Polemidas

I assume pretty much every raiding guild uses the new guild bank feature these days. I'm also pretty sure that the majority of players either have lost access to their account at some point or know someone who has. What I don't know is how all of you deal with it when these two circumstances collide. Obviously before the bank patch it wasn't a massive deal when a member clicked a sex girl only to find themself naked the next day. The character's owner wouldn't be able to raid for a while and eventually they may have to re-enchant and re-gem their gear. Nowadays, however, it seems to be a much larger problem.

Long story short we've had a recent spree of hacked accounts in our guild. The first one to go down was a general raider. It wasn't a huge deal given we have fairly low limits set for that rank (100g and 10 stacks a tab). The hacker was smart about it and did it right before and after the day reset and got 200g and a bunch of mageblood elixirs. Then one of our officers got hacked. They have full access to the bank but luckily he plays way too much for his own good and all they did was make sex women posts until he noticed and changed his info without the hacker logging in-game. The real issue came today when we found out he apparently didn't clean his computer as well as he thought he had. About an hour and a half after the dirty deed was done, we checked our bank to see pretty much everything gone. Most of the guild's gold, raid consumables, and enchanting mats just disappeared. Given how banks work these days it was pretty easy for him to grab the most valuable stuff out of a tab and leave the junk.

My question is twofold. One: what do guilds with much more valuable banks than ours do to safeguard themselves from both irresponsible members and outright thieves? What limits do you set for tabs? Do your raiders all have access to all of the tabs or do your officers have to taxi materials for them? Two: what can Blizzard change to prevent the inevitable account hack from destroying months (or years) of guild resources, especially if it's an officer or a guild leader?

As for our guild, we setup our bank so that all of those of raiding rank had pretty limited access. Guild policy is to sell things to the bank for a lower price than on the AH and for guildies to buy it out of the bank for the same price. I have heard that the devs are considering adding in a feature to set the price of items so it's no longer an honor system and you have to pay the cash to extract an item just like a vendor. This would obviously allow us to eliminate all access from general raiders, but what about safeguarding it against an account hacker on an officer's account? The best thing we could come up with is some sort of in-game password system to actually access the bank. Ideally something like a vault combo that you'd have to click to access so a keylogging program wouldn't have a chance to get it. Something like a set of numbers with an up or down arrow you could click on to set. I'm not overly savy on how some of the keyloggers work but perhaps it wouldn't even be necessary and it'd be too hard for a program to discern the valuable keystrokes once a person logs in and starts talking to people. Regardless of what it is though I do feel the guild bank needs a secondary level of security beyond simply being able to log into the account.

So what do you all do to secure your guild bank? Should something be implemented in-game or does it ultimately end with hoping your raiders don't click stupid shit while using Internet Explorer? If so I can't imagine it's even worth using the guild bank feature at all. It's far too likely that just one person with access does something stupid, and with all of the guild's resources centrally located it's just too easy to lose it all.

 

Skulli

What other level of security you want? Another password when accessing the guild bank? That can be keylogged too.
Other way is to limit access of all people except of one person (still a small risk then).

 

• Anarkii

At least the GM and the officers should be smart enough to use Firefox+Noscript. Putting additional security measures would make day-to-day operations annoying

 

dr_AllCOM3

One of our officers took almost everything from our guildbank, transferred and sold on Ebay. We never heared of him again . See, you don't even need to be hacked.

 

Oliria

As a GM I set pretty strict limits on our guildbank

officers can withdraw 50g a day (covers a respecc for a raid) and about 5-10 stacks. and that's about it. no ordinary members kan take anything from the guildbank, so we wouldn't loose much if the accident did happen.

If I however get hacked, which I plan not to - it's a whole other story, nothing to do about it!

 

Arakan

Well, if one of the officers got hacked, or the guildmaster, it wouldnt be any different than it was before with banking alts. Just to draw a comparison. However, these days it is a lot more obvious when a certain member has acces to a bank.

Either way, back than or now, if your banker got hacked, you lose all of it.

 

Polleke

It would be significantly harder to keylog an onscreen numpad that requires you to enter a numerical code by clicking on the numbers.
Make that pad appear on a random location on screen and you would really have a hard time trying to crack that, although most likely not inpossible.

* Bla

 

TheCutlery

My guild bank is just set to pretty much be an iron fist on just about everything. Officers have access to only about as many stacks as they would theoretically need for crafting, no more. Members are set at 3 or 5, and alts are set to a stack a day. Even if someone and their entire stable of alts went psycho, about the most I would lose would be a stack of arcane crystals and some primal shadow or something equally ridiculous.

I also keep the tabs set differently and informed the guild of this. There's a tab for potions, and there's a tab for flasks, with different permissions set. It's not a big deal if someone runs away with 20 major agilities. It's a huge deal if someone runs off with 20 Relentless Assaults. I don't need someone cleaning out my entire stock of LPS's, but if you really wanna screw yourselves out of a bunch of friends over some noble topaz, go right ahead.

I used to have it set so people could repair with gold, but my officers bitched about that because they always hit the wrong button and used guild funds for it even when we weren't doing guild activities. So I nixed the gold withdrawal and everyone goes through me when they need money for anything. Small price to pay to make sure we've got cash in there when we need it.

And as far as account security goes, I'm still not of the belief that keyloggers are really the problem. 99% of all account compromising comes from people sharing their info. Just don't do that with everyone, and you won't have a problem. As a guild leader, it's more important now than ever, since you're the only one who should have access to clean out the bank.

 

◊ Penguin

There's always going to be the failure point of someone with access to most/all of the bank, and really that hasn't changed with the advent of guildbanks. As Arakan stated, there used to be the chance the guild mules would be hacked/sold and you'd lose everything that way. With the integrated guildbank feature at least Blizzard has a logging system in place as well as concrete ownership rights by the guild, rather than "Character XYZ left the game and took all our bank toons".

This thread should really be "Best Practices: How to not click links with .cn"

There's not some hidden "but he tries really hard" variable built into the game. -Slake

I always love the "it doesn't fit my style of play" line. There are only two styles of play; Correct, and Incorrect. The only people that ever use this line are people with the incorrect style of play. -Sebudai

 

Krazen

Wonder if they could put a transaction limit, where any daily withdrawl over 1000g triggers some kind of alert, similar to real life banks.

 

TheCutlery

I dunno how this would be useful. Only the guild leader should have the right to pull that much money out of anyone's guild bank. If they don't, it's no one's fault but your own.

 

Krazen

Which still leaves the problem of the GL getting hacked. It alleviates, but doesn't solve, the problem.

If nothing else, I don't see why Gold Withdrawl cannot be on a 24 hour timer, as well as a 24 hour 'security' tab where withdrawls of rare stuff takes 24 hours.

 

Brissa

In that case do you only allow the GM to access valuable guild goods as well?
Getting even a single stack of crimson spinels would be thousands of gold on any server.
It seems to hamstring daily operations to much.

 

Talgog

A good place to start is to educate your members - all of them - on how not to do stupid things on the Internet. WoW-specific BadStuff(TM) is of course going to be mostly found on WoW and gaming related sites, but there are also broader keylog and hacker attempts aimed at information that's usually far more valuable than someone's WoW account or even their guild bank.

Run heavy security programs including a restrictive firewall and don't click on garbage. When your browser or your security system throws up a block, at least think about why it is doing that, and if what you want to see/download is remotely worth the potential loss of thousands of dollars, credit history damage, etc.

There's also the moron password problem - it wasn't necessary to hack your account because someone who knew something about you could guess it fairly easily. Let alone "I gave it out to my buddy and I didn't know that he posted it on a Post-It note near the entrance of his dorm room so that he didn't forget it."

WoW "hacks" that aren't related to downloading shit onto your computer are going to be either a stupidly easy name/password combo or bad log-in info security. Truly "random" WoW account hacks without malicious software on your own computer are damn near impossible because of how WoW account access works. Anyone with the horsepower to even attempt that has much better things to steal. Odds are that anyone who says that this has happened to them either doesn't realize that they compromised their own security or is lying through their teeth.

Your username shouldn't be the same as any of your characters, and your password should be at least 10 digits long, use no dictonary words and as complex as a given site will let you make it.

There is no truism that "everyone is going to be hacked someday" anymore than "Everyone will be in a car accident someday" or "Everyone gets STD's". All are overwhelmingly related to moron behavior.

 

TheCutlery

Oh come on. Who really gets "Hacked?"

Every time I've ever heard of anyone getting "Hacked" in an MMO, it always comes back to "Well, Bob had my account info, Jim too" or "I just got divorced, and my wife moved out last week." The threat of keyloggers is largely overplayed in my opinion. 99% of the people who get hacked just have poor account security habits when it comes to their friends or family. The guild leader just need to be vigilent about his account info and you shouldn't have any problems anymore.

Now, as for the limit and transaction cooldown, who has oversight in that regard? If the guild leader is the only one who can withdraw that sum of money anyway, who's going to stop the transaction? Bobbycasual is going to press the red button that locks everything down when he hears at 4am that the guild leader took 2k gold out? It wouldn't prevent anything from happening, just slow down the process.

 

• mutagen

Keyloggers after your bank account info have been screenshotting on-screen PINs and other such security mechanisms already, it wouldn't be a stretch to extend support to the DirectX framebuffer. Still, an added layer of security as simple as a PIN pad might reduce the keylogger's access, they would have to wait for you to access the guild bank before compromising the account.

 

Kozik

If you are totally worried about security, why don't you just limit gold withdrawals to 0. You limit gold usage to repairs only, and even limit that to a certain amount. As for items, you can lock all the tabs but one, and have a single banker and GM have access to them. Make one tab for deposits only. With only 2 people working with the bank, the chances of getting hacked are virtually none. If we are talking about hardcore raiding guilds, then I would hope the GM of such a guild would be smart enough to run a few scanners of some sort. As for people ninja'ing stuff, and xfering. I really wouldn't worry about that if you limit your withdrawals. The only person who can withdraw large amounts of stuff is the GM, and if he/she leaves, the stuff you lost is the least of your problems.

 

Nayt

Still the exploit of people joining your guild with Permissions set up from their old guild. And voila, stolen goods. Last week we had 3 people (same person we assume) Ask everyone anytime someone knew log on saying they were a friend of our guild member. Finally like 5 or 6 people reported him. I told him to back off before he got suspended/banned.

(For those of you that don't know this is a problem and still hasn't been addressed, whenever you invite a new person to your guild immediately change their rank so it resets their bank permissions).

"When Nate's in town a feast is down."
Pizza, Gold, Contests and Myself
Hunter / Priest / Shaman / Warrior

 

Kirion

Sometimes its not really person fault. For example, there was a nubmer of account hacks in russian wow community (our guild bank was stolen same way) when hacker use xss attacks to retrieve password from forums or email and then use it to stole wow account. So its better to not use same password and same e-mail address on your wow account and account on other web recources.

42.

 

Talgog

That's really just common computer/life knowledge, though. Don't reuse passwords for anything.

 

• Snowy

It's really not much different than having a guild bank in the old days which several officers could log onto. If one of them get hacked, it was going to get cleaned out regardless. As for your regular raider, there's no need for you to expose yourself unnecessarily by leaving every single item in the raider tab for them to swipe. For example, only gemcutters really need to access gems. You don't need to leave your entire HoD/Marks supply in that tab -- have a private tab accessible by youself and shuttle a small amount over to replenish as necessary. And so on.

Paladin: Pyla
Mage: Pylah

 

◊ Praetorian

Heh, no. Maybe years ago. Trust me, a lot of intelligent people who never give out their account info get keylogged all the time. It's a constant threat about which people should be paranoid. It's gold-sellers that do it, and it's lucrative business.

As for how we have our bank set up, it's like Snowy said -- I've tried to limit exposure without unduly hampering convenience. Only raiders can withdraw from the raid tab, only raid gemcutters (3-4 people) can withdraw from the gems tab, withdrawal amounts are capped so that one person can't clean out the whole bank. At worst they could pick the three most valuable stacks out of dozens, but that wouldn't be terrible. I have a private tab that only I have access to where I keep most of the expensive stuff, and I keep 95% of our gold onhand on an alt. If I get hacked, we're screwed, but that's been the case since day one really.

 

Ghando

I really feel like there's ample security measures already implemented in the game and with Blizzard's account management. You could have a panic button on the bank or you could have an extra layer of security or...you could not click every random-ass link you see. Anyone with any internet proficiency should understand the basics of how you protect yourself online. I'm by no means an internet savant, but I use sensible passwords and don't re-use them. I'm careful about the links I click. I don't traverse the whole internet searching a bazillion seedy sites for crazy porn. I think most people know these basics.

And like Gurg said, you can set things up to limit the extent of the damage if something does go wrong. The only person that could get hacked with catastrophic results is Gurgthock, few of us could do much damage on our own.

 

Machia

We have a total of 8 individual guild banks because we plan on supplying consumables and repairs for our raiders come Sunwell (they provide mainly storage of crafting materials and flasks/pots/etc). Being the GM I am the only one with complete control over all of them. We have specific crafter only banks where most of our crafting is done and where we store the majority of our raw materials. When we need another set of Flasks made up for example we have one of our crafters leave the guild and get invited to one of the supply/crafting guilds (with a seperate gbank) where we store our materials. I usually then monitor what they are pulling out and putting in (as well as tracking procs) and distribute it to the appropriate locations (storage or for use). When they are done crafting they are then removed from that guild and re-invited back to our guild. No one other than myself has access to take out any gold, only 2 officers other than myself have the ability to take any gold out of the bank and that is only in the form of the "repair only" feature. Members are only able to access 1 tab and it is for deposit only. Once we go live with our consumable program we will basically have 4 tabs with various items in it for guild members to withdrawal. They will be limited stacks (such as 2 flasks in a stack) and members will only be able to grab 1 set of items from each tab. Not only that but we will be only enabling withdrawal for 15 minutes before the raid and disabling it when we do invites. It may sound a bit anal retentive, but we feel that it's more organized and just takes away any chance of foul play or incidents where something could happen. If we take away all opportunities for something to occur then we are making it easier on ourselves in the long run.

 

TheCutlery

Well, I don't believe you, but you're running a much bigger and better guild than my own, so I'll take your word for it.

How do you handle the gemcutting? Is there a guild rank for Raiding Gemcutter? What about enchanting? It seems like all of that could get out of hand quickly with many ranks and many tabs and stuff. The gems really don't take up too much room in my bank, mostly because we keep them uncut, but the enchanting mats I could see getting outta hand really quickly with Shards and Crystals and Dust and essence and whatnot.