelevant if you dont give out your game email.

I do, works a treat

Thx Inde, well as a good measure I'm switching all my password and emails!

I don't want to login to my account and see all my stuffs gone or my characters deleted! And I agree with Fates Monk, don't use the same email for everything. Change it so that peoples don't know what your actual account email/name are!

its just their way to tell you: "Ha-ha, want to buy your Z keys back?"
you guys freaked me out, already changed pass and gonna hide my mail for everything, just to be more secure

You are a big idiot.

I have never gone on any of these sites or never needed to buy something from those sites.

I don't know why I got hacked or how, but it just happend.
And I am sure there are alot people like me to, that didn't did anything wrong.

And people like you are just big idiots, only when these things happen to you then you will change your mind.

SilentAssassin,

Question for you, do you by any chance use the same email/password from your GW acccount to your email one?

Also do you remember what you were doing before you got hacked? Maybe it could lead to clues as to why it happened.

I wish A-Net peeps can come on here and provide some insight or support to the community. Everyone is going paranoid like Rorschach!

You want strong passwords, with different email addresses/account names for each of your accounts (be it on forum, games, etc.), without the hassle:

use a password manager (only a recommended one, I recommend PasswordSafe)

I use the same email,

but I don't really care that hacker got in, I changed my password as fast as I could, but it is just painfull that I got a permanent ban for what he did in 2-5 days.

The old response from anet kinda irritates me... Personally I have never bought gold, never downloaded or clicked on anything related to this game or site, I have never allowed anyone to have access to my account other than me, I have never released my email address to anyone in game. I know how to be smart enough to avoid these types of things.

Now for anet to basically say tough shit, we don't care cuz ur all a bunch of retards giving away ur account info... that is annoying. However, to those few of u who may have given out ur info...then yeah gg retards. Quit QQing.

To touch on what one guy said, thankfully i didn't get my almost 4 year old main char deleted...something like that would probably cause me to quit GW and never even look at GW2... so hopefully anet will do something like...o i dunno...protect their customers so that we will consider buying their next game when it comes out...if the damn thing ever does come out... Since GW is free their is depending on us all buying the next product so it would make sense to keep us happy so that we will. I understand the "drop in the bucket" but still, if those of us who got hacked really are just a "drop in the bucket" then why would it be so hard to help us out here?

I had about 2 mil worth of items, gold, ectos, tonics looted yesterday and a grail of might traded to me for it. The fact that someone is trading items to us for our items tells me a few things... it tells me that blank trades where someone trades stuff for nothing pops up on some "radar" at anet so they can track gold sellers/buyers and the such...So this also tells me that if blank trades are monitored then all trades are or can be monitored, so my conclusion is that if we are able to give a specific enough window of time then anet can track down who "i" traded to and what items were traded. End result, if someone at anet actually cared enough we could get all our stuff back and the other persons account could get banned, perhaps all accounts tracked form their originating IP could be banned as well, but that might be a bit much to ask.

Okay, I understand this is upsetting to a lot of people but let's not start with the personal insults.

Quite frankly, since we don't know what method the hacker is using it stands to reason that anyone is actually vulnerable.

I encourage you to work with Support and if there is a large amount of people affected Anet will address it.

strong passwords ftw

lol i got hacked too and just like everyone said one of my chars was in great temple with all zkeys and ectos gone, but they didnt even replace it with anything! oh well i rarely ever used those keys and ectos anyway, but still kinda sux

again..why is this anets responsibility? it's not anets fault you traded with someone and got taken to the cleaners. So basically if anet "cared" they would "protect customers"? how can anet protect against stupidity or people that understand about the trade window. How can anet make this any simpler? if they made it idiot proof and someone got taken through trade that person would say its anets fault why?

If anet was to keep us "happy" then they should do whatever we want then to do or i will not buy gw2. Get over it. again what happened to you was your fault not anets. ironically if you had 2 million worth of gold and stuff you would have to play the game along time to get that amount of money and not know how to use the trade window? either u full of shit or not very smart ..maybe both. no wonder why gw2 takes forever to come out with all these people QQ to anet about problems "They Have To Solve" becasue of player stupidity cause if you dont fix it i wont buy gw2. Bunch of babies.

Well, I really hope anet institutes something to help keep our characters from getting deleted. I too would quit gw and likely never look at gw2 if my main got deleted. I'd even be willing to pay anet to "lock" my character so it could never be deleted. You hear me anet? Money in the bank for you! Make it happen. I'm thankful that I was basically poor when it happened and they didn't do anything worse.

Like I said, I never did any of the stuff that everyone is saying 'ur dumb I bet you did this and got hacked' Nothing at all. The only thing I can think of is that I used the same email address for guru here as for my account (you can bet it's changed now!) I even used a different email for my other forum accounts, it's just when I did this I used the same one for some reason. And I had the same password forever instead of changing it frequently.

Anyway, not that this narrows it down, but I've been away for a couple days prior to my hack. I was actually playing one of my secondary characters through vizunah square and was right at the last fight when I disconnected. I was disgusted about the dc cause of where it happened, so I went for dinner and came back maybe 3 hours later. It was in that window of time that I got hacked. I think maybe even that the hacker booted me out since I usually disconnect on load screens and not in the middle of an instance. I doubt that what we were doing at the time has anything to do with it though. I really think it's gonna end up being something like they hacked guru or xunlai or something, got our info, and if the email was the same they either brute forced it or something else.

What the frogs are you talking about? Adult wasn't scammed during trade, he was hacked and his stuff got traded from his account to another one. What's the relevance with people being noobs at trading?

Wow, are you completely not reading what anyone is saying. Nobody got taken through trading. It has nothing to do with getting scammed or doing bad trades or whatever. People are logging in to gw and finding their characters stripped of zkeys/ectos/rare weps and standing in gtob instead of where they left them, and usually some junk item in their inventory, implying that whoever hacked into their account traded the junk item for their millions of plats worth of stuff so it wouldn't be flagged by anet as a 'suspicious' trade. It's not people being stupid and QQing. It's people being hacked and wondering what anet is going to do to catch the people hacking. I don't expect my stuff back, and in the grand scheme of things I didn't lose as much as other people here. But I do expect anet to trace that trade (I gave them a pretty specific time window of when it happened) and trace the zkeys back and ban every account those zkeys touched. Some of those accounts may be stolen, but at some point they ended up back at the thief's account in some way and that is what I want banned.

why should anet "lock your character" they own the game if they want to delete your character they can. There is 2 sides to every story and if someone says that "anet deleted my account for no reason" yeah right im sure anet goes around randomly to delete accounts. No offense but im sure your $ to lock your main account so it doesnt get hacked is anets responsibility since they cant control where you go or where you place account info at or to whom u give account info 2.

i doubt brutal force was used to "hack" into your account. either a key logger or one of your friends have account info. they sign in and boot you off..you went away for 3 hours..plenty of time to take your goodies.

funny thing is most people dont actually hack..they just smarter than you. "hack" would be someone breaking into GW client. "hack" is such an overated term even people in ab think the kurzicks win cause of "hacking". dont u think that if someone was hacking stuff that anet cant tell? com'on people use common sense.

Material wealth, no matter how huge, will be recoverable through personal gain/work. At this point, I'm more concerned about knowing that whoever or whatever has done all of this is shut out from doing it again. I'm not comfortable playing GW with that account unless I know that I won't get hit again by the same person.

because people think that getting scammed and hacked are the same.

get those frogs.?

sorry if i misunderstood what he said.

those frogs better?