Safeguarding Your Guild Bank
March 10, 2010 19 Comments
Here’s a scenario that happens all to often:
Someone from your guild gets hacked, and all of their toons are stripped bare. If that weren’t enough, they took as much stuff from the guild bank as they could as well. The guild is out whatever was stolen, and the players toons are usually left naked and sometimes guildless.
First of all, I feel for anyone who has had their account hacked. I cannot fathom how I would feel if it were to happen to me. I’m pretty good about safeguarding my account, so hopefully it won’t happen to me. The only person other than me that knows my account information is The Mrs and I’m thinking about using the iPhone authenticator as well. Regardless, it does happen, and even with all those safeguards, it could happen to me as well.
Since there’s no 100% sure way to make any account in a guild hacker-proof, it’s usually a good idea to put some safeguards on your bank to minimize the damage from a compromised account. After the break, I’ll share with you exactly how Bucklers of Swash does it. But first, I’m posting this because we’re almost certain that one of our guildies was hacked today. I can’t confirm it yet, but on our forums, one of the members was letting us know:
“she kept logging on and off for an hour or two, wasn’t responding to tells or gchat, put DnD on, etc.”
Again, I can’t confirm that she was hacked, but that’s not typical behaviour for her, and fits the description. I’m hoping that she wasn’t hacked, but I’m worried that she was. If that’s the case, I am truly sad, and hope that she can be restored swiftly.
When we set up our guild bank at first, we weren’t terribly concerned with security. While we were lucky that we didn’t get harmed by that; by now we certainly would have . Since implementing the measures I’ll discuss in a moment, we’ve had no less than 5 members of our guild suffer through an account hack. I don’t want to even think about what would have happened if we hadn’t made changes to protect the bank.
Keeping your bank safe from hackers boils down to one simple point: Restrict access to your bank! It’s not a bad thing and no one in the guild seems to mind as long as there’s a structure in place for people to be able to get items they need in a timely manner. In most cases, if we can’t get an item to someone instantly, it rarely takes us more than 20 minutes to get it to the person that needs it.
Our bank has all of its tabs purchased, and most of them are close to full. Any one who is a member (as in not a new recruit) or higher has access to the first tab. Taking something from the second tab requires the rank of veteran or higher. All of the other tabs are restricted to officers only, but far as deposits go, anyone can see and deposit in all of the tabs.
Each rank has a specific number of withdrawals they can have from whatever tabs they have access to. Members and Veterans can take 2 items per tab. Officers can remove 5 items per tab, whereas the special ranks of Treasurer and Guild Leader have unrestricted access. because of this, our 100+ account guild bank can only be fully compromised if 1 of 3 accounts are hacked.
Another step that was taken was to restrict the number of toons that an officer was allowed to have at the rank of officer is 2. The rest of their toons have a rank called officer alt that has no bank access, but can invite/kick/promote, etc, as well as chat in officer chat. Before this, a hacker could have compromised the whole bank by simply logging on all of the players alts.
By simply restricting the number of tabs and withdrawals that can be made, we’ve made our bank safer from hacks. It could still happen, but our bank is much safer now. How safe? This safe:
Assuming that a person has 2 guilded toons with bank access, there is approximately a…
- 50% chance that we lose 2 items from tab 1
- 40% chance that we lose 4 items from tabs 1 and 2
- 7% chance that we lose 10 items from all tabs
- 3% chance that we lose everything.
Yes, the chance is still there, but there’s only a 10% chance of it being truly detrimental and only a 3% chance of the bank being completely compromised. By the way, I’m the only one who can withdraw money from the bank, so there’s less than a 1% chance of that happening.
I don’t like when a member of my guild gets hacked. I’m really not a fan of it happening to anyone and, as a guild leader, it’s my job to do what I can to protect our guild bank. We’ve taken the steps in our guild to make sure that it’s very unlikely that we would suffer a total or large loss of items from the guild bank. Have you? That’s something to think about.
– Sam
Slice and Dice 
One step I have seen taken is only officers having gbank access, and a pre-requirement for being an officer is an authenticator. I know there is now a concern about a small chance of the hackers getting wise to authenticators and being able to get round them, but hey remain a lot more secure than just about anything else.
Don’t know how it is in the US, but in Europe anyone I know who has been hacked, including gbanks, have had all their materials returned in a few days. Good luck!
Good suggestions. This is what we have done with our own guild with the exception that all officers are required to have an active authenticator.
We did this after two of our officers got hacked. While they were limited on what they could withdrawal, once the accounts were restored all the items taken from the bank were sent via in game mail to the Guild Master. It can get VERY frustrating when you have to spend quite a bit of time running back and forth from the mail box returning items.
While even authenticators CAN be compromise (if only for a short period of time) every layer of security you have adds to the security of all your members. Every time another member suffers from a hack (we had one just this week where the toons were even taken off the server) we encourage our members to get one on their accounts. Some of the phone ones are even FREE if you don’t want to spend $7 for the key fob.
You can find out if your friend has been hacked. Look her up on Armory and see if she’s naked. Then… well. There ya go.
In the past 6 months we have had 3 officers hacked. After that authenticators have been required for bank access. Better safe than sorry.
If you make it a requirment for an authenticator; for getting it, you get a core hound pet, make people show it to prove they have an authenticator. If you get rid of the authenticator the core hound pet disapears. Just because they are a trusted officer doesn’t mean that there account can’t get hacked.
If an officer is hacked, you’ll probably lose all your valuable items from tabs 1 and 2. We had an officer get hacked and they just invited and promoted several other toons and withdrew the max stacks on each (early in the morning when no one was logged on). We made the mistake of having an officer alt rank that had limited access to all tabs. Since the hacker could promote many toons to this rank, we lost pretty much all valuable items.
This is a really annoying thing.
One side you have a game which let’s you spend countless time and efforts on building up, and there it became a profitable market to gold sellers.
I for one never had my account hacked. Which I dun knwo why also.
But like to share one thing with all.
I don’t know since when, after I sart joinning forums about wowing, I got this mail wowaccount@*whatever* saying about giving your pw to them for verifications. Now everyone knows that’s absolute BS, as that’s not that e-mail is use for my wow account. Anyways, the irritating thing, the hacker uses my mail address, I dun know how, and start spamming to other e-mails. I got 2k plus un-delierable mails return from that! And once my msn was enabled to pop up a notification when a mail is recieved, that one time these pop ups came in one swift and it crashes my hard disk and burnt my CPU!!! Major bummer.
I have since disabled that pop up after I got my comp rebuilt. But since then I never stopped recieving mails from there. 2k plus of returned mails everyday.
Luckily it’s my “alt” address so my main mails is still intact, (less those penis enlarger adverts……) but still was OK.
So do becareful when you join forums and stuff regarding wow.
Agree, limit access and withdrawals as much as possible. If people need something, they can go to the trouble of PMing the 1-2 people with access. Another issue is that ‘hacking’ may not even be the issue. I’ve seen numerous guild vaults fall victim to guild drama in which someone high in rank gets pissed and loots it.
Another thing, I suspect that the hackers/looters are intelligent with regard to who they target. I have more money and valuable loot in my no-guild bank alt than did my former guild. But the guild had members repeatedly hacked or even conned simply because they were a high volume guild (the conning was due in large part to a gullible GL, anyone could whsp him and say ‘Im so-and-so’s alt can you promote me’, he would, and then they’d loot as much as they could). I’m just saying, dont let down your guard they will keep coming after you.
Sanomi,
That sucks man. The thing with any forums related to wow is to never use your battle.net account email ever. Just make up a BS one for those, because I know this one guild who got hacked because everyone used their Battle.net email address and some hacker just used a password generator until he could log in.
Another thing we did was have diff withdraw limits based on authenticators. Though the guild in question was a bunch of RL coworkers / friends and family so … You could “trust” someone when they said they had one …
@ Npgite
I think you missed or misunderstood who gets what access in Sam’s post. While officers can promote, only three people can promote people to Officer status. So in your scenario, they would be able to promote new characters only to Veteran status, and they would only be able to take a minimal amount from the first two tabs, which generally have nothing that would be missed, and which are cleaned out periodically anyhow.
When that post Sam refers to popped up on the forum, I don’t think any of the officers worried. I’m sure we were all sad about the hack, it’s a terrible thing, but as to the guild bank bit, meh. Nothing to worry about. I’ll tattle and say that Sam didn’t mention that during the “low security” stage of our guild bank, it was hijacked, and these changes were put in after that. Thankfully, the thief got a whole lot of linen bandages and Cold Milk; I doubt he made more than a few gold off it. And it was a cheap and swift reminder that even though our guild was small at the time, its community property needed safeguarding. It’s a valuable lesson for every guild, and I think Bucklers has an excellent system in place. IMHO. =)
@ Sam
Awesome posts, thanks.
Hey folks,
I have 4 kids that play in addition to myself. We have 3 accounts and 3 pcs (yes, blizzard must love our monthly dues). Last week one of the accounts was hacked. (not mine thank god, but it sure freaked the kids out) We don’t use the authenticator, because it is too complicated for them to deal with. I realized we were hacked when they couldn’t log in. They were prompted for an authentication number. Yes, the hackers turned the authenticator on and used it to lock us out of our own account. It took several emails back and forth with Blizzard, but the eventually turned off the authenticator. When I was finally able to log in, I found that all our tunes were gone, and replaced with level 1 human warriors on almost every realm. By about a week after the initial hack, we were back in action with our tunes restored and all their gear and mats sitting in the mail for us. It was unfortunate, but Blizzard was at least able to get things back in order. No special gear or upgrades or anything though… a full set of T10 for the one 80 on that account would have been nice…. lol
Pingback: The Frozen Gnome » Blog Archive » The Daily Quest: Feeling safe and warm
I would like to point out something specific that having officers with promotion powers can cause to happen.
About four months ago now, one of my officers who had partial bank access, and full invite and some guild bank access, (He was a mid ranking officer) got hacked. Rather then just take what he could and run, he took everything he could out of the guild bank. Which was a measly 3 items out of most tabs, and 500 gold. He then invited another player (a hacker accomplice). That person was promoted to the next lowest officer rank underneath him. And that person took out 100 gold. You’re thinking, “600 gold? Holy crap?” to my guild, this was chump change.
Only, what happened next was horrifying. The hacker of the officer’s account sat there while their accomplice gquit, and then invited the accomplice back. The accomplice then had another 100 gold that he could take out. The process was repeated over and over, during the five minutes it took a guildie who was up at 4am to call me until I logged in and gkicked them both.
Promotion powers are a dangerous thing. Now the only people who have it are the officers who are the highest officer rank in the guild, and the people who I trust to run things while I’m gone. If anyone else gets hacked in my guild they can have two stacks of buff food, old world crafting mats, and they can attempt to repair me into poverty.
My guild, which is not strictly a raiding guild, has tabs arranged by level range basically for gear there’s a Vanilla tab, BC tab, WoTLK tab, low level mats, high level mats, and a restricted tab. Most members only have access to the gear and mats tab appropriate to their level range. Officers and long term members have access to the restricted tab. End result is that if an average member is hacked we’ll lose two pieces of gear and a few mats.
“she kept logging on and off for an hour or two, wasn’t responding to tells or gchat, put DnD on, etc.”
I had a very chatty member behave this way and opened a ticket. A GM contacted me inside an hour. Apparently they take tip offs from guild officers seriously.
Pingback: The Daily Quest: Feeling safe and warm « Sto « Best Mmorpgs Blog
Pingback: The Daily Quest: Feeling safe and warm | World of warcraft Cataclysm
Pingback: The Daily Quest: Feeling safe and warm | WoW Strategy