(deleted)

[Slapperfish]

(deleted)

[Lisaara]

Um Slapper? You probably shouldn't access the internet entirely if you don't have an authenticator. You could get a keylogger from here too(we've seen an increase in gold spam bots lately). Also it helps to have a good virus scanner and stuff like Spybot. Not really WoWHead's fault if your stuff didn't identify it as a threat and Blizz has been advising for everyone to get authenticator. If you don't have one(which you can get for FREE on your phone), then that's no ones fault but yours. Not trying to be mean or nothing, I just don't have sympathy for anyone who gets hacked and doesn't have an authenticator after it's been advised to do so for what...a year and a half now? Longer? Doesnt cost much for the physical one(6.50 at the blizz store) and you can get a free one for your phone. So.....not many excuses to not have one, you know?

I do hope you get your stuff back though. It sucks that it happened just you had many chances to prevent it.

[pengupuff]

Congrats on getting your account restored, that sounded scary.

Echoing what Jessibelle said, you can pick up a keylogger from pretty much anywhere. Wowhead does not have a deliberate underground operation bent on ruining players' accounts, so once you have your authenticator set up, you should feel free to browse that site as you please. :]

[Jadein92]

This isn't the first problem Wowhead has had, a few years ago both my parents computers got viruses that fried the whole system from wowhead. My dad was idiotic enough to go to it on the spare so all 3 computers were dead. I'm glad its only a keylogger your dealing with.

[Galaxy]

Hey, no hating on the lack of authenticator. Remember that thing with iPhone authenticators being hacked? Eh? 12 of my guildies got hacked and it was that little loophole. All within a few days of each other.

So, don't hate. I know that prob has been fixed, but no hatin'.

TY, OP, for the heads up, though! There ARE ppl out there who don't have one for various reasons and need to know!

[Worba]

Hmm, good to know. Though I can say, that the one time I was hacked, I'd been using wowhead for at least a year or so (and there were other factors which I won't go into here that made it extremely unlikely wowhead was the culprit even then); now that having been said, I got an authenticator immediately afterward, so who knows... maybe things have changed at wowhead since then, and me none the wiser since I'm now behind an authenticator...

[Niabi]

It should be noted that when you first removed the Java folder from your files and spoke to a GM to have your account restored, you should have also changed your password and possibly rerouted your game account to an alternative email provider - this would've prevented/helped lessen the subsequent attacks.

The keylogger would've had access to all your log-in information when it first installed, and thus would've been able to access your account again and again using the same email and password. It's also a good idea to change your email password from time to time since that also is connected to your WoW account. Also, never ever use the same password for all of your accounts. For good measure, you should have a unique password that you use only for the game and no where else.

[Azunara]

It sounded like Java was part of your issue here. I'd like to point out that the BIGGEST reason people get hacked isn't because of going to bad sites--it's because their anti-virus/Adobe Flash/Java isn't updated. If your Java was having issues (Namely, the keylogger was coming in through Java), that was likely your problem--it wasn't updated. By removing it, I figure you only made the problem worse.

I'll recommend here and now that you should ALWAYS keep Flash/Java and whatnot updated, because Viruses and other nasties will very easily come in that way. I also suggest ad-block for anyone and everyone. I love ad-block. It protects me from all the bad flash banners. <3

[Lisaara]

It sounded like Java was part of your issue here. I'd like to point out that the BIGGEST reason people get hacked isn't because of going to bad sites--it's because their anti-virus/Adobe Flash/Java isn't updated. If your Java was having issues (Namely, the keylogger was coming in through Java), that was likely your problem--it wasn't updated. By removing it, I figure you only made the problem worse.

I'll recommend here and now that you should ALWAYS keep Flash/Java and whatnot updated, because Viruses and other nasties will very easily come in that way. I also suggest ad-block for anyone and everyone. I love ad-block. It protects me from all the bad flash banners. <3

^ This. Update your stuff regularly. Can't stress that enough.

[Zuilu]

Agreeing with most of what others have said here, though I would like to point out, we haven't always had authenticators, and we managed somehow back then =P Infact, the only time I've ever been hacked, is during my time of having an authenticator. To avoid compromising your account security, it's really more on your virus scanner and being smart about what you download/click on. Authenticators will help, but you can manage -just fine- without one.

[Wain]

Not a lot of sites use Java, so it could easily appear to be a Wowhead issue simply because that's one of the few sites that you visit that does, even though it's simply a Trojan on your machine sitting and waiting for you to use Java somewhere.

I think if it was Wowhead, which would have to have one of the highest usages of any WoW-related sites, the complaints would be rife and it'd even make news sites.

[Slapperfish]

(deleted)

[AdamSavage]

You try using Avast Anti Virus free edition Slapperfish. It probably would of caught these key-loggers.

[Slapperfish]

(deleted)

[Lisaara]

Firefox is pretty safe. but yeah IE is really not safe to use. Thats why most people kick it to the curb and get FF and GC.

[AdamSavage]

So, after a bit of conversation with a friend the other day who had coincidentally came across something similar on Wowhead (but never got a keylogger from it), he said he went ahead and checked the WoW forums about it. He came across a post dated about 7 months ago where someone had the same problem. Turns out, it isn't Wowhead, but the advertisements on there that exploit out-of-date Java players. Wowhead apparently has no control over which ads they use to fund their site, but they will normally remove "bad" ads if they get them.


Additionally, I use Internet Explorer as my browser, so I'm much more vulnerable to viruses and keyloggers.


...I really oughta make the switch to Google Chrome or something.

That's your biggest problem right there. Firefox plus Adblock will get rid of Ads.

[Melentari]

So, after a bit of conversation with a friend the other day who had coincidentally came across something similar on Wowhead (but never got a keylogger from it), he said he went ahead and checked the WoW forums about it. He came across a post dated about 7 months ago where someone had the same problem. Turns out, it isn't Wowhead, but the advertisements on there that exploit out-of-date Java players. Wowhead apparently has no control over which ads they use to fund their site, but they will normally remove "bad" ads if they get them.


Additionally, I use Internet Explorer as my browser, so I'm much more vulnerable to viruses and keyloggers.


...I really oughta make the switch to Google Chrome or something.

That's your biggest problem right there. Firefox plus Adblock will get rid of Ads.

All this, and get the addon called NoScript. It blocks all Javascript except the elements you specifically tell it to allow. It's brilliant.

[Andine]

I suddenly feel glad their Java model viewer is just plain crashing on me immediately upon start.

[Morven]

It's generally smart to disable Java and Flash entirely and just re-enable them for specific trusted things, these days

And yeah, bad ads are a problem; they're the cause of a lot of problems, and of course someone wanting to account-hack would put bad ads up on Wowhead ...

[Slapperfish]

(deleted)