It is currently Sun Dec 22, 2024 12:51 am

Strange notice from guildwars2.com

Chat pertaining to Guild Wars 2

Strange notice from guildwars2.com

Postby Zancarius » Sun Sep 02, 2012 6:58 pm

So, I received this e-mail:

Code: Select all
Your e-mail address has been changed. Please remember to use this new address the next time you log in to your account.

To confirm this change, please click on the link below.

https://account.guildwars2.com/verify?userid=<snipped uuid>&sessid=<snipped uuid>

Need help or have questions about your Guild Wars account? Visit our support site: http://support.guildwars2.com/.

Thanks!

-The ArenaNet Team


I don't (yet) have Guild Wars 2. It seems a little odd that I'd get this. Upon further examination, the e-mail appears to have come from the arenanet servers (via MailGun, which is a legitimate web-based e-mail API service that I have used in projects before--really nice, and their support is amazing):

Code: Select all
Delivered-To: zancarius@gmail.com
Received: by 10.224.96.82 with SMTP id g18csp239292qan;
        Fri, 31 Aug 2012 20:29:21 -0700 (PDT)
Received: by 10.229.135.73 with SMTP id m9mr6163409qct.130.1346470161534;
        Fri, 31 Aug 2012 20:29:21 -0700 (PDT)
Return-Path: <bounce+4d1539.35e-zancarius=gmail.com@guildwars2.com>
Received: from mail-s87.mailgun.info (mail-s87.mailgun.info. [184.173.153.215])
        by mx.google.com with ESMTP id m12si3604596qct.80.2012.08.31.20.29.21;
        Fri, 31 Aug 2012 20:29:21 -0700 (PDT)
Received-SPF: pass (google.com: domain of bounce+4d1539.35e-zancarius=gmail.com@guildwars2.com designates 184.173.153.215 as permitted sender) client-ip=184.173.153.215;
Authentication-Results: mx.google.com; spf=pass (google.com: domain of bounce+4d1539.35e-zancarius=gmail.com@guildwars2.com designates 184.173.153.215 as permitted sender) smtp.mail=bounce+4d1539.35e-zancarius=gmail.com@guildwars2.com; dkim=pass header.i=@guildwars2.com
DKIM-Signature: a=rsa-sha256; v=1; c=relaxed/relaxed; d=guildwars2.com; q=dns/txt;
s=pic; t=1346470161; h=From: To: Subject: Mime-Version: Content-Type:
Date: Message-Id: Sender;
bh=ZMKQHBgyTERWWPnUAgjBqngHhIoHwx8jtz3LhvNktJo=; b=PshAoQ2vasXB9T0W3uhAG9906OEl4kBpPhCUSkATmgtNh6j8a9r/1JAsZ3lgKell5zCc6zAU
kvmpZUwuoaYTqVXW1WdZEZLwJW7PpsuD8WUPlLhwccUiQi1PvIp51CNA4bXCSU9elEkYvxn+
3MGxOilaCR/qIn5iZKJbzYEeCoE=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=guildwars2.com; s=pic;
q=dns; h=From: To: Subject: Mime-Version: Content-Type: Date:
Message-Id: Sender;
b=NP7wII0wxHbGRTZViS5tgHkMRWmK8FX2XdYVn8nlqfPcsAZw3LZkc95QgCs70VR07F24Lx
Y4uzktX0Yz2SXlDrLEO0nqxQUY7man6yNcVywOydfxHDLhvoiBYuzrzzvp6JUpANRRadTCMo
rt8OhHDnENxpIb0jUB98Pq9oH/Wc0=
Received: by luna.mailgun.net with SMTP mgrt 7232109;
Sat, 01 Sep 2012 03:29:21 +0000
Received: from guildwars2.com (Unknown [64.25.40.41]) by mxa.mailgun.org
with ESMTP id 50418111.4c44378-luna3; Sat, 01 Sep 2012 03:29:21 -0000 (UTC)
From: ArenaNet <noreply@guildwars2.com>
To: zancarius@gmail.com
Subject: Confirm new e-mail address for your Guild Wars account
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="PartBound_20120901_033246"
Date: Sat, 01 Sep 2012 03:29:21 +0000
Message-Id: <20120901032921.23864.84122@guildwars2.com>
X-Mailgun-Sid: WyJjMTFlZSIsICJ6YW5jYXJpdXNAZ21haWwuY29tIiwgIjM1ZSJd
Sender: noreply@guildwars2.com


DKIM suggests that the e-mail is valid, and SPL indicates that the IP address of the originating service is authorized in the guildwars2.com DNS SPL record. So, I did some digging after Josh mentioned to me tonight that there was a brute force attack of some sort performed against the GW2 servers.

I think what this means is, after looking at it, that someone had a list of e-mail addresses and were going through attempting to force an e-mail change. I have no idea if it works (I didn't click the link for reasons that I hope are obvious), but I suspect that if you get a similar message and you didn't try changing your e-mail address, you should probably just delete the e-mail.

As usual, the typical cautions apply: Never click unsolicited links, use strong passwords, don't use the same password for multiple services, and only visit porn sites with a condom wrapped around your ethernet jack (or wifi antenna if you swing that way).
I gave that lich a phylactery shard. Liches love phylactery shards.
User avatar
Zancarius
Site Admin
 
Posts: 3907
Joined: Wed Jul 05, 2006 3:06 pm
Location: New Mexico
Gender: Male

Return to General Chat

Who is online

Users browsing this forum: No registered users and 1 guest

cron