Iluminati

In my guild only officers are allowed in the guild bank. 5 accounts have bank access and none of them are likely to be hacked. If raiders need something for a raid (free consumables/repairs/respecs/etc) it comes through an officer.

 

• Zoroaster

To keep the whole officer alt scam from working, have 2 ranks. Officer and officer alt, the later having no money withdrawal permissions and 1-5 stacks per day.

There was a bank hacked on Elune over Christmas - got a good supply of Hearts/BT gems/patterns/etc. I never gave the officers in JC full access like the other guild officers had, but I still tweaked our permissions some. 1000g/day, 10 stacks/day for the 3 officers. Raiders can deposit into any tab but only withdraw 1 stack/day from Tab 1, which is basically junk. If any of the 3 officers ever need more then 1000g in a 24hr period they all have my cell number.

I'm sure that people will get a virus/spyware/keylogger at some point, with so much profit to be made by stealing WoW accounts it's no surprise to me how many stories you hear. I hope that I never have to deal with my WoW accounts being compromised, I multi-box and have 5 accounts so they'll think they hit the jackpot... It is nice to hear people say that Blizzard has been willing to restore the items that were taken in most of the guild bank heists that have occurred.

 

TheCutlery

In a somewhat related note, I'd sure like to have a "Transaction note" slot in the bank log. I'm the guild leader, and although I know I'm not doing anything shady like pocketing funds or anything, I'd really like the transparency factor involved there so everything is a bit more easily explained.

Example --

Thrush withdrew 1000g (Buying Boar's Speed enchant for XXXXX"

Or, an even better example

Thrush withdraws Random Blue piece of crap (AH'ing)
Thrush deposited 75g (Sale of random blue piece of crap)

They've already got every transaction logged in a ridiculously concise way. Might as well give us 20 or 30 characters to note what it's for.

 

Yenadar

...and then you have cases such as ours.

About a month ago now, our guild leader decided he didn't like the officers, booted half of the people out of the guild, waited for 2 weeks to see who showed up 'connected' to the officers (including 5-mans, alt-guilds, raids, etc...), booted them out (which was near everyone else) then server transfered with 200+ hearts, 60+ epic gems and 30k+ gold (and probably another 30k in primals, gems, enchanting mats, etc...). He even leveled up at least 2 alts to level 10 to help carry it.

Blizzard denied all requests for assistance, as we 'allowed' him to do this.

Rule #1:
Make sure you trust the person in charge.

 

Elaith

My guild should never really have a problem with this when it comes to general raiders and officers. The way we have it set up is you can take out 1 stack a day from the first 2 tabs which is full of raid consumables. Gold can never be taken out by anyone except for the GM. The other tabs are only accessible via the GM. Anyone can deposit into any of the tabs and can deposit gold. The worst a hacker could do is take 2 stacks of raid consumables.

If the GM was key-logged it would be disastrous but he is pretty good at getting his pron from legit sources!

 

Bula

With a guild name like yours I swear I would never have seen that coming.

 

Kegsta

We recently got this message from blizzard, we don't really know the exact cause of it, we think one of our members purchased some of that sort of thing from a scammer, put some of it in the guild bank, (the Log shows Unknown depositing the herbs but no deposits of void crystals) and then when the account owned requested a restore, it looks like everything the scammer sold was taken back from our guild bank, not like 100 voids is a big deal, but still something to watch out for.

the other possibility is that one of our non officers (a D/E) lost his account about a week ago, he had ebayed (or got from a friends, friend friend, he claims) and somehow managed to get a GM to change his password and send it to the e-mail address of the original account holder. It's possible he deposited those 100 voids over the last few months but it seems unlikely.

There are also no 100 gold deposits to the bank in recent history. So I’m guessing the first scenario is most likely.


EDIT: Blizzard gave us our void crystals back, all is well!

 

ZeroWashu

Some ideas.

First, know the people who have access. In other words it is best to be on a first name basis with these people and meet them in the real world if possible. The best run guilds I have been in are those run by people who knew each other before WOW.

Second, limits. I think having tabs where people can see the items but never withdraw are good. Just have a request system in place. the GM could take these by PM. If they meet the previous description you could allow those people to pull one or two stacks per day. Note, the ONE OR TWO. Honestly, if someone needs access to ten stacks at any one time don't you think it should be planned for? Its not like you suddenly run into the need for ten stacks of LPS eh?

Same with gold. Repair only. Any withdrawal should be a planned expense. Need an enchant? Pay for it yourself. If its "for the guild" then plan it out and get the money ahead of time. You don't need access or give access to the bank gold just so someone can get something for the guild. If its that important then you will have made arrangements ahead of time. Important items like that are not spur of the moment so don't fall into the trap of giving access "for emergencies" because there aren't any in game. If players are not prepared on their side for such emergencies they shouldn't be in your guild

 

Polishedhead

A very good idea that i'd like to highlight:

Having a vault keypad appear when you click a guildbank seems like a brilliant idea. Will help against keyloggers, idiocy etc etc, easy to implement, adds realism to game (banks have security right? RP it). The best thing i see about this is it allows friends/family/etc to play chars without risking the guildbank at all, although i can't see blizzard implementing this feature for this reason since they say 'friends playing' is against the rules anyway, last i heard.

Also:

Delay on permission changes, of 24 hours or whatever, so that a Guild Master can set himself a limit on gold withdrawls and the change will only take place after. Implement this along with 'omg our Guild Master is ninjaing us, halp' button that if enough guildmembers press it will either restrict access from Guild Master or alert a Game Master.

 

JuhnorX

I would just like mention that I personally walk on the side of caution with The Armory and WoW Forums.

Keyloggers aren't limited to just in-game logins and as we have to use the same password and username for the armory guild bank viewing and forums. It's an extra risk which people should all be aware of, and use appropriate measures.

 

Sphere

This would be disasterous imho. In theory this would completely nullify keyloggers, it would create a much different risk altogether. From guildies "accidently" giving their number out to lower rank members or even an alt of a nonguildy that somehow slipped into the ranks, to people "forgetting" their code and possibly getting the GM's by accident and taking advantage of it. I'm very trusting of all my members and know something like this would be an extreme rarity, but this would be a bandage with an all new set of problems/exploits.

 

Slowthar

Yeah, that would be sweet.

Uh... no. First, it would be rather futile, since your GM could just promote or demote his alts as desired to whatever permissions he wanted. Second, as GM, one of my best lines of defense against something like that is immediately disabling everyone's gbank access if we think an account is compromised.

Also, since my guild is learning Archimonde and therefore had the pleasure of rapid-repeat chain-wiping (got him to 65% on the first night, though ), I bumped up the repair gold alloted to cover everyone's repair costs from the bank. I like the ability to switch that stuff up as needed.

The bottom line is, a WoW guild is VERY strongly dependent on their GM. By design, it is a monarchy. If you can't trust (or just don't like) your GM, you need to find a new guild.

 

Yenadar

Actually, <Integrity> is the reformed guild, the name has special meaning to us. The original guild was <Synergy>...although still some level of irony.

...and last night, <Integrity> downed Illidian <The Betrayer> 2 months and 1 day after that fiasco (at the time we had 2/5 MH and 2/9 BT), including 3 weeks of keying people. Some level of poetic justice is acknowledged by our members.

Recovery is possible, but not letting such a flaky emo player into GL position would have been better.

 

Polishedhead

Ofc i mean to use this in conjunction with the current access requirements, so only officers. So if someone outside the guild finds out the vault key it has no use unless he's promoted to an officer in the guild. The gm would also be able to change the key if for example someone finds out the vault key and makes a realm forum post telling everyone it. Again like i said, the main problem it would fix is friends playing officer characters.

They could simply also apply the 24 hour (or whatever it is) delay on promoted/demotes too. So if the GM for some reason makes 4 alts, named "immastealmoney", immastealmoneytwo", "immastealmoneythree" and "immastealmoneyfour; promotes them to officer, you can press your "oh shit" button and his accound will lose access. It's a guild bank, if a high percentage of the guild points out there's a security risk from an account it should be possible to shut it down.

 

◊ Quigon

Wow, the keypad itself would only be available to the people you'd allow. Come on.

 

Frah

A relatively simple but highly frustrating problem i find of the guild bank is the standard users ability to stack items already in the bank. What I wanted to do was have a bank tab where I could fill it with single mark of the illdari. Then when someone needed a flask they would be limited to 1 a day. Unfortunately from some fast testing i found that someone could just stack all the single ones within the tab itself then remove an entire stack. Kind of annoyed me a bit.

 

rihkama

No, this would not help at all against keyloggers.

It is relatively simple to modify the keylogger to track mouse movements to see what numbers user enters. Of course the placement/order of the numpad/numbers could vary but modern computers have enough processing power for simple image recognition it takes to find the numpad before user can finish entering the number. And even if the user manages to enter and close the numpad before the keylogger finds it in real time the keylogger could have just saved a screenshot of the game and use it instead of the real game window to figure out the location of the numpad while user happily thinks he is safe.

Of course the keylogger (and the user) could be confused further by using CAPTCHA images instead of normal fonts but that would probably annoy users far too much. In this case I'd say cure would be worse than the disease.

 

Polishedhead

It's not like everyone logs in then goes right to the bank. They log in, do random things for a random ammount of time, then randomly go to the bank when they randomly choose, passing by durotar on the way and having a random chat, as you do, then they go to the bank.

Also remember people don't use the guild bank every time they log in, that's a whole lot of work a logger would have to do to find this key.

It wouldn't help much, granted, but it would help at least a little.

 

• Chicken

That wouldn't help much for guild bank security. CAPTCHA is designed not to protect a system from being compromised, but to prevent a system from being used for automated services. Account thefts and guild bank thefts are probably not automated, and if they are the potential profit from them is large enough to make it worth doing manually.

buff /bʌf/ Pronunciation[buhf]
–verb (used with object)
- to reduce or deaden the force of

 

Himmel

We have two GM's and only they can take items/gold from bank on request of members. Never met any problems with it.

The only thing that sustains one through life is the consciousness of the immense inferiority of everybody else, and this is a feeling that I have always cultivated.

Oscar Wilde, "The Remarkable Rocket"

 

Gryzemuis

The solution I would prefer.

Have one (or more) tabs with extra security level.
Only certain ranks can withdraw from the tab. Call them rank X+.
Only certain ranks can approve the withdrawal. Call them rank Y+.

When a player of rank X or higher withdraws an item from the extra security tab, N number of players with rank Y or higher will get a popup window saying "player P wants to withdraw J times item I, allow ? yes/no ?".

You can configure the number of players that are required to approve a withdrawal.
You can configure the rank of players that can make an approval.
You can configure the rank of players that are allowed to make a withdrawal.
You can configure the number of players that must approve a change of the approval rules.
If there are not enough people online to approve a withdrawal, nothing can be withdrawn. You have to wait.

This would prevent any single individual to make withdrawals from the guildbank's extra security tab. It doesn't matter if an account got hacked, or whether some player is just malicious.

The only problem now left is that a malicious person could invite alts and promote them to the approval rank. Or rather, because there must be multiple approvers online simultaneously, a hacker needs multiple accounts. He could then invite different characters on different accounts. And promote them so they can all help in his false approval. A solution for that could be things like: 1) guild rank changes must be approved via a similar approval system, or 2) people must be of a certain rank for 48 hours or more, before they can approve withdrawals.

There are still ways to mess up things, like a malicious GM kicking all members from the guild, and then running off with the guildbank. Not much you can do about that, but that problem could happen today as well. I think people might still mess up their approval schemes by mistake, so there must be a way to reset the whole approval system. Maybe have a button "reset stuff", and when someone presses it, 30% of the online guild members (with a minimum of 10) must approve the reset.

The details are a bit more complicated than I would like. But those only kick in when things go wrong. In the day to day usage of the system, you just need to click "approve withdrawal" once in a while. E.g. in a guild with 60 players, and 8 officers, I'd set up the system so that you need 3 officers (or their alts) to approve a withdrawal, and 6 officers to reset the rules (or 15 online guild members). In a system like that, I don't see much easy abuse by hackers or angry players.

 

rihkama

If using the on-screen keypad placed to a random location to enter the numerical code CAPTCHA would (try to) prevent automated logging of the code by the keylogger. With suitable CAPTCHA the keylogger would be forced to take a screenshot of the game when the keypad is opened and recording the mouse movements and clicks and just sending the raw data for human processing instead of using automatic image recognition.

Obviously with or without CAPTCHA the numpad system wouldn't really prevent keylogger from logging the required data which was my point in the original reply.

Of course as others pointed out second password/numerical code for the guild bank could prevent access to the guild bank if the user with the keylogger does not access the guild bank while being vulnerable. The real question is if that is enough to annoy majority of users by having two passwords for WoW...

 

MackTheTemp

I feel like this would be difficult for blizz to implement considering the number of guild banks holding 10s or 100s of thousands of gold must be fairly low. I do however like the keypad idea. The prospect of a GM losign the password to the guild vault that is likely used on a daily basis and contains significant sources of funds is preposterous.