Robbed Account

[borka]

I'm not sure if it's wise to divulge the details of how it works, though.

Not wise - that's not the kind of "transparency" i ask for

[loftar]

What kind are you asking for, then? :)

[borka]

Number of attempts that have been logged, tracking of Brute Forcers ... everything that lowers paranoia and rumours

[loftar]

Well, I dunno, it's not like I keep book of brute-forcing statistics. :)

I mostly just notice them passing by in the logs every now and then, perhaps once or twice per month. Most of them seem to go by the forum's Hearthlings-list in order of number of posts. Many of them continue their attempts for days with no clue that it's completely in vain. :)

Unfortunately, all those I've looked into have been wise enough to use a proxy or some otherwise unconnected IP address, however, so I still haven't been able to connect it to anyone. I'll be very happy to bring the nukehammer to them as soon as they mess up.

[TeckXKnight]

Would it be possible to set something up to warn us if someone is attempting to brute force us so we can act accordingly? Just a small automatic alert to an e-mail or maybe even just a warning the next time we log into the forums.

[Arcanist]

Make it so you have to wait 7 days before you can change email without having direct email verification.

What does "direct email verification" mean? A verification e-mail is sent to the new e-mail address, and a "receipt" e-mail is sent to the old.

An email is sent to the old address saying that someone is trying to change the e-mail. There is one link to say 'Wait! that's not me, i'm being hacked!!!' and another to give the all clear.

If neither is pressed within 7 days, or the all clear is given, the email is changed, and a recipt is sent to the new email.

[Kitamie]

Make it so you have to wait 7 days before you can change email without having direct email verification.

What does "direct email verification" mean? A verification e-mail is sent to the new e-mail address, and a "receipt" e-mail is sent to the old.

An email is sent to the old address saying that someone is trying to change the e-mail. There is one link to say 'Wait! that's not me, i'm being hacked!!!' and another to give the all clear.

If neither is pressed within 7 days, or the all clear is given, the email is changed, and a recipt is sent to the new email.

One of our work sources uses this method as a precaution. It seems to work quiet well imo.

[loftar]

An email is sent to the old address saying that someone is trying to change the e-mail. There is one link to say 'Wait! that's not me, i'm being hacked!!!' and another to give the all clear.

If neither is pressed within 7 days, or the all clear is given, the email is changed, and a recipt is sent to the new email.

Hmm, this might not be a completely terribad thing to do. I'll consider it.

[Mernil]

I didn't give my account information to anyone, nor did I share my account to anyone.
The client I'm using is H&H_Union.
I'm fairly confident my password wouldn't be that easy to bruteforce.

Loftar, do you log connections to game accounts?

[loftar]

Loftar, do you log connections to game accounts?

Could you describe the timeline more precisely, please? Like, when did you stop playing, when did you come back, &c&c?