Warmane accounts

That's how it should be, but considering how widespread this issue is and how it continues to happen after people change their passwords is evidence to suggest Warmane is storing passwords in plaintext somewhere and is being leaked constantly.

Quote:

---

Originally Posted by IzzyData4

how it continues to happen after people change their passwords is evidence to suggest Warmane is storing passwords in plaintext somewhere and is being leaked constantly.

---

Wrong. Password verification is done after 2FA, it's a limitation made by Blizzard when they designed the protocol.

http://forum.warmane.com/showthread....=1#post3021955

What's interesting is the varied IP addresses I'm seeing from the attempts from another user trying to get access to my account. Today I have 5 attempts in 20 min, with 4 different IP address...so this isn't a bug. Someone is using an IP spoofing tool to attack accounts to try and gain access.

I also noticed there is no use in tracking or even blocking the IP address, when using tools that hide their IP address. Fortunately I believe this person doesn't know my email address or I would have received a fake Ware mane message with a link to enter my authorization code, which would allow them to compromise my account.

The many emails I receive regularly are becoming annoying.

Quote:

---

Originally Posted by Bennyguy

What's interesting is the varied IP addresses I'm seeing from the attempts from another user trying to get access to my account. Today I have 5 attempts in 20 min, with 4 different IP address...so this isn't a bug. Someone is using an IP spoofing tool to attack accounts to try and gain access.

---

They can't spoof because the protocol is over TCP. They're using a proxy list and we've been blocking them as they appear.

Well as I'm logged in to the website and viewing posts, I was just hit again with a login attempt from a new hackers IP address authorization request. How are you blocking them, or are we suppose to submit the IP address to be blocked?

I have had the same IP since August, yet there have been many attempts from many other IP address trying to login.

We have logs of every successful/unsuccessful attempt. I'm not sure what system is being used but I imagine it rejects connections after X unsuccessful attempts and then further attempts get a permanent block.

Quote:

---

Originally Posted by Bennyguy

Well as I'm logged in to the website and viewing posts, I was just hit again with a login attempt from a new hackers IP address authorization request. How are you blocking them, or are we suppose to submit the IP address to be blocked?

I have had the same IP since August, yet there have been many attempts from many other IP address trying to login.

---

You have a strong password and 2fa on. What do you care?

You can't stop people from trying to get into your account.