A warning to you all

Hey guys not been around in a while, but wanted to let you all know this.

Now we've all seen the "omg i've been hacked" threads around here. We all know the 'easy' way to be hacked is downloading what you think are cheats, or giving out your email, silly things like that. But I would just like to make sure you all keep yourselves extra safe. Why? Because it happened to me just now. And no, I'm not expecting any help with it (I was lucky anyway) or anything but I want to be sure that everyone, especially new players, are aware of the dangers.

Ok so first of all, what happened? Well I haven't been on guild wars in maybe 10 days. Today I decided to log in as I needed to send an invite out to a friend for the preview event. So I get on my main account. Wrong password. Ok... I'll try it a few more times, make sure caps lock isn't on, the usual stuff. Still no go. Check my second account (same password, i'll be changing that!). That's fine so I know i'm typing it right. Getting worried. Do a password recovery. Get the new password in 30 seconds or so. Log in and change it to something completely different to the old one.

I find my 3 characters plus a lvl 1, pre-sear warrior with a polish first name. The last name also wasn't Lihatuh so it clearly wasn't my character, which is good in case they were abusive to my guildies/friends! Anyway, getting more and more panicky I note that my chars on the log in screen still have their proper armour on. The polish warrior gets deleted. I check my 3 chars inventories and the stash. Nothing gone. Whew.

Anyway the point of this story is that from the looks of it, it was a "I CAN hack you" rather than an attempted account hijack. Any serious ill-doer would have had the 22plat out of my account, my sup divine favour rune and deleted my chars. But this guy left everything as it was and put in a character as if to say "I was here".

Now I virus scan once a week and ad-aware regularly, along with other spyware scanners. My virus scan is every thursday evening and came up clean last night as usual. I ad-aware'd straight after finding this out and had nothing unusual, just my normal 9 or so tracking cookies that always get deleted. I haven't downloaded anything all week except for a Morrowind patch (official) last night and the new beta for MSN messenger.

So the point of this post; beware. Even if you take every precaution and don't fall for the keyloggers, it can happen. I just hope that by posting this a few people can stay safe with their accounts. I know I'm counting my blessings that my chars are still there, and I also know I'll be changing emails and passwords on both accounts right now.

edit: I'm going to contact support, the idiot in fact filled in the mailing details with an address and name. Now it could, of course, be fake but it WILL be passed onto support. Maybe it was some weird mistake with creating a new account but I doubt that somehow.

Thank you for the kind warning/reminder, Pevil. I'm always very careful with my personal info and my computer but it's good for a returning player like me to make note of things like this.

I'm sorry to hear it happened to you but I'm glad nothing truly serious happened.

Welcome back Pevil, glad to hear that you and your toons are intact. Still have the giant chicken?

try running this free scan.

i bought it after it found stuff the others missed including trojans.

http://www.pctools.com/spyware-doctor/

hehe yeah i still have the giant chicken. Just emailed support so hopefully they can investigate it and if there is a weakness somewhere it will help them to fix it and/or ban the offender.

And thanks for that link Loviator, I'll run that now

Same thing happened to me, but they took my ectos and shards, and money for my characters, but for some reason they were too stupid to steal my inventory cash and items, so i survived to fight another day. There are a lot of hackers out there, so change passwords oftern and e-mails too if possible to keep them guessing, they are mostly key loggers.

Wow, I'm getting a bit worried now 'Cause if you guys keep scanning for viruses and take care of your computer but still have this problem, I'm scared it might happen to me. Is it a fairly common thing nowadays or is it rare? Seems like you'd have to be actively targeted and hacked if you were following all the precautions and not downloading anything on your own.

here is a free top rated firewall which is much more secure than the one that comes with win XP

free for personal home use but i upgraded on a sale to the more convenient pro version

http://www.zonelabs.com/store/conten...n&lid=nav_z a

also i use a full 16 alpha/numeric/sym password for security and put it directly into the shortcut command line so i dont have to type it and a keylogger cant see it

EDIT

i also run spyware doctor and adaware before my GW and update my AV daily using the FREE AVG anti virus

This is a great post Pevil. Thanks. It's a good lesson for us all. Just so people know, if someone knows your e-mail address, which is our user ID in GW, they can run something like ophcrack that'll guess your passwords. Choose strong passwords; combinations of caps and lowercase letters with numbers and symbols and at least 8 characters long. It's too easy to crack short passwords with all numbers or letters. People will just plug in their birthdays or their dog's name and think that's good enough. A 1/2 decent cracker can break a password like that in seconds. Fortunately, GW supports strong passwords. My advice is take advantage of this. No password is totally unbreakable, but you can make it harder on them.

**Note: I'm not implying that Pevil is handing out his e-mail address or has a weak password, but a lot of people in GW do. I've seen people giving out their e-mail addresses in the public chat many, many times.

it just shows they're inventive. Now I don't have the tightest security in the world, I admit. But I have these precautions:

1. Router: only has a few ports open and basically acts as a firewall with its firmware
2. Firewall: on from the moment my pc switches on, only recognised programs get 'allowed' by me, nothing is auto-allowed
3. Virus scan: every week
4. Downloads: I rarely download anything, NEVER music or illegal type stuff, only ever the odd patch or preview video
5. Firefox: ok so it still can get spyware etc but it gets less than IE does

However I do admit my ad-aware scans slip from time to time; until I scanned today my definitions were apparently 42 days out of date :S oops!

Actually my worry is that its basically the same way people used to hack your character on Diablo 2, but they've figured out a way to do it here... but hopefully now that I've emailed Anet it will be able to help them make it even stronger, along with all the other emails they must have had by now lol. Oh and thats the firewall i use, love it, with built in AV protection

Just did that scan Loviator; nothing found though when I enabled On-Guard it said over 2400 Active X controls were immunised! Maybe thats where the problem came in... *shrugs*

edit: and I strongly agree with Woody. The one place my security fails is that i have similar passwords for everything. Now, most of my accounts on the internet are on forums, which aren't really so important. But I've now changed my two guild wars passwords to be far more secure (random ones) and will be changing my EQ2 account as well. Not to mention I'll be changing my contact address from my website so that it doesn't use one that any of my game accounts use.

Thanks Loviatar and Woody I'll make sure to use a complex password when I set up my account later. Even if I have to write/type it down somewhere and keep checking whenever I log-in, I don't mind if it means added security.

I'm sure this isn't a common problem, though, right?

I shouldn't think so Star, as long as you're careful I wouldn't waste time worrying about it. I've been playing this game since April and it took a long time to happen to me, and its the first time in 7 years of being online that I've had any kind of account hacked

Ok thanks Pevil, that's reassuring.

Thanks again for the advice.

But.. How is this possible? :|

I'm glad nothing was stolen Pevil.

yea. thats the new thing now. since so many of the accounts have been banned with no hope of return they are resorting to destructive hacking behavior to find ways in. the next thing you will be seeing is hacked instance servers to log GW client into... I already got an e-mail solicitation for this and it was quickly forwared to arenanet for legal action...

Ugh, that's horrible. I really don't want to see GW go down the road of Lineage II, which has tons of pirate servers out there. I think it says something about the quality/respect of a game when there are lots of shady ways to play it besides the official way. And GW is free to begin with. I mean, c'mon, just play fair and enjoy what you're given.

I've found what it was that saved my account. The email.

The email is, as you all know, what the account is pretty much linked to. Now, in order to change it, they send an email to both the old and hopefully new email addresses. BOTH links in BOTH addresses must be clicked within 7 days to verify the email swap over.

I can't currently change my email for my main account (done it for my second one now) because without me noticing, I deleted the email requesting me to change it, and as such, the other guy can't change my email, therefore he can't fully steal my account as this means I can ALWAYS get my password reset.

not trying to be paranoid but can the hacking be done while your in-game?

there have been reports of people being kicked out of their account because the hacker tried to log in while they were logged in. You can do the same back to the hacker though

Pevil, you're starting to scare me again!

j/k

crap now i'm gonna be paranoid as hell...

i am already paranoid as hell.

the question is..................

*AM I PARANOID ENOUGH*?

Something strange happened to me too (and in a matter of fact to one of my guildies too). Twice during gameplay I was kicked out of the game, with the error "someone else has logged in to your account". After I got kicked out I wasn't able to log-in for a few minutes, so I was well on my way to freak-out. Gladly after many fruitless attempts I could acces the game again, nothing was deleted/stolen luckily. I am absolutely positive I never shared my password with anyone, and after those incidents changed it to a harder-to-guess password. (So i hope) So I'm just wondering if someone actually hacked into my account, or some bad connection made this message display...

i was already paranoid when i started playing gw, i was so afraid of getting hacked that i made an email account just for the guild wars. now i know not everyone does this but its kinda a good idead. i recently started using the guruauction site and when leaving feedback for an item you can see the other persons email, now i dont use the same email for guruauction as for my guildwars login but thats one easy people can atleast get a hold of your email adress.

another thing that has made me kinda scared besides all the threads about people getting hacked is that my antivirus has found 2 trojans in 2 days when im afk from the computer and its not running anything.

what to dew, what to dew.....

ouch nasty tripplesix, and i didnt realise that about the auction... i did used to use the same email here as on my main account and have sold one thing on there... :S

I already use a separate e-mail account for GW. I also have a hardware router/firewall w/ SPI. Most software firewalls are vunerable to buffer overrun attacks and can be disabled by malware payloads, so if all you are using is ZoneAlarm, Windows Firewall, or anything similar, don't be lulled into a false sense of security.

Another problem: see the add-banner at the top of this page? Add sites do occasionally get hacked to upload spyware unto unsuspecting users. This is why I set IE to prompt me before accepting any cookie (I always block anything I don't want). In a nutshell, never drop your anti-virus/anti- spyware just to get better PC performance.

Lastly, learn how to use "netstat -a" from the command prompt to examine all open ports on your PC. You might find something that shouldn't be there.

Awareness goes a long way...

EDIT: If your GW account has been compromised, then you can still fix it by creating a new e-mail account, moving the GW account registration to that new e-mail, then delete all transfer-confirmation e-mails. You can repeat this several times if you really want to be certain... just make sure your PC is clear of any spyware before doing so.

Thank you thank you! I was beginning to think I was alone. Everyone keeps saying how they use free firewall this, free antivirus that. Hardware firewalls are far more secure than the software one residing on one's computer. And free 'anything' I always question, not just with computers either.

And yes! Never, ever, under any circumstance disable any real-time protection provided by anti-virus / spyware / software firewall (if you feel you must have this).

It's nice to not be alone.

and to add to that, have more than one firewall and av if you can. coz i know for a fact i've had things that one av didn't find and another did. not good.

Thanks for a thread with all the details we need to understand what happened, and a kind, fair, warning.

I think there are possible ways to hack into accounts other than getting a program on your computer, although that is the most obvious.

If you aren't picking up anything in your scans, I doubt you are infected with anything. I am not sure if I can say this here, but I don't even know how to do it, so I guess I can't be giving any ideas to others. I guess there is a way for people to randomly enter an email, and try tons of passwords at it, until the right one gets in. I am not sure if your attacker did that, but given the information you have provided, I don't think it could have anything to do with a program on your computer.

Thanks for the warning though, and good luck in the future.

i got something similar. i logged on and then shortly after, got logged with a message of someone else is logged on to your account form another location or something like that..
at first i was worried.. for like 2 mins..
idk if i should be worried.. if my pve chars get deleted i wouldnt really care.. soooo......

well I got no free character spots available for someone to leave me a "I was here" message...

damn I hope I don't get this. I don't believe I have done anything that could indicate anything about any information about my account. Keeping fingers crossed.

I am sorry to hear this happened to you, but everyone should know this too, by defintion, I do not believe any accounts are actually "hacked", to do this they would need access to either your PC or the GW server(s), and this is actually highly unlikely---barring keyloggers and such that you may or may not knowing DL. More than likely, these are cases of people acquiring your email address, they get this from IM services and by people using the same address in everything they register to, and using simple and very COMMON password forcing/guessing apps---honestly, real "hackers", the ones who write hacks would create far greater turmoil than simply leaving you a message of "I was here"---In short, relax everyone and as already mentioned, just be very cautious with your email address and the simplicity of your password

same kind of thing happend to me a few weeks ago. while i was warping back to tumbs after a failed run I got kicked by the same error. now the interesting thing is another guildie who was doing the same thing got the same error at the same time. we were on TS at the time so i can tell you it was near instant. about an hour later another guildie reported the same error.i chocked it up to a bug in the system.

I do this in firefox, and I sit and click 'deny all' for 2-8 cookies from random sites per site I go to ~_~.... very tedious, but it makes me feel all warm inside!

&@ [someone else has logged in bug]: if you create a pvp char & you're in isle of the nameless-- if you try to go to a full district of HA you get that error.]

yer mate thanks for the waring

Just a couple of points.

First: adaware, antivirus etc only recognize KNOWN keyloggers. As keyloggers are so easy to write, there's a real risk of getting a keylogger your antivirus/antispyware don't know about. In other words, just because they find nothing doesn't guarantee you dont have a keylogger.

Secondly: many use easily guessable passwords. For instance, if I was going ty try to hack lihatuhs account, I'd first try variations of the name 'pevil lihatuh', then do a google search for that name and see if it turned up any associations which might be used for password. Like, say, 'lahuta', 'ascaron', 'capricorn' etc.

Thirdly, perhaps the most common way of getting a password is to steal it. People have a tendency to use the same password everywhere, simply because it's hard to remember 25 passwords, so if a hacker gets access to, say, the password cache here at guildwarsguru, he'd try to use the same password to hack a users account elsewhere. The hacker may also own password protected sites, thereby getting access to peoples passwords.

So... Software firewalls helps a bit, as they'll tell you when a keylogger tries to phone home. Of course, that means you need to realize that an unknown process called something like 'MShelper' or 'SYS32x4A' may be a keylogger, even though your antivirus and adaware doesn't recognize it, and block its access. Sometimes searching the web for the name of the process will tell you what it is.

Blocking cookies is pretty pointless. The cookies can tell someone where you've been surfing, and that's pretty much it.

Finally, try to use unique and not easily guessable passwords on sites which matter to you, e.g. your online bank or anywhere you give out your credit card number. Or guild wars.

good points there numa. And also apocalypse. I agree it wasn't 'hacked' but it was illegal access to my account, hence the use of the term. Most hackers that you'll find do nothing more than use downloadable item editors for games, or run scripts they found on sites to disable forums; they're not really hacking but it kinda fits it.

and yeah, numa, totally agree on that not everything gets picked up. Trouble with well known firewalls/av's is that hacker-types can get the code more easily and work it into their virus/keylogger/whatever to sneak past that program. I've cleared all cookies, scanned with 3 spyware scanners and virus scanned twice, found nothing at all. Doesn't mean it isn't there of course.

anyway good thing is that anet have replied, asked for my access key and are investigating activity over the last week. hopefully they will manage to find an ip or something that can help them sort this out, but I definately think this was a case of getting my email address from somewhere and then making guesses. Either that or, as suggested, they got a hold of a password cache from somewhere.

The firewall recommended (on page one of this thread) includes a spyware scanner that works only with IE, not Netscape or any others. That is problematic for me as I use only Netscape. As for their "you have to have Active X", well, I do have it.

Luckily, we use a broadband router which should give us increased protection as well as built-in firewalls.

+paranoid.

Makes me rethink giving out my email :P.