View Profile
View Forum Posts
Private Message
View Blog Entries
Reply With Quote
Stickied
There is not many things in WoW more upsetting than having your account stolen, your characters strip mined for gold and possibly the entire contents of your guild bank looted. To help stop this happening to you, I've put together a quick guide showing how to minimize the risk of it happening to you. There is no silver bullet that will make you secure, but by layering on your defenses, you can make sure your not an easy target.
First up lets talk about how you get/got hacked and then I will detail some things you can do to reduce the chances of it happening (again?).
So what can be done about these things? Here is a list of things you should and shouldnt consider doing to avoid getting pwned.
- Password stealing Trojan/Malware.
There are a number of ways you could get one of these, generally though it comes from something you downloaded, either deliberately, or against your will. Using a browser that is out of date, or has a vulnerability that a website can exploit is one way. Downloading cheats/guides/bots/tools/addons(not all addons are bad) can also lead to you getting infected.- Getting socially engineered out of your credentials.
Blizzard will NEVER ask you for your password. Any email you get that looks like it came from Blizzard asking for your details, did not come from them. No matter how convincing it looks, never give your game name/password out over email/chat, even in game.- Using a leveling service, or buying gold.
Generally to have your character leveled, they need your login name and password. They then have access to make changes to your account that can lead to them being able to reset the password at a later date and clean you out.
Some of the above is common sense, some is not. Nothing will make you 100% secure but some of the above can certainly help reduce the chances of it being you cleaning out the guild bank while guildies franticly wonder whats up.
- Make sure your system is up todate for patches. (Windows) (Mac).
- Enable a firewall. (Windows) (Mac)
- Dont use internet explorer. (heres why)
- Use Firefox, with the "NoScript" addon.
- Only login to worldofwarcraft.com with SSL.
- Use the Blizzard Authenticator
- Info on Mobile Authenticator for various mobile phones (including iPhone) -- Blizzard Support
- Dont download porn/warez/cracks
- Becareful downloading updates for WoW from non Blizzard servers. Use their mirrors.
- Dont download addons that are not in a zip/rar format, or that contain executeables. LUA scripts dont contain password stealing trojans or have access to steal that kind of information (yet). Only download from reputable sites.
- Install a good Antivirus. Most of the free ones are better than the ones you pay for. (I like clamwin) (PandaCloudAV is free, and pretty good.)
- Install Spybot Seek & Destroy
- Get a Hijack This checkup regularly to spot weird stuff.
- Becareful where you browse.
- Dont buy gold, or use a leveling service.
if you have other tips, feel free to add them below and I will include them.
Last edited by Warwench; 01-27-2010 at 03:35 PM.
Stickied
Courinack Rancher
A thousand times this. You pay $15 a month for your account. You've spent anywhere from $120 to $210 for WoW and its two expansions. Even if you've only been playing for a couple months, that's $150 or so of an investment you've put into your account. Dropping $6.50 plus S&H on a Blizzard Authenticator to secure that investment is trivial. It effectively makes you immune to everything hackers can throw at you.Originally Posted by Warwench
Of course, it only seems to be available for US customers. =\
US: Blizzard Store
Not-US: Blizzard Store
I've worked with this technology (Vasco Digipass - no I don't work for them) in a professional capacity. It's a very good system, and well worth the six bucks. In my opinion, they should just drop an authenticator in every new-account box.
Get one. Seriously.
Got a question? Try here: Evil Empire Guides and here: Tankspot Guides and Articles Library first!
Another tip.
Use Vista 64 and do not disable UAC (User Account Control). the 64bits OS make it almost impossible for rootkit to install on it.
Actually, Vista 64bits OS with Driver Signing and Kernel Patch Protection make it the safest windows product
This is good advice.
Especially given that no one will ever have access to the computer you've permanently shut down after getting angry at 3 dozen UAC prompts in the course of a half hour.
I use a password protection program that requires a complex password to log into to get my WoW password. I then copy that password to my clip board. Then shift insert it into the log in field. In 10 seconds the clip board is wiped clean. All a key logger would get is "shift insert" or something totally worthless.
On top of that I have the Blizzard Authenticator, Avast Anti-Virus, and Windows Defender.
I have had zero security issues with this set up and I doubt I ever will. I highly recommend Avast for a anti-virus. It allows you to do a pre-boot scan of your PC. Meaning it shuts down your PC then just before windows loads it scans your system while its still in DOS mode. This prevents nasty viruses from jumping around once they have been found to a file you have already scanned, or worse getting into your
Do you wear a tin foil hat while doing all of this? ^^
I use the same as he does, on recommendation from my brother-in-law.
That is overrated... unless you are installing soft every 5 min and using stone age application, you hardly getting UAC spam. It does get frustrating on a first install when you putting your system up to date but that all.
You can run Vista without it, and xp in admin right. "hey, come right in, i have no restriction". its one of the first reason a computer get infected, "everyone" running admin right.
Honestly, since SP1, i must get 2 or 3 UAC message in 4 or 5 hrs.
I have disabled UAC on my Vista and dont plan on ever re-enabling it. The mediocre security it provides is not worth the hassle. I am used to having to provide my root password on my Ubuntu installs when I want to do certain things but UAC was just annoying, not from having to provide the password but from the random issues it created with software that was not designed to be run with it.
UAC is not something I would recommend to anyone, regardless of the good intentions it has. It's probably very useful in particular situations but like SELinux, more of a pain in the ass than helpful most of the time.
UAC wasn't designed for anyone who has a remote idea as to what they are doing. There are alot more people out there who don't understand much, if anything, about network and computer security that people that do.
I rolled a blood elf(fem)
I agree with one of the things said above, just dont go to sites that would give you these bad things, dont download porn or torrent files and problem solved. Use common sense on the internet lol.
I dont use an antivirus program, I have AVG installed, but it stays disabled until I want to scan. Windows firewall, Windows Defender, Mozilla Firefox with the Script addon are all I use for protection.
Ive been doing it this way for 4 years now, and (knock on wood) I have never had any issues. The only time ive ever been screwed is when I had norton installed, and it got infected and spread to the rest of my computer back when I had windows ME.
Ill still buy the Blizz thing though, cause hell its 6 bucks, might as well.
Courinack Rancher
Keyloggers are getting more and more vicious though, and keep finding holes that aren't obvious. There was a massive wave of stolen accounts a few months ago when someone found a way to inject a keylogger into Flash ads, and people got hacked just for going to websites like Warcraftmovies (which has tons of gold ads). Curse has been hacked twice. EQDKP had a hole a while ago that got a ton of people hacked just for going to their guild site.
Being careful and not clicking on sex leg links is definitely a good thing, but it's naive to assume that you can avoid them entirely that way.
exactly. quite often trusted sites can get compromised. that is why something like NoScript is a good idea.
If you visit Site A that you like, and trust it, then later it gets compromised and tries to run JavaScript from r00ty0rbutt.ru or something, NoScript can help you prevent that.
if it gets totally owned and they are serving the script/malware up from the trusted domain, well your screwed. Thats why a layered defense is a good idea. There is no magic bullet, but you can reduce your risk dramatically by running overlapping protection on multiple layers.
Whoa whoa whoa... lets not get hasty here.... there are safe ways to do everything... just don't be a cheap..
nm
i'm gonna stop here... uhh just realized this isn't in the donor's forum.
and i bit down and said 7bucks is totally worth it for 1 time fee to protect my $15 dollar a month, several hundred dollars lifetime investment. i'll just keep it next to my PC so my g/f probably won't even notice it. ;P
Not to mention there was an issue recently that I read in an Irvine newspaper that said an ex blizzard employee used his high level of security to sell accounts that didn't belong to him. This is my #1 reason for grabbing the authenticator.
I don't care about the pw stealing, i'm pretty secure, and i use the copy/paste method as well. i've never had an issue with it, but if some douche bag who works at the very company i'm paying for wants to be a dick, he can and will cause me a lot of trouble in the process, much like identity theft happens a lot at restaurants because the employees will steal CC #'s
The authenticator negates just about anything anyone can do to you outside of being right next to you.
I'm just a little confused as to how it works exactly (my work has something similar for allowing us to work from home).
So you... just press the button and it gives you a temp password to login?
You start up the game, enter your username and password like normal. Then if you have an authenticator on your account it will bring up a new box asking for the six digit code. You press the button on your authenticator it will display a code, you key it in and your in. The codes reset every 10 secounds. This also will happen when you attempt to sign in to the blizzard website for account management
Gotcha, that's what I was expecting. ty =]
Visit Homepage
Bookmarks