1. Questions about account history activity

    Hello dear Warmane players.

    First I want to post this to let everyone know that I did read the rules and this post is not an intention to throw dirt on the staff or anything like that. I understand they cant help me any further or to spend time to answer my questions on ticket or email. They told me they cant help me to retrieve anything that is lost on the account since its out of their hands and not their responsibility.

    "Reporting
    Do not open a new thread to complain about staff conduct, ninjas, hackers & exploiters, bugs, etc.; the forums are intended for happy game-related content as a social platform, not your soap-box."

    Allthough I am not sure if there is a rule about posting IP-adresses. I did find rules about not posting names and so on but these IP-adresses you cant really tell who it is anyway, right?


    I want to warn about it being alot of text and maybe a bit of unlcear info and so on. I have a hard time getting it into a good text. Hope you can still take the time to check it through :) Thanks in advance!

    As the topic leads I have a few questions about my account activity. This account I am on now I retrieved the password and email with the help of GM but someone else is still playing on it and they spent alot of time on it and I dont feel like I can take it back now because of that. I have contact with them through discord and it seems like they are not the original hackers according to the IP-adresses. But I am not well read, maybe it is possible to use some program to change the IP-adress. I Lost my hunter/mage/rogue but that is not what is important. What I find important is to find answers on a few questions about what could have happened on my account.

    I Will post a few logs here from my account. I am hiding my own IP-adress.
    So the biggest question I have is how this guy 2018 3 january managed to enable Google 2fa without even having to successfully get into the account with my Email 2fa?

    Category Description Date IP Address

    Two Factor Authentication Email Two Factor Athentication enabled March 22, 2019 at 18:37 95.137.202.204
    Email Changed to March 22, 2019 at 18:32 95.137.202.204 - Email is somehow changed here, why, how? Because of Google 2fa? I have no freaking clue since Email 2fa is still active and been all the time?
    Password Changed December 26, 2018 at 3:33 -- This is me, in the middle of the night probably just felt like checking in
    Password Reset successful December 26, 2018 at 3:32 -- This is me, in the middle of the night probably just felt like checking in
    Password Reset email sent December 26, 2018 at 3:31 -- This is me, in the middle of the night probably just felt like checking in

    Account Password expired August 9, 2018 at 19:49 193.93.195.171 --- What does this mean? Password expired? Anyone trying to login to the account can change it?

    Two Factor Authentication Google Two Factor Authentication disabled January 13, 2018 at 12:00 66.133.74.113 - Removed again? Why? Hm?
    Two Factor Authentication Authentication successful January 11, 2018 at 17:46 66.133.74.113
    Two Factor Authentication Authentication requested January 11, 2018 at 17:46 66.133.74.113
    Two Factor Authentication Authentication requested January 11, 2018 at 16:27 46.53.183.93
    Two Factor Authentication Authentication successful January 6, 2018 at 17:37 38.95.108.138
    Two Factor Authentication Authentication requested January 6, 2018 at 17:37 38.95.108.138

    Two Factor Authentication Google Two Factor Authentication enabled January 3, 2018 at 11:52 104.218.62.14 - Here is the question, how did he get into my account to start with and how did he enable Google 2fa without my permission?

    Two Factor Authentication Authentication successful September 1, 2015 at 2:33 "Hiding my own IP-adress" - This is the last time I successfully used 2fa to get into the account on my computer at home.

    Two Factor Authentication Email Two Factor Athentication enabled March 23, 2015 at 19:13 - This is when I enabled my 2fa




    I did get two email 2019. But not before that about someone trying to reset my password. But nothing before this time. I suppose this maybe has something to do with Google 2fa aswell? I have no clue :S

    Warmane <[email protected]>
    Fre 2019-08-16 11:55
    Dear BonkaD,

    We've received a request to reset your password.
    The following IP Address is making the request: 212.200.32.67

    Warmane <[email protected]>
    Tis 2019-08-20 04:12
    Dear BonkaD,

    We've received a request to reset your password.
    The following IP Address is making the request: 212.200.32.67


    Here, 2019 is the first time in my log that Email 2fa is removed. But still they have had access to my account for 3 years somehow? (2018-2021) I find it very strange how this is possible without any Email 2fa successfully authenticated on any of the new IP-adresses.

    Two Factor Authentication Email Two Factor Athentication enabled July 31, 2019 at 23:41 212.200.32.67
    Password Reset email sent June 23, 2019 at 14:45 85.8.20.95
    Password Changed May 24, 2019 at 0:45 212.200.32.67
    Password Changed May 24, 2019 at 0:42 212.200.32.67
    Password Changed April 25, 2019 at 17:35 212.200.32.67
    Email Changed to April 25, 2019 at 17:33 212.200.32.67
    Two Factor Authentication Email Two Factor Athentication disabled April 24, 2019 at 15:41 178.134.41.184


    Here are some more weird logs

    Two Factor Authentication In-game authentication enabled August 27, 2019 at 14:37 105.111.141.166
    Email Changed to August 27, 2019 at 14:34 105.111.141.166
    Password Reset email sent August 20, 2019 at 2:12 212.200.32.67
    Password Reset email sent August 16, 2019 at 9:54 212.200.32.67
    Password Reset email sent August 16, 2019 at 8:54 212.200.32.67
    Account Email reverted to registration email August 16, 2019 at 8:54 212.200.32.67
    Password Changed August 16, 2019 at 8:52 105.111.129.253
    Email Changed to August 16, 2019 at 8:51 105.111.129.253
    Two Factor Authentication Email Two Factor Athentication disabled August 16, 2019 at 8:50 212.200.32.67

    Then there is some weird realm transfer stuff 2016 that I have not done? Is this something that warmane did themselves also for all characters?
    Character Realm Transfer Obooy Icecrown June 16, 2016 at 10:07
    Character Realm Transfer Frostiie Icecrown June 16, 2016 at 10:07
    Character Realm Transfer Bloodyknives Icecrown June 16, 2016 at 10:07

    And a final question (might come up with more later..) about backup. I have a backup that was made 2 years ago. Can I somehow get a hold of this backup or is it long gone if I did not download it and kept it from back then?

  2. And a final question (might come up with more later..) about backup. I have a backup that was made 2 years ago. Can I somehow get a hold of this backup or is it long gone if I did not download it and kept it from back then?
    Backups can not be used to restore anything on your account. They are intended to be used only if Warmane loses the database, like what happened with Molten.

    Then there is some weird realm transfer stuff 2016 that I have not done? Is this something that warmane did themselves also for all characters?
    Those look like transfers when 2 realms were merged into Icecrown. Probably automated.

    About the rest - it seems like you got your account back. If anything on it is missing, you most likely won't get it back. Missing items can only be restored if they were purchased with coins. In that case you should make a support ticket on website: https://www.warmane.com/account/support

    From all the logs in your post in random order it's hard to understand what exactly happened. Maybe they gained access not only to your Warmane account but also to your Gmail account and deleted the 2FA emails?

  3. Thanks, that clears out some questions, but unfortunately not the one most important for me.

    I did not buy alot of items for coins from what I remember. I guess all the things I bought from points is not refundable?
    I think my mage was still on the account, naked, renamed and changed faction. But my Hunter was sold and my rogue was deleted I believe.

    Indeed I understand that my logs are hard to read, can I change anything to make it easier? Maybe I should have put them in order instead?.. I dont know.

    But how did he manage to get into my warmane account without getting a log that says "Two Factor Authentication Authentication successful".
    If that would have been in the log on warmane I would have been able to accept the risk that he got control of my mail aswell. But the chanses must be very small that he manages to get two different passwords of mine and get my email before he even logged into my account.

    So I still find it very strange about that activity. I really want to know how that is possible.

    Thanks so far! :)

  4. There is no support for anything purchased with points. No refunds or item recovery.

    I think what happened is that he used Retrieve page to disable 2FA using a link that gets sent to your email. He must have gained access to your Gmail account, used it to disable 2FA and deleted all the related emails. I think that makes sense since you said that there were no 2FA emails on your email.

  5. I still dont understand mate :(

    Even if he removes email 2FA it should show so in the log on warmane. So even if he removes my emails on my mail, which I dont think has happened, we would still see the log on warmane. Because that log he cant remove. But in the log I printed in to my original post it only says that Google 2fa is activated and then 10 days later it is disabled again and 4 different IP-adresses has been logging into my account. I just cant see that it happened the way you say since everything is logged on warmane. But maybe its something I dont know?

    Maybe warmane automatically removed email 2fa on my account because of inactivity?


    Because here it says email 2fa is activated again. But it never says from 2015-2019 that it is inactivated.
    Two Factor Authentication Email Two Factor Athentication enabled March 22, 2019 at 18:37 95.137.202.204

    And here again it says its disabled:
    Two Factor Authentication Email Two Factor Athentication disabled April 24, 2019 at 15:41 178.134.41.184

    So the log shows everything that is done to the account. But it never says that my Email 2FA is removed. So I feel like I have been scammed by something else than just a player on my account. And until I am proven wrong that is what I will believe from the information I have :P hehe

    Anyhow I am super greatful that you spend your time on me. It warms my heart that someone is trying to figure it out for/with me. Because I am stuck :(

  6. Two Factor Authentication Google Two Factor Authentication enabled January 3, 2018 at 11:52 104.218.62.14 - Here is the question, how did he get into my account to start with and how did he enable Google 2fa without my permission?

    Two Factor Authentication Authentication successful September 1, 2015 at 2:33 "Hiding my own IP-adress" - This is the last time I successfully used 2fa to get into the account on my computer at home.
    Is this the part that you are wondering about? Did something happen between that? Successful logins or 2FA removal?

  7. Yes that is The part. Between those two logs there are no other logs. Nothing for 2 years and 4 months and all of a sudden he has enabled Google 2fa. Very very weird..

  8. I don't see anything suspicious during that time in my accounts logs so it should not be something that was affecting everyone. It looks like logins without 2FA are not getting logged. So he somehow logged in without 2FA and then enabled 2FA. The question then is - how did 2FA get disabled without it appearing in the logs. This is what you should be asking support, without all the other details from your post that don't really matter.

    Currently any action that would let you disable 2FA gets logged but I don't know if it was like that in 2015-2018. Specifically the option to disable 2FA by sending a link to your email address.

    Also if someone contacted support about your account and had some kind of proof of account ownership (donation dates, payment transaction IDs, maybe account creation date), they could have asked support to disable 2FA on the account and it might have worked.

  9. The truth is that if you have some sort of stealer software on your pc 2fa will be completely useless in any case.
    The additional layer of protection which you call 2FA is here to protect accounts mainly in scenarios like database leaks/dumps and I'm pretty sure all of the last login credentials like browser(including version) + ip of last successful login are cyphered at the end so even if that happens nobody will be able to log into your account without triggering the 2fa
    Edited: September 3, 2021

  10. Thank you very much for your time and replies.

    How can I find out if I have any stealersoftware on my pc? Would not my antivirus program find it most likely?

    And indeed as you say I find it Hard to believe that he would make it without being noticed anywhere in The process of this.

    I Will contact support again on sunday when I get back home.

  11. Thank you very much for your time and replies.

    How can I find out if I have any stealersoftware on my pc? Would not my antivirus program find it most likely?

    And indeed as you say I find it Hard to believe that he would make it without being noticed anywhere in The process of this.

    I Will contact support again on sunday when I get back home.
    Different antivirus scans. Though it's more likely you got phished or you re-used account credentials elsewhere, or poor choice of credentials.

  12. Indeed that might be a posibility. But it still does not explain why Warmane do not have any log of my email 2fa. Even if he get into my email and remove my emails about it aswell as my account on warmane he should not have been able to pass through the email 2fa that logs each time it is used in warmane log :)

  13. My ticket has been there for a week. Still no response. Not sure how long I should wait before I try to contact them in some way if I dont get any response? :P

  14. I had some similar things happen.

    2FA got enabled on my account without my knowledge. No email to me confirming it was turned on.

    Person who got into my account sold all my stuff and my two level 80's were traded.

    I'm not saying my password was the most secure but I barely had any friends in this game and never posted anything on the forums (this is my first post btw). Not sure how someone got my account name anyway unless some addon was storing that. I would love to have my characters back but the whole its your own fault if your password gets stolen is fine I totally agree. However, being able to turn on 2FA without me being able to confirm or see it was turned on is a big security flaw. If I would have seen 2FA turned on I would have instantly corrected the problem before all my stuff and characters were traded. The time spent raising levels and skills is more detrimental to me than replacing gold or gear.

    I don't jump on everyday but once every few months ill jump on and play for a few days. I just happened to want to play and noticed it, it had been about 3 months since my last sign on.

    Two Factor Authentication Authentication removal completed September 12, 2021 at 3:36
    Two Factor Authentication Authentication removal requested September 12, 2021 at 3:36
    Two Factor Authentication Authentication requested September 12, 2021 at 3:35
    Two Factor Authentication Authentication failed September 12, 2021 at 3:35
    Two Factor Authentication Authentication failed September 12, 2021 at 3:34
    Two Factor Authentication Authentication requested September 12, 2021 at 3:34
    Two Factor Authentication Authentication successful September 3, 2021 at 4:45 75.10.173.195
    Two Factor Authentication Authentication requested September 3, 2021 at 4:45 75.10.173.195
    Two Factor Authentication Authentication successful August 27, 2021 at 16:23 69.129.217.236
    Two Factor Authentication Authentication requested August 27, 2021 at 16:23 69.129.217.236
    Two Factor Authentication Authentication successful August 23, 2021 at 15:50 108.193.217.254
    Two Factor Authentication Authentication requested August 23, 2021 at 15:49 108.193.217.254
    Two Factor Authentication Authentication successful August 23, 2021 at 1:42 68.105.109.228
    Two Factor Authentication Authentication requested August 23, 2021 at 1:42 68.105.109.228
    Two Factor Authentication Authentication successful August 22, 2021 at 1:53 75.167.214.138
    Two Factor Authentication Authentication requested August 22, 2021 at 1:53 75.167.214.138
    Two Factor Authentication Authentication successful August 16, 2021 at 2:45 47.151.21.64
    Two Factor Authentication Authentication requested August 16, 2021 at 2:45 47.151.21.64
    Two Factor Authentication Authentication successful August 15, 2021 at 13:10 38.34.103.96
    Two Factor Authentication Authentication requested August 15, 2021 at 13:10 38.34.103.96
    Two Factor Authentication Authentication successful August 15, 2021 at 13:07 12.248.122.226
    Two Factor Authentication Authentication failed August 15, 2021 at 13:03 12.248.122.226
    Two Factor Authentication Authentication failed August 15, 2021 at 13:03 12.248.122.226
    Two Factor Authentication Authentication requested August 15, 2021 at 13:03 12.248.122.226
    Two Factor Authentication Google Two Factor Authentication enabled June 25, 2021 at 3:55 172.127.92.192
    Two Factor Authentication In-game authentication disabled June 25, 2021 at 3:55 172.127.92.192

    This is my logs (I removed my ip address from September 12th entries which were me)
    June25th I received no email from Warmane about this getting turned off (i would hope something like this would warrant a notification)

    I checked my Gmail account again just to be sure I didn't miss anything because that's the email account I used to setup my account.
    3 emails from Warmane. Account created 4/9/18 and then removing 2FA on September 12th 2021 (11th local time) and changing my password.

  15. They are not interested in solving this issue unfortunately. And tbh I can make new characters and get items back. But I am still interested in what the heck happened to my account. Why did this occur? I dont care if they can solve it or not. I only care to understand what happened. But I never get the chanse to ask/Tell them because they instantly close my ticket before or after they answer.. :/ And the only answer I get is that I am responsible for my accounts safety. But if I am not the reason that the problem occured, why should I be responsible? I dont get it...


    Here is a link to my ticket that I did not get any response on. Instantly closed.
    https://imgur.com/mNxiQKD


    Here is also something interesting that I had no clue about. Passwords to the homepage and ingame is not capital sensitive :O

    https://imgur.com/3RqB2cq

12 Last

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •