Guild Wars Guru Security Notice

what if this breach has not been fixed and the people that did this snuck a root kit onto the server the forums are running on, knowing that the first thing people do is change emails and passwords, then these guys get all your changes to. A gaming league i belong to had this happen to them and it took them over a year to straighten out all the crap that got damaged.

I am glad you guys told us that you had a security breach, but you need to dot every i and cross every t and make darn sure everything is accounted for before you go telling innocent people to reset their stuff and end up them being the ones that get hacked. Rootkits are damn hard to detect unless you have the right scanners for them as most AV will not find them. Well I guess I could make up a few "what if" theories myself as well (which I have indeed been doing for the last 24 hours now ), but I can tell you we went over our files with a fine tooth comb. They didn't get onto our server from what we can tell but I don't have an answer for you, or if this was a concern, because if you know about rootkits than you know the problems associated with those. I can tell you that even now we continue to work on this but we've always monitored our security, which is how we knew this happened in the first place.

I'm as upset by all this as anyone, it's not an easy problem and there are no easy solutions. We are very disappointed that this happened as well. My own data was compromised as much as yours. Our approach is to try to be as open and honest as possible with all of you.

Well I guess I could make up a few "what if" theories myself as well (which I have indeed been doing for the last 24 hours now ), but I can tell you we went over our files with a fine tooth comb. They didn't get onto our server from what we can tell but I don't have an answer for you, or if this was a concern, because if you know about rootkits than you know the problems associated with those. I can tell you that even now we continue to work on this but we've always monitored our security, which is how we knew this happened in the first place.

I'm as upset by all this as anyone, it's not an easy problem and there are no easy solutions. We are very disappointed that this happened as well. My own data was compromised as much as yours. Our approach is to try to be as open and honest as possible with all of you. Im glad you guys are telling us about the breach, just putting in my 2 cents, maybe get you guys to check something you might not have thought about. Im almost wondering Inde, if this incident is related to what i experienced in early December.

JonnieBoi05 - emails Ah, okay. Thank you, Inde.

al_capowned - It was our blogs.guildwars2guru.com that was accessed using Wordpress MU 2.8.6. The next version release was Wordpress MU 2.9.1 on Jan. 14th, then another update on Jan. 18th to 2.9.1.1. So we were behind by 9 days. We had stopped development of the user blogs as we had run into numerous problems.
apache 2.xx?

JonnieBoi05 - emails How about passwords?

Is there any chance they could match e-mails and passwords if passwords are succesfully decrypted?

Do you think they have got to GWGuruAuction as well?

*sigh* I have my IGN in that profile.

How about passwords?

Is there any chance they could match e-mails and passwords if passwords are succesfully decrypted?

Do you think they have got to GWGuruAuction as well?

*sigh* I have my IGN in that profile. JR's OP mentions the auction section, too, as one of the passwords we're urged to change.

If you change your password now and someone manages to decrypt the password you used for the auction site yesterday ... they've decrypted a password that doesn't work anymore and still can't get to your auction profile info.

So yeah, change the password for the auction system, too.


Oh, and another, "Bummer, but thanks for letting us know so promptly," to JR and the other staff who are working on this!