Curse

Valdaran Longfoot · Mar 09, 2006, 06:34 PM // 18:34

Atleast GW is NOTHING like the hacking Diablo2. Those days were a disaster.

Dazzen · Mar 09, 2006, 06:52 PM // 18:52

Quote:

Originally Posted by Ruvaen

Anti-spyware software and virus scans really don't do much to help you. If you compromise your system by downloading software, it's stupidity and you will most likely pay for it.

But remember that a skilled individual only needs your IP in order to hijack your machine which they can obtain easily if you happen to join a pug and use their TS/Vent server. Really, how secure are most windows machines and how competent are the typical users? Also, if you allow pugs to use your server, they can just as easily hijack the server box and obtain numerous IPs of those who may be your guildies, friends or other pug folks that connect to it and if they're smart, you'll never become privy to the information. But of course all of this assumes that the perp is at least mildly skilled.

Do change your passwords frequently. Avoid using any single password for multiple functions. Do use alphanumerical passwords including case variation and punctuation when applicable. Never store passwords anywhere on your computer. Do install the windows updates (no reason to make the job easier for the perp ><). Do invest the time in setting up your firewall. Do have your most computer literate guildie host the server and by competent, I don't mean the idiots that think redhat boxes are innately secure. But as with anything, if a resourceful individual wants something badly enough, they'll most likely get it. You can only thwart the unskilled and discourge those without drive.

Before doing any of this, invest in a hardware router, this will secure your box far more than any other trick.

Update your system regulary and be very careful where you are surfing on the net and you'll avoid ALOT of problems.

Pevil Lihatuh · Mar 09, 2006, 07:12 PM // 19:12

Quote:

Originally Posted by SylverDragon

This has been nagging at me, and I realised why. Don't want to scare anyone further, but I'm now wondering if your account was not just hacked, but also sold.

If so the hacker could have got your account details a while ago, put it up on ebay, and the person who created the new warrior and left their mailing address, was the buyer.

you know that could be a good point... hmm... I fail to see why they would put the details in if they simply hacked it, but then if they were so sure that they would be able to change the email and lock me out, maybe they would... maybe theres some way to view recently ebayed accounts? *shrugs* if it included a description of my chars that would be possible i guess.

Cador · Mar 09, 2006, 08:23 PM // 20:23

Quote:

Originally Posted by WoodyDotNet

This is a great post Pevil. Thanks. It's a good lesson for us all. Just so people know, if someone knows your e-mail address, which is our user ID in GW, they can run something like ophcrack that'll guess your passwords. Choose strong passwords; combinations of caps and lowercase letters with numbers and symbols and at least 8 characters long. It's too easy to crack short passwords with all numbers or letters. People will just plug in their birthdays or their dog's name and think that's good enough. A 1/2 decent cracker can break a password like that in seconds. Fortunately, GW supports strong passwords. My advice is take advantage of this. No password is totally unbreakable, but you can make it harder on them.

**Note: I'm not implying that Pevil is handing out his e-mail address or has a weak password, but a lot of people in GW do. I've seen people giving out their e-mail addresses in the public chat many, many times.

how do u set a password as a shortcut key?

Count to Potato · Mar 09, 2006, 09:12 PM // 21:12

Pevil you sure you didn't like sleep walk and make a warrior? Ive heard of sleep driving which is jsut as complaicated as making a warrior so just a possibility out there...

Pevil Lihatuh · Mar 09, 2006, 09:22 PM // 21:22

haha and sleep-changed my password? nah, im safe on that count, i sleep way too light whenever i finally fall asleep to manage to sleep walk

Plus the name isn't something i'd ever have done... it didn't have Lihatuh in it for a start

castanaveras · Mar 09, 2006, 09:58 PM // 21:58

argh!!...you guys are making me worry! Is it safer for me since i play GW with a wireless connection?

p.s. I never thought hacking *is* possible....until now.

lord_shar · Mar 09, 2006, 10:51 PM // 22:51

A hardware/router firewall usually has build-in NAT (name address translation) and SPI (stateful packet inspection) to mask your IP and block out externally innitiated connection requests. However, if you download a key-logger or trojan, that application will start sending outbound connection requests from your PC. Software firewalls like ZoneAlarm can still detect and block its outbound connection requests, but you MUST keep an eye on its trusted application list. If you are prompted by ZA reporting an outbound connection request from an application you are not familiar with, you are better off denying its access, then start checking your system for possible spy-ware.

Nothing has ever compromised my PC's info, simply because I keep a tight leash on it.

Quote:

Originally Posted by castanaveras

argh!!...you guys are making me worry! Is it safer for me since i play GW with a wireless connection?

p.s. I never thought hacking *is* possible....until now.

THG published an FAQ on how to break WEP encryption keys. So no, WiFi isn't secure if you're only using WEP. However, whoever does the hacking will have to be in close physical proximity to hack your WiFi network.

j2tts · Aug 29, 2006, 11:32 AM // 11:32

Hi I also had a account hijacked with all items and gold taken and Chars deleted. I'm really unsure how they came about getting hold of my password as I am behind a router and continuously run spyware software. But as I had'nt read anything into this before the password was'nt very strong as we all go thru life saying it wont happen to me.
The point I want to stress is that the account changing policy of sending the details to both email accounts saved my account as well. After forwarding these details to anet you get the normal auto blurb about keyloggers and third party programs but they dont seem interested that I had provided them with the persons email that was trying to take my account. They was unwilling to re-store any chars or items as its not there "policy".
Is there anyway I can report the holder of this email address ? There must be some information entering into registring this mail as it was a hotmail account.
As far I can see Anet are not interested in finding out anything !!! They are not bothered as blame is put on me for being insecure or by not having a strong enough password.
Perhaps they have security leaks on there servers ??? and palm off the blame on us game players. I heard alot of people this has happened to lately and I think Anet should do more to remedy problems.
Because at the end of the day we buy and play the games which puts money in there pocket. If this becomes more widespread then perhaps not so many people will be playing. Its quiet upsetting to spend many hours on Chars which can be deleted in seconds.
Jimbo