A warning to you all
Woutsie
Can Anet actually do something about this issue? Like maybe some extra security? A secret question you have to answer or something.. I don't know..
Retribution X
What i do, in case i have a keylogger.
I have my shortcut run like this: "%Progam Files%\Guild Wars\Gw.exe" -password=*Insert your password here*"
It works. because you don't enter your e-mail or password.
I have my shortcut run like this: "%Progam Files%\Guild Wars\Gw.exe" -password=*Insert your password here*"
It works. because you don't enter your e-mail or password.
ghostlyranger
and that trojan will go to read/scan your "Insert your password here"
SylverDragon
Quote:
|
Originally Posted by Pevil Lihatuh
The email is, as you all know, what the account is pretty much linked to. Now, in order to change it, they send an email to both the old and hopefully new email addresses. BOTH links in BOTH addresses must be clicked within 7 days to verify the email swap over.
|
Of course that should give you 7 days to sort out the problem before the swap.
Loviatar
Quote:
|
Originally Posted by ghostlyranger
and that trojan will go to read/scan your "Insert your password here"
|
i think you are going one level higher in the pecking order on this
BlackRecluse
you got lucky :/ one fine day last summer i logged on to try and get the last ecto required for my armor and, much like you, my password did not work. i got a new password logged in, and all of my 3 level 20's were deleted. i had a level 13 left who i chcked my storage with, and 90 ectos/87 shards were gone plus numerous weapons and 100k. needless to say i got freaking pissed. i almost broke my moniter, and did break some stuff around me. i didnt download anything and im still pissed about it up to this day.
the lesson: you cant do anything against hackers!
the lesson: you cant do anything against hackers!
Arduin
Quote:
|
Originally Posted by stone433
same kind of thing happend to me a few weeks ago. while i was warping back to tumbs after a failed run I got kicked by the same error. now the interesting thing is another guildie who was doing the same thing got the same error at the same time. we were on TS at the time so i can tell you it was near instant. about an hour later another guildie reported the same error.i chocked it up to a bug in the system.
|
Pevil Lihatuh
Quote:
|
Originally Posted by SylverDragon
Yes, you get emails sent to both addresses, but I'm pretty sure that you only HAVE to click on the link sent to the new email address. If they don't get a reply from the old email address after 7 days, they assume you no longer have access to the old address and go ahead with the email swap.
Of course that should give you 7 days to sort out the problem before the swap. |
lord_shar
Quote:
|
Originally Posted by BlackRecluse
...<SNIP>...
the lesson: you cant do anything against hackers! |
Either way, hackers still have to go through TCP/IP, so if they connect to your system, they will leave an I/P address that can be traced back to the source if you have firewall logging. A few years ago, one guy made a very dangerous enemy on the web. That person thought the web provided complete anonymity and received an unmarked "birthday package" in the mail. The gift wrapped box turned out to be a makeshift bomb that killed him in front of his parents. At the time this story was posted on CNN.com a few years back, no suspects had yet been found. Dunno if the case was ever solved.
SylverDragon
Quote:
|
Originally Posted by Pevil Lihatuh
nope you have to click both, i did it on my second account after this, which takes you to a page saying that if only one gets clicked within 7 days, it won't go through. Both need clicking. If only one needed to go through, I would have lost my account, because there has been an attempted email change on my main account.
|
Quote:
|
Email Address Change Confirmed! You recently requested to change your email address/Guild Wars account name. Before this change can take effect, one of the following conditions must be satisfied: * You click the "accept" link in the emails sent to both your old and new email addresses; * You click the "accept" link in the email sent to your new email address, and the email sent to your old email address bounces or is returned; * You click the "accept" link in the email sent to your new email address and don't respond from your old email address within seven days. If one of the above conditions has been satisfied, you may begin logging into your Guild Wars account with your new email address. Thank you! |
Fungus Amongus
Quote:
|
Originally Posted by Numa Pompilius
Thirdly, perhaps the most common way of getting a password is to steal it. People have a tendency to use the same password everywhere, simply because it's hard to remember 25 passwords, so if a hacker gets access to, say, the password cache here at guildwarsguru, he'd try to use the same password to hack a users account elsewhere. The hacker may also own password protected sites, thereby getting access to peoples passwords.
|
If you checked it, did you also remember the:
Enter email address here:_________
Enter password here:__________
If you're not paying attention, you just might enter all the information needed for someone to grab your account.
Elfie
umm well my friend just lost all from 3 accounts (and that wasnt little) i was just thinking how greedy people are! Well we all waiting if anet gets him banned. all the screenshots r nicely posted to anet support. But still i see this guy online who i belive is the guy with troijan.
Hockster
Quote:
|
Originally Posted by Retribution X
What i do, in case i have a keylogger.
I have my shortcut run like this: "%Progam Files%\Guild Wars\Gw.exe" -password=*Insert your password here*" It works. because you don't enter your e-mail or password. |
T1Cybernetic
Quote:
|
Originally Posted by Hockster
That's no good for people with more than one acount.
|
.
Lint
Pevill Got lucky, same happened to be last year. I tried to log on, wrong password, and caps wasnt on. SO i do password recovery, i get my pasword, and i log on to see no characters. EVERY one of my 3 lvl 20's gone, one of then had 2 peices of FoW armor (Chest and Leggings) ouch. But thankfully i still had everything in my storage (THANK GOD). Now i scan my computer for viruses every 2-3 days.
Naxohs Seralna
Wouldn't really care if anyone hacked my account. I don't have any items that are über-good or lots of platinum.
As long as they don't delete my characters, rendering 600+ hours of gameplay WASTED, I'm a happy guy!
As long as they don't delete my characters, rendering 600+ hours of gameplay WASTED, I'm a happy guy!
Pevil Lihatuh
lol thats how i am naxohs. I have one monk rune and 4 black dyes, a yakslapper and my fave bow... other than that the only things worth anything are my 15k armour on my ranger, and the ranger herself, as she's existed since April. Woulda been a blow to lose her.
SylverDragon
Quote:
|
Originally Posted by Pevil Lihatuh
I find my 3 characters plus a lvl 1, pre-sear warrior with a polish first name. The last name also wasn't Lihatuh so it clearly wasn't my character, which is good in case they were abusive to my guildies/friends! Anyway, getting more and more panicky I note that my chars on the log in screen still have their proper armour on. The polish warrior gets deleted. I check my 3 chars inventories and the stash. Nothing gone. Whew.
edit: I'm going to contact support, the idiot in fact filled in the mailing details with an address and name. Now it could, of course, be fake but it WILL be passed onto support. Maybe it was some weird mistake with creating a new account but I doubt that somehow. |
If so the hacker could have got your account details a while ago, put it up on ebay, and the person who created the new warrior and left their mailing address, was the buyer.
Ruvaen
Anti-spyware software and virus scans really don't do much to help you. If you compromise your system by downloading software, it's stupidity and you will most likely pay for it.
But remember that a skilled individual only needs your IP in order to hijack your machine which they can obtain easily if you happen to join a pug and use their TS/Vent server. Really, how secure are most windows machines and how competent are the typical users? Also, if you allow pugs to use your server, they can just as easily hijack the server box and obtain numerous IPs of those who may be your guildies, friends or other pug folks that connect to it and if they're smart, you'll never become privy to the information. But of course all of this assumes that the perp is at least mildly skilled.
Do change your passwords frequently. Avoid using any single password for multiple functions. Do use alphanumerical passwords including case variation and punctuation when applicable. Never store passwords anywhere on your computer. Do install the windows updates (no reason to make the job easier for the perp ><). Do invest the time in setting up your firewall. Do have your most computer literate guildie host the server and by competent, I don't mean the idiots that think redhat boxes are innately secure. But as with anything, if a resourceful individual wants something badly enough, they'll most likely get it. You can only thwart the unskilled and discourge those without drive.
But remember that a skilled individual only needs your IP in order to hijack your machine which they can obtain easily if you happen to join a pug and use their TS/Vent server. Really, how secure are most windows machines and how competent are the typical users? Also, if you allow pugs to use your server, they can just as easily hijack the server box and obtain numerous IPs of those who may be your guildies, friends or other pug folks that connect to it and if they're smart, you'll never become privy to the information. But of course all of this assumes that the perp is at least mildly skilled.
Do change your passwords frequently. Avoid using any single password for multiple functions. Do use alphanumerical passwords including case variation and punctuation when applicable. Never store passwords anywhere on your computer. Do install the windows updates (no reason to make the job easier for the perp ><). Do invest the time in setting up your firewall. Do have your most computer literate guildie host the server and by competent, I don't mean the idiots that think redhat boxes are innately secure. But as with anything, if a resourceful individual wants something badly enough, they'll most likely get it. You can only thwart the unskilled and discourge those without drive.
Loviatar
Quote:
|
Originally Posted by SylverDragon
If so the hacker could have got your account details a while ago, put it up on ebay, and the person who created the new warrior and left their mailing address, was the buyer. |
and if in fact that is the case they will not ebay an account again
Valdaran Longfoot
Atleast GW is NOTHING like the hacking Diablo2. Those days were a disaster.
Dazzen
Quote:
|
Originally Posted by Ruvaen
Anti-spyware software and virus scans really don't do much to help you. If you compromise your system by downloading software, it's stupidity and you will most likely pay for it.
But remember that a skilled individual only needs your IP in order to hijack your machine which they can obtain easily if you happen to join a pug and use their TS/Vent server. Really, how secure are most windows machines and how competent are the typical users? Also, if you allow pugs to use your server, they can just as easily hijack the server box and obtain numerous IPs of those who may be your guildies, friends or other pug folks that connect to it and if they're smart, you'll never become privy to the information. But of course all of this assumes that the perp is at least mildly skilled. Do change your passwords frequently. Avoid using any single password for multiple functions. Do use alphanumerical passwords including case variation and punctuation when applicable. Never store passwords anywhere on your computer. Do install the windows updates (no reason to make the job easier for the perp ><). Do invest the time in setting up your firewall. Do have your most computer literate guildie host the server and by competent, I don't mean the idiots that think redhat boxes are innately secure. But as with anything, if a resourceful individual wants something badly enough, they'll most likely get it. You can only thwart the unskilled and discourge those without drive. |
Update your system regulary and be very careful where you are surfing on the net and you'll avoid ALOT of problems.
Pevil Lihatuh
Quote:
|
Originally Posted by SylverDragon
This has been nagging at me, and I realised why. Don't want to scare anyone further, but I'm now wondering if your account was not just hacked, but also sold.
If so the hacker could have got your account details a while ago, put it up on ebay, and the person who created the new warrior and left their mailing address, was the buyer. |
Cador
Quote:
|
Originally Posted by WoodyDotNet
This is a great post Pevil. Thanks. It's a good lesson for us all. Just so people know, if someone knows your e-mail address, which is our user ID in GW, they can run something like ophcrack that'll guess your passwords. Choose strong passwords; combinations of caps and lowercase letters with numbers and symbols and at least 8 characters long. It's too easy to crack short passwords with all numbers or letters. People will just plug in their birthdays or their dog's name and think that's good enough. A 1/2 decent cracker can break a password like that in seconds. Fortunately, GW supports strong passwords. My advice is take advantage of this. No password is totally unbreakable, but you can make it harder on them.
**Note: I'm not implying that Pevil is handing out his e-mail address or has a weak password, but a lot of people in GW do. I've seen people giving out their e-mail addresses in the public chat many, many times. |
Count to Potato
Pevil you sure you didn't like sleep walk and make a warrior? Ive heard of sleep driving which is jsut as complaicated as making a warrior so just a possibility out there...
Pevil Lihatuh
haha and sleep-changed my password? nah, im safe on that count, i sleep way too light whenever i finally fall asleep to manage to sleep walk Plus the name isn't something i'd ever have done... it didn't have Lihatuh in it for a start
Plus the name isn't something i'd ever have done... it didn't have Lihatuh in it for a start
castanaveras
argh!!...you guys are making me worry! Is it safer for me since i play GW with a wireless connection?
p.s. I never thought hacking *is* possible....until now.
p.s. I never thought hacking *is* possible....until now.
lord_shar
A hardware/router firewall usually has build-in NAT (name address translation) and SPI (stateful packet inspection) to mask your IP and block out externally innitiated connection requests. However, if you download a key-logger or trojan, that application will start sending outbound connection requests from your PC. Software firewalls like ZoneAlarm can still detect and block its outbound connection requests, but you MUST keep an eye on its trusted application list. If you are prompted by ZA reporting an outbound connection request from an application you are not familiar with, you are better off denying its access, then start checking your system for possible spy-ware.
Nothing has ever compromised my PC's info, simply because I keep a tight leash on it.
THG published an FAQ on how to break WEP encryption keys. So no, WiFi isn't secure if you're only using WEP. However, whoever does the hacking will have to be in close physical proximity to hack your WiFi network.
Nothing has ever compromised my PC's info, simply because I keep a tight leash on it.
Quote:
|
Originally Posted by castanaveras
argh!!...you guys are making me worry! Is it safer for me since i play GW with a wireless connection?
p.s. I never thought hacking *is* possible....until now. |
j2tts
Hi I also had a account hijacked with all items and gold taken and Chars deleted. I'm really unsure how they came about getting hold of my password as I am behind a router and continuously run spyware software. But as I had'nt read anything into this before the password was'nt very strong as we all go thru life saying it wont happen to me.
The point I want to stress is that the account changing policy of sending the details to both email accounts saved my account as well. After forwarding these details to anet you get the normal auto blurb about keyloggers and third party programs but they dont seem interested that I had provided them with the persons email that was trying to take my account. They was unwilling to re-store any chars or items as its not there "policy".
Is there anyway I can report the holder of this email address ? There must be some information entering into registring this mail as it was a hotmail account.
As far I can see Anet are not interested in finding out anything !!! They are not bothered as blame is put on me for being insecure or by not having a strong enough password.
Perhaps they have security leaks on there servers ??? and palm off the blame on us game players. I heard alot of people this has happened to lately and I think Anet should do more to remedy problems.
Because at the end of the day we buy and play the games which puts money in there pocket. If this becomes more widespread then perhaps not so many people will be playing. Its quiet upsetting to spend many hours on Chars which can be deleted in seconds.
Jimbo
The point I want to stress is that the account changing policy of sending the details to both email accounts saved my account as well. After forwarding these details to anet you get the normal auto blurb about keyloggers and third party programs but they dont seem interested that I had provided them with the persons email that was trying to take my account. They was unwilling to re-store any chars or items as its not there "policy".
Is there anyway I can report the holder of this email address ? There must be some information entering into registring this mail as it was a hotmail account.
As far I can see Anet are not interested in finding out anything !!! They are not bothered as blame is put on me for being insecure or by not having a strong enough password.
Perhaps they have security leaks on there servers ??? and palm off the blame on us game players. I heard alot of people this has happened to lately and I think Anet should do more to remedy problems.
Because at the end of the day we buy and play the games which puts money in there pocket. If this becomes more widespread then perhaps not so many people will be playing. Its quiet upsetting to spend many hours on Chars which can be deleted in seconds.
Jimbo