World of Warcraft Account Security
Recently there has been discussions in my Guild regarding World of Warcraft account security. I believe this is a perfect opportunity to give my opinion on measures that I believe must be taken to ensure increased general security of your computer along with your World of Warcraft account.
One thing I must make clear is there is no such thing as a completely secure networked computer. The suggestions listed below are simply extra precautions that must be taken to minimize the chance of your computer being compromised.
* - Applies to World of Warcraft only.
Get an Authenticator*
Having an Authenticator will virtually eliminate the chance of your account being compromised. The Blizzard Authenticator costs $6.50 from the Blizzard Store. If you are an iPhone/iTouch user, you can download the Mobile Authenticator for free. Having an Authenticator is no excuse not to do the remaining suggestions.
Web Browser
Use a secure browser. For the sake of speaking, that pretty much means anything besides Internet Explorer. My personal recommendation is Google Chrome or Firefox. For each, I highly recommend the WOT plugin.
WOT’s safe browsing tool warns you about risky sites that can’t be trusted: Online shops that cheat customers; download sites that deliver malware; sites that send spam; and those with inappropriate content for kids.
Web of Trust provides an additional layer of security when visiting websites. WOT is community managed, meaning if someone spots a phishing website, they can report it. The report is upload to WOT servers, if you try to access the website that has received a poor rating, WOT will block you from going to the website without your express permission. If you use Firefox, in addition to WOT, I also highly suggest NoScript. Currently, Google Chrome does not have a NoScript extension available.
Passwords
Your World of Warcraft password should be entirely different from any other service you use. Generally speaking, a password should be at least 8 characters long with upper/lower case letters, numbers, and symbols. Your World of Warcraft password (along with other sensitive passwords) should be changed at least once a month. It takes 2 minutes to do, don't be lazy. An example of a good password would be 'I3n&$VW49*'.
Anti-Virus, etc.
Windows users - Having AV software is not full proof. Consider it just another way to decrease the chances of having malicious software installed on your computer (for a long period of time). I personally recommend Avira or NOD32. Along with AV software, I also recommend Spybot and Malwarebytes (Free Edition is fine). Malwarebytes is specifically targeted to Malware, harmful software that is generally not picked up by AV software. AV software should be set to automatically update and run daily (Both NOD32 and Avira provide this option, as do many other AV's such as AVG and Avast). I would recommend running anti-malware software at minimum once a week.
For Mac(OSX)/Linux users, The options for security software is rather slim. I can recommend ClamXav(Mac) and Clamav(Linux) for virus scanning. I also recommend rkhunter for OSX/Linux systems. Generally speaking, there is not much more that can be done for OSX systems in terms of AV software. Sadly, Apple has spread false information on commercials by suggesting OSX is immune to viruses, until OSX suffers a mass attack, it is unlikely much further production of AV software will occur. As for Linux systems, there are other precautions that can be taken, but I will assume if you use Linux, you should know how to properly secure your system.
Note: Debian based distrobutions can run the follow command to download rkhunter and clamav:
sudo apt-get install clamav rkhunter #rkhunter -c to run #clamscan -r in '/' directory to run
Updates
Windows users - Automatic Updates should be turned on. Keep your system updated at all times. Microsoft is constantly releasing security patches to fix potential vulnerabilities in your system. If you are still using XP (or anything older) update to Windows 7 as soon as possible. When updates for your system become available, do not postpone restarting your computer to take effect, do it immediately when it asks.
OSX users - By Default, OSX will check for System Updates once a week (This setting can be changed in System Preferences -> Software Update). Install updates whenever they are available.
Linux users - If you are using a Debian based system, the following commands can be executed from a Terminal:
sudo apt-get update sudo apt-get upgrade
Other non-Debian based Distributions should consult the proper documentation.
Common Sense
Be smart when you use your computer.
- One precaution that should be taken is when reading email. Never click on links masked by anchor tags (HTML), especially World of Warcraft related emails. If you receive an email from Blizzard asking you to log in to your account, or a beta key, it is most likely a scam.
- When using your laptop on a public network, be very careful to use SSL connections while logging in/reading email or any other services. If you are on a public network, you should always assume that someone is watching and logging everything you do (this includes cleartext logins). For maximum security, I recommend always using hardwired connection wherever possible (this includes on a home network also).
- If at any point you find your computer acting strange, immediately stop what you are doing, update and run your protection software.
- If your World of Warcraft account is compromised, and virus scans show up nothing on your computer. Do not assume one is not there. Change the password for your email and WoW account on a different computer, then work on finding out what caused the security breach on your WoW computer.
Conclusion
Everything above may seem like a lot to take in at first, especially if you have little to no protection on your computer to begin with. The hour or two it will take to setup will be well worth it if your World of Warcraft account becomes compromised. Not only will following my suggestions increase the overall security of your system, it will also save you from possible embarrassment if your account becomes compromised. Once you get everything setup, it should not take more then a half hour of manual work per week to keep your system up to date and secure. I will repeat again, having this security software in place will not make your computer full proof against attack. The above software will only minimize the chances of your system becoming compromised.
Wintergrasp Tokens – Possible to Have Over 100
Not sure if this is common knowledge or not, but today I found out it is possible to have more then 100 Wintergrasp Tokens. I assumed the limit was 100 just like all other battlegrounds. After tonights victory in Wintergrasp I noticed that I had 101 tokens. I looked on WowHead to verify, it appears the limit for WG tokens is 1000. Makes me wonder if badges will be mailed if someone actually hits the 1000 badge cap.
Parsing the WoW Armory – Part 2.1
I forgot to post this information in Part 2 of Parsing the WoW Armory. When parsing the guild-info.xml file, some fields are represented by numerical values. Below is conversion table from XML numerical representations to actual values.
genderId:
0 - Male
1 - Female
raceId:
1 - Human
2 - Orc
3 - Dwarf
4 - Night Elf
5 - Undead
6 - Tauren
7 - Gnome
8 - Troll
10 - Blood Elf
11 - Draenei
classId:
1 - Warrior
2 - Paladin
3 - Hunter
4 - Rogue
5 - Priest
6 - Death Knight
7 - Shaman
8 - Mage
9 - Warlock
11 - Druid
For easy converting from numerical to actual values I would recommend using a PHP array(). Below is an example of the Sorted Guild list from Part 2 with the addition of the class of each character included.
< ?php function sortedList($x) { $classArray = array(1 => "Warrior", 2 => "Paladin", 3 => "Hunter", 4 => "Rogue", 5 => "Priest", 6 => "Death Knight", 7 => "Shaman", 8 => "Mage", 9 => "Warlock", 11 => "Druid"); $array = array(); foreach($x as $char) { $array[] = getName($char)." - ".getLevel($char)." - ".$classArray[(int)getClassId($char)]."<br />"; } sort($array); return $array; } ?>
Parsing the WoW Armory – Part 2
I chose to expand on Part 1 by providing a function file that provides access to all available character related information from the guild-info.xml file from the WoW Armory. The guild-info.xml file provides the following information for the entire guild: Achievement Points, Class ID, Gender ID, Level, Character Name, Race ID, Guild Rank, URL to Character Page.
Some neat things can be calculated by using the available resources. I provided three examples in the code below: Average achievement points, average level, and a sorted list of all characters in the guild (also provided in Part 1).
< ?php ini_set("user_agent", "Mozilla/5.0 (X11; U; Linux i686; pl-PL; rv:1.9.0.2) Gecko/20121223 Ubuntu/9.25 (jaunty) Firefox/3.8"); //Average guild achievement score. function achAverage($x) { $counter = 0; $total = 0; foreach ($x as $p) { $total += getAchPoints($p); $counter++; } return ($total/$counter); } //Sorted Guild Characters Names/Levels in ABC Order. function sortedList($x) { $array = array(); foreach($x as $char) { $array[] = getName($char)." - ".getLevel($char)."<br>"; } sort($array); return $array; } //Returns the average level of the entire guild. function avgLevel($x) { $counter = 0; $total = 0; foreach ($x as $p) { $total += getLevel($p); $counter++; } return ($total/$counter); } /** * Other functions that can be used to pull information * from the XML sheet. Use these functions to expand * and create other functions. **/ function getAchPoints($x) { return $x['achPoints']; } function getClassId($x) { return $x['classId']; } function getGenderId($x) { return $x['genderId']; } function getLevel($x) { return $x['level']; } function getName($x) { return $x['name']; } function getRaceId($x) { return $x['raceId']; } function getRank($x) { return $x['rank']; } function getURL($x) { return $x['url']; } ?>
New functions can be created by using the get functions at the bottom of the file. Using the get functions and sample functions, it should be easy enough to expand on what I have.
The below code is an example of how to use the function code from above.
< ?php //Functions file. include ('guild.php'); //Set Server/Guild Here. $server = "Eitrigg"; $guild = "We+Know"; $url='http://www.wowarmory.com/guild-info.xml?r='.$server.'&gn='.$guild; $xml = simplexml_load_file($url); $xml = $xml->guildInfo->guild->members->character; //-------ABOVE THIS LINE IS REQUIRED---------- //Below are some possible ways to use the functions. /** Prints Without Array Numbers **/ for($i=0, $array = sortedList($xml);$array[$i] != null; $i++) { echo $array[$i]; } /** Alternative Implementation, Prints with Array Numbers print_r(sortedList($xml)); **/ //Displays the average number of guild achievements. echo achAverage($xml)."<br />"; //Displays the average level of the guild. echo avgLevel($xml); ?>
Parsing the WoW Armory – Part 1
Today I pulled a list of every character in We Know from the WoW Armory in 5 lines of code.
< ?PHP ini_set("user_agent", "Mozilla/5.0 (X11; U; Linux i686; pl-PL; rv:1.9.0.2) Gecko/20121223 Ubuntu/9.25 (jaunty) Firefox/3.8"); $url='http://www.wowarmory.com/guild-info.xml?r=Eitrigg&gn=We+Know'; $xml = simplexml_load_file($url); foreach($xml->guildInfo->guild->members->character as $char) echo $char['name']." - ".$char['level']."<br />"; ?>
I never realized how easy is was to pull information from the WoW Armory until now. My method has its obvious flaws, such as the output is in no obvious order. I modified my original script to sort the list in ABC order and added a $server and $guild variable to allow for easy modification. Below is a more refined version, in under 15 lines of code the pulled list is sorted in ABC order and displayed.
< ?PHP ini_set("user_agent", "Mozilla/5.0 (X11; U; Linux i686; pl-PL; rv:1.9.0.2) Gecko/20121223 Ubuntu/9.25 (jaunty) Firefox/3.8"); $server = "Eitrigg"; $guild = "We+Know"; $url='http://www.wowarmory.com/guild-info.xml?r='.$server.'&gn='.$guild; $xml = simplexml_load_file($url); $array = array(); foreach($xml->guildInfo->guild->members->character as $char) $array[] = $char['name']." - ".$char['level']."<br />"; sort($array); $i = 0; while($array[$i] != null) { echo $array[$i]; $i++; } ?>
This script is just a quick and dirty way to accomplish the simple task of pulling names from the WoW Armory. I would recommend against using this in a production environment without some sort of cache/database option implemented.
- Making teriyaki beef jerky today. 6 hrs ago
- #Fringe needs more Astrid. 20 hrs ago
- #LOTR Lego Set coming Summer 2012! http://t.co/i8ahYJo 20 hrs ago
- #mtg draft today 1 day ago
- Woke up to one of my primary VPS being down. Time to investigate. 1 day ago
- More updates...
Categories
Recent
- Vanilla2: Enable HTML in Inbox Conversations
- xkcd Comic Downloader
- WoW Realm Status PHP Class
- WoW Roster PHP Class
- Parsing the WoW Armory without XML – Part 2
Currently Reading
My Other Sites
- Kastang.net
ScifiToday
Science Fiction News and Information