I find a discussion of this is in order. Incidence of hacking seems to have increased and there specifically seems to be an issue of hacking by gold farmers. I had been kinda shrugging it off, but now it's happened to a guildmate of mine, increasing my concern some.
How is this happening? Are users of only certain e-mail providers being argetted? I believe I read somewhere that the hackers are picking up account usernames from forum accounts. I suppose it would have been smartest to sign up for guild wars with a different e-mail than one uses for other accounts associated with the game, but I didn't have this foresight 4-5 years ago unfortunately.
Hopefully Anet will resolve this issue soon, but until then it'd be nice if we could take some steps as a community to figure out how big of an issue this is and what steps we can take to further protect our accounts.
Account Security
Dyeane
Kumu Honua
If you didn't have the foresight 4-5 years ago. Then have the foresight to do it today.
Click "User CP" up above. Then "Edit your details". "Edit Email & Password"
Change your email....
Click "User CP" up above. Then "Edit your details". "Edit Email & Password"
Change your email....
The Drunkard
This thread has been discussed to death. THERE IS NO SURGE OF GUILD WARS HACKS!!! People get hacked all of the time because of poor passwords, keylogger, or using the same email for a multitude of different things. I have not been hacked for the past three years by simply changing my password to a 9 digit combination of random letters weekly. I never use my game emails for anythings else and keep my firewall updated.
Anet has already done something about it anyways. If you checked the login screen to GW for the last few monthes there was a memo "Don't get Hacked."
Anet has already done something about it anyways. If you checked the login screen to GW for the last few monthes there was a memo "Don't get Hacked."
YunSooJin
Quote:
|
Originally Posted by The Drunkard
This thread has been discussed to death. THERE IS NO SURGE OF GUILD WARS HACKS!!! People get hacked all of the time because of poor passwords, keylogger, or using the same email for a multitude of different things. I have not been hacked for the past three years by simply changing my password to a 9 digit combination of random letters weekly. I never use my game emails for anythings else and keep my firewall updated.
Anet has already done something about it anyways. If you checked the login screen to GW for the last few monthes there was a memo "Don't get Hacked." |
Sierraa
Quote:
|
Originally Posted by The Drunkard
This thread has been discussed to death. THERE IS NO SURGE OF GUILD WARS HACKS!!! People get hacked all of the time because of poor passwords, keylogger, or using the same email for a multitude of different things. I have not been hacked for the past three years by simply changing my password to a 9 digit combination of random letters weekly. I never use my game emails for anythings else and keep my firewall updated.
Anet has already done something about it anyways. If you checked the login screen to GW for the last few monthes there was a memo "Don't get Hacked." |
@OP - You can change your email in the user CP on guru.
- Link your GW account to a master NCsoft account
- Change your password with a combination of capital letters, numbers and symbols.
- Scan for spyware, viruses and trojans.
- Reformat.
- Cry to NCsoft.
obsidian ectoplasm
People who say t hat you only get hacked because of not changing passwords/buying gold ect ect
I think thats bullshit, I have seen so many people saying they have been hacked although they are actually in the computer business, and they are well aware of changing passwords every week/ not giving out info ect
its just very bad luck or anet fails
I think thats bullshit, I have seen so many people saying they have been hacked although they are actually in the computer business, and they are well aware of changing passwords every week/ not giving out info ect
its just very bad luck or anet fails
Mr. Undisclosed
Quote:
|
Originally Posted by The Drunkard
Anet has already done something about it anyways. If you checked the login screen to GW for the last few monthes there was a memo "Don't get Hacked." |
The Drunkard
Quote:
|
Originally Posted by Sierraa
I'd much rather hear that you keep your antivirus updated, and you have a decent one, rather than your firewall.
|
Though another reason why I might not've been hacked is because I'm OCD on internet security. A person needs two things to get into your chars: the email and password. As long as you keep both lengthy and random, you should not have any problems.
Chocobo1
Yeah I'm actually really worried. There is obviously a huge surge in people getting hacked, I've noticed it in-game and on these forums. Something going down?!
Mr. Undisclosed
What huge surge? I haven't really noticed anything. Just the occasional people who feel the need to let us know they got hacked. Honestly I think its been pretty steady, not a ton of hackings but just enough.
majikmajikmajik
i was just thinking this few hours ago(infact i posted a thread on the site feedback) a growing number and concern of hacking leads me to think it has to do with specific email providers, or certain fansites being targeted.
CHANGE YOUR EMAILS AND PASSWORDS
never use the same password twice.
CHANGE YOUR EMAILS AND PASSWORDS
never use the same password twice.
Zanagi Kazuhiko
Quote:
|
Originally Posted by Mr. Undisclosed
What huge surge? I haven't really noticed anything. Just the occasional people who feel the need to let us know they got hacked. Honestly I think its been pretty steady, not a ton of hackings but just enough.
|
Tramp
I have known many people who got hacked and 95% of the time it is their best friend they shared account info with for years who becomes jealous or whatever and eventually steals their stuff. Too many teenagers + too few morals = never trust anyone in the game. The only guy I know who had keylogger on his puter was 3 weeks ago, and 2 days after he told me he found the keylogger and took it apart and found the server ip was located in France, sure enough, took me less than 5 minutes to find a French forum board with his r7 15^50 sword being pc'd (same gold value).
MMSDome
Getting hacked isn't so bad, they only take shit you can get back. Trust me it just happened to me. Money isn't hard to get back, posessions don't matter. You still retain your titles at least 
Coverticus
Quote:
|
Originally Posted by MMSDome
Getting hacked isn't so bad, they only take shit you can get back. Trust me it just happened to me. Money isn't hard to get back, posessions don't matter. You still retain your titles at least
|
zwei2stein
Quote:
|
Originally Posted by Terra Jim
Unless of course they decide to delete you hard worked characters in the process, which also tends to happen alot.
|
Quote:
|
Originally Posted by The Drunkard
This thread has been discussed to death. THERE IS NO SURGE OF GUILD WARS HACKS!!!
|
Quote:
|
We do apologize for the delay in our response, but we are currently experiencing a higher volume of tickets than usual. We are currently receiving a lot of similar cases to yours and this seems to be caused by key-loggers. |
dekusvamp
1. Player gets bored of farming for gold
2. Player watches YouTube video about infinite gold
3. Player visits link to get gold
4. Site uses flash/java exploit
5. Info is sent to phisher
OR
By visiting a normal site, with a new ad, that contains crypted virus, then running itself from your cache.
That's the thing, hackers are too smart, and we can't stop them, because they keep on making new methods, new stubs, and the AV companies are too lazy to make a decent protection like ZA.
2. Player watches YouTube video about infinite gold
3. Player visits link to get gold
4. Site uses flash/java exploit
5. Info is sent to phisher
OR
By visiting a normal site, with a new ad, that contains crypted virus, then running itself from your cache.
That's the thing, hackers are too smart, and we can't stop them, because they keep on making new methods, new stubs, and the AV companies are too lazy to make a decent protection like ZA.
subarucar
I'm in agreement with the group that belive you don't just get "Hacked".
I've played GW from a couple of months after release. I use the same e-mail for everything. I have a few slight variations of my passwords, but each still gets used for multiple places. I never change my password. I used my PC without an antivirus for multiple months.
Either I'm bloody lucky, or hacks just don't "happen".
I've played GW from a couple of months after release. I use the same e-mail for everything. I have a few slight variations of my passwords, but each still gets used for multiple places. I never change my password. I used my PC without an antivirus for multiple months.
Either I'm bloody lucky, or hacks just don't "happen".
Enon
Quote:
|
Originally Posted by subarucar
hacks just don't "happen".
|
Are they all lying or is Anet screwing up from their side?
*Sarcasm intended. But it's still a serious question.
tasha
They may not be either. It only takes a second of not paying attention to get one of these things. So yes people may not knowingly get a keylogger (or other such thing), but are they so safe while surfing while distracted (eg. under the influence of alcohol, watching tv) and are other members of their family who use that pc or others on their home network. Perfectly possible for someone whose account has been hacked to not be knowingly infected.
In terms of security, GW is better than it used to be but is still pretty bad. A few years ago, the client would tell you if the email you were using to log in was valid independent of the password. If you got someone's email, you could put it in the client and the client would give different error messages for an incorrect username and an incorrect password. Made it a lot easier for a brute force hack. Now you get the same error for either bit of info wrong.
In terms of security, GW is better than it used to be but is still pretty bad. A few years ago, the client would tell you if the email you were using to log in was valid independent of the password. If you got someone's email, you could put it in the client and the client would give different error messages for an incorrect username and an incorrect password. Made it a lot easier for a brute force hack. Now you get the same error for either bit of info wrong.
Nereyda Shoaal
If "pr0 hacker" decides to get into your account you can't do anything about it.
Keyloggers are the most popular, easy to use but list of how to get someones login is much longer
A while back a friend of mine was switching off my PC by exploiting loopholes in Windows. He also created a new folder and put a text file saying "I was here. [his name]"
I work for IT and despite the fact I know "few" things about computer security I know I'm not safe. I can take steps to protect my account but at the end of the day I can't stop everyone, can I?
There was this guy last year. Came up and said "I want my PC to be 100% secure". My answer was "Unplug the network cable"
Keyloggers are the most popular, easy to use but list of how to get someones login is much longer
A while back a friend of mine was switching off my PC by exploiting loopholes in Windows. He also created a new folder and put a text file saying "I was here. [his name]"
I work for IT and despite the fact I know "few" things about computer security I know I'm not safe. I can take steps to protect my account but at the end of the day I can't stop everyone, can I?
There was this guy last year. Came up and said "I want my PC to be 100% secure". My answer was "Unplug the network cable"
Xenex Xclame
I'd like to clarify a point.I don't think there's been a higher rate of "hacking" but instead a higher rate of reporting it (to us).
Also and im not saying this to anybody in particular or about everyone thats been "hacked", but its hard for gold buyers to get sympaty,meaning that if the person that got hacked got hacked because he bought gold, or because he wanted to cheat or whatever, he might try to hide that fact.
I mean its not like we can know theyr lieying.
PS.Just because a person is a computer techincian doesn't mean theyr computer is more safe then someone elses that has zero pc experience,the technician could be packed with security but then do dumb stuff like use the same email on forums.
Also and im not saying this to anybody in particular or about everyone thats been "hacked", but its hard for gold buyers to get sympaty,meaning that if the person that got hacked got hacked because he bought gold, or because he wanted to cheat or whatever, he might try to hide that fact.
I mean its not like we can know theyr lieying.
PS.Just because a person is a computer techincian doesn't mean theyr computer is more safe then someone elses that has zero pc experience,the technician could be packed with security but then do dumb stuff like use the same email on forums.
zwei2stein
Quote:
|
Originally Posted by Enon
Then again, each person that has been hacked coming on GWG specifically states they never shared their passwords with friends or relatives, don't visit certain scam sites, never downloaded nor used any third party tools and they all have some sort of IT experience.*
Are they all lying or is Anet screwing up from their side? *Sarcasm intended. But it's still a serious question. |
What worries me personally is the fact that i did not manage to find anything more dangerous than cookie (And I tried hard, trust me
...), coupled with fact that I log in to three accounts regularly and only one got 'hacked' .. and the one which has username that i would consider hardest to figure out and impossible to dig from gw related websites as it was never used on them ... I was quick with password change, of course. I would like to know more about that keylogger support was talking about before directly blaming anets security. Source site? What software did it hide in? Any clue?I know there is trojan in gw.dat browser - really sneaky one, it comes with source code, but compiled version has generic trojan embeeded. Yay for antivirus. But other than that i have not seen anything other than "please, type here your account and password to get free ecto stack/gw2 beta/tool to hack ruch people"
Linksys
Could be key loggers. Or that could be a throw off. Remember when GW was so laggy and Anet first blamed our video cards?
Another thing to be careful of is using programs to communicate with people in GW. I'm not that familiar with Ventrillo or other online gaming voice chat programs. But if it makes it possible for people who run those to see other people's IP numbers, be wary of those. If you use some forum on someone's unknown personal website or even an alliance website, also be careful. Use a different email address and also keep IP numbers in mind.
If your guild or alliance wants you to use some voice chat program no one's heard of, don't do it.
Another thing to be careful of is using programs to communicate with people in GW. I'm not that familiar with Ventrillo or other online gaming voice chat programs. But if it makes it possible for people who run those to see other people's IP numbers, be wary of those. If you use some forum on someone's unknown personal website or even an alliance website, also be careful. Use a different email address and also keep IP numbers in mind.
If your guild or alliance wants you to use some voice chat program no one's heard of, don't do it.
Sierraa
Quote:
|
Originally Posted by Xenex Xclame
PS.Just because a person is a computer techincian doesn't mean theyr computer is more safe then someone elses that has zero pc experience,the technician could be packed with security but then do dumb stuff like use the same email on forums.
|
People who know the risks are LESS likely to be hacked or do something that can jeopardize their account.
Quote:
|
Originally Posted by Linksys
Could be key loggers. Or that could be a throw off. Remember when GW was so laggy and Anet first blamed our video cards?
Another thing to be careful of is using programs to communicate with people in GW. I'm not that familiar with Ventrillo or other online gaming voice chat programs. But if it makes it possible for people who run those to see other people's IP numbers, be wary of those. If you use some forum on someone's unknown personal website or even an alliance website, also be careful. Use a different email address and also keep IP numbers in mind. If your guild or alliance wants you to use some voice chat program no one's heard of, don't do it. |
Fay Vert
I would be happy if they added a flag that you could set on a character to make it undeletable, or at very least only deletable one month after removing that flag.
oxylus
Quote:
|
Originally Posted by obsidian ectoplasm
I think thats bullshit, I have seen so many people saying they have been hacked although they are actually in the computer business, and they are well aware of changing passwords every week/ not giving out info ect
|
Changing your password every week does not make you secure. When was the last time you changed the PIN on your bank card?
gremlin
If you blame anyone blame Microsoft
Microsoft messenger that I turned off after mysterious grey boxes advertising none ms services appeared on my screen.
Active x that can also run stuff I may not want.
Javascript ditto
macromedia Flash created to make websites more interesting but it overrides any settings you made to limit what a website can show.
all those and services that allow remote control of a computer over the net are the root cause.
If you don't know what to turn off and you run online on an administrator account you could well be heading for trouble.
They came up with some great ideas to make the internet run smooth and look great but forgot that their creations made great tools to break into systems.
Windows 7 the solution who knows if so its about time.
rant over
Microsoft messenger that I turned off after mysterious grey boxes advertising none ms services appeared on my screen.
Active x that can also run stuff I may not want.
Javascript ditto
macromedia Flash created to make websites more interesting but it overrides any settings you made to limit what a website can show.
all those and services that allow remote control of a computer over the net are the root cause.
If you don't know what to turn off and you run online on an administrator account you could well be heading for trouble.
They came up with some great ideas to make the internet run smooth and look great but forgot that their creations made great tools to break into systems.
Windows 7 the solution who knows if so its about time.
rant over
Riot Narita
Quote:
|
Originally Posted by Fay Vert
I would be happy if they added a flag that you could set on a character to make it undeletable, or at very least only deletable one month after removing that flag.
|
Items, gold etc I don't care, as long as my main char is safe.
I take great care over my PC and GW security, but I know that sh*t can happen regardless. So it would be nice to have an absolute safeguard against character deletion.
zwei2stein
Quote:
|
Originally Posted by Fay Vert
I would be happy if they added a flag that you could set on a character to make it undeletable, or at very least only deletable one month after removing that flag.
|
I would prefer WoW solution: Special pin generator. Only person owning physical device that generates pins can access account.
There are many other solutions: you could have sms-auth that is commonly used when ebanking (when you log in to your account, you will need to insert pin number. You will receive that pin number by SMS, SMS that only person physically owning cellphone can see). I can personally guarantee you that it is fairly easy to implement.
One could even produce USB key - similar principle, but you just plug it in instead of having to type your pin.
gremlin
Someone clear something up for me.
Does a keylogger read direct key input ?.
I was thinking if passwords were entered by mouse clicking on a virtual keyboard on the screen would that get past a keylogger.
Does a keylogger read direct key input ?.
I was thinking if passwords were entered by mouse clicking on a virtual keyboard on the screen would that get past a keylogger.
zwei2stein
Quote:
|
Originally Posted by gremlin
Someone clear something up for me.
Does a keylogger read direct key input ?. I was thinking if passwords were entered by mouse clicking on a virtual keyboard on the screen would that get past a keylogger. |
Keylogers usually just monitor keyboard because that is all they need to do, but they can monitor mouse clicks or network communication or take screenshot if author requires that functionality.
So click-typing password is not a solution.
Riot Narita
Quote:
|
Originally Posted by zwei2stein
I would prefer WoW solution: Special pin generator. Only person owning physical device that generates pins can access account.
|
Zahr Dalsk
Want to avoid getting hacked?
- Don't tell anyone your email address. If you keep it hidden there is no way for someone to target your account.
- Do not run third party programs. First of all, it's considered cheating, and second, it could have a keylogger.
If you avoid these two things, you will never be hacked. End of story.
- Don't tell anyone your email address. If you keep it hidden there is no way for someone to target your account.
- Do not run third party programs. First of all, it's considered cheating, and second, it could have a keylogger.
If you avoid these two things, you will never be hacked. End of story.
Notorious Bob
Quote:
|
Originally Posted by Fay Vert
I would be happy if they added a flag that you could set on a character to make it undeletable, or at very least only deletable one month after removing that flag.
|
Surely after 4+ years Anet couldve come up with something a little more secure - if they really wanted to.
Aussie Boy
Yes it's our fault most of the time because we didn't protect ourselves enough or were stupid in sharing things.
I realize that but Anet could add more space to the passwords like oh i dunno 20 25 text numbers just to make guessing it more difficult. ?
Also before the password is changed a confirmation to the email address
that you have to click to complete the change.
Maybe?
I realize that but Anet could add more space to the passwords like oh i dunno 20 25 text numbers just to make guessing it more difficult. ?
Also before the password is changed a confirmation to the email address
that you have to click to complete the change.
Maybe?
Riot Narita
Quote:
|
Originally Posted by Zahr Dalsk
Don't tell anyone your email address. If you keep it hidden there is no way for someone to target your account.
- Do not run third party programs. First of all, it's considered cheating, and second, it could have a keylogger. If you avoid these two things, you will never be hacked. End of story. |
Everybody runs "third party software" - not for GW of course, but for other stuff that makes a computer, you know, USEFUL. Everybody visits websites, many accessed from Google with no easy or reliable way of knowing whether it's safe or not.
I doubt your average joe has any way to assess the safety of a given website or piece of software, and maybe doesn't know where to get a free email address that they can use exclusively for GW. They're likely to use an email address that they actually use and check regularly, and what use would their email address be, if they didn't give it to anyone? They'd never receive any email. And really, why should they be expected to do any different?
slowerpoke
I still think there are/have been undisclosed security flaws. After all it was possible to directly hack the client (travel anywhere, open storage) and crash the server, who knows what else.
It may be a new tactic of gold sellers to simply hijack other players accounts than waste time botting, which is has poor returns since RMT was introduced.
It may be a new tactic of gold sellers to simply hijack other players accounts than waste time botting, which is has poor returns since RMT was introduced.
REDdelver
Why not just make your account based of an email that you open.....then delete after its been verified? That way you can never use that email ever again for other websites.
.....on top of all the other do's and dont's passed down on DONT GET HACKED thoughts.
.....on top of all the other do's and dont's passed down on DONT GET HACKED thoughts.
Mangione
Quote:
|
Originally Posted by Fay Vert
I would be happy if they added a flag that you could set on a character to make it undeletable, or at very least only deletable one month after removing that flag.
|
There you go:
http://www.guildwarsguru.com/forum/s...php?t=10248665
I know Lineage 2 has a 3 day "delay" before allowing you to delete completely a character.
There's the WoW Pin mentioned by zwei2stein that would be awesome.
I'd like anything to be more secure, really.