Monday, October 6, 2008

Knock bax the hax.

A more serious note will be taken today, as I wish to discuss a very serious topic – at least for us MMORPG players.

As it happens – my mothers account was hacked over the weekend.

I logged on Saturday morning to see her on her warrior on the Isle of Quel’Danas. I figured she was doing some daily’s. A couple of hours later I seen she was in Auchenai Crypts. I found this unusual because she doesn’t like doing instances on her warrior, she was not in with guildies, and, on doing a /who Auchenai Crypts there was one person on the server in there – her Warrior. I checked MSN. Not online. I phoned up, (9am) and woke her out of bed. Oh… bollox. I reset her password (yes I know her details, but treat them like my own.) had her talk me through her email login to access it, kicked the bastard off, and logged in.

Yep. This hacker has been busy. Not only had every character been stripped and deleted bar the Warrior – but he had the cheek to be using her to farm daily quests.

I put in a ticket and had the characters recovered – but alas, merely trash was left on her characters, anyone with gear of value stood their naked and the only intact character was her warrior with an empty bank, bags and just the equipment was left intact to farm.

Still. At least she wont need to worry about a big bank clear-out before WOTLK…
/insert audience titters.

On the bright side, her highest alt was level 51, so re-gearing is not going to be a big issue, at least not on the server with a 70 warrior, and a guild that’s willing to help out. We already have a Maraudon and Sunken Temple run group in the making, as well as my tailor looking up what gear can be quick-crafted for her.

This did cause a bit of panic though because my mother, my wife and myself have all used my pc, my wifes pc, and when visiting, my mothers PC to log into WOW in the last couple of months. (The keylogger could have been sat there without any action on whats logged I suppose) so we now all have new passwords that are stupidly long, and that none of us know.
For this post, I am going to note down some tips for how to keep yourself safe from Keyloggers. And in the worst case that you have one, make sure they are not capable of learning it. Whilst it is never possible to prevent them from gaining access to your account, there are many ways you can protect yourself.

First off – always make sure you have a virus scanner, firewall and spyware remover. (If you’re a cheapskate like myself, I recommend AVG 8.0, Adaware 2008 and zonealarm. All are free downloads, and do the job nicely.

Secondly, never type in your password or username. The best way around this is to copy and paste your password in each time you login, and keeping your username “saved” (or copy and paste in – preferably from another document in case someone is actually able to remotely access the documents and read the contents – or someone you know is using your pc and wants those details…) so that you don’t have to type it. Golden rule: never EVER type BOTH the username and password in. If they have your username, they can attempt a forced entry (using a program to repeatedly spam logins until a password that works is discovered – so as an additional tip, make sure it’s a complicated password! I.E. not something simple or predictable like Password1 or P455w0rd. Something more along the lines of G4sdh45##£g$45 or that makes no sense, and is a jumble of characters, numbers, lower and uppercase letters.) If you have your username saved, you will be ok typing in the password, but there is still the risk they have your username recorded someplace.

Never share out your account details or use someone else’s PC. If you are reduced to logging in on someone else’s PC- open a word document and copy and paste letters from a webpage or something so that your password is in front of you without having it typed, then copy + paste that in. do the same for the username please! Don’t forget to erase the data when done.

Finally – Never use the services of gold farmers or power levelers. The simple act of just clicking on an advert and going to the site of them is enough to get a key-logger script on your PC, never mind giving them account details. Aditionally, I am positive that the majority of gold sellers out there will use any means necessary to make the money they wish to sell – and the most profitable way to do this? Hack accounts. This destroys the virtual world of anyone it happens to. Days, weeks, months, even years of work and money+item hording is destroyed, even whole guilds have been destroyed as a bank-manager character is hacked and the guilds resources cleare.

One last tip is to check your task manager. There is a program called svchost.exe that you will have many instances of running in the background. If you see “scvhost.exe” or “svch0st.exe” – you have a key-logger. Run that virus scanner and spyware remover! Whilst key-logger programs will come in many forms these were the most common back in the day, and are likely still in use. Keep your data files backed up – the most fool proof way to get rid of it is a complete format of your PC. I don’t think I have a key-logger, but after this weekend I feel so polluted and corrupted that my PC could possibly be the culprit for the account hack (if my mother logged in when visiting, she would have typed everything in.) I just want to wipe it clean and start from scratch.

Remember people – always have protection!

No comments: