Howdy, Stranger!
It looks like you're new here. If you want to get involved, click one of these buttons!
Quick Links
Account hacked 4 times, please..any advice?
Scripture1
Member UncommonPosts: 421
I will make this as detailed and short as possible.
I have a friend that plays WoW and he has a high lvl toons that has been hacked 4 times so far, every time they hack him blizzard tells him they will not release the account back over to him until they investigate it. Thet first time blizzard returned the account to him, many of his alts were deleted and lost, only his lvl 70 hunter was left and they took all his gold and tossed many of his BG armor (That's just evil).
The second time his account was hacked was a shock because he changed his passwords and everything but they still hacked it. They made him wait 2 weeks both times they hacked it and he had to fax a lot of documentation to blizzard just to get his account back, everytime he gets his account hacked he has to go through a lot of faxing stuff to get it back. It has happened four times, the latest it has happened was lastnight.
We were both lvling out deathnights and I logged out for bed before he did. He logged out at 12:00am. Another friend we play with (we are friends in RL) logged in and saw his hunter exploring the new area, my other friend whispered him and said "Hi bro" because thats how we address eachother, we never just say "hello" but this person responding with a "hello" and when my friend caught on that it was not him he started questioning him but he never got a response. He called him in the morning to ask him if that was him or not and he was just as shocked as anything; he said it wasn't him and when he tried to log in after my friend told him, he was told that his account is under investigation.
This guy is a good friend of mine and he wont even give me his info (not that I want it) and I asked if he ever shared his info with anyone he said no. I'm tired of this happening to him as I know he is as well but blizzard won't do anything about it. I think who ever is hacking his account is doing so easily because they have his "Content ID" when we played FFXI we never had this issue because of the security and privacy of the game. I'm telling him to ask blizzard to change his Content ID but he was told they won't do that. I think they should be obligated to do so since there is nothing that he can do to stop the hacking, and that is a breach of the privacy agreement. I don't want to make this too long so basicaly I'm asking if this has happened to anyone else on WoW, and if so then what is the permanent solution if there is one?
I would hate to see him give up and quit because of this.
THNX!
Comments
im no expert but 4 times sounds like someone hacked his pc and is running a key logger to get his pass. Have your friend reformat and get some kind of antivirus program. best luck to him!
how do we know this one not also might be hacked? xD
But honestly, last option, format your (your friend's that is, all "your is directed at whom it might be) main drive, reinstall everything while not connected to a network, have the latest anti virus version ready on a cd or something, install it run test, shouldn't find anything since you formatted the damn computer hehe, now you are safe from scratch now you can reinstall WoW and what not again.
Now make your pass hard as hell and be careful what you click on and visit from now on. But it's most likely malware on your/his comp.
In the end tell your friend to stop downloading pron and visiting fancy places, unless he's well protected by firewalls and anti virus programs.
Take the Magic: The Gathering 'What Color Are You?' Quiz.
Yeah this or the person in question has the security questions and information to change his password if he forgets it. Like CD-KEys and CC info.
Sounds like it's probably the same people hacking his account each time.
Most likely he has spyware on his computer sending the username and password info, along with a bunch of other junk, to someone overseas. It's about the only explanation for so many hacks and so quickly.
Best bet? Erase the hard drive, install windows clean, then install WoW.
Then, before you do anything over the internet, install some software that keeps track of adware and spyware. Viruses aren't as much of a problem as much as adware and spyware.
A good one is adaware at www.adaware.com. There's even a free version, but the pay version is more complete and will keep better track of spyware.
The only other possiblity, assuming you've confirmed there's no spyware, is someone using a password generator that just keeps trying to log in over and over and over while running certain algorythms. The only solution to that is to have a very long password, 20+ chars, have at least one character be a form of punctuation and do NOT use common words. The more nonsensical it is, the harder it is to crack since these programs are trying certain word pairs.
One other thing you can do is to see if Blizzard will change the username on the account. This would keep them from trying on the same account since they would no longer have the username.
One last thing, have him change his password every 3 months, basically every time the season changes. Many of these people will pick up where they left off on cracking accounts, so if you change it somewhat regularly, they basically have to start over. When they happens, they will give up on trying to crack that account.
I use all of these measures myself after a MUD account got hacked over a decade ago. I've never been hacked since. These are NOT foolproof, nothing is, but this should make it to where the time spent on it isn't worth the reward. They only want the reward and will go to the easiest place to get it.
"You are the weakest link." sort to speak.
There are a ton of prgrammes you can run, the guys advice above is probably gonna be the best method, nuke your HD and start again
Also follow basic security, Install Firewalls, Anti Virus adn the relevant stuff, (you can get these free from Filehippo)
Ensure the PC has a security routine set up (mine has Defrag once a month, AVG and spyware every 24 hours)
For regular checks I recommend installing teh following and running at least every 24 hours
Super Anti Spyware
AVG8
CC-Cleaner
As for password security? Ensure you use different passwords for stuff (The more important it is the harder the password) I currently employ Alpha-Numeric passwords to maximum digits allowed using non sequential digits.
They should also ask Blizzard to confirm the IP of the accessing PC at the time you got 'Hacked' if its the same everytime then they should be able to do something on this
http://upload.wikimedia.org/wikipedia/en/a/ab/Norsefire-logo.png
hah, let me get this straight...... this fool uses the same user name and pass for wow AND ffxi? {{seperoth23 you are mine!}}
besides being someone i would not leave my pants down around im thinking its his own idiocy for not changing his password to begin with. i fail to see how it is blizzards responsibility to to cover up his obvious lack of security. i know people want to spook about "omg hackers from russia" but in reality it is something else. i doubt bogging down the machine with security software will do anything at all if this has happened 4 times. with a big enough .dic anyone can be hacked (only funny if you know). happening 4 times = probably tried a bot or something from a bad site and now that they know the login they can just hit him whenever.
no antivirus in the world stops the idiocy bug.
Awesome advice! the only problem is everything you just wrote I have told him to do the third time it happened. The third time he got it back he totally erased everything from his PC and reinstalled the entire thing, in fact WoW is the ONLY thing he said he has on it, he made that his WoW lap top, thats what leads me to think it's a Content ID thing. I'm not sure what kind of Anti virus he has but I'm thinking he SHOULD have one, ill ask him. The crazy thing is they know when to get him it seems, it happenes every 3-4 months so far and theyu must know when he is online cause the always do it when he is offline and normally when he is asleep it seems. He has always changed the passwords when this happened to some crazy made up crap, just some random stuff that makes no sence just so it's hard to figure out.
The "Key logger" concept could be a possibility too though. Is it possible for his to erase everything from the PC and still miss something like a spy ware on the system? I didn't think that was possible.
All of the above is good advice but i would also suggest running spy bot search and destroy or some other malware/spyware detection software as well as antivirus and a software firewall. Even if the others still don't catch anything the firewall software will hopefully stop it from sending data back to the scumbag who stole your data. On a side note i got an AV warning after installing the last update for WoW. Avast (my AV program) sounded a Defcon 5 alert and listed a file in the WoW directory as the culprit. I also have a friend who recieved the same alert also from a Wow directory file. It is possible that is what got your friend. This may NOT be an isolated incident.
You may also want to tell your friend to becareful with any WoW add-ons as they are sometimes infected with nasty little surprises......
My wife's account got hacked once on WoW. It sure was depressing, lost characters, items, etc. The hackers acutally logged on her account with all her characters, mailed all her stuff to her enchanter and DE'd and sold everything. Then deleted her characters. To say the least, she was not a happy camper.
The hack was a key logger, forget the name of it, but it was in one of the mods that she installed for the game.
I would just suggest that your friend buy an anti-virus program like AVG ( My favorite) and run a scan on his entire system to remove the key logger. You should not have to reformat your drive if you use a good anti-virus program. Remember that if you change the password while the keylogger is still active it just forwards the new password on to the hackers.
Second, I would remove all the mods out of the mod directory for WOW. After running your entire system scan with AVG and removing the key logger, you should log back into WOW and change the password. This new password will not be transmitted to the hackers since the key logger is gone now.
From that point on, you should be able to play without any problems as long as you keep your antivirus program running and up to date.
Also you can reinstall your mods - but, make sure that you are getting them from a trusted site. Ex: Links from WOW website.
Prevention is the key to not getting an infection
Nope, I never said he used the same password, I only mentioned FFXI because of the security sqare enix seemdes to have in the game when it comes to accounts being hacked. I don't know if he used the same password or not though cause I don't know it, but I doubt that he would do that. Everytime they hacked it he would make another passowrd too.
Easy easy cheap as hell fix...
http://www.blizzard.com/store/details.xml?id=1100000182
Your friend needs to do a few things to help stop himself from getting hacked.
That will not solve the problem he is having right now. Obviously he is doing something that is not safe. Either clicking dangerous links on websites/emails or just surfing to much porn. Mozilla with the noscripts will take care of most of his dangerous surfing habits as long as he does NOT disable noscripts.
Anything short of a complete hard drive reformat is going to be guess work if it got rid of his problem. He might try downloading hijackthis from www.download.com and running a scan. Copy/paste that logfile in the textbox at hijackthis.de and it might find the keylogger(s) and other things. He might be better off just posting the hijackthis log on a help forum and asking for advice, because you can do some real damage if you don't know what you are doing.
Nice find MXmissile
I am gonna tell every WoW player i know about it and get it myself. 
Does he use a lot of mods? Unly use mods that you trust the source. It's possible he is picking up the same keylogger from a mod he's downloading from an unsafe place.
THAT is scary! I never thought about his addons...... this may a cause, but we all have the same addons and my is fine, I think I may need to go get an updated antivirus if thats the case, the one I have is almost to its expiration.
This is great advice everyone, thanks. I'm going to basically advise him to get the ativirus programs from now so when he gets the account back in two weeks then he will be ready to start fresh. Hopefuly he don't lose any toons this time around cause he may just not play again, I don't blame him though, I would quit after the second time at least but I kept telling him not to quit. Well we shall see how this goes. He is pissed right now but I'm sure there is a solution and hopefuly this will fix it.
OMGosh, nice! I'm get'n this asap! Thanks.
Get the athenticator from blizzard as well. This will help him avoid future logger hacks after keylogger removal.
THAT is scary! I never thought about his addons...... this may a cause, but we all have the same addons and my is fine, I think I may need to go get an updated antivirus if thats the case, the one I have is almost to its expiration.
This is great advice everyone, thanks. I'm going to basically advise him to get the ativirus programs from now so when he gets the account back in two weeks then he will be ready to start fresh. Hopefuly he don't lose any toons this time around cause he may just not play again, I don't blame him though, I would quit after the second time at least but I kept telling him not to quit. Well we shall see how this goes. He is pissed right now but I'm sure there is a solution and hopefuly this will fix it.
Addons are completely safe, do not believe the myth that they can infect your game. The problem is that people download "mods" from sites and execute .exe files or something else. There are no safe mods that need to run an install program.
As long as you unzip/extract a mod into your interface/addons folder you are fine. Just do not execute, run or "install" mods as those are actually putting programs on your computer.
You know what I just realized, my friend saw his account online at 1am and he said he recieved an email from blizzard at 1:45am saying his account is hackked and is under investigation, How would blizzard know this that fast? He thinks its and inside blizzard emplyee that's responsible. Call me judgemental but he does have a point here, I'm on the phone with him just now and he said his password was 15 characters long using words and number. I don't know how Blizzard would know withing 30+ minutes to shut down his account because it's been hacked, that seems suspicious dont you think? This time they told him it will be shut down for 24 hours but thts what they told him last time but it took 5-7 days compared to the 2 weeks the first time.
EDIT: Ok this is not right what he just told me. It could'nt be a key logger because he just told me this has happened to the same account on three different computers. How in the world would all three PCs in the house have the same key logger? I don't think any hacker is that good, makes me wonder if it is an inside job.
Even with every piece of protection out there your PC is NOT and will NEVER be 100% safe... but you can get a bit closer to that goal with the right software.
If he uses wireless does he have a password protected wireless network up? If not, someone within range of the wireless could steal information easily within the network making it easy to steal from any computer in the house. This is why I NEVER log in to anything important when I'm in an open wireless network (ie. Starbucks).
owned
http://acominos.evony.com <- if your bored at work
More than likely a key logger, and until the key logger is found and removed you can change the password a hundred times and still be hacked. Format and clean install is the quickest solution. If your friend is running a validated copy of xp Defender is an easy to use spyware blocker that is free to anyone with genuine windows xp or vista. Alwil Avast has proven to be a good free antivirus that takes up very little room.
You know what sucks is that when hackers get a players username, that account could possibly be hacked without the account owner even having a virus on their computer. Hackers could just brute-forece the password and I'm not sure account names can be changed.
Brute-force is pretty obvious when the company's server is flooded by repeated requests from the same IP. Most companies have some sort of automatic blocking policy in place if they receive a huge number of failed login requests from the same IP within a short period.