Strange way of testing?

Printable View

January 4, 2016
staccobainforum

Account fishing / Server attack / Strange way of testing?

A few hours ago a friend complained about someone that has logged into his account. We thought it's just a strange random password fishing but another friend complained about it too and then the first one had another unidentified login even after a password reset.

The IP used to login is 188.138.40.87 which leads to a wow private servers collection site hosted in Germany.

Both passwords are secure so brute force is not an option. There is a topic here posted 2 hours ago in which is mentioned that many people can't login into their accounts.

So, warmane, if you are not testing in a strange and confusing way and there isn't an "inside person" that is doing this - your security is being compromised.
January 5, 2016
radarridrr

I had this happen to me as well. I got disconnected from lordaeron in-game, checked the website and it says i was last seen 1 minute ago from Germany.
January 5, 2016
Zardonic

We were getting an IP from US when the realm crash so my guess would be that it's still the same IP but from different location so you shouldn't worry about it.
If someone tries to get into your account you'll see the message on your e-mail/phone if you have 2-step enabled, so don't turn it off and you're safe.
January 5, 2016
radarridrr

Quote:

Originally Posted by Zardonic

If someone tries to get into your account you'll see the message on your e-mail/phone if you have 2-step enabled, so don't turn it off and you're safe.

Does that happen if someone else logs into the game under my account, or only the website?
January 5, 2016
Anyone0

Quote:

Originally Posted by radarridrr

Does that happen if someone else logs into the game under my account, or only the website?

Only website. Your ingame account is not protected by 2 step authentication.

That IP address belongs to logon server. Seems like they have made some changes related to logon server recently so it's in Germany not US now. That IP address will appear there when you connect to logon server but don't log on a realm. It usually happens when server crashes, you log back in but can't connect to realm yet.
January 5, 2016
Sixtyninee

Yep, it's the new logon server. You can confirm this by logging in but cancelling before connecting to a realm and then checking your account info. The associated website is openwow, which is also owned by warmane.