Help

Just a FYI

Hey guys was about to make my picks for this month....

When i started to type the name of the web site::::


I type www.guildwar.com.....

not

www.guildwars.com

that first one set of all sorts of alarms on my computer.... You guys might notice the missing s... You guys with all the smarts might bring this to someone attention.

If this is old news or just something else, sorry.

DS

Removed the whois it.. since its Anets Thanks Regina

This can be closed now if you guys want.... I'll be hanging in the back again..

I can't tell whether you're trying to point something out here or whether you're having computer troubles.

Point something out sorry.. just more of a FYI.....

bookmark sites and you won't have to worry about mistyping the url?

Thanks right the warning?

I don't see it asking for account info/downloads etc. I think it's just a forward to a website.

hmm... this info looks a little bit personal, imo. not sure if the numbers given, for example, are their personal numbers (too lazy to doublt check, in HA atm and can only briefly read during loading/waiting times xD) but i think this should be deleted if so.

Yeah, you really need to be careful with the URLs. I tried to go to a website once and forgot to use the correct extention... ended up getting an eyeful.

Try contacting anet about this to see if they can do something about the site in question. IMO they should have gobbled up anything close to guildwars.com and common typos to begin with.

Well the funny thing is I didnt get a warning on the site, untill I was about to go into the Xunlai House (the site is a copy of the GuildWars site, I mean I full copy)... thats when my computer give the a warning about the certificate information not the same as the web site and that is was trying to collect input data.

Yup I was going to tell ANet, but I put it here because they (ANet) gets on here as well.

This does look fishy... had it been some sort of redirection page that would be understandable, but this is an exact copy of the actual GW website.

Pretty scary that it gives you access to XTH. Looks like an account access attempt to be honest.

Rofl at the @gmail email addresses. Because I'm so sure anet uses gmail to conduct business.

WHOIS with [email protected] and the Anet founders as owners!! Definitely a fake one used to phish GW players, a company would never ever do that. Fill out a support ticket (also send an email at: community at guildwars.com) and hopefully Regina will also catch it from this thread.

Well done!

as stated i have very little time to actually skim over what was given. all i saw were named of some of the big boys from aNet and then saw phone numbers. and yes, i know they would not use @gmail.com ^^

I like how it says guildwar.com. Made me laugh pretty hard.

hmm... how can they steal your info from this site? i was checking it out quite a bit and when you get to things that include plaync or buying a new campaign or w/e it leads to the real guild wars website. i mean the only thing that i noticed took me to guildwar.com (with no S) was the xunlai tournament house...

i mean... like... lol... unless you're menally special you wouldn't link your XTH log-in to your REAL GW log-in, right? so what are they going to do? predict for you?? lyk3 0h n03s... n0t th4t!!! NOOOOOOOOO!!! ._.

XTH requires a password and e-mail to log in right? So (s)he collects those and could simply keep trying until (s)he's lucky. Also (s)he might use the info to get into other website accounts.
People who use different passwords for all accounts are probably safe (haven't visited the website myself), but I bet there is a certain % who does not use different passwords.

Some people use only one password for all their accounts. Some use the same password for all GW-related accounts. Some will use different passwords but the same email address. Etc.

Of course people then gloats and laugh at these guys and say with a lot of pride "lol you're stupid, you deserver to be hacked". But I'm not sure who's really stupid in that case, this kind of behaviour will rather provoke shame and fear for the hacked person, thus making security problems worse.

If you knew how security works, you'd know that it's a constantly evolving topic that requires adapting quite often. Even security professionals make security mistakes and get hacked, even more sometimes when they are quite visible and high profile.

Lastly, and most importantly, social engineering is an eternal threat, because it's part of who we are as human beings: social beings.

EDIT: I'm very happy that Regina gave some information on how this affair was processed by Anet/NCsoft, it shows how serious they are and that they're working hard to try, whenever possible, to compensate hacked people. Investigating these cases is a huge pain and requires an incredible amount of time-people to avoid making serious mistakes.

I expect visiting that site results in spyware attempts through tracking cookies. Just run Adaware or some other free program to make sure the jerks don't get to find out about your strange browsing habits.

Exacly the same thing with Arena.net same address ([email protected]) allocated to arena.net
Usually known as ArenaNet.com.


The Registry database contains ONLY .COM, .NET, .EDU domains and
Registrars.domain: arena.net
owner: n/a
organization: Arena.net, Inc.
email: [email protected]
address: 10020 Main St. #164
city: Bellevue
state: WA
postal-code: 98004
country: US
phone: +425.4629444
fax: +425.6710589
admin-c: CNET-354982 [email protected]
tech-c: CNET-357631 [email protected]
billing-c: CNET-357656 [email protected]
nserver: ncdns02.ncaustin.com
nserver: ncdns01.ncaustin.com
status: lock
created: 1998-05-06 00:00:00 UTC
modified: 2008-11-03 16:51:37 UTC
expires: 2012-05-05 04:00:00 UTC

contact-hdl: CNET-354982
person: Mike O’Brien
organization: Arena.net, Inc.
email: [email protected]
address: 10020 Main St. #164
city: Bellevue
state: WA
postal-code: 98004
country: US
phone: +425.4629444

contact-hdl: CNET-357631
person: Patrick Wyatt
organization: Arena.net, Inc.
email: [email protected]
address: 227 Bellevue Way NE #75
address: Bellevue
city: Bellevue
state: WA
postal-code: 98004-5721
country: US
phone: +1.4254629444

contact-hdl: CNET-357656
person: Jeff Strain
organization: Arena.net, Inc.
email: [email protected]
address: 227 Bellevue Way NE #75
city: Bellevue
state: WA
postal-code: 98004
country: US
phone: +1.4254629444

source: joker.com live whois service
query-time: 0.011676
db-updated: 2009-03-26 14:14:54
NOTE: By submitting a WHOIS query, you agree to abide by the following
NOTE: terms of use: You agree that you may use this data only for lawful
NOTE: purposes and that under no circumstances will you use this data to:
NOTE: (1) allow, enable, or otherwise support the transmission of mass
NOTE: unsolicited, commercial advertising or solicitations via direct mail,
NOTE: e-mail, telephone, or facsimile; or (2) enable high volume, automated,
NOTE: electronic processes that apply to Joker.com (or its computer systems).
NOTE: The compilation, repackaging, dissemination or other use of this data
NOTE: is expressly prohibited without the prior written consent of Joker.com.

Okay, I take it back, they are retarded enough to use gmail for business O_O

Guildwar.com and GuildWars.com and ArenaNet.com and Arena.net are all on the same name server. (We won't even talk about how bad having a copy of your website on another URL is for their SEO either, even though they are the official site they could be weighted higher). Why they use gmail is beyond me. I would have completely assumed it was a phishing site. Guess not. What alarms did it set off Lemmonhead?

The gmail accounts are probably used as throwaways. Don't want random spam in your main email account.

This :-)

My domain is also registered under a gmail address. If an email addy is going to be shown in WHOIS lookups, I want it to be an email spam-can account (MSN, gmail, yahoo...) and not my ISP, or @domain account.

The gmail account I used is a haven for spam now. The provider and domain accounts are free of such annoyance.

this is what FireFox does when you try to go into the XTH....

Secure Connection Failed

www.guildwar.com uses an invalid security certificate.

The certificate is only valid for www.guildwars.com

(Error code: ssl_error_bad_cert_domain)

* This could be a problem with the server's configuration, or it could be someone trying to impersonate the server.

* If you have connected to this server successfully in the past, the error may be temporary, and you can try again later.

Or you can add an exception…

Like i said if its a site that is own by Anet then coolness.. if not then its a FYI for you guys...

I confirm that http://guildwar.com does belong to us.

The web team has been notified of this thread and your concerns. They have set http://guildwar.com to redirect to http://www.guildwars.com.

In addition, http://www.guildwar.com/competitive/...se/default.php will be redirect to https://www.guildwars.com/competitiv...se/default.php

That's some pretty prompt customer relations. GG.

Now ban leechers and bots from Fort Aspenwood.

Ty!

Thank you Regina, you're the best!

I had Mozilla/Firefox go off about this site for a couple of days. Said it was a malicious site and when I googled it google said the same thing. It lasted a couple of days and then all of a sudden it disappeared and I was able to goto this site again. Makes me wonder what happened to cause Firefox and Google to go off that way about this site?

Huh, so is phishing from similar website?

IIRC Firefox uses Google's SafeSurf thingie to display messages about "phishy" websites (it happened to Guru when there was a nasty outbreak of spyware'd googleads?), and from personal experience it has quite a lot of "false positives", i.e. non-malicious websites being rated potentially malicious.

GG Regina.

(and I was wondering why Jeff, Patt and Mike weren't answering to my emails ... )