Skip to Content
3-18-2010 @ 11:05AM
Apologies, I asked this yesterday but it was buried down on page 8 so worth a shot asking a second timeWhat can I do as a Guild Leader to help prevent the hacking of members, and equally importantly, after the unfortunate event has taken place?We're a guild hovering around the 50 account mark, and have had 3 hackings in as many months. Guild Log and GB screenies taken and sent to members in question, tickets raised, but am I missing something really obvious?Thanks for your time if you answer :)
3-18-2010 @ 11:09AM
Make your offices get authenticators. Have them show you their core hound pup as proof.
3-18-2010 @ 11:11AM
Sound question.First off, ask any of your officers to prove they have an authenticator attached to their accounts by having them pull out their corehound pup. If any are unable to produce said pet, then demote them immediately to a low level member.Member should be asked to get an authenticator. Sure, this adds another level of hassle to the log in process, but the alternative is worse. I would deny access to the guild bank to members who are unable to prove the use of an authenticator, as these people are a liability should hacking take place.Just my two cents on the topic.
3-18-2010 @ 11:14AM
Thanks to you both, Dialgana and Todd. Having an authenticator is currently a requirement for an officer position, and I believe the majority of members do have one (tempted to add that to recruitment requirements come Cata). Concern moreso on the aftercare when/if the unfortunate does happen... what can I do extra to helpas a GL, if anything?
3-18-2010 @ 11:22AM
3-18-2010 @ 11:33AM
Authenticators. Period. No excuses. Spectacular Death had one hack on December 23rd which resulted in about 5k of guild bank materials taken. 10 days later, a guy playing on a Mac, was hacked. He still does not know how it happened. He's a computer tech and did traces or tracks or something and cannot find the entry point into his computer. His hack resulted in another 5k of materials taken. We had just recovered from the first hack thanks to everyone in the guild donating money and materials to restock the bank of raiding supplies. "Devastated" doesn't cover the feeling. (Side note: We have never received anything stolen in these hacks back from Blizzard even though both people were told an investigation proved they were hacked. Other guilds in the exact same situation received all their taken materials within 48 hours. I'm still waiting. GM's have been no help. So just because X guild was hacked and got all their stolen materials taken, don't assume you will. Yes, I'm bitter about this.)Before the first hacked account could get all his toons back to normal, he was hacked again. He came very close to quitting. We lost over 10.5k (AH estimate) of materials. It set us back a couple weeks in raiding but we have rebounded well. With the 2nd hack, his authenticator came 2 days after the hack. With the 3rd hack, it was the proof he needed to get an authenticator, even though he'd been locked out of the bank.I made the decision that there is NO bank access unless and until I see that core hound pup; me, only me. Guild members cannot show it to officers. We have restricted bank access for those with the pup too just in case. I hate to do this because why have a bank if members are restricted from using it to its full potential. But I'm not asking them to pony up every few weeks because people are hacked."SHOW ME YOUR PUPPY!" is the cry and I would strongly suggest you go that route. Every guild member should be running behind a firewall and/or have anti-virus software working. Ask in the guild if anyone deals with computer security and have them post suggestions of software to install on PC's AND Macs. We have a whole folder devoted to security features on our web site. Lastly, if you find out that anyone in your guild has bought gold, report their sorry butt, kick them and post their name to your server forum. That's the whole problem, right there. People buying fake gold with real money fuel the hacks. When that stops, the hackers will have to find something else to do.
3-18-2010 @ 11:34AM
Some of the tips on http://epicadvice.com/questions/5055/how-do-i-keep-my-world-of-warcraft-account-safe-and-secure-from-keyloggers-troja are helpful as well -- things like "Don't download software from malware sites", "use browsers with better security features", etc. can be helpful. I'd highly recommend pointing all of your raiders to that post as a way to get information about what they can do to protect themselves.
3-18-2010 @ 11:48AM
I'll take the latter on first. Have a way for guild members who are on at the time to reach an officer or leader outside the game. Have a vent, an emergency e-mail, an IM page, a website, whatever will work for you communication wise. If somebody is logged in, that's fine, but if not? Well, maybe they're online somewhere they can be reached. Or maybe not, you may just need to take things as they go. But really, that's mostly in Blizzards hands, the only thing that can happen on your end is demoting or kicking somebody.Now to prevent the hacking of members...there is only one thing YOU can do, and that's offer education to them. There are many many pages explaining some of the common phishing tactics used, and how to secure yourself because the weakest part of any security setup is not the computer, it's the person. People are the ones who let others log into their account, who buy gold, who visit websites because they want into the Beta for Cataclysm. Teaching them the consequences of that MAY stop them. Or it may not. After that, folks can learn about firewall and malware software, and decide which ones to use. You may also want to segment guild bank access more effectively. You don't need to give every officer access to every guild bank slot. You don't need everybody to have unlimited withdraw priveleges.You really don't.
3-18-2010 @ 11:53AM
All our officers and raid leaders must have Authenticators. Now that they come with a pet it is easy to identify. Only Officers and Raid Leaders can withdraw items from the last 3 bank tabs where the current progression gear and crafting mats are found.All new members have no bank access for 4 weeks.All other existing members can only access the first bank tab unless they have an authenticator. Once they get one they get access to the other 3 non-officer tabs.No one but an Officer can pull more than 3 stacks from any tab in one day.My #1 Guild Management request right now is let "Has Active Authenticator" be a field for Guild Rank and Bank Tab Access.
3-18-2010 @ 11:59AM
Again, thanks to everyone who has commented. Our guild forums strongly recommend the use of Authenticators to our members, and all Officers are required to use one. Our GB is set-up so that only main characters have access and that the high-value tab six is on a request basis. There's at least a fortnight's trial period for any new member before promotion to member status with any remote GB access.Our raids are all handled through our forums, so the vast majority of the guild can instantly grab an officer through them, over msn, vent, text, etc as we're mainly formed of several groups of close (RL) friends.Input from everyone much appreciated, thank you. It's definitely the after-hack angle I was focusing on, but hopefully - by drumming it in - we won't have to jump through those hoops in the future.~Rio
3-18-2010 @ 12:18PM
By the way, something to be aware of. That '3 stacks a day' thing is PER TOON (found that out the hard way). That means that if they have, say, 4 alts in the guild, that's 12 stacks they can withdraw, per tab. It's a bit draconian, but you might also want to consider having only ONE alt per person promoted high enough to have bank access. It's VERY inconvenient, but it saves a lot of grief down the road. Another thing to watch out for is when an officer's account gets hacked, it's not uncommon for the hacked account to invite another toon to the guild (either another hacked character or a lvl 1 toon on a hacked account), promote them as high as they can, have that toon withdraw up to their limit, kick them from the guild, REINVITE them!, and have them withdraw up to their limit again. Aka, the number of withdrawals reset when a toon leaves and reenters the guild. So if you see a toon leaving and being reinvited to the guild repeatedly, kick them and the person inviting them immediately!
3-18-2010 @ 12:42PM
Make sure your guild members are using different passwords for the guild site/forums than they do for their wow login information. Pretty sure this is how my old guild was getting hacked, 3 members in a month.but yeah, authenticator is best
3-23-2010 @ 1:28PM
My guild does the same thing. My main has the normal "raider" rank with 3 stacks a day limit in my current guild. All of my alts, even my paladin that I play almost as much as my main toon, Has a "raider alt" rank with no guild bank access. In order to get the expensive, high-end shit (primordial saronite, titan steel, epic gems, BoE epics, etc.), I have to ask our officers on the guild website.Also, my guild requires an authenticator when people app, and it's mandatory for membership. When I applied, I was required to show them a picture of myself holding an authenticator and a sales receipt for mine. Now after 3.3 we ask our trails to show us their corehound pup before they get invited to a trail run through 10man ToGC (gearing alts and off specs).Good reason too for the security, GB bank is valued to be worth 50-75k gold. A lot of high-end matts, BoE epics, flasks and other raid consumables. (Also because top 400 guilds are srs bsnss)
3-18-2010 @ 1:39PM
We ended up doing exactly what Shadowwind said. Our guild master (who has an authenticator) is now the only person with 100% access to our bank. Previously, all officers had full access (members, regardless of rank, had 0. Anything a character needed from the bank was received by an officer). Then one of our officers got hacked, and wiped the bank clean (at least he left our AQ scarabs, phew!). Following his hack, 3 more members within 2 weeks were hacked (thankfully, as stated before, they didn't have access). Now the officers can withdraw no more than 3 items a day.Is it a pain sometimes to get things from the guild bank with so many restrictions? Yeah. But it's the lesser of the two evils.
3-18-2010 @ 3:52PM
My guild is a rather casual one, we have a weekly raid, but that's the extent of it. It's mostly about friendship and what not.However, when we had a major burst in hacking around December, my guild leader turned off the bank for everyone that didn't have an authenticator. Before the mass hackings began(mostly users who haven't been on for months), the bank was open to all of us. She just made a new rank "Supply Officer" and made everyone with an authenticator in there. We also use the lowest ranking "Holding" for people who are suspected to have been hacked. Most of us got authenticators now, but before that it was just too much of a pain to have the bank wiped multiple times. TL;DRMake everyone able to deposit goods; make only those with authenticators able to withdraw. People who need stuff out of the guild bank will just need to be slightly inconvenient by waiting for a "supply officer" to take it our for them. It'll be a lot easier.
3-18-2010 @ 7:51PM
The guild I'm in requires that you have an authenticator to have bank access (this was after our guild leader got hacked) he requires everyone in guild to text him a photo of them holding their authenticator via cell phone. I realize that this may not be practical if you are not friendly with your guild in real life but I can't imagine hanging around all day waiting for everyone to parade their corehound pup in front of you although it does beat the alternative if texted photos don't work for your guild type.
3-18-2010 @ 6:46PM
@Gimmlette That guildy of yours who had the multiple hacks on their system really should change his email passwords. All too often people forgo the easy solutions while searching for answers. With all the account protections you can have in WoW, it is often easier to target the less-secure email accounts.(or I could be wrong)Anywho~ Four
3-19-2010 @ 6:12PM
http://samueltempus.wordpress.com/2010/03/10/safeguarding-your-guild-bank/Sam's got an interesting and IMO effective write-up there. Since that system went in place, and all the officers have authenticators, there hasn't been a hack that's affected the guild bank, and it's been over a year.
First time? A confirmation email will be sent to you after submitting.
Members enter your username and password.
Enter your AOL or AIM screenname and password.
Please keep your comments relevant to this blog entry. Email addresses are never displayed, but they are required to confirm your comments.
When you enter your name and email address, you'll be sent a link to confirm your comment, and a password. To leave another comment, just use that password.
To create a live link, simply type the URL (including http://) or email address and we will make it a live link for you. You can put up to 3 URLs in your comments. Line breaks and paragraphs are automatically converted — no need to use <p> or <br /> tags.