I’m shocked! Guild Wars was down! I’ve been playing Guild Wars for almost six years. In all of that time… including the Alpha / Beta days… I’ve hardly ever seen Guild Wars down. But today, I was kicked out of the game and I received the following error, “Guild Wars was unable to connect to any login servers. This is very likely caused by an internet routing issue. If this problem persists, please visit the Guild Wars support website. (Code=058)” In other MMORPGs, downtime is typically a normal occurrence. In ArenaNet’s game, I’m more likely to loot a Black Dye than to see the servers shut down like this. Fortunately, the official site is online. The answer for this outage was revealed.
Apparently, ArenaNet is launching their countermeasure to the account hackers. Additional security has been added to the login screen. Here’s the official message from ArenaNet…
New Log In Process FAQ
Q: Why is ArenaNet changing the log-in process?A: As an additional security measure to protect your account, you will now have to provide the name of a character on your account in order to log in to Guild Wars.
Q: What if I don’t have any characters created on my account yet?
A: No problem. If you don’t have any characters on your account, just leave the security question field blank. Once you create a character, however, you’ll have to enter your character name in order to log in.
Q: What if I’ve forgotten the name of the character on my account?
A: Just contact Support and we’d be happy to help you out.
Q: If I have been disconnected from the game, will I have to re-enter my character name when I log in?
A: Yes.
Q: Will I need to answer the security question under any other circumstances?
A: If you add an item key to your account, you will have to enter a character name to log in.
Q: I have more than one character on my account. Does it matter which character name I use when I log in?
A: No. As long as you enter a valid character name that’s assigned to your account, you can log in.
Q: Do you have any other additional security tips to help protect my account?
A: If you’re concerned about security, consider changing your password. Make sure you use a unique password for your Guild Wars account.
What do you think about the change? Does it make you feel safer or are you annoyed? I don’t think it’s too bad, as ArenaNet has to protect the players. The Security Question can be stored, so it wasn’t too tedious for me.
I feel a bit better. It will be harder for them to hack in, sure, but I suppose it depends on the manner they gain information. We’ll have to see what happens in the next few weeks.
I reacted exactly the same way! But then I thought: don’t panic! and read some twitter stuff. Then I recognized the update and everything was fine, except that I couldn’t log in into the char I played before. After switching to another char it was again possible.
I like the security update.
Best regards
easy
It will do a lot against brute force hackers for sure, 3 matcing pieces of information instead of 2 makes a big difference.
However it won’t do much against information gained elsewhere, so I suspect this is only the beginning.
As of the time of this writing the Guild Wars Wiki is also down for maintenance… Perhaps this is the source of the hackings?
That’s something interesting to consider, but I don’t suspect it’s the source of the problem. If it was, the Wiki would have been taken down much earlier. (Are you aware of any previous outages?) Instead, I’m thinking that ArenaNet is hardening their defenses.
“So in war, the way is to avoid what is strong and to strike at what is weak.”
– Sun Tzu
The Wiki is a weak point for ArenaNet. Yet, I don’t think it would be a main target for email/password harvesters. You don’t need to log in to use that website. Also, I checked. Currently, ArenaNet is using MediaWiki 1.15.1. Two days ago, they were using MediaWiki 1.15.1.
I suspect that ArenaNet is updating their server software for additional security measures. When running a LAMP server, it’s not enough to update your scripts. You have to update PHP, MySQL, Apache and your operating system too.
I checked the US-CERT website…
http://www.us-cert.gov/index.html
(Great website for updates on defending against cyber attacks)
…MediaWiki did appear on an older security bulletin. Unfortunately, that’s just the nature of the Internet. Fansites like this one also represent a weak point. I’m constantly seeing attempts to hack my website. ArenaNet’s situation must be far worse.
My concern is that this type of security is reactionary. I’d like to see ArenaNet go into a more active role. Instead of just patching servers, maybe ArenaNet should be more aggressive… set up honeypots, help secure fansites, catch and prosecute hackers.
Step one: Create a decoy fansite
Step two: Watch the server activity
Step three: Track and catch the offenders
But unfortunately, this would require a global effort. The attacks come from around the world. ArenaNet is obviously taking this matter very seriously, but I’m not sure what they’re going to do next.
Historically, ArenaNet pulls inward when things get bad. They started out as an open and friendly company, but some bad experiences has made them more secretive. This concerns me, as fansites are basically a vulnerability to the game’s security. Will ArenaNet distance themselves from fansites… or will they team up with them to catch these criminals?