1. #1
    Old God apepi's Avatar
    Join Date
    Dec 2008
    Location
    Mostly harmless
    Posts
    10,413

    Authorize login attempt

    Okay, I got this wierd email about someone trying to logon my account from another location, is this real or should I just avioded it?Or should I change my password?


    A login attempt from the following location is currently awaiting your authorization.

    Address: 115.213.232.64
    City: Yunhe
    Region: 02
    Country: CN

    This location is approximated based on information provided by your Internet Service Provider. If in doubt, deny the request and try again.

    For security purposes, we alert you each time your account is accessed from an unrecognized location. To authenticate this login attempt, please click the link below:

    [Link]

    Need help or have questions about your Guild Wars account? Visit our support site: http://en.support.guildwars2.com/
    Thanks!
    --The ArenaNet Team
    Time...line? Time isn't made out of lines. It is made out of circles. That is why clocks are round. ~ Caboose

  2. #2
    Someone from China is trying to use your account, and they have your password. Change your password immediately from a secure computer, and run virus/malware scans ASAP.
    Corsair 500r - [email protected] - H100i - 580 DirectCUII - Crucial M4
    Lenovo y580 - i7-3630QM - 660M - Crucial M4 mSATA

  3. #3
    Moderator Shamanic's Avatar
    Join Date
    Jul 2009
    Location
    Cardiff, Wales
    Posts
    10,462
    That is the legit text that comes with an authorisation email, I couldn't say if it's actually legit without seeing the headers and all but it could very well indicate that someone has attempted to access your account. In order for this to be sent legitimately, it means the person actually has both your email and your password, but has been blocked at the final login step due to location. You may want to change both email and password - but be absolutely 100% sure your PC is secure and keylogger free before you do it because if you've got a keylogger and change the password then it's not really going to solve the problem.
    Moderator of Professions | General Discussion | Diablo 3 | Guild Wars 2
    Please take the time to read the Forum Guidelines & Sig Guidelines

    Currently playing: No MMOs | Diablo 3 | LoL | Hex TCG | Hearthstone
    Steam | Twitter

  4. #4
    Herald of the Titans Abstieg's Avatar
    Join Date
    Apr 2010
    Location
    Boston, Massachusetts
    Posts
    2,855
    Also, in case you haven't, make a UNIQUE EMAIL and UNIQUE PASSWORD for Guild Wars 2. No reason not to.

  5. #5
    Mechagnome alteam's Avatar
    Join Date
    Aug 2009
    Location
    In your mom's bed
    Posts
    712
    Is the location far away from you? When i get those mail it says i live in a location just outside my city.

  6. #6
    Herald of the Titans Abstieg's Avatar
    Join Date
    Apr 2010
    Location
    Boston, Massachusetts
    Posts
    2,855
    Quote Originally Posted by alteam View Post
    Is the location far away from you? When i get those mail it says i live in a location just outside my city.
    The location given is China. Fairly clear they're trying to steal the account.

  7. #7
    Old God apepi's Avatar
    Join Date
    Dec 2008
    Location
    Mostly harmless
    Posts
    10,413
    Quote Originally Posted by alteam View Post
    Is the location far away from you? When i get those mail it says i live in a location just outside my city.
    I am guessing cn is China, so yes it is far away. I ended up changing my password so hopefully it will fix everything. Also ill scan my computer( I usually do it once a week or two)

    The reason I do not use separate emails is because I end up forgetting the email address and such, so I keep to using only 3 emails.(Yahoo,Aol, and Gmail)

    The location given is China. Fairly clear they're trying to steal the account.
    Yeah, I was thinking it could have been spam mail but I thought again and asked my self " Why would they tell me to authorize it then?" It just sounded counter-intuitive.
    Last edited by apepi; 2012-09-06 at 03:20 PM.
    Time...line? Time isn't made out of lines. It is made out of circles. That is why clocks are round. ~ Caboose

  8. #8
    Herald of the Titans Abstieg's Avatar
    Join Date
    Apr 2010
    Location
    Boston, Massachusetts
    Posts
    2,855
    Quote Originally Posted by apepi View Post
    I am guessing cn is China, so yes it is far away. I ended up changing my password so hopefully it will fix everything. Also ill scan my computer( I usually do it once a week or two)

    The reason I do not use separate emails is because I end up forgetting the email address and such, so I keep to using only 3 emails.(Yahoo,Aol, and Gmail)
    Honestly, write it down, do whatever you have to do. You'll only ever type it in once and then save it. But this is seriously such a huge way to increase your account security. The more places you use your email, the more likely they'll find it to at least phish with.

  9. #9
    Got the same sort of email, from that same location. Changed my password, now playing the wait / see game.
    Benevolence is a luxury for the strong - Wrathion

  10. #10
    Titan Synthaxx's Avatar
    Join Date
    Feb 2008
    Location
    Rotherham, England/UK
    Posts
    13,051
    Quote Originally Posted by Grraarrgghh View Post
    Someone from China is trying to use your account, and they have your password. Change your password immediately from a secure computer, and run virus/malware scans ASAP.
    Yeah, i'd agree with that. Just make sure you manually navigate to the website through your browser instead of clicking any link in the email (and pray and hope that you aren't infected with the DNSChanger malware -- i was trying to find a link that'd allow you to check, but i don't want to go trusting random sites in lieu of being able to find the one i know to be safe).

    I just run that IP against a few various databases, and it's come up as clean/non-threatening. That basically means it's not a spambot, not a botnet zombie, not an exploit hacker, etc. It's also not showing up as a proxy from a quick query. This does mean that it's someone who's actually trying to access the account and not someone who's had their PC taken over. However, it's possible that the account details were passed to them from someone else who is recognized as a threat (such as one of the above listed examples [Botnet, etc]). Looking at another source that i can't personally verify, it looks like it's someone who's working alone and has just got a list of potential accounts and it going through trying to get them all.
    Last edited by Synthaxx; 2012-09-06 at 03:24 PM.
    Coder, Gamer - IOCube | #Error418MasterRace #ScottBrokeIt
    Knows: Node.js, JS + JQuery, HTML + CSS, Object Pascal, PHP, WQL/SQL

    PC: 750D / 16GB / 256GB + 750GB / GTX780 / 4670K / Z87X-UD4H | Laptop: 8GB / 120GB + 480GB / GTX765M / 4700MQ

  11. #11
    Dreadlord Vexies's Avatar
    Join Date
    Nov 2011
    Location
    lost somewhere in the corn fields of middle America
    Posts
    980
    The reason I do not use separate emails is because I end up forgetting the email address and such, so I keep to using only 3 emails.(Yahoo,Aol, and Gmail)
    Write it down!! =P they obviously know this one and its simply a matter of time before you end up with a compromised account. These guys are pro at cracking accounts its what they do for a living. With out a doubt make a new email you dont use for anything else and change your account to that one. You will use it enough by logging in everyday or what ever to remember it and you will have the peace of mind of a much more secure game account.

  12. #12
    You don't need to get a new email address for GW2, if you are a Gmail customer. If my email is [email protected] I can sign up to GW2 with the email address [email protected] and it will be my email for that game, and anything they send to that address will come to me.

    But if you have your email on display anywhere else in the world, say as [email protected] then an automated system will have a hard time making the connection between the email it pulls off X-website, and GW2.

    As for passwords, don't use the same password everywhere. While at first this might seem annoying, there's a very simple way of making unique passwords for every login you have, and never forgetting them. This is called Algorithmic password generation.

    You have 3 parts to the password
    1) A PIN (Personal Identifying Number), for this demonstration it will be 12345. This is the same for every password you create on every site,

    2) An identifier that's tied to the site you have the password from
    You can pick guildwars2, or GW2 or every second letter (gidas) or "2srawdliug". The point is, you pick a system of generating an identifier from the site you are logging in to

    3) Throwaway characters or punctuation, including a capital: T@#~$%, which also doesn't change from site to site

    making my MMO champ password possibly 12345mmochamp$, any my gmail 12345gmail$, etc.

    This way you can have a unique email address and unique password for every online service you use, without the hardship of either having to remember all of them, or the insecurity of writing them down on paper.

    BTW, part 2 of the password can be written down on paper and stuck to your screen, since parts 1 and 3 will be in your head.

  13. #13
    Quote Originally Posted by Jinna View Post
    You have 3 parts to the password
    1) A PIN (Personal Identifying Number), for this demonstration it will be 12345. This is the same for every password you create on every site,

    2) An identifier that's tied to the site you have the password from
    You can pick guildwars2, or GW2 or every second letter (gidas) or "2srawdliug". The point is, you pick a system of generating an identifier from the site you are logging in to

    3) Throwaway characters or punctuation, including a capital: T@#~$%, which also doesn't change from site to site

    making my MMO champ password possibly 12345mmochamp$, any my gmail 12345gmail$, etc.

    This way you can have a unique email address and unique password for every online service you use, without the hardship of either having to remember all of them, or the insecurity of writing them down on paper.

    BTW, part 2 of the password can be written down on paper and stuck to your screen, since parts 1 and 3 will be in your head.
    Passwords do not need to be complex to be effective.

    http://xkcd.com/936/

    The biggest threat to effective passwords are keyloggers, not bruteforce programs.
    Corsair 500r - [email protected] - H100i - 580 DirectCUII - Crucial M4
    Lenovo y580 - i7-3630QM - 660M - Crucial M4 mSATA

  14. #14
    Well I tuned my lesson to the class!

    I'm not giving out my REAL algorithm, but just the starter version. who knows, my mmo champ password could be: "My MMO Champ Password is 12345mmochamp$"

    Try bruteforcing that!

    As for avoiding keyloggers, I always have a little giggle when I hear someone got hacked, because I start imagining what websites they've been visiting!

  15. #15
    Old God apepi's Avatar
    Join Date
    Dec 2008
    Location
    Mostly harmless
    Posts
    10,413
    Guys thanks for the info, I am working on getting a new email( I decided to register my own domain name, and it will come with one).
    Time...line? Time isn't made out of lines. It is made out of circles. That is why clocks are round. ~ Caboose

  16. #16
    The Insane DrakeWurrum's Avatar
    Join Date
    Mar 2011
    Location
    Isle of Faces
    Posts
    15,029
    Quote Originally Posted by apepi View Post
    Okay, I got this wierd email about someone trying to logon my account from another location, is this real or should I just avioded it?Or should I change my password?
    Whether it's real or not, why would you authorize it, if you know it's not you?

    If it's real, you shouldn't click the link, and you should change your password.
    If it's not real, you shouldn't click the link, and changing your password is smart to begin with.
    I hope you haven't forgotten my role in this little story. I'm the leading man. You know what they say about the leading man? He never dies.

    If you give in to your impulses in this world, the price is that it changes your personality in the real world. The player and character are one and the same.

  17. #17
    Dreadlord flarecde's Avatar
    Join Date
    Jul 2010
    Location
    New York
    Posts
    780
    Quote Originally Posted by Grraarrgghh View Post
    Passwords do not need to be complex to be effective.

    http://xkcd.com/936/

    The biggest threat to effective passwords are keyloggers, not bruteforce programs.
    Passwords should be both long and complex. Using an algorithm like Jinna mentioned makes them very easy to remember, complex, and any arbitrary length.

    I wish GW2 would allow everyone to use the logon authentication. I still haven't been given the option to enable it on my account, and all they can say is it will be available "soon".

    Quote Originally Posted by Jinna View Post
    As for avoiding keyloggers, I always have a little giggle when I hear someone got hacked, because I start imagining what websites they've been visiting!
    Websites get hacked all the time too . A couple major websites I visit regularly had to deal with a major infection just this weekend. While some of the jokes they have might be a little off color, they are far from the sites I imagine you are thinking of.
    Last edited by flarecde; 2012-09-06 at 06:04 PM.
    ~ flarecde
    Reality is nothing; Perception is everything.

  18. #18
    High Overlord
    Join Date
    Sep 2011
    Location
    Canada
    Posts
    123
    I get those a lot but its from me having a new ip. It only sends it if they use the correct password, if the password is incorrect you will not get an authorization. But maybe the Chinese gold farmers are sending fake ones out hoping you click the link. Either way change your password and scan your computer.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •