+ Reply to Thread
Page 1 of 5 1 2 3 ... LastLast
Results 1 to 20 of 81

Thread: WoW Account Security - How not to get hacked.

  1. #1
    Join Date
    Sep 2008
    Posts
    1,909

    WoW Account Security - How not to get hacked.

    There is not many things in WoW more upsetting than having your account stolen, your characters strip mined for gold and possibly the entire contents of your guild bank looted. To help stop this happening to you, I've put together a quick guide showing how to minimize the risk of it happening to you. There is no silver bullet that will make you secure, but by layering on your defenses, you can make sure your not an easy target.

    First up lets talk about how you get/got hacked and then I will detail some things you can do to reduce the chances of it happening (again?).

    1. Password stealing Trojan/Malware.

      There are a number of ways you could get one of these, generally though it comes from something you downloaded, either deliberately, or against your will. Using a browser that is out of date, or has a vulnerability that a website can exploit is one way. Downloading cheats/guides/bots/tools/addons(not all addons are bad) can also lead to you getting infected.
    2. Getting socially engineered out of your credentials.

      Blizzard will NEVER ask you for your password. Any email you get that looks like it came from Blizzard asking for your details, did not come from them. No matter how convincing it looks, never give your game name/password out over email/chat, even in game.
    3. Using a leveling service, or buying gold.

      Generally to have your character leveled, they need your login name and password. They then have access to make changes to your account that can lead to them being able to reset the password at a later date and clean you out.
    So what can be done about these things? Here is a list of things you should and shouldnt consider doing to avoid getting pwned.

    • Make sure your system is up todate for patches. (Windows) (Mac).
    • Enable a firewall. (Windows) (Mac)
    • Dont use internet explorer. (heres why)
    • Use Firefox, with the "NoScript" addon.
    • Only login to worldofwarcraft.com with SSL.
    • Use the Blizzard Authenticator
    • Info on Mobile Authenticator for various mobile phones (including iPhone) -- Blizzard Support
    • Dont download porn/warez/cracks
    • Becareful downloading updates for WoW from non Blizzard servers. Use their mirrors.
    • Dont download addons that are not in a zip/rar format, or that contain executeables. LUA scripts dont contain password stealing trojans or have access to steal that kind of information (yet). Only download from reputable sites.
    • Install a good Antivirus. Most of the free ones are better than the ones you pay for. (I like clamwin) (PandaCloudAV is free, and pretty good.)
    • Install Spybot Seek & Destroy
    • Get a Hijack This checkup regularly to spot weird stuff.
    • Becareful where you browse.
    • Dont buy gold, or use a leveling service.
    Some of the above is common sense, some is not. Nothing will make you 100% secure but some of the above can certainly help reduce the chances of it being you cleaning out the guild bank while guildies franticly wonder whats up.

    if you have other tips, feel free to add them below and I will include them.
    Last edited by Warwench; 01-27-2010 at 03:35 PM.

  2. #2
    Join Date
    Sep 2007
    Location
    NC
    Posts
    1,763
    Stickied

  3. #3
    Quote Originally Posted by Warwench View Post
    A thousand times this. You pay $15 a month for your account. You've spent anywhere from $120 to $210 for WoW and its two expansions. Even if you've only been playing for a couple months, that's $150 or so of an investment you've put into your account. Dropping $6.50 plus S&H on a Blizzard Authenticator to secure that investment is trivial. It effectively makes you immune to everything hackers can throw at you.

    Of course, it only seems to be available for US customers. =\
    Follow me on Twitter | Facebook | Google+

  4. #4
    Join Date
    Jul 2007
    Location
    Canadia
    Posts
    3,523
    Quote Originally Posted by Lore View Post
    Of course, it only seems to be available for US customers. =\
    US: Blizzard Store
    Not-US: Blizzard Store

    I've worked with this technology (Vasco Digipass - no I don't work for them ) in a professional capacity. It's a very good system, and well worth the six bucks. In my opinion, they should just drop an authenticator in every new-account box.

    Get one. Seriously.
    Got a question? Try here: Evil Empire Guides and here: Tankspot Guides and Articles Library first!

  5. #5
    Join Date
    Jul 2008
    Location
    France - Paris
    Posts
    114
    Another tip.

    Use Vista 64 and do not disable UAC (User Account Control). the 64bits OS make it almost impossible for rootkit to install on it.

    Actually, Vista 64bits OS with Driver Signing and Kernel Patch Protection make it the safest windows product



  6. #6
    Join Date
    Dec 2006
    Location
    Tacoma, Wa
    Posts
    8,766
    Quote Originally Posted by Cedix View Post
    Another tip.

    Use Vista 64 and do not disable UAC (User Account Control). the 64bits OS make it almost impossible for rootkit to install on it.

    Actually, Vista 64bits OS with Driver Signing and Kernel Patch Protection make it the safest windows product
    This is good advice.

    Especially given that no one will ever have access to the computer you've permanently shut down after getting angry at 3 dozen UAC prompts in the course of a half hour.

  7. #7
    Join Date
    Oct 2007
    Location
    Illinois
    Posts
    1,632
    I use a password protection program that requires a complex password to log into to get my WoW password. I then copy that password to my clip board. Then shift insert it into the log in field. In 10 seconds the clip board is wiped clean. All a key logger would get is "shift insert" or something totally worthless.

    On top of that I have the Blizzard Authenticator, Avast Anti-Virus, and Windows Defender.

    I have had zero security issues with this set up and I doubt I ever will. I highly recommend Avast for a anti-virus. It allows you to do a pre-boot scan of your PC. Meaning it shuts down your PC then just before windows loads it scans your system while its still in DOS mode. This prevents nasty viruses from jumping around once they have been found to a file you have already scanned, or worse getting into your recovery drive.
    There is something so appealing about backhanding someone across the face with a shield.

  8. #8
    Join Date
    Nov 2008
    Posts
    228
    Quote Originally Posted by Bodasafa View Post
    I use a password protection program that requires a complex password to log into to get my WoW password. I then copy that password to my clip board. Then shift insert it into the log in field. In 10 seconds the clip board is wiped clean. All a key logger would get is "shift insert" or something totally worthless.

    Do you wear a tin foil hat while doing all of this? ^^

  9. #9
    Join Date
    Dec 2006
    Location
    Tacoma, Wa
    Posts
    8,766
    Quote Originally Posted by Omok View Post
    Do you wear a tin foil hat while doing all of this? ^^
    I use the same as he does, on recommendation from my brother-in-law.

  10. #10
    Join Date
    Jul 2008
    Location
    France - Paris
    Posts
    114
    Quote Originally Posted by Ciderhelm View Post
    This is good advice.

    Especially given that no one will ever have access to the computer you've permanently shut down after getting angry at 3 dozen UAC prompts in the course of a half hour.
    That is overrated... unless you are installing soft every 5 min and using stone age application, you hardly getting UAC spam. It does get frustrating on a first install when you putting your system up to date but that all.

    You can run Vista without it, and xp in admin right. "hey, come right in, i have no restriction". its one of the first reason a computer get infected, "everyone" running admin right.

    Honestly, since SP1, i must get 2 or 3 UAC message in 4 or 5 hrs.



  11. #11
    Join Date
    Sep 2008
    Posts
    1,909
    I have disabled UAC on my Vista and dont plan on ever re-enabling it. The mediocre security it provides is not worth the hassle. I am used to having to provide my root password on my Ubuntu installs when I want to do certain things but UAC was just annoying, not from having to provide the password but from the random issues it created with software that was not designed to be run with it.

    UAC is not something I would recommend to anyone, regardless of the good intentions it has. It's probably very useful in particular situations but like SELinux, more of a pain in the ass than helpful most of the time.

  12. #12
    Join Date
    Aug 2007
    Location
    Virginia
    Posts
    528
    UAC wasn't designed for anyone who has a remote idea as to what they are doing. There are alot more people out there who don't understand much, if anything, about network and computer security that people that do.

  13. #13
    Join Date
    Oct 2008
    Location
    Springvegas, Missouri
    Posts
    611
    I agree with one of the things said above, just dont go to sites that would give you these bad things, dont download porn or torrent files and problem solved. Use common sense on the internet lol.

    I dont use an antivirus program, I have AVG installed, but it stays disabled until I want to scan. Windows firewall, Windows Defender, Mozilla Firefox with the Script addon are all I use for protection.

    Ive been doing it this way for 4 years now, and (knock on wood) I have never had any issues. The only time ive ever been screwed is when I had norton installed, and it got infected and spread to the rest of my computer back when I had windows ME.

    Ill still buy the Blizz thing though, cause hell its 6 bucks, might as well.
    You do realize why the Borg are so bad at making dimmer switches don't you?
    Resistance is futile.



  14. #14
    Quote Originally Posted by Shifthappens View Post
    I agree with one of the things said above, just dont go to sites that would give you these bad things, dont download porn or torrent files and problem solved. Use common sense on the internet lol.
    Keyloggers are getting more and more vicious though, and keep finding holes that aren't obvious. There was a massive wave of stolen accounts a few months ago when someone found a way to inject a keylogger into Flash ads, and people got hacked just for going to websites like Warcraftmovies (which has tons of gold ads). Curse has been hacked twice. EQDKP had a hole a while ago that got a ton of people hacked just for going to their guild site.

    Being careful and not clicking on sex leg links is definitely a good thing, but it's naive to assume that you can avoid them entirely that way.
    Follow me on Twitter | Facebook | Google+

  15. #15
    Join Date
    Sep 2008
    Posts
    1,909
    exactly. quite often trusted sites can get compromised. that is why something like NoScript is a good idea.

    If you visit Site A that you like, and trust it, then later it gets compromised and tries to run JavaScript from r00ty0rbutt.ru or something, NoScript can help you prevent that.

    if it gets totally owned and they are serving the script/malware up from the trusted domain, well your screwed. Thats why a layered defense is a good idea. There is no magic bullet, but you can reduce your risk dramatically by running overlapping protection on multiple layers.

  16. #16
    Join Date
    Jul 2007
    Posts
    16,428
    Quote Originally Posted by Warwench View Post
    [*]Dont download porn/warez/cracks

    Whoa whoa whoa... lets not get hasty here.... there are safe ways to do everything... just don't be a cheap..

    nm

    i'm gonna stop here... uhh just realized this isn't in the donor's forum.

    READ THIS: Posting & Chat Rules
    Quote Originally Posted by Turelliax View Post
    I will never be a kaz.. no one can reach the utter awesomeness of you.
    http://i.imgur.com/3vbQi.gif

  17. #17
    Join Date
    Jul 2007
    Posts
    16,428
    and i bit down and said 7bucks is totally worth it for 1 time fee to protect my $15 dollar a month, several hundred dollars lifetime investment. i'll just keep it next to my PC so my g/f probably won't even notice it. ;P

    READ THIS: Posting & Chat Rules
    Quote Originally Posted by Turelliax View Post
    I will never be a kaz.. no one can reach the utter awesomeness of you.
    http://i.imgur.com/3vbQi.gif

  18. #18
    Join Date
    Jul 2007
    Posts
    16,428
    Not to mention there was an issue recently that I read in an Irvine newspaper that said an ex blizzard employee used his high level of security to sell accounts that didn't belong to him. This is my #1 reason for grabbing the authenticator.

    I don't care about the pw stealing, i'm pretty secure, and i use the copy/paste method as well. i've never had an issue with it, but if some douche bag who works at the very company i'm paying for wants to be a dick, he can and will cause me a lot of trouble in the process, much like identity theft happens a lot at restaurants because the employees will steal CC #'s

    The authenticator negates just about anything anyone can do to you outside of being right next to you.

    I'm just a little confused as to how it works exactly (my work has something similar for allowing us to work from home).

    So you... just press the button and it gives you a temp password to login?

    READ THIS: Posting & Chat Rules
    Quote Originally Posted by Turelliax View Post
    I will never be a kaz.. no one can reach the utter awesomeness of you.
    http://i.imgur.com/3vbQi.gif

  19. #19
    Join Date
    Apr 2008
    Posts
    1,399
    Quote Originally Posted by Kazeyonoma View Post

    I'm just a little confused as to how it works exactly (my work has something similar for allowing us to work from home).

    So you... just press the button and it gives you a temp password to login?
    You start up the game, enter your username and password like normal. Then if you have an authenticator on your account it will bring up a new box asking for the six digit code. You press the button on your authenticator it will display a code, you key it in and your in. The codes reset every 10 secounds. This also will happen when you attempt to sign in to the blizzard website for account management

  20. #20
    Join Date
    Jul 2007
    Posts
    16,428
    Gotcha, that's what I was expecting. ty =]

    READ THIS: Posting & Chat Rules
    Quote Originally Posted by Turelliax View Post
    I will never be a kaz.. no one can reach the utter awesomeness of you.
    http://i.imgur.com/3vbQi.gif

+ Reply to Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts