◊ Nfariessence

That's pretty much exactly how we do it. All but 10g is on my old bank alt, there is one consumables tab that my 3 top tier officers have access to (10 stacks) and everything else is on other tabs for organization. I have high enough play time that I can mail stuff, or I can move it to the consumables tab if they absolutely need it now (the sellable gems, a stack of hearts, and 1 of each sellable pattern) ~ so the majors can continue on if I am away for a week. Each day I check the bank and transactions and move any deposited gold to my alt. Since we do a 'bounty' style of gold reimbursement for new boss kills (raiders are actually >making< gold since we started farming T6 in 9 hours or less) I don't have to keep gold up for repairs. After each raid I stay online for 10-30 minutes giving out gems and handling other requests.

Nobody, not a single person, has my account info. I've worked very hard to build up my guild bank since I took over as GM, nobody is going to steal it from me, dammit.

 

thelastrace

Please post that screenshot. Your reaction to it on vent was classic.

 

tedv

If Blizzard wants to provide extra protection against the guild master getting hacked, the best you can do is add a forced delay on access changes. For example, suppose you could check a security box that reads "access changes become active after 24 hours". And assume the guild master could restrict his own access just like everyone else to maybe 100g and 3 stacks a day, or whatever. Now if he gets hacked and the hacker wants to take the whole bank, they have to change the permissions to get more than 100g and 3 stacks and that takes 24 hours. Hopefully the hack will be caught by then and the permission change would be canceled.

 

Kilani

This very question was just brought up on my Realm's forums. There's been a recent scam going around where a number of guilds have been affected by it. This guy (or group of people) will use the Armory to find a particular guilds officers. He'll make a level one alt with that officers name and "bank" added to the end. Then he finds a time when that officer isn't online and ask another in the guild to invite him. Once he gets promoted he'll empty out what he can from the guild bank and delete the toon.

Now for me, I don't just blindly invite alts to my guild. I'll ask a few questions that anyone in the guild can answer fairly easily. A few are somewhere along the lines of "What's my real name", "What are my main alts", "Who are all the officers in the guild" and stuff like that. I know it's not a sure fire way to do things, but it's kept my bank in one piece so far. Also, I don't know how others run their bank tabs, but my first 2 tabs are for junk. Everyone in the guild has access to them, but they are limited to 1 withdrawl per day and cannot withdraw any money. The 3rd tab is for members, but they also can only withdraw 1 stack per day and 0 gold. I don't find this unrealistic because at least for mu guild, there's not much in there where someone would need to pull out 10 stacks. If they have a reason to need more, then all they have to do is ask and an officer will do it for them. The last 3 tabs are officer only and that's where we keep the good stuff. All the enchanting mats, patterns, herbs, spare pots and such are kept there and only given out by the officers. Now this doesn't fix the problem if an officer get's hacked... but with only 5 of us able to access the tabs fully it gives us a better chance of escaping the problem.

To sum it all up, I think the only realistic way to protect your bank the best you can is to micromanage everything about it. Reduce access, restrict withdrawl's, and police it as much as possible. Make a tab for the GM only and keep the most important stuff in there so you're limited to only 1 account with access to it.

 

Vaxum

I handle all unguilded "invite my alt" requests with "message me the name of the alt from your guilded main". Simple, secure & takes less than 30seconds.

 

Njoh

One of the officers in my guild once got hacked and as a result we lost ~200 HoDs, a couple of hundreds of Mark of Illidari and various other less valuable stuff. We got it all back though just like someone else mentioned here, so to be honest the system works good enough, and as the permissions at the time was temporarily changed for practical reasons it's not something we expect to see happen ever again. Unless of course it's the Guild Master that's the unlucky one to get keylogged.

However, what I really wanted to say was that I noticed something about the way the bank got emptied. As permissions were only set to somewhere between 5-20 stacks each tab they couldn't completely empty the tabs, and it was clear to see that they simply took the items from upper left slot and down, then the 2nd from the left upper slot and down and so on.
That was no matter how big the stacks or how valuable the items were. As a result, in one of the tabs we lost some Runecloth that was placed on the left side even though we had several stacks of elixirs on the right side.

So, of course this greatly depends on however your keylogger is, but if you're really paranoid and want to take every precausion possible use this aswell :p
Place all your crap on the left side and all the more valuable stuff on the right. Would have worked very well for us at least if we knew before.

 

Trilly

I require the same proof; either a tell from their guilded character or a request on Vent. I used the "hey I'm soandso's alt" to get several cross-faction bank alts summoned to Tanaris when the only neutral AH's were there.

I eventually gave up on any semblance of organization in the specific tabs. My sanity could only take straightening things up daily for so long before I just let people be cute / messy.

 

◊ Kyth

80% of the entertainment, however, is Bazz's reaction. See also: putting clefthoof meat into random tabs.

You have to understand, the guild banks are like your preschool playground. Stop reacting when the kids tease you and they get bored and go find something else to harass .


That said, it seems the whole "able to rearrange the tabs" is a huge oversight and probably unintended (given that they limit you for how many stacks you can withdraw.) It probably exists solely because they ran out of time or ran into issues preventing it. If the far-too-common Blizzard ADD doesn't take over, we might see that fixed in a patch or two.

 

Scout

We recently had a problem where a bunch of Void Crystals disappeared. The Withdrawal log reads "Unknown," so it appears that someone withdrew the mats with an alt and then deleted the alt. Yes, I know ... Void Crystals in the guild bank without sufficient protection, but the guild has been running pretty well on happy-go-lucky for three years now.

We're talking with Blizzard to see if they can give us a name. I'm hoping it's just someone's retarded idea of a practical joke rather than an actual ninja.

 

TheCutlery

My sister runs a guild on Kul'Tiras, I log over there every once in awhile to see what's going on, and shoot the shit since she lives across the country. While I was doing so, I took a look in the guild bank just because I'm curious like that, and noticed in the log that there were an obscene amount of "Unknown" withdrawls/deposits. I highly doubt that people over there in a low end, do nothing guild would delete characters, so it may possibly just be that they're not in the guild anymore. Might be something to test out, see if the log changes after you remove yourself from the guild.

 

Holtzhammer

As Gurgthock has said, the best security for anything is by limitation of access. In the end you can only really trust yourself, but by limiting people to raid essentials, atleast in the event of a "hack" or whatever else, they're only getting repair money + a few consumeables, and not your entire Black Temple/Mt. Hyjal gem collection. I'm talking from a GM/Raid Leader point of view.

But on the other hand--how secure is anything anyway? There's no sure fire way to keep your Guild Vault secure, but atleast with limitation of access, or denial of access ( the request system) you can limit the internal security to one or two people.

 

Scout

I just checked it out with a level 1 alt. The log still has your name if you gquit, and only lists you as Unknown if you delete the character.

 

Rane

You won't get a name, I'll tell you that much. While policies in the US are sometimes different, at least in Europe, guild bank access by a guildy is the responsibility of the Guild Master to set and items lost in the above setting would not be restored either.

The earlier-mentioned tactic of level 1 Officername-bank alts had a fair uprising of late but most people seem to know about it now, and in such a case you will get your Guildbank stuff back as well, provided the guild master tickets.

As for hacked accounts plundering the bank, this will all be restored, but there's two requirements: The account hack has to be verified and undone first (average time: about 2 weeks on Europe) and the guildmaster has to make the ticket after the account hack of the guy that "did it". Guild bank restores take about a few days depending on their specialist queues.

 

Scout

Actually, it turns out one of our new recruits was hacked. We just found out about it, and it seems to fit the timeframe. Mostly, it's nice just to know that we probably don't have a theiving lowlife in our guild.

 

Flaccus

We've had similar scenarios. Here's the paraphrased transcript; we'll call the people involved Wy and Officer

Officer: Wy, did the guild bank really need this? [Light Leather]
Wy: was too lazy to delete it
Officer: Ok then.
Me: OK. So you trot all the way to the guild bank
Me: Nevermind, forget it





Jesus tapdancing Christ

 

Shocktar

I disagree. I'm an IT professional (and GM), and it happened to me. I had the full on AVG antivirus, a computer that I play on that I *never* surf the web on, password changes every month, and I still got keylogged. As it turns out, it was from UI Central, an updater that I'd been using for a year with no issues whatsoever, when all of a sudden one of the ads had an embedded worm.
Fortunately, I found it after a night's worth of Google, but it's still very very possible. It went right through all my security measures instantly, despite the fact that I never do ANYTHING on that machine but play wow and 2142, and I still use tons of protection. The way I see it, people are going to have their accounts compromised, regardless of what you do to assume they're smart and savy. The best way is to plan for the worst, if that means an extra five minutes of work to get something for a non-officer, so be it.
In COH, I'm the only one with unlimited access. Everyone else is limited to 100g/day (officers only), and 3 stacks of removal, period. I cannot fathom something beyond a massive crafting binge that would require more than 3 stacks of anything that another person couldn't help out on, and whenever I get a request like that, I'm always suspicious.

Gear is how hard you hit. Skill is how often you hit.
http://sig.gamerdna.com/quizzes/INFL...tealth5325.png

 

Fqubed

How "secure" from hacks would be to just have your password be three parts of a text you have in your desktop? Text could be anything, its just you know the parts that correspond to the password, you copy them and past them in the wowpassword?

 

• Chicken

Despite the fact that keyloggers are called what they're called, they don't need to track just key presses. It's fairly easy to extend such programs to also keep an eye on the clipboard (The clipboard being where anything gets stored when you copy it).

 

Tanoh

Shows how ineffective and overrated antivirus, constant password changing and firewalls are (I assume you had the last also). All it takes is running one insecure program for it all to fail, in this case UI Central's updater.

 

Tejs

I figured I would post this considering that people may not know about this (and should be more than enough to keep your computer going strong)

Spybot - Search and Destroy - This is a free Spyware / Adware protection program that is regularly updated and works extremely well.
Avast! Antivirus - This is a powerful Antivirus program that is free, if you only use it for home desktop protection. Corporate or Business licenses are not free.

 

Nayt

Anyone gotten locked out of their bank(s) recently? We're going on 3 days with no one being able to look at / withdraw / deposit stuff into our bank.

The first three tickets we put in got "We can't help you" copy and paste answers. Finally last night I think a new ticket was escalated. Maybe Blizzard is stealing our bank.

"When Nate's in town a feast is down."
Pizza, Gold, Contests and Myself
Twits about School, Dating, Partying and Jackassery
Hunter / Priest / Shaman / Warrior

 

Secor

No items of any significant value are kept in our bank. At least on the non-officer tabs. So if any of the regular members managed to get keylogged the most they're taking is a bunch of mana oil, surplus motes, random stat food and various resist or mana potions. Nothing anybody would get butthurt about for loosing.

 

Kargoroth

There seems to be a longer than usual queue to get accounts and property restored in the EU. We waited about a month to get our guildbank restoren after one of the officers got hacked.

It seems a wise precaution to restrict all the "normal" officer's bank acces to 1-2 stacks a day and to keep only up to 2-3 people with extensive permissions.

We certainly do this now Had about 7 people with 10 stacks permission and it really hurt us, all the HoDs and gems! Luckily we could lend some hearts from an other guild...

I don't know how much it is one's fault to get hacked (the office in question is not an officer in our guild anymore at any rate) but one really should reduce the probability of a full catastrophe.

 

Ja7us

We had this exact thing happen in our guild, with hilarious results: The guy creates the toon "Julybank" (July is our guildmaster) and whispers someone with an officer rank, Ashwend, for an invite.

The kicker? Ashwend is July's alt.

 

Pura

I guess a possible solution would be to have some kind of withdrawl verification, on certain tabs. For example, OfficerA tries to remove BT Gems from Tab6 (which requires verification), then in other officers guild tabs, there would be a list of possible withdrawls they could allow/decline. Think, a bit like a self destruct sequence out of a sci-fi movie, or even Star Trek :P Even then it would have to be set up so that a would be hacker couldnt add his alt to verify his withdrawls. Its kinda rediculous, but its not that dissimilar to what some real life banks do if they notice a "suspicious" withdrawl which alerts them.

They could add time restrictions, so that the bank functions or at least certain tabs arent available during the early hours that a hacked officer would have free reign to add/remove alts etc.

Also, we always used to have different banks on different officers or guild crafters accounts, so enchanting mats would be on one persons account, herbs/flasks would be on another, boe recipes/epics would end up on another bank char, mainly so the load of dealing with requests was split over several people. Now we have it all in the guild bank, where any of the 6-7 members at rank 2 have virtually full access to remove what they like. So i guess were vulnerable to any one of maybe 8 accounts getting hacked now.


I think a good starting point would be removing guild heirachy from the armoury, that has to give far too much info on names/ranks of officers and allowing for people to con/target them specifically.

All that said, the only people i know who have been hacked, have either bought accounts or given their login info to power levellers.