Curse

Maxiemonster · Apr 06, 2006, 06:56 PM // 18:56

This is the story:

I was playing HA, and all of the sudden, someone starts spamming "Rank 17 Guild recruiting!", so I thought "This can't be right", so I asked why a Rank 17 guild would randomly recruite, and asked of this was a lame joke, but apperiantly it wasn't. I got an invite (since I was guildless), and I saw alot of random people were invited, so I knew something was wrong.

I asked the guy who invited (who had a friend who also helped) me what was going on, and he didn't reply for a while. When I asked again, he told me he hacked someone's account, which was apperiantly the account of one of the Officers in that guild, and he kicked all excisting members, and invited new ones, randomly.

I'm glad they didn't hack the Guild Leader's account, since this way, he still has the upper hand, though, this is pretty serious in my opinion. I obviously got the names of the 2 hackers (if it's not the same guy), and the account of the Guild Leader (so I can explain this to him). I'm reporting these guys immidiatly, in case these guys can get an IP track, so they can get a ban, which I really hope is possible.

So again, watch out with every way you might get hacked, so this is what happens. This is the most serious way of hacking I've seen untill now (since obviously, these guys stole every single item on the accounts as well).

twicky_kid · Apr 06, 2006, 07:04 PM // 19:04

I've seen this happen before. Got an officers account and kicked all the members in the guild.

Hard to remember all those names when every one doesn't play each day. Cut the guild population in half.

Tufty · Apr 06, 2006, 07:06 PM // 19:06

That sucks ! How do they steal accounts? How do I protect mine?

VGJustice · Apr 06, 2006, 07:09 PM // 19:09

On the plus side, the Guild window keeps track of who got the boot, so you could sort through that and figure out who should be re-added. Granted, I'm not sure if there's a limit on how many names it will track -_-;

[EDIT] To Tufty: The way they steal accounts is by either guessing or finding out what your e-mail and password are. After that, they can change the password and the e-mail to whatever they want, and the account is gone.

If you want to protect your account, the first step is easy. Never download any Guild Wars add-ons. But that's a duh. After that, keep your e-mail secret. If they can't get your e-mail, then they'll have a harder time getting your account. Next, try not to surf the web while playing Guild Wars. There *could* be a key logger program within a web page (don't quote me on that, I'm not positive about that). Also, never ever tell anyone your password, even if you know they don't have your e-mail. No sense in giving them a chance.

MSecorsky · Apr 06, 2006, 07:09 PM // 19:09

Quote:

Originally Posted by Tufty

That sucks ! How do they steal accounts? How do I protect mine?

Download NOTHING for the game. Practically everything out there to "help" you in some way or another with the game contains keyloggers and other Trojans designed specifically to steal your account and possibly other personal information as well.

Tufty · Apr 06, 2006, 07:12 PM // 19:12

Cool I wouldnt think of downloading anything for the game unless it was streamed directly during the game

Diablo™ · Apr 06, 2006, 07:13 PM // 19:13

Even if the guild is completely restored, that guild officer is gonna be booted off the guild anyway for safe measures.... Tragedy strikes.

dansamy · Apr 06, 2006, 07:17 PM // 19:17

NOt only that, but unless Arenanet makes a special allowance, the guild will be disqualified from the tournament. Players can't change guilds during the guild lockdown period, and since there's bound to be at least one of the top 16 that is declared ineligible, the 17th guild WOULD have been eligible until this fiasco.

Maxiemonster · Apr 06, 2006, 07:19 PM // 19:19

If dansamy, I really hope ANet makes an exception, since that'd be lame. I REALLY hope they can track this guy, since he might've used pograms that fools ANet.

Ctb · Apr 06, 2006, 07:19 PM // 19:19

In addition, don't use wimpy passwords. The ideal password would be a totally meaningless string of characters, but the next best thing is a psuedo-word comprised of various characters.

Example: gu1ldeeg00

It sounds kind of like a real word "guildy goo", but obviously it's just gibberish.

Another alternative that I used for a while is to put all your passwords in one place and have them be actually long nonsense strings of complex text. Then, you protect that location with one very strong password and just open it up when you need to know the nonsense string for a particular account somewhere. I used to do this with an encrypted text file on Windows using AxCrypt, but AxCrypt doesn't work right on 64-bit unfortunately.

The obvious downside there is that, while you're exceptionally safe, if you forget that one password, you lose them all for good :\

Of course, on the flip side, you only have to remember one password as well.

The fix for that is keeping the password written down somewhere in a physically secure location, but it's not always practical to buy a safe just to store a piece of paper (and then you still have to remember the combination anyway).

Vanquisher · Apr 06, 2006, 07:23 PM // 19:23

One of the players from Rift also got hacked, and I believe he was in the main 8 to play in the tournament. The hacker removed him from the Guild, and he is no longer allowed to play (his computer is also messed up).

On a side note, it was Kava apparently. Incredibly unfortunate thing to happen.

Tufty · Apr 06, 2006, 07:26 PM // 19:26

If they have a key logger I dont suppose it matters if your password is 8000 characters long they'll still have it

Valerius · Apr 06, 2006, 07:26 PM // 19:26

that sux... ScV was a pretty good guild

Maxiemonster · Apr 06, 2006, 07:28 PM // 19:28

Yep, it's Kava. The hacker said he got into the forum of the guild or something, and it contained the accounts and passwords.

I hope the guild leader speaks English, so I can explain what happened. I really hope this guild can still get their members back and get into the tournament, since with a bunch of randomly invited people, they won't get far.

Killmur · Apr 06, 2006, 07:29 PM // 19:29

Shouldn't you be taking this matter up with A-Net and not in the GWG Forums?

VGJustice · Apr 06, 2006, 07:30 PM // 19:30

Ctb makes a good point. I'd like to add to it a bit.

Figure on making your password as long as you feel comfortable with, but no shorter than 10-12 characters. Longer is better.

And mix it up a lot. Not just letters, but caps and lower case (passwords are case sensitive) as well as numbers and symbols. And the less sense that your password makes, the better.

Sir Skullcrasher · Apr 06, 2006, 07:35 PM // 19:35

I would think the motive is to ruin these guilds so they can't get far in the tournament. Guess its a safe choice to change your password every week?

96TSi · Apr 06, 2006, 07:36 PM // 19:36

a very good way to protect yourself from password theft is to have letters and numbers in your password. that makes it alot harder for people who are just trying random passwords

anyone see the movie hackers?
do not use the password "god" lol

Lord Iowerth · Apr 06, 2006, 07:39 PM // 19:39

Password integrity is a very important issue ... you'd be surprised at how many never bother to update and change their passwords, because they become complacent.

Here's a good article on how to build a strong password: http://www.linux.com/article.pl?sid=04/07/16/1530201

And this situation is horrible. Some deviant kid, bent on ruining a guild's chance to participate in the tournament, wants to exact revenge or get attention.

To the hacker: if you really need attention that bad, look me up and i'll play with you. There's no need for this.

Inde · Apr 06, 2006, 07:39 PM // 19:39

This is unfortunate. Killmur, Maxiemonster all ready said he's reporting it. He's letting the community know.

One thing that confuses me... why would you ever keep your guild's accounts and passwords on a forum? This is either misinformation or something is seriously wrong there.