My account was hacked last night/this morning, and all my stuff stolen and gold stolen.. AND all the Guild Bank Stuff Stolen and gold Stolen.

The only thing I've done recently is update WoWRoster last nite and added the Guild Vault module to my website. I did this around mid-1am Friday night. I tested the Guild Vault module and was impressed that it got all the items. Around 9am an officer called me, and left me a voice mail that I was on and not responding and taking stuff out of GB. Later I got another voice mail. Finally at 1pm someone got me on my work # and I tried to log on, but couldn't because the password was changed. I had my roomate check and sure enough someone was on my Hunter. I quickly requested a password reset and then tried to log on my nephew's account to open a ticket.

Sorry for all the details. My concern is that this software is compromised and my be used to hack people's accounts. Please check to make sure that's not the case. It just seems to coincidental that I updated Wow Roster & the Guild Vault Module..and I'm Hacked within 6hrs.

Thanks,

Can you say which version of Roster and which version of the guild vault addon you used

Roster does not store or require WoW usernames or passwords, neither does the addons CharacterProfiler or GuildProfiler store the username or passwords (WoW's addon API doesn't allow access to this information)

When uploading files, the file name is sent, not the entire path. This is how every browser operates

Did you update any WoW addons recently, visit any addon sites, or visit rpgoutfitter.com (rpgoutfitter was been hacked a few days ago and there was a browser exploit inserted into all of the forum posts there, it was cleaned recently)

Last night (Friday night)

rpgo-CharacterProfiler_2.3.1a.zip
guildvault_roster173_version10_2.zip
PVPLog-2.5.1.zip
rpgo-GuildProfiler_2.3.1a.zip

are the files I downloaded from this sight (pretty sure they all came from this site..or links from this site or links from the guild roster.

http://www.stormseekers.net/roster/index.php is our roster website.

I love the WoW Roster and all the work ya'll have done. I'm hoping it's not a breach on your side, just a coincidence. But I have taken every possible precaution to avoid getting hacked (virus & spyware software, firewall, router, bridged network, etc). I don't have that many Addon's in wow..just the raid ones (Omen/Ktm Bigwigs & Deadly Boss mods), Auctioneer and Roster.

Edited: I was on http://www.rpgoutfitter.com/Addons/Char ... ofiler.cfm Yesterday, accoding to my history, but that was the only link to them in my history for the past 2 weeks. I didn't go to their forums.


Thanks,

Were you using Internet Explorer on RPGO?

Naw, I use Mozilla/Foxfire. I like the tab browsing feature and pop up blocker.. yea, I know IE has that now, but I stick with what works. also I don't let any activeX things load on foxfire, nor downloads of unknown certificates or any of the other things that can be vulnerabilities.

I´m the author of guildvault for Roster 1.7.3 and i think there´s no usefull information for a hacker. The addon only scans the vault-section of the characterprofiler.lua and only save the info´s in this section.

Here is a complet list of what is stored by guildvault addon:

guildvault_addonconfig: config_id, config_name, config_value, config_form_type
guildvault_config: tab, name, icon
guildvault_contents: tab, item_num, item_name, item_color, item_tooltip, item_icon, item_id, item_quantity
guildvault_logs: tab, log_num, log_type, log_name, log_item, log_count, log_time
guildvault_money: copper, silver, gold, guild
guildvault_orders: order_num, member_id, tab, item_nr, num_items, order_status
guildvault_pricecache: itemid, buy, sell, auc

There´s no code inside the addon that´s sends any usefull data to another site. The only part that is sending some information is when you enabled "show prices". Then the item-id will be sent to a website to get the price-data for this item (only the ID is sended nothing else).

Anybody who have enough knowledge about php, can take a look at the addon code.

And i think the people which hacking WoW-Accounts don´t scan guildwebsites. It´s easier to write a trojan or something else to get the data.

Nefuh

Nefuh wrote:...There´s no code inside the addon that´s sends any usefull data to another site. The only part that is sending some information is when you enabled "show prices". Then the item-id will be sent to a website to get the price-data for this item (only the ID is sended nothing else).

WoWroster, neither its third-party adons, doesn't need WoW game login names or passwords to operate.
The WoWRoster staff wouldn't even permit that addons that are proposed here need any WoW credentails to operate.

Example: some time ago, the question was raised if an addon could be created that grabs the Guild Vault from the Armory. As every one knows, you have to login with your WoW credtentails to see this information. So a WoWRoster addon needs to store or ask this info, so it can acces the Armory.
For this reason only, this addon, and look alike, wasn't written - and will never exist. Period.
happily, a good working alternative exists now.

Nefuh wrote:Anybody who have enough knowledge about php, can take a look at the addon code....

Thats why WoWRoster is safe.
Because CharacterProfiler and all these other WoW IG addons are safe.
WoW 'IG' addons can only function IN WoW, because they are executed by WoW, the game.
The WorldOfWarCraft Game executable DOES NOT expose any sensible account information to these addons. So, these addons CAN'T save or use ANY information to disk. WoW Addons can’t even read or write files (to disk, to internet, to what so ever).

Just check if you can find a lua file in the C:\Program Files\World of Warcraft\WTF\Account\YOUR-LOGIN\SavedVariables directory that contains YOUR login information. You won’t find it. Never.
If you do, then it’s there because it’s part of your, i.e. motd, or another user (Officer) entered text string. Please, just don’t that.
If you find your credentials in these files, better contact Blizzard directly – be ready to receive a big thank-you cheque.

As everybody knows, you need to type your WoW password just on one place : the WoW login screen. The Game can not really see “ who’s ” in between the OS that handles screen session (keyboard user input) and the Game itself. I’m talking these famous key-handlers here, or just plain key-loggers. Many classic, very knows programs are chained in to handle key input, that’s normal since some one found out a TSR program that was called SideKick (remember this one, guys ^^). The WoW Game can’t judge if any of these chained-in handlers are ‘good’ or malicious.
Just use the SysInternalstools from Microsoft (they offer the tools, but didn’t write it themselves! But they are awful, and show you a lot about your system about these matters – you WILL be surprised)
Let me tell you one thing : why do I have this strange feeling that the Game send over to the Blizzard (login) servers a list with all the key handlers in your PC !!!??!! [These are my thoughts – I didn’t reverse engeneerd Blizzard code ^^]
This means that Blizzard could know before you do that your credentials are being intercepted – module name are know when key-handlers are listed. Module names (file date, CRC check etc etc) are slight indications to this.
Blizzard isn’t a Trojan hunter – they just protect themselves this way. They will never communicate to you what they know about you (your system). Think about it, and you understand why.

Nefuh wrote:And i think the people which hacking WoW-Accounts don´t scan guildwebsites. It’s easier to write a trojan or something else to get the data.

Right on.
Just NEVER ever use your WoW credentials as your site/forum access codes. And don’t post them in any message on your forum.

The ONLY way a stranger can get it hands on a WoW account password is:
Because some one told him so (account borrowing).
Example : its more then enough that you, or a friend that you trust completely, uses YOUR account credentientals on a 'not so save computer' : your account will be hacked is the intercepted credentials are intercepted by WoW credential searching entities.
Or, more direct : You have a key logger yourself on your PC.




Sorry for this long exposure, but one can't be clear enough about these kind of matters.

My account was hacked last sunday as well, I did not update any add on however I recieved a strange tell that stood out during my raid time.

I was sent a random tell from a warrior asking me wich weapons I recomend for 58 warrior Fury, it had two weapon links and I clicked both of them and offered advise for the spec, I told him I was busy and to catch me another time..... that night I was hacked and deleted all my toons except my hunter whom he used to farm in Auch..... Sounds familiar to you?, I am wondering if you can recall a random tell from some nub asking you to pick some weapons for his spec class, Blizz said it was impossible to link a backdoor in thier links but I swear it is the reason I was hacked. He took so long torespond back to me each time standing in Org, and I wish i had got his name.

Just interested if you can recall this.

I received a random tell like that last weeks also from a lvl 1 warrior but just ignored it. Thought it was kind of fishy and probably as soon as I would have responded I would have gotten slammed by the "BY MY GOLD NOW CHEAP" message.

blizzard released there is an exploit in flash from adobe go to there site and update all your flash addons for firefox and ie this should help..