Guild Wars 2

I sent a email to Arenanet telling them someone from an IP address in china tried to log into my account. Was asking if there was a way they can block that IP from there servers because they have to be using a program to hack so I am most likely not the only one they hit. I was clear in my wording and even said that that was not me. what I was sent in return was this.

Hello,

Thank you for contacting Guild Wars 2 Support Team.

When you receive an e-mail indicating that someone is attempting to log in to your account, you can Allow Access, Deny Access, or Remember this Network.

- If you choose Deny Access, access to your account will be blocked.
- If you choose Allow Access, access will be granted on a one-time basis.
- If you choose Remember this Network, you will receive an e-mail only when a log-in attempt is made from a new IP address.

So, please choose Remember this Network and click on the check box.

They are telling me to let the hacker in? Do they not read the emails they get?
Had I not known better I may have done that.

So can they block an IP? I can really care less about my account here I don’t play it and have no plans to again was just trying to help other gamers that do value there GW2 account.

Apparently the CS agent was confused by your request and replied with the standard options when you receive an email about accessing your account from an unknown IP.

No, he isn’t telling you to allow the hacker in. No, they cannot block the IP of that individual or all of China or anything between. Only you can allow the hacker access to your account, the email means that he tried to get in, it was not successful unless you follow the link to allow it.

Anyone who takes reasonable precautions against getting hacked (such as using different passwords for game and email accounts) will be safe using the measures that are already in place.

Well my pass for GW is not the same as anything else, in fact I have no idea what it is I put it in a year ago saved it never typed it again. So how other than code hacking can anyone get it if nobody knows what it is?

But if there is no way to block it there is nothing I can do to help others. Like I said I don’t play anymore was more about wanting to help others because like I said even I do not know what that password is so they have to have some other way to get it.

Perhaps you had a keylogger (and still do) on your computer. It’s easy to find your password, it’s saved in your browser settings. Maybe they have access to your email account. Even if you don’t play anymore, you might consider changing all your passwords, as someone (probably many someones) have them.

It’s 130919-002412

It is difficult to judge if the reply was ‘right’ or ‘wrong’ without knowing what you exactly asked. I do think that the agent was being helpfull and somehow misinterpreted your question.

It is good that Gaile is reviewing this and looking into how this failing communication could have happened.

As for blocking an single IP from the servers all together.
Arenanet does do this in some situations. There are however also reasons tot not do this. Many times the computer behind the ip-adress isn’t owned by the hacker, but is a computer that has been hacked themselfes. For a hacker it is an excellent way to hide his true identity and it isn’t difficult. When blocking an IP from the server it also means the hacker simply moves on to an unknown ip-adress. So blocking will have limited effects on the amount hacks, but will result in a hacker moving out of sight.

mercury ranique.2170:

It is difficult to judge if the reply was ‘right’ or ‘wrong’ without knowing what you exactly asked. I do think that the agent was being helpfull and somehow misinterpreted your question.

It is good that Gaile is reviewing this and looking into how this failing communication could have happened.

As for blocking an single IP from the servers all together.
Arenanet does do this in some situations. There are however also reasons tot not do this. Many times the computer behind the ip-adress isn’t owned by the hacker, but is a computer that has been hacked themselfes. For a hacker it is an excellent way to hide his true identity and it isn’t difficult. When blocking an IP from the server it also means the hacker simply moves on to an unknown ip-adress. So blocking will have limited effects on the amount hacks, but will result in a hacker moving out of sight.

This is what I said but I am not putting the IP I gave seeing as I don’t know if that is ok or not.

“I got an email that said I tried to get into my account from this IP (edit)
that is not me I have not logged into guild wars in months and it is in china going by the info given was wondering if there is a way to block that IP seeing as it must be someone running a code breaker program or something as even I do not know my password for GW2 I put it in the first day and had it saved it has never been typed again.”
Going by that I don’t see how if they read it, they would give me info on how to let the IP get into my account.

Ok, I do see how a misunderstanding can arise, specially after a long day. I have done email support for a big company for a while and you have to go through thousands of words per day. It is off course not ok, but these things happen. He obviously misread it as you being someone who didn’t understand what the authentication mail means.

Keep in mind that the security of your computer may be at risk. This hacker has your password, so this means your password was either very weak or you have some software on your computer that reads your password. Support will likely get in touch with you soon with advise how to clean your computer and after that set a stronger password.

You are lucky that you dont have the same password on your email account as you do with your gw2 account, otherwise you would have lost your account.

But the hacker does know your email and gw2 password, so the best thing to do is change it immediately. And obviously deny access to any IP which is not your own.

And if you have a smartphone you can add the gw2 authenticator app to your account as well as an extra layer of security.

yea I would really like to know how they got it ran a full scan with malwarebytes in safe mode and a Norton 360 scan found nothing but a few cookies. Didn’t share it with anyone. it’s a gaming pc all I use it for is to game and look at official forums.
all my games are from big names like anet sony and so on.

gregschlueter.6394:

yea I would really like to know how they got it ran a full scan with malwarebytes in safe mode and a Norton 360 scan found nothing but a few cookies. Didn’t share it with anyone. it’s a gaming pc all I use it for is to game and look at official forums.
all my games are from big names like anet sony and so on.

1: Is your gw2 password unique?? In other words, do you use it for nothing else?
It often happens that hackers get a bunch of passwords by hacking a fansite. this can also be a guildforum. by making your password unique, specially to those places you login that are telling potential hackers that you play GW2, you prevent a lot of trouble.
2: Is you password strong??
A strong password is unique and with little meaning. As an example whats wrong I use anime names. Often people think that anime is very obscure so picking a charactername of an anime show would be a strong password. However, GW2 is very popular among anime watchers. Such a password is very likely on lists of passwords that hackers test.
A good way of making a strong password is to use a secret you have but never told one and you are never going to tell anyone. A good example could be: ‘When I was at highschool I was hopelesly in love with Holly Richardson’ Now you take the first letter of each word: ‘Wiwahiwhilwhr’ Now lets say you graduated at highschool in 1994. Then adding those numbers would make it even stronger: ‘Wiwahiwhilwhr94’
This password is very strong. But cause you use a sentence, it is much easier to remember for you. And cause the sentence is something nobody knows bout you it is very very strong.

Be careful about such a password. “Wiwahiwhilwhr94”; while this might be strong against a dictionary brute force attack, this password has too many recurring letters and a few common password tropes like double 0-9 digit ending. If you want to create a very strong, very secure password you should always aim for 16+ characters including 2+ numbers, a good mix between upper and lower case, and also 2+ special characters. The problem with such passwords is that they are indeed hard to remember. That’s why inventing a system for such passwords is much easier. This system should only be familiar to you.

To give an example: Say you decide on a common password length of18 characters. You use a 2-5-2-7 combination where you input a number and a symbol before and after the first word, and a 7-letter word after that again, Then finally you add another symbol and letter. So;

“1&Staín2+Finally3D”

Such a password would only be discovered by being given away. Or if you had a whole nation trying to crack it.

While the password doesn’t need to be as messed up as the above one you can easily create your own system and then use it for every password you need. All you need to do is make sure you change out half of the letters, by changing words or symbols or a mix. Just keep the system the same and you’ll find that it’s easier to remember. You can also use words from different languages, backwards, use special characters, etc. And if you find it hard to remember, try to use words or symbols that make sense to the password you’re trying to make. For guild wars 2;

#1Jen#2naIs#3Hot#!

Chobiko, Believing that recurring letters in passwords is an issue is as wrong as believing that the Monty Hall parodox can be solved by sticking with your choice.

Yes yours is safer, but it is also harder to remember. Safety and convenience should always be in balanced. The reality is that you should be the weakest one. Hackers only hack bout 1-2% off the accounts and they almost always go for the easiest ones to hack. As long as you make sure you are not the easiest, your almost certainly safe.