Post by ShellyBelly
The Wowhead forums have been filled with topics such as "hacked what should I do?" for a few weeks. This thread is for people new to computers who are inexperienced. If you are good with computers you probably already know most of this anyway. I hate seeing my friends get their accounts hacked, and if I got mine hacked, I would basically just die.
Note: A chunk of this information is thanks to Google searches and stuff.
First off, and most importantly your account and password is
your password.
Not your friend's, keep your password to
yourself. Even if the person is your friend, whether it's in real life, or one of your guildies, for whatever reason they could spontaneously feel like getting on your account and, for example, sending themselves all that money you've been saving for whatever item.
"But I've known this person since level 8! We're good friends, don't worry, he'd never do anything bad to my account."
^------------------------------------------NO------------------------------------------^
You don't know most of your guildies in real life, if any. Even if you've talked to them over vent hundreds of times and you've seen their picture on the guild site, you still really don't know that person. Trust me, people will go for
months at a time just to get a hold of someone's account, either to benefit themselves or just make you angry. So keep this in mind, and as the Tip at the loading screen for WoW says, you never ever
ever give your account username and/or password to anyone. The Blizzard GMs have ways of getting hold of your username and password if they need them, so in game, if there's not a Blizzard icon next to the name, keep your password to yourself.
Note: Don't make your password "password." Put numbers, capitals in odd places, and weird symbols (made by pressing Option and a letter/number on a Mac, I don't know PCs) in your password. There are so many combinations it's impossible to guess.
Moving on. The number one cause of hacking is keyloggers. A keylogger is something that is usually put onto your computer without your consent or knowledge. Keyloggers record the keystrokes you make on your computer, and send the information back to the source to hack your account. They were originally used for good things, such as being able to detect when someone made an error in the careful, precise typing of a computer program, and telling them to go correct it. People have taken advantage of these however. So what do you do to prevent this?
Firstly, you probably see a pretty, colorful advertisement on the side of this and all WoWhead pages for a game (right now for me it's Travian) or an acne cream or something. Know what? It's probably
ok to click and check it out. You've probably heard you shouldn't click on these on sites you're not familiar with, but there's no need for total paranoia. You just need to be conscious of sites that look like they are the "types of ads are not trying to be sneaky, they try to catch as many people as possible as quickly as possible before the ad is caught." - quoted from Tecnobrat.
Do you really want your epic flyer? Have you worked SO hard on your account that you have days of playtime, and want to make your character the best he/she can be, blazing over Outlands on a cool nether ray? Do you care about your account? Thinking of buying gold?
Well, don't.
It's true, gold companies have a LOT of gold in stock. Thousands! However, how do you think they get this gold? Yes, gold farmers go out to Shadowmoon Valley and farm primals, and many use bots, but here's where they get most of their money: people's accounts!
Gold farmers usually require a password, and they'll get on your account, and vendor every last item you have--yes, even that awesome healing mace off Maiden you've been waiting for for a long time. Then they'll send the money to their own character and continue the process. It's mean, but you can prevent this sort of hacking by simply following the golden rule: your account name and password are YOURS. Don't EVER give them out. Even if God well smite you to eternal damnation in the pits of hell!... ok well that's different but just in general, don't give out your information.
Note: If they don't destroy your stuff after you give them your password, you'll most likely get banned for buying gold/powerleveling services anyway.
Moving on to the next thing, addons. Addons are allowed by Blizzard (well most of them, read the ToU if you need further explanation. Things such as bots and addons that change the game environment aren't allowed). It's a good idea to only download addons from trusted sites such as
www.curse.com where all suspicious and malicious addons are usually reported by one of the many many users and taken off immediately. It might be a good idea to ask a friend who's been using the addon for a little while to tell you if it seems alright to use before you use it. If it's new, give it some time and see how people like it. If you can't find something from Curse, ask a friend to refer you to another trusted site known for doing its best to keep the users' computers safe of keyloggers. If you download addons from sites you don't know well, they might have a keylogger, which, as was mentioned, is bad.
You should also remember to keep your computer up-to-date with the latest protection software. If you have an old version of Adobe Flash Player you should update it since there has been an exploit attacking people with an older version.
So there's my advice. I've had hacked guildies before and they said they were probably hacked because of things like these. I know a lot of you already know this, but if you're new to WoW, this is for the safety of your account.
If you feel anything should be added, just ask a moderator or me and I will add it.
EDIT: I changed things that, when I was writing them, I didn't realize just plain didn't make sense. Thanks to Tecnobrat for feedback. See his post below.
2nd EDIT: Put in 1 thing I forgot =p
Post by tecnobrat
While I appreciate the idea of this post, I have some issues with some of the points made.
1) Clicking or hovering over ads aren't going to "install keyloggers without your knowledge" UNLESS your computer is compromised because you have not done vital updates, or taken basic security steps. The key to not getting hacked is to understand why these are able to install on your computer in the first place.
Paranoia is not going to help you, infact it gives you a false sense of security because you are "careful and it could never happen so you cause you don't ever click on things" so you ignore the basics. If a keylogger is going to get on your computer by hovering an ad, they would not make you hover, they would do it on load instead. Trust me, I have worked in advertising industry for the last 5 years. These types of ads are not trying to be sneaky, they try to catch as many people as possible as quickly as possible before the ad is caught. (Read below for tips on how to avoid this).
If you never ever click on an ad, sites like Wowhead and other useful fan sites would not exist. They are advertising supported, thats how they survive.
2) "Addons are Blizzard approved". This is a deceiving statement. They are not APPROVED by Blizzard, they are allowed. The difference is huge. Blizzard does not test and approve addons saying "this has the Blizzard seal, its safe!". They allow authors to design addons within the API. That doesn't mean that someone could not create a mod that sends every single message you ever say in wow to another person in wow without your knowledge.
3) Just because the addon is on curse, does not make it safe. Addons on any UI site are scanned for viruses, however that doesn't mean the addon itself is not designed to do something malicious.
-------
Here are some basic security tips:
- Run windows update. Don't let those updates sit in your task tray for 3 weeks. Take the time to install them and reboot.
- Have an up-to-date virus scan installed with automatic updating turned on.
- A firewall is not a replacement for a antivirus program. Firewalls can restrict access to and from your PC, however a well designed keylogger can easily disable a firewall without an antivirus program there to detect it first.
- Update Adobe Flash. Most of these keyloggers are currently coming from an exploit in Adobe Flash. See my sticky post for more details. (You must update each browser you have installed separately).
- Do not access your account from a publically accessible computer. You have no idea what the person before you did to that machine.
- Do not use the same password you use for your account on any other site, ever.
- Do not use the same username for your wow account that you use for any other site.
- Never ever ever share your account! Yes, you trust your brother. You trust your GM. Do you trust him to run windows update? Do you trust him to update Adobe Flash?
- Pay attention to software updates.
Getting addons from a reputable source however is a good idea. These sites are very active, and make sure to remove malicious addons as soon as possible:
Simply not clicking on ads, and not hovering over ads is not going to make you keylogger free. You need to secure your PC. Do some reading, find out WHY these happen and protect yourself.