Curse

TheRaven · May 14, 2008, 02:54 AM // 02:54

I'd love to see a deletion lock on our characters however it's something that has been brought up many times before in Sardelac and Gaile responded there and said it ain't happening, so I think we can forget about that option.

I seriously would not want the x times to enter a password then locked out option. This is really a bad idea. It sounds good at first, but think about it.
How many enemies do you have ingame? Are you an officer in a guild? Have you ever kicked anyone from the guild? Encountered any immature twits while pugging? Been flamed on the forums? I bet you have. I bet a few of them even know your e-mail.

The average player does not know how to hack your account and the odds are that those enemies you've made wouldn't even know how to start trying to hack you, but if the lockout option was implemented they wouldn't have to hack you to "get even". Someone else already mentioned it in this thread, but it bears repeating. Some little twit that has an axe to grind could just enter your e-mail at the login screen and some random characters in the password field until your account is locked. You're the one who will suffer.

Bront · May 14, 2008, 02:59 AM // 02:59

Quote:

Originally Posted by TideSwayer

Where are you getting the download link from? I say this because the link I used originally:

http://wiki.guildwars.com/wiki/Guide...-game_graphics

...links to Texmod hosted on a FileFront server that doesn't even have mirrors for it. Just one link. FWIW, I just downloaded Texmod from that FileFront link, did a virus scan on it (and the Texmod.exe file inside) with Avast and a-squared free malware scanner, and compared the MD5 values with the original Texmod.zip I downloaded late last year, which is still on my hard drive. Same exact MD5, so Texmod, at least from this location, hasn't been sabotaged in any way.

Is this a different link than the one you used to get Texmod from? I ask because I have a friend in-game who was hacked this week (and lost a fortune). He thinks Texmod was the reason why it happened. I tried to tell him it couldn't have been, but if there are sabotaged Texmods going around with keyloggers inserted (not unlikely if you've ever tried to download other .exe or installers in the past from shady locations), then this is a serious issue. FWIW, Texmod is a standalone .exe file. You just open the folder and double-click the .exe to run it. There isn't an installer for it. If you download a version of Texmod that asks you for installation, DECLINE/REFUSE/CANCEL immediately.

Here's the MD5 of my "ok" Texmod.zip:

TexMod.zip
MD5: 2291F3095F14EFB847D366E2FBE4BE51

I used that link for text mod, but also found after I upgraded my anti-virus that I had the Liniage2.keylogger virus on my PC. I have nothing worths stealing (2 ectos and 0 gold ftw!), and my anti-virus caught it (AVG Free), and I haven't been running it much beyond a test to see if it works.

there are other places to grab texmod, I suggest you check there.

fenix · May 14, 2008, 03:10 AM // 03:10

AVG seems to be picking up that TexMod link as a false-positive, because NOD32 doesn't detect ANYTHING on the one I got, unless someone changed it since I downloaded. Then again, it seems everyone is using AVG when it detects it.

Bront · May 14, 2008, 03:14 AM // 03:14

Quote:

Originally Posted by Jetdoc

Norton never picked up anything. I ran another scan last night after the attack, and made sure my definitions were updated, and nothing appeared.

Norton never does pick up anything.

Try AVG free, Avast, or even Trend Micro's Housecall

Bront · May 14, 2008, 03:26 AM // 03:26

Quote:

Originally Posted by fenix

AVG seems to be picking up that TexMod link as a false-positive, because NOD32 doesn't detect ANYTHING on the one I got, unless someone changed it since I downloaded. Then again, it seems everyone is using AVG when it detects it.

That's possible, but it did also clean up the file.

If Texmod was a keylogger, there'd be far more theft going on that not, but it doesn't hurt to be careful.

VanDamselx · May 14, 2008, 04:56 AM // 04:56

Pretty damn scary.

I don't really play GW anymore but I would be pretty pissed off to find my shit gone.

Good luck, Jet. I hope something actually comes out of this.

Maria The Princess · May 14, 2008, 05:07 AM // 05:07

Quote:

Originally Posted by HuntMaster Avatar

1st off, I am sorry about the response you got jet, thats complete crap and shows me that we could all get hacked and nothing would happen, Anet just doesnt care.

Here's another idea, its a bit of a pain in the ass, but humor me. Anet could add these security features.

Log in password (which we have)

Character passwords (each character has its own password that must be input before it can be accessed.) yes this would take people a few extra seconds to get to playing, but it would add more security, and if like jet, we got booted cause someone hacked our log in pw, then we could get back on, change our log in pw before they hacked a character password. (this would make hacking passwords more time consuming, and we could log back in, boot them out, and change log in password, so they have to start all over again from the begining.
I doubt anyone can hack two different passwords in less than 5 minutes (without a program)

Add in a Lock feature for characters so they can not be deleted. I would love to lock my warrior, I'm never going to delete him ever, I would buy more character slots if need be, but after the work and time i put in on him, Hes never ever getting deleted.

Each password change needs to be confirmed through email, this way no one can change your passwords without access to your email.

In-game password. Once you finally get in the game on a character, you have another password you have to enter, you have 120 second (2 minutes incase of lag) to enter this password, or you are disconnected for 5 minutes.
This way even if they get two passwords correctly, they have to get the third quick or be shut out for 5 minutes, plenty of time to reset ALL passwords if need be.

for each failed attempt, the account would be disconnected for 5 minutes, so 2 failed tries would result in a 10 minute lock out, 3 tries means 15 minutes and so on.

Yes this is a pain in the ass, as I said, but it would be very effective in protecting our accounts. Anet says we are responsible for our security but then gives us very few ways to protect ourselves, And then when our protections fail, they say they wont help because its not their responsibility!

Another option would be a internal false key and password, so when a program tries to read it, it will only get the fake key or password.

I would rather it take and extra couple of minutes to get into each character and log on, than log in quickly and find all my items gone or characters deleted.

Because of this very real and very common problem I am taking a break from GW until it can be resolved. I am going to play other games and do other stuff. But if this keeps up I see people getting sick of doing everything over again to regain their items or characters and finally quitting the game, and if anet/ncsoft keeps treating their playerbase like they have with jet, I see people refusing to purchase ncsoft products in the future. Including gw2.

No point in getting into something that will only leave you frustrated in the end.

PS: Jet, If you are willing, You should call the police and report this, with all the information including the response, and then post what the police have to say, send the polices response to ncsoft and then post there counter response. Also look online for free legal advice and explain the situation, See if there is any action we the consumers can do to either persuade or force ncsoft to do their job and safeguard their product. It seems very shady that we spent our money on something that will fail in the end, almost as if the provider is scamming its customers. This just smells bad on all ends. Everyone who has been a victim of this (hacking) should also do the same. With enough support something will get done.

that would never work...

i mean, im all for extra security. on SArdelac, there is a thread that suggests adding a PIN or password to storage box, you should see what people come up with just to QQ and not say they are too lazy to type in a PIN and make up a security question.... i still dont get why they REFUSE security but whatever.......

Edge Martinez · May 14, 2008, 08:16 AM // 08:16

Just to touch on the lost connection thing mentioned earlier. I've noticed that the only times I ever get lost connections are when I've been playing in Random Arenas and Alliance Battles, and usually after I've been doing it for awhile.

And also, just life in general, if someone wants to screw you, they will find a way. Just walk through the internet with the same kind of mentality you'd have if you were walking through Times Square. Do the pw changes. Keep your av up to date. Run the mostly useless firewall. My parents computer had so many viruses and infections on it, I think I caught AIDS and cancer when I visited them. And they only do email and check news sites (or so they say ;>). Now they do the basic security stuff we all know we should do, and they've been ok.

And suggestions are good. I'm anal enough to appreciate the pw for each individual toon idea. A sticky note on the desk, and ten seconds of my time is a small price to pay for added protection. Maybe have it as a user option to use it or not. Hopefully Anet takes some suggestions to heart. I know they can claim the GW1 is done argument, but they're the ones who decided to tie it to GW2.

EDIT: Oh, and that contact the police thing is lame ANet. Take a cue from eBay and have a working relationship with the authorities, and you guys..., a company that hopefully contributes to the community and is recognized, file the appropriate reports. It might be us getting hosed, but it's your product being attacked. It'd be worth the while to add extra security, too. Just add up all the hours spent handling these cases and figure out how much your cost savings would be. Kind of like a half assed six sigma for computer geeks... of which I'm happily one.

Shai Lee · May 14, 2008, 09:31 AM // 09:31

If people don't like the idea for the extra individual toon password or the option to lock a character for 30 days, then there could also be an option to exclude that.

- Enable Character Locking (No Delete) for 30 Days on this account
- Disable Character Locking (No Delete) for 30 Days on this account
- Enable Individual Toon Passwords for 30 Days on this account
- Disable Individual Toon Passwords for 30 Days on this account

That way, those that don't want to bother with the extra security or losing 30 seconds of their life in inputting another password, don't have to. Those that would rather have it, get the option. I added the option to Disable also, so that if someone else does gain entry into their account, they can't create passwords on their toons that the owner didn't set up themself. The idea is pretty raw, no doubt it can be tweaked, but it does give both sides the options they're looking for.

I look forward to thoughts.

Friday · May 14, 2008, 09:56 AM // 09:56

Here is one possible solution to a lot of anxiety people have for their accounts:
http://www.guildwarsguru.com/forum/s...php?t=10248665

This poll was stuck away in Sardelac so got minimal response. But after the spate of "hacks" reported, I think a lot of people would feel more at ease if their characters were "safe", even if they lose items/gold.

And these are two other threads about the same issue:
http://www.guildwarsguru.com/forum/s...php?t=10278183
http://www.guildwarsguru.com/forum/s...php?t=10200422

Somewhere (can't find a linky right now) Gail did respond to say it was not going to be provided, but I think this needs to be urgently revisited by Anet, given that their response to Jet was.... just.... "inadequate" (to be polite).

Anet/NC-Soft need to take the security fears of their player base seriously, and they need to be seen to be doing something material to help their players in this regard. If they wish their future earnings ie GW2 to be a sure thing - then they need to do some PR work on the perceptions that are rife right now. And those perceptions in this particular portion of the community are not good for their future. They may dismiss us here as only a small representative portion of the total GW player base, but what they seem to forget is the many many others who will experience such a "hack" or unexplained block or ban and simply uninstall and never return or buy GW2.

Personally, I am more than a little disappointed by the attitude displayed on Anet/NC-Soft's part in relation to this. It doesn't help anyone's agenda here to say "it's the player's responsibility to secure their account" and then not provide an effective and manageable way to do so - simply witness the problems encountered when trying to change your password.

Paul thy god · May 14, 2008, 12:40 PM // 12:40

i still fail to see the point of hacking accounts, i mean people cannot be bothered to make money or getting to level 20 so they decide to take someone elses account. I was selling off a 10 hour NF trial key, to a guy (wait is that even allowed, but either way, i had 2 NF campaign keys in the box, so why not make use of em) anyway he tried to tell me that HIS character was locked despite the fact the character he was in had FoW armor, and that if i gave him my username and password he would make the money appear. i didnt trust him due to his poor english, and repeated use of the phrase " I will not deceive you i give you my Word". i mean honestly people need to pick up their game. if you cant be bothered leveling one account, why should you risk a PERMA ban and having to fork out another 50 bucks to get another copy of the game due to lazyness.

Faer · May 14, 2008, 03:30 PM // 15:30

TL;DR:

ArenaNet and NCSoft have utterly shit security. They have had utterly shit security for years. Their utterly shit security has been exploited time and time again. They have not done anything to truly protect the community, such as fixing their utterly shit security. Ergo, they don't care, and we're the suckers.

But enjoy the PvE/PvP separation, guys. Heard it shows they really listen to us.

Stockholm · May 14, 2008, 05:02 PM // 17:02

Quote:

Originally Posted by Faer

TL;DR:

ArenaNet and NCSoft have utterly shit security. They have had utterly shit security for years. Their utterly shit security has been exploited time and time again. They have not done anything to truly protect the community, such as fixing their utterly shit security. Ergo, they don't care, and we're the suckers.

But enjoy the PvE/PvP separation, guys. Heard it shows they really listen to us.

It shows they atlast listen to the majority, not the loudest

zamial · May 14, 2008, 05:18 PM // 17:18

4 million + copies sold and all of 10 I got hacked posts. I do feel for the victims but the odds are in your favor to never be hacked.

Faer · May 14, 2008, 05:37 PM // 17:37

Quote:

Originally Posted by zamial

all of 10 I got hacked posts

In this thread, or recently, or what?

**cosyfiep** · May 14, 2008, 08:16 PM // 20:16

Quote:

Originally Posted by zamial

4 million + copies sold and all of 10 I got hacked posts. I do feel for the victims but the odds are in your favor to never be hacked.

I'll say it again.
Most of the 'I got hacked' threads get DELETED since there is not much we can do about it ----and it seems that anet/ncsoft doesnt give a ratsass about it either.....

so you can do a search, but you wont find many ---and most of those will be closed with the 'contact support--we cant do anything for you' logo.
(and who says that all the people who have been hacked post on guru?????)

Thizzle · May 14, 2008, 08:37 PM // 20:37

I have been watching the and see people say "There has been an increase in account hacking lately". I somehow think that it just has been reported more and that this has always happened. The main possible ways of getting your account stolen is sharing passwords, power leveling (oh man idk what to say if you pay for that), and keyloggers or phishing. I think a lot of it is just software bundled with things that you don't want and eventually your account is empty.

Tyla · May 14, 2008, 08:40 PM // 20:40

Well if people will post their current situation, how often they scan for viruses / spyware, what they've been going on etc. (Which is highly doubtful, because I believe that can lead to hacking too, not sure because my knowledge on this thing is BAED.).

If this can be found out by other means, I hope my absense from Guild Wars doesn't get my account robbed...

(Especially because I've bought about 12 character slots, NF and Factions CE...)

Chestnut · May 14, 2008, 08:40 PM // 20:40

Gonna have to disagree. Reports in the last 1-3 months have sky rocketed and alot of the people have done none of these things.. however one thing does seem in commmon we all use guru.

Thizzle · May 14, 2008, 08:42 PM // 20:42

There are possible malicious programs that can set your host list so that your antivirus doesn't update and then it can deploy a newer virus then the one your database in it and things like this has happened before. I got one before that changed my host list, but I don't care if someone gets on my account. I mean the only true way to monitor if it has increased is read the reports made by players to anet, but that isn't going to happen unless we use an anet employee to do it.