I just wanted to make you aware that my account was devastated today by someone hacking into my account. I run WoW through Linux Wine, with high security, firewall, viruscanner and all. The last thing I did was down load Aemotes, Aemotes_WonderWoman,  Aemotes_AceAttorney from Curse and EWOlson_EmoteMenu through Wowmatrix. I am not sure if it was Aemotes, EmoteMenu or Wowmatrix but something keylogged me and I got hacked. I just though I would put this notice out there just in case.

Anyway, Happy Fathers Day!

Eyegore :(

Bull****. Don't use anything that executes code outside of WoW.

Yes, it was coincidence. There is no possible way an addon can hack your account, and this has been discussed over and over for as long as the game has been out.

BTW, WM no longer has access to up-to-date addons, and hasn't since WoW patch 3.1; that was when both Curse and WowInterface blocked their access to our servers. I would highly suggest switching to the Curse Client and/or Minion. If you do, here is a tip: don't updated the same addon with both programs, as that will cause errors.

  Quote:

Originally Posted by myrroddin

 

BTW, WM no longer has access to up-to-date addons, and hasn't since WoW patch 3.1; that was when both Curse and WowInterface blocked their access to our servers. I would highly suggest switching to the Curse Client and/or Minion. If you do, here is a tip: don't updated the same addon with both programs, as that will cause errors.

Bit of misinformation here. Although Wowmatrix does not have access to Curse and or Wowinterface they still have most of the addons in up to date versions. Many authors make sure the addons are updated as it reduces out of date bugs. Some authors upload just to Curse and some just to Wowinterface which is their call. Best to use a smart mix of manual uploads for the few that wowmatix does not have and wowmatrix which still is free and fast.

  Quote:

Originally Posted by silver0bullets

Bull****. Don't use anything that executes code outside of WoW.

Nice constructive advise.

I run WoW on a Linux box which has had chkrootkit & clamspan run on it on a continuous basis. The only way I believe someone could hack my account is my getting my login info when I start WoW in the wine environment. Linux side being elliminated only points me to some addon which logs key strokes. The ones a listed were the latest I installed just before my account was hacked.

I put this out here for "just in case" purposes. If you're saying that Wowmatrix could be the culprit, then I will gladly delete it from my server. I believe I will take the advise of myrroddin and use Curse's tools or just play the game vanilla.

thanks for reading & to those who replied.

Today i got hacked too i had 735g and went down too 675 and im just like da **** im changein password and doin wow matrix

My repair bill for full durability is more than you lost in "getting hacked".

As for wow matrix having updated addons, I doubt it.  In fact they are purposly hosting out of date addons to screw with people.  Look at Chincilla for example.  The latest version is 2.07 and they're hosting 1.33.

  Quote:

Originally Posted by eyegore

  Quote:

Originally Posted by silver0bullets

Bull****. Don't use anything that executes code outside of WoW.

Nice constructive advise.

I run WoW on a Linux box which has had chkrootkit & clamspan run on it on a continuous basis. The only way I believe someone could hack my account is my getting my login info when I start WoW in the wine environment. Linux side being elliminated only points me to some addon which logs key strokes. The ones a listed were the latest I installed just before my account was hacked.

I put this out here for "just in case" purposes. If you're saying that Wowmatrix could be the culprit, then I will gladly delete it from my server. I believe I will take the advise of myrroddin and use Curse's tools or just play the game vanilla.

thanks for reading & to those who replied.

you obviously sound like you are educated enough on computers to know that LUA can not log anything, its non executable code and is nothing more then instrutions for wow to follow, aswell there is no guarentee that your password was discovered around the time those addons where installed, it could have been weeks ago that someone found your password.

things that can log code/make your account security weak

java

activex

flash

.exe files

logging on at someone elses house

in the end you can list what enviroments you run wow under and all your security that protects you but it still comes down to the users ability to know whats running on there computer.

Just to clarify, if necessary: Addons are loaded after you enter your User/PW in WoW. The loading screen with the progress bar is loading both the game world and any addons you have, including the Blizzard ones.

In fact, you can test this yourselves: get lots and lots of addons, even if you delete them later, then load your game with no addons, then again with all of them enabled, and see how much longer the game world takes to load.

Oh yes. Afterthought here. The addons available to WM that are up-to-date are Public Domain, or expressly uploaded by the author. Anything else is either not available any longer to WM, or an older version. I checked, since at one time I allowed both of my addons to be available to WM, but they aren't there any more, because neither of them are Public Domain.

  Quote:

Originally Posted by Wibbit

you obviously sound like you are educated enough on computers to know that LUA can not log anything, its non executable code and is nothing more then instrutions for wow to follow, aswell there is no guarentee that your password was discovered around the time those addons where installed, it could have been weeks ago that someone found your password.

things that can log code/make your account security weak

java

activex

flash

.exe files

logging on at someone elses house

in the end you can list what enviroments you run wow under and all your security that protects you but it still comes down to the users ability to know whats running on there computer.

 

Yeah I am painfully aware of the things that can make my system weak and yes I know it could have been prior to this. I just wanted to put this out there in the off chance that one of these (which I've already deleted from the system) might possibly be the cause. I have been in the computer biz for over 25yrs and if there is one thing I know it is that the impossible can happen.

For me, as soon as more Authenticators become available, I'm getting one.

I do believe it is a coincedence also.  lua code itself can not activate until wow fully loads so it would not be possible for an addon to capture it.  lua code is also pretty clear so you can easily poor through the code yourself.  Even if it was capable of storing the password, you still need a transmission medium to get the pswd OUT to somebody.  Obviously, no addon would be capable of that.  I don't want to believe wowmatrix did it but that could more likely be a culprit than Aemotes itself.

It is unlikely WM did any hacking of user accounts, Vampy; I agree with you about that. Something else is definitely afoot at the Circle K.

 
THIS I AGREE WITH:

  Quote:

Originally Posted by silver0bullets

Bull****. Don't use anything that executes code outside of WoW.

BUT:

  Quote:

Originally Posted by myrroddin

>> I would highly suggest switching to the Curse Client and/or Minion <<

1) Curse Client is an EXE file.
2) Can I be sure it does not hack my account?

- Niels

  Quote:

Originally Posted by NielsDK

 
THIS I AGREE WITH:

  Quote:

Originally Posted by silver0bullets

Bull****. Don't use anything that executes code outside of WoW.

BUT:

  Quote:

Originally Posted by myrroddin

>> I would highly suggest switching to the Curse Client and/or Minion <<

1) Curse Client is an EXE file.
2) Can I be sure it does not hack my account?

- Niels

if you not sure then don't use it simple as that....sheesh

on that same logic do you trust all the game cds      program cds  downloads and the like you probably have used or will you in your life....

if you so concern over if you will or wont be hacked get the blasted authenticator......and use the thing between your ears it works wonders.....

jesus cant you respond in any kind way?

The Curse Client is indeed an .exe file, but does not impact the wow.exe in any way, shape, or form. It can't; Blizzard has "sandboxed" World of Warcraft, and while there are bot programs and other malware that can affect WoW, it is because they hack the code.

Eventually, this gets noticed by Blizzard, and they swing a big hammer. You might have heard of a large bot maker getting taken to the cleaners in court a few months ago? If not, Google it; quite the read.

All the CC does is provide an easy way to install addons. That's it. And as posted earlier, you don't even need the CC or Minion (or WM, for that matter) to install addons. They are free to download directly as .zip files which you then extract and put in the correct folder.

On related note - anyone getting Aemotes to work with Fubar?  I seem to have all the downloads but aemotes isnt being recognized by fubar...sry for straying thread but alot of knowledgeable programmer types seem to be watching/responding to  this thread.   thx