Guild Wars 2

KNOWN PHISHING EMAIL:

Greetings!

It has come to our attention that you are trying to sell your personal Guild Wars account(s). As you may not be aware of, this conflicts with the EULA and Terms of Agreement. If this proves to be true, your account can and will be disabled. It will be ongoing for further investigation by ArenaNet Entertainment’s employees. If you wish to not get your account suspended you should immediately verify your account ownership.

You can confirm that you are the original owner of the account to this secure website with:

[LINK REDACTED]

If you ignore this mail your account can and will be closed permanently. Once we verify your account, we will reply to your e-mail informing you that we have dropped the investigation.

Regards,

Account Administration Team
Thanks! —The ArenaNet Team

While we may not learn of every phishing attempt, or may not be able to post each one, I’ll attempt to add those we’re aware of. This list is not comprehensive, and if you are unsure about the legitimacy of an email, please contact Support.

Players report that they receive e-mails that pretend to come from us. For the most part, such e-mails are phishing attempts. We want you to know a few things about them.

We will not send e-mails that state that your account will be terminated if you do not respond. We will not send emails that state that an account has been compromised (unless we are responding to a player). Emails of this type are almost certainly malicious in intent.

Updated June 2015: Customer Support does send e-mails for these three reasons:

• Your account was involved in chat violations.
• Your account was closed for botting
• Your account was closed for engaging in, or helping with, gold sales.

• Our Customer Support e-mails will never contain live links.
• Our Customer Support e-mails instead will refer you (without a link) to our Support System for assistance, so you can control accessing the ticket system.

To protect yourself from phishing attempts, please consider the following:

• For matters related to account security, access the official, secure account page by typing account.guildwars2.com. Log in through that page and secure your account.
• To see if a link is suspicious, hover over the URL and carefully review the precise details of the hidden, underlying link in your browser. If the URL in the email is different than the underlying link, DO NOT click the link.
• To be extra secure, type the URL into your browser instead of clicking a risky link. Alternately, you can copy and paste the visible link into your browser. (Take care you do not copy and use the hidden, bad link.)
• Keep in mind that we do out best to write clearly and properly. If you see grammatical errors, if you see odd phrasing, that’s a definite sign that something may be “phishy” with the email in question.

We suggest you take the following steps to make sure both your game account and your email account are secure:

1. Scan your hard drive for viruses, keyloggers, and any other sort of malware, having made sure that your anti-virus software is up-to-date.
2. Change the password of your game account to a complex password you haven’t used before and that you use only for this game account.
3. Make sure you are using the additional email authentication for your game account. You can find further information here: https://en.support.guildwars2.com/app/answers/detail/a_id/9192/kw/Authenticator
4. Alternatively, you can use two-factor authentication if you own a mobile device. You can find additional information about two-factor authentication here: https://en.support.guildwars2.com/app/answers/detail/a_id/9238/kw/Authenticator
5. Change the password of your email account. You should follow similar rules for choosing your email password that you following in choosing your game account password.
6. If your email provider offers any two-factor authentication or similar options, take advance of those to further strengthen the security of your email account.

Further tips about account security can be found in this article: https://www.guildwars2.com/en/news/tips-for-keeping-your-guild-wars-2-account-secure

And an in-depth look at security is presented in this post by ArenaNet Founder Mike O’Brien: https://www.guildwars2.com/en/news/mike-obrien-on-account-security/

Guys,

THIS EMAIL IS FAKE. DO NOT CLICK LINKS, DO NOT RESPOND

GW2 logo at top

Greetings!

Due to an unusual change in your access pattern, the Guild Wars 2 account under this email address has been locked. This can be caused by logging in from a new location, but it may also signal an attempt to compromise your account. If you feel that your account’s security is at risk, please follow the steps

We do NOT lock accounts for the reasons expressed.

Do you have authentication on your account? Is the email asking you to confirm that you want someone to access from XYZ IP address? That would be legitimate, and it’s offered to give you a chance to add a new, approved IP address or to do nothing and the IP will not be accepted.

We do not send emails that ask you to “verify your account.” We send emails to verify that you want to allow an IP to access your account, but that’s entirely different.

Inculpatus cedo.9234:

Any emails that address your account that are not responses to queries you sent into Customer Support are fake and phishing emails. ArenaNet will never contact you about your account unless they are responding to you. For extra security, you can always change the passwords to your account and the email associated with your game account. Welcome to Tyria! =)

Please let’s be clear.

There are two emails.

1. The first is probably from us, and it may suggest that someone has your credentials and is attempting to steal your account.
2. The second is not, it’s a phishing attempt that tries to scare personal info out of the user by telling him he’s accused of breaching the UA through attempting to sell the account.

So about the first email asking for verification of an IP:

If someone has added authentication to his/her account, he or she receive occasional verification emails sent in response to (1) a new or unknown (not previously approved) IP or (2) an attempt by an unauthorized individual to access from a different IP than those previously approved by the account holder.

I believe that the email mentioned in the first post is legitimate. It is part of the authentication system. The reason that it’s ok is that you’re only asked to do something consciously, and with full information and you are not asked to give any personal information, like a phishing email would seek. That is, you’re not asked to click a (suspicious) link and input your account name and/or password. You’re asked simply “Do you want to approve this? Here’s the location and the IP — is that ok?” And you have the option to actively approve with a click (and no input of private info) or you may disapprove the attempt (usually from Asia) by not doing anything. The default is, “If this player does not actively tell us that it’s ok for someone to access from XXX IP address, we will not allow it.”

The second one, accusing you for selling your account, is covered in this thread: https://forum-en.gw2archive.eu/forum/support/account/Email-from-ArenaNet-Please-read/first#post1807876

Inculpatus cedo.9234:

The email you received was a phishing email. Hopefully, you did not click any links. If you did, change your email and game account passwords immediately. Remember, ArenaNet will never contact you first about your account, only in response to your queries.

https://forum-en.gw2archive.eu/forum/support/account/A-Note-about-Phishing-Emails/first#post2035675

I do not believe that this was a phishing email. I believe that Mysticism received this because the authentication on the account is taking care of security and making sure that the attempted use IS approved. Which it is not. Simply not clicking that link is a refusal or decline of the request. But I understand that it may be good to offer a “Accept” and “Decline” option, so I’ll ask the programmers and GUI designers if that is something they would consider.

ShiningSquirrel.3751:

If the email looked like the one below, it’s legit. As long as you did not authorize it and changed your password, you should be OK.

---

A log-in attempt from the following location is currently awaiting your authorization.

Address: xxx.xxx.xxx.xxx
City: Some City
Region: Somewhere
Country: Some Country

This location is approximated based on information provided by your Internet Service Provider. If in doubt, deny the request and try again.

If you are certain this log-in attempt was not made by you, then someone else knows your log-in credentials and you should change your password immediately via Account Management.

For security purposes, we alert you each time your account is accessed from an unrecognized location. To authenticate this log-in attempt, please click the link below:

{link removed}

Need help or have questions about your Guild Wars account? Visit our support site: http://en.support.guildwars2.com/ Thanks!
—The ArenaNet Team

Quoted for accuracy.

It is true that at the present time — and for the foreseeable future — we do not have a feature that allows display name changes. This may be something we offer in the future, but it is not currently in development or even, as far as I know, in the planning stages.

Personally, I love AP’s suggestion. I thought the same when I saw the name, too!

smiley.1438

several item names contain double spaces like: https://api.guildwars2.com/v1/item_details.json?item_id=1794&lang=fr

I don’t see any double spaces in this example. If any exist, it’s likely an issue in the original item data too.

smiley.1438

Some other items have HTML-like markup in their descriptions like https://api.guildwars2.com/v1/item_details.json?item_id=29175
Any strip_tags function should remove it, but it doesn’t look good or may break code if it’s not removed.

That’s intentional, though it should probably be better documented in the future since it’s a completely custom markup. If your goal is to re-create an item’s information box to look like it does in the game, you’ll need those tags to show the right color or style for the text.

Having errors map to more specific HTTP status code is a good idea, but the reality is that we have many more complex error codes than we can map to HTTP statuses, and the errors may originate from backend servers that have no knowledge of HTTP.

Generally the way error handling should work is this:

result = get(/v1/events.json?event=123);
if (result != 200) {
    error = parseJson(resultBody);
    if (error)
        showErrorToUser(error);
    return;
}

Our error handling policy is to try to show the original error information to the user instead of hiding it. If a user reports a bug and includes the error code, there’s a good chance that we will be able to figure out the problem.

In other words, if you have a web server that talks to our API and returns results to a web browser, and you receive an error from us, try to send that error to the browser instead of swallowing it and generating your own error.

OK, on a separate topic this thread made me realize that error 500 was a bad choice. I propose changing the APIs to return error 400 instead.

Varonth.5830:

Have something working for now:
http://code.google.com/p/j-gw2-api/

It includes the StartCom Root Certificate as Byte array, if you don’t want to download your own certificate, but it also allows you to use a .crt file on your computer.

The JSON object are the official implementation over at json.org.

Edit:
And yeah, I know it is missing the HostnameVerifier.
So it is not entirely save for now, but it’s a beginning.
But I guess the default one will do the job good enough. Have to take a look how that one is implemented to see if it really does verify the hostnames correctly when using custom KeyStores, Certificates etc.

Awesome, you rock! Thanks so much for doing this.

Hi,

Think is right. This is a problem with the source text.

I talked to the localization team, and they’ve agreed to remove the <br> from the German text.

Thanks a lot for the bug report!

Hi,

I’ve updated the API documentation with this information:

https://forum-en.gw2archive.eu/forum/community/api/API-Documentation

In short – the region of a world can be reliably determined from its world_id. Language-specific worlds currently follow a pattern but that pattern is not guaranteed.

OK, I talked to the designer in charge of that map, and she told me that it’s just a bug. It’s supposed to have text but doesn’t. I filed a bug for it to get text at some point in the future. It’ll probably take a while for it to be fixed since the text has to be written and go through localization and testing.

In case you were curious, the event is related to the Font of Rhand boss.

Thanks for the report!

It seems like that’s not directly supported due to Pipes not directly supporting HTTPS, but maybe you can use YQL as described here? http://stackoverflow.com/a/2758422/879597

NaughtyPickle.3921:

Jonwine. Thank you! That was it. The confusing thing was that the world map completion showed that I had all the elements that I needed. But after logging in and going there BAM got it! Thanks again.

Really glad you’ve solved the mystery, and thanks for the helpful suggestion, Jonwine.

Thank you for letting me know, and I’m happy to have helped.

Our thoughts are with those affected by the natural disaster in Oklahoma. We appreciate that folks feel comfortable enough with the community to share thoughts about the recent events.

Having said that, we will have to unfortunately close this thread. There are many far better places to hold discussions and commentary about this topic than this community, which is focused on Guild Wars 2. Furthermore, the sentiment thread has been distracted by highly inappropriate comments.

Thank you for your attention.

Hi ExpsGaming — I talked to the GMs and they have come up with a solution to this situation. One of them will update your ticket and you can discuss what they have in mind there. I think you’ll find it’s a happy outcome for this matter.

I’ve adjusted the Lionguard so they’re the same level as the open world NPCs, and reduced the power of the abominations a bit. I was able to solo this as a L24 elementalist without dying, though some dodging was required when one of the abominations took a swing at me. I don’t have an ETA on when this will go live, though it will be in a future update.

Yeah, Weris did all the hard work of mapping objective IDs to names. Thanks for that.

We want to fix the objective names, they are definitely really bad right now through the API. At least they’re localized, so you can read ‘Tower’ in any language

Nice summary!

I’m also really interested in DANE / RFC 6698 because it reduces the trust required to just the domain registrar, who you’re already having to trust to return valid DNS results.

Update: Our agent re-sent the email containing the password reset information.

I’ve never heard of this happening, if you give me the names of your friends I’ll look into it.

Excellent. I will have an agent update ASAP!

Ruucnor.3205:

Sorry it seems you need the incident code. it is attached now[Incident: 130324-001780]

Thank you for that info — it helped me look up the issue. And I can see that your son was able to verify ownership of the account and that, sadly, the agent reviewing the case discovered that the account was hacked by someone in Asia. (This happens usually when a password is used across many sites. When one of those sites is compromised, their database of user information is accessed and unscrupulous individuals use that “shared” password to try to steal game accounts.)

An answer was sent out via email to the address associated with the account on 30 March, returning the account to your son along with a password-reset for the account. Your son should have been able to log in following the instructions on that email.

Could you please ask him to check his Junk and Spam folders, or log into his Support Account by click Support above, and then accessing his support account through that interface? Alternately, I can have the reset email sent again, but quite frankly I do not want to do that as a first choice because if your son’s email was hacked, the hacker may still have access and will simply steal the account again.

Let me know what you discover and I’ll try to help get this resolved!

Foundation.1859:

jinxgirl.8976:

My husband and I were with a guild group killing Karka for the new boxes and suddenly his account was banned for “botting”. It says the account is now terminated. He’s working on a ticket as well, but I thought since I can still access the forums I’d post about this potential major problem. You may want to check your bot algorithms to make sure people who are legitimately playing and trying to get your new items aren’t accidental triggering the ‘bot ban’. All I can think is since we talk over voice and not typing it may have been the trigger? Please help! Myself and the entire guild has sent in tickets at this point with petitions to get him back in the game. If nothing else please fix this so it doesn’t happen to others.

Yeah Jinxgirl, you have point out potential problems. I agree that, seriously.

3 days ago, my account has blocked by Anet’s ANTI-BOT algorithm. When I was blocked, just akitten for eating dinner. And 2 hours before, I running fractal with my guildies and friend. An interesting point, me and 2 guildies was blocked at the same time, same reason. Now, my account restore from 3-days protest to Anet’s GM.

I even came back Log-in from moment, another guildie was blocked by botting lol. When he blocked mement, he just running Arah.

Why do we gotta suffer of these?

It’s amazing to me that people assume that we block with an altorithm and zero human review. We have detection systems, but people review the data before the account was blocked. And what does that mean? It means that while you may have been chatting with friends or out to dinner when the account was flagged for botting, we’re not flagging for botting in that specific minute or hour. We may not even be flagging within the specific day!

Sometimes the detection system shows suspicious activity on one day, and it is reviewed and action taken a few hours, even a day or two later.

Foundation — You have done precisely the right thing — you’ve submitted a ticket. As you saw with the situation with jinxgirl, each appeal is carefully reviewed and players who were not involved in disallowed activity are reinstated. I believe that your ticket will be answered very soon and you’ll be able to discuss this situation with an agent. Thanks for your patience.

I cannot track you ticket with an different display name and without the ticket number. If you still need help, you may post in the sticky thread above and I’ll investigate.

Maylin.6791:

I’ve had this exact same issue today, but it turns out my account was hacked. Some IP from Arizone, it seems. Nearly everything wiped. My ticket has already been submitted. :\

I am sorry that happened, and I’m sure the team will help you as quickly as possible.

Saika.8495:

Borderlands jumping puzzle, the keys for some of my characters doesn’t seem to get used up when I open the vault, I’m not sure if this was changed recently or it’s a bug.
I still do the whole puzzle even with the unused keys so I’m still playing it the way it’s intended.

I ask this question because I don’t want Anet to use this as an excuse to ban me AGAIN. I have already been banned on THIS account twice in the past for botting and some other things, all were in error.

Please don’t tell me to refrain from doing the jumping puzzle because it’s one of the few things that I do in this game daily, but If that’s what it takes to avoid a ban then I will have to comply. I’ve been a “law” abiding player most of my life and it’s things like this has affected my enjoyment of this game. I quit doing my favorite dungeon CoE because people doing it always want to do 3 in 1 runs, something that should have been fixed a long time ago. Now when I join some parties they kick me out because they remember me as the player who refuse to exploit and do a 3 in 1 run.

I have dual… quadruple boxed accounts before in the past, using 4 different computers but stopped doing it because it seems that I have to be actively playing those accounts. No, I’m not using any programs to control them all at the same time, I’m merely using them as spotters for world events, pen/shelter etc.

Other thing’s I had to give up was using my old gaming keyboards that have macro functionality to avoid getting a false detection from whatever anti botting/third party program you guys at anet have been using to catch cheaters. I have avoided areas where I have spotted bots because I think a Dev/mod or whoever said in the past to avoid botting hot spots (or something like that, it’s been a long time since I read that post so correct me if I’m wrong) with the fear of getting carpet banned along with the bots.

Sure I don’t have to fear anything if I’m not doing anything wrong, but having the experience of getting banned in the past and waiting 5 days before my account was reinstated was just pure mental torture, people has even labeled me as a botter who’s lying. I think as a player who has supported your company through game sales, and gem purchases (and I’m not just talking hundreds of dollars) deserve at least peaceful game experience without the fear of getting wrongfully banned.

I am sorry that you’ve had a few bumps in the road. I can tell you that if you were flagged for an issue today, you would not wait those five days, but normally would be back in the game — well, if you were not guilty — in a day or even less. So there’s a positive note, but not exactly what you’ve asked about.

I am not sure about the key question. It’s interesting, and the first time I’ve seen it, probably because I focus on this forum. IOW, this comment/observation may be all over another forum but I haven’t seen it in Account Issues. So let me see if I can find out anything about this one and I’ll get back to you.

In the meantime, and I mean this sincerely, thank you for your support of our game and for your obvious love it Guild Wars 2!

While I appreciate the kind helpfulness, or the entrepreneurial spirit, that prompts these loans, they are somewhat unusual transactions. And sure, they could raise a flag within the many detection systems involved with finding and dealing with RMTers, cheaters, exploiters, and scammers.

The loans themselves are not the issue, but there are a couple of concerns:

1. Frequently moving potentially large amounts of gold. Gold transfers are fine and well, but if you’re getting large sums on a frequent basis, you may well look like a gold seller or gold delivery agent.
2. Reports of “scamming” or “interest gouging” that a player may submit if s/he feels that the interest charged (assuming there is interest involved?) is usurious. To put it another way, a player agrees to a 10% interest charge and then thinks “Wait a minute, that’s way too high for a loan of a few days’ duration!” and reports to us for scamming.

Both of these issues can be reviewed and normally are resolved quite readily. But you asked about this, and I thought I’d mention these thoughts so that you are informed about potential (unlikely, but potential) risks.

My suggestion: Don’t try to run a loan business on a large scale. Don’t charge ridiculous fees if you do.

Remoe — please do use the TS Forum. They can help you. Alternately, feel free to contact Support by filing a ticket through the “Ask a Question” tab on that linked page. They will be able to assist you.

Dannynuk — if this is not resolved, provide your 12-digit incident/ticket number. I need that info to help you.

Aarek.9872:

Hello everyone, I’m using an authenticator on my account and I’ve checked my account security and it says I only have my two IP addresses accessed to this account which is from my computer and my laptop, so no one hasn’t logged into my account from a different place other than my laptop and pc, but I keep getting loads of these GW2 Support emails and I’m too worried to click on the links they tell me to click on in case it’s a scam pretending to be ArenaNet.

The first email I got was this:
Account Security Alert: ArenaNet
noreply@guildwars2.com;
Greetings!

Due to an unusual change in your access pattern, the Guild Wars 2 account under this email address has been locked. This can be caused by logging in from a new location, but it may also signal an attempt to compromise your account. If you feel that your account’s security is at risk, please follow the steps below.

Step 1: Verify Your Account Ownership

Click on the link below to verify your e-mail address of the Guild Wars 2 account:

(And then here is a link telling me to click it to sort it out)

I have several of these emails also:

Guild Wars 2 Support
noreply@guildwars2.com;
Greetings!

It will be ongoing for further investigation by ArenaNet’s employees.

We are concerned about whether your account has been stolen. In order to guarantee the legitimacy of your account, click the link below.

Once your account authentication has been completed, we will check your account and let you know what we can do for you.

Need help or have questions about your account? Visit our support site: http://support.guildwars2.com/.

The Guild Wars 2 Team

---

Are these emails legit? I don’t see any reason for me to have any emails like these since I even checked security on this website and the only two IP addresses accessing my account are both my laptop and pc, so I’m really concerned.

Thank you for reading

Fake. Fakeity fake fake. Please delete and of course do NOT click any links.

You folks need to contact Support by filing a ticket through the “Ask a Question” tab on that linked page. They will want to investigate this and help you. Please provide as many details as possible, including the guild name, guild tag (spell carefully!), and as many other details as you can!

Diamondcore.4817:

Hey GW2

My hotmail was hacked and now i am setting all my profiles to my new email.
However i dont seem to be able to change my email.

Can anyone help me?

Greetings

Diamondcore

We can help. Please contact Support by filing a ticket through the “Ask a Question” tab on that linked page. They will be able to assist you. For tips on what information to provide in a ticket — mostly intended for security reasons to establish that you own the account — please read this post and provide as much as possible to expedite the ticket.

We’re not planning to allow HTTP access to the API. This is for both practical and philosophical reasons.

Yes, the APIs available now are freely accessible, but authenticated APIs in the future will require encryption as part of their security architecture. All of our current web sites and web services require HTTPS, and this API will be no different.

Please do not disable HTTPS certificate validation to work around certificate errors.

It sounds like Oracle is not including our certificate issuer’s root certificate into Java by default. We’re talking to our issuer to see if we have any options.

The right solution for now for Java programmers is probably to embed the root certificate for api.guildwars2.com into Java applications dynamically.

I’d appreciate it if a Java developer here could post steps on how to do that so that others can work around this issue safely for now.

kissofthehell.3720:

Is there time when the event will start or its going to repeat for the whole day of 28th?

There is no one time only content in the May releases, it’s all available for week(s) or in some cases, will be available permanently.

skullmount.1758:

Is this instance temporary? (Like Molten Facility)

yup.Temporary until the end of the Southsun story arc.

Looked into this a bit, I’m not seeing these issues in Firefox/Chrome/IE10.

Since I’m at home I’m running beta versions of Firefox & Chrome though, I’ll take a look tomorrow when I get in & see if I can reproduce this.

Opera’s being wonky is a known thing, it’s not a priority because we get so little Opera traffic.

IE8+ does CORS fine, you’ll just need to use XDR instead of XHR for IE 8 & 9. We do it regularly & it works great.

JSONP is an elegant hack… but it’s still a hack.

I agree it would be nice, but unfortunately we don’t have the right kind of metadata on events to support this.

I researched the events you asked about.

Talcmaster is on the right track. In this case, it means the event is inactive on the worlds that are not listed in your results, and has never switched to one of the documented states.

Inactive is a sort of undocumented state that we intend to correct and clarify in the future. For now, treat the lack of a result or an ‘Invalid’ state as ‘Inactive’. An event will only become active as a result of something else happening in the world, it will never become active just from time passing.

klarkc.3754:

The preparation status is only when a cutscene is being shown or other things, like when the player needs talk to npc to activate the event (or this one is on the warmup status)?

The best description of preparation status is the one in the documentation. An event designer has a fair amount of freedom when deciding if and how to use the preparation state, so it completely depends on the event.

I said this in another thread, but I’ll just say it again here…

The achievement should stick around, so when you reach level 75 you should be able to munch on it and get the achievement point. I don’t foresee Owain giving up on making omelettes.

I’m currently still working on my ability to see the future, but know that if other devs intend to change those things and break the achievement, I will fight tooth and nail for it to not be touched.

Events don’t always have a success phase. They may immediately transition to the warmup phase. The preparation bug I mentioned in another post may be responsible for what you’re experiencing.

Hi,

We’ve identified a bug where events that advance to the ‘preparation’ state are not reported properly via the API. Events in the ‘preparation’ state retain their previous state from the API’s perspective until the state changes again.

Not all events have preparation states at all, and it’s often short for those that do, so this should not effect most events. However, events that are part of complex event chains may show incomplete or inaccurate information as a result of this bug.

The bug will be fixed when the next game patch goes live, so if you’re having trouble with some events I’d recommend re-examining them at that time. Without deeply examining individual events, I can’t say whether this will fix any particular issue you may be having. If at that time there’s still a problem, please report it.

I’ll also update this thread when the bug is fixed.

[EDIT: Fixed!]

Please don’t blame us for time zones. You’ve changed locations, and it’s natural that the busy times in Europe will not be the busy times in North America. The point is, you registered an account in Europe and were and will continue to be able to play from anywhere in the world. That is rather remarkable.

As to the server transfer question, please note the comments above: They are accurate and offer many options to you.

I also wish you the best, and thank you for your service to our country.