I spend most of my evenings perusing the North American and European WoW Foums for interesting topics for our Forum Post of the Day feature. I've come across all kinds of threads from the uplifting, to the whiney, to the popular discussion. They are a great resource for tips and strategies.

Blizzard welcomes constructive criticism and suggestions from the WoW community. You are welcome to be a part of it as well. There are a few things you should know about the forums.

We've already reported that the Blizzard Authenticator is sold out, but here's another twist to the story. WoW Insider reader Ryan told us that he placed his order last Monday, before the sell out was announced.

However, instead of getting his Authenticator, he instead got an unexplained refund. With no other word from Blizzard, they simply canceled the order and refunded the money. He talked to a coworker who had also ordered the Authenticator and found that he had the same experience. As of yet, Blizzard has not explained the refund to him.

It's likely that Ryan was simply unlucky enough to place his order after they'd sold out but before they'd officially announced it, but there's other somewhat unfortunate implications. If they're refunding his order instead of honoring it, it suggests that they don't expect to have any new Authenticators ready for quite some time.

The problem with keyloggers and other methods of account theft has been well documented here at WoW Insider, and it seems like a constant problem. Even the most conscientious of players has fallen prey to it. However, at the Worldwide Invitational, Blizzard is introducing a little piece of hardware that could make those problems vanish. Say hello to the Blizzard Authenticator.

The Authenticator is a small piece of hardware that you can associate with your World of Warcraft account. Once the Authenticator is associated with the account, you will need it to log on. Every time you log on, you press a button on the Authenticator to generate a six-digit code that you must input to log on. Since only you know the code, and it's generated apart from your computer at the time you're ready to log on, it will be safe from trojans, keyloggers, and other hacks.

The Authenticator will be available at the WWI to start, then eventually at the Blizzard Store. The starting price being quoted by Blizzard is $6.50 -- a small price to pay for safety from a ransacked bank and naked server transferred characters, for many.

Is this the big announcement though? It's possible, of course, but we like to think there's more in store at the WWI. Stay tuned here, and we'll let you know.

In an era where clicking on the wrong link while browsing the web could mean your account will get hacked, and one of your guild members clicking on the wrong link means your guild bank could get emptied as well, it's always good to protect yourself and keep abreast of web security issues.

In that vein, it's worth checking out a new report released by McAfee called Mapping the Mal Web Report Revisited. It tested 9.9 Million websites in 265 domains to find out which ones had a higher risk of exposing visitors to malware, spam, and malicious attacks via a red, yellow, and green system.

Arena Junkies is one of the most reputable online sources for. . .arena junkies. Its posters are numbered predominately among the 2000+ Arena Rated teams, and thus the site serves as a key resource for arena veterans and up-and-comers alike. Arena Junkies hosts dozens of forums, macros, strategies, and example Arena-centric Talent builds. Arena Junkies is also an official part of the Blizzard Fan Site Program. Oh, and they've got their own T-Shirts.

Which is why it can be so troubling to see they've been attacked by one of Vaneras's malicious "eVillains." The eVillain posted a "malicious applet" in their Interface forums, planting a virus which apparently spread to the hosting server itself. Naxos warns forum-goers that if any Junkie clicked on the link responsible for the attack, he or she should be careful that their system isn't under any danger. With the rising number of keyloggers and account theft, that kind of precaution is starting to get common for even the most casual WoW player.

Naxos definitely seems to have a handle on the problem, though. Arena Junkies reverted to its last-saved backup, from very early that morning, and now Arena Junkies is back to running smoothly. According to Naxos, the virus itself was a variation of the i-worm/stration virus. Links to the virus have, understandably, been removed.

It's unclear whether this attack was an attack of opportunity, or if someone has it out for the Arena Junkies. As Bio puts it: "He prob sucks at the arena."

According to reports, a new wave of exploits has appeared taking advantage of a vulnerability Adobe Flash Player. Allegedly over 200,000 web sites now have redirects to malware, including keyloggers, through embedded Flash. And we all know how evil keyloggers can be. Flash Player 9.0.115.0 appear to be the affected version.

Adobe quickly responded to the issue, saying that the vulnerability is fixed in 9.0.124.0, the latest version of the player, so to make yourself secure, all you need to do is update your Flash. To check what version you are running, go to this Adobe page. Keeping your software up-to-date is one of the best ways to close security holes; if you're truly paranoid, you could always go the route of adding Flashblock and/or No-Script into your browser. And be sure to keep an eye on our new Azeroth Security Advisor column for more tips on how to keep yourself from being compromised. Once again, to update your Flash and patch this vulnerability go to Adobe's "Get Flash" page.

Update: It is possible that certain versions of 124 (namely, the standalone version for Linux and the standalone version with debug capabilities for Windows) are also affected by the exploits. At this time it is recommended to disable Flash if you are running those versions.

Update 2: It is currently believed that all versions of 124 are safe. Nevertheless, caution is generally a good idea.

We've mentioned this already, but let's reiterate something: Though the Wrath Alpha client is floating around out there, be very very careful about what you download or try to access. The Alpha servers are not for you, and attempting to download the client isn't wise. My recommendation is simply to not do it.

We all know how many accounts have been stolen due to keyloggers hidden in links, ads, and other things. Keep that in mind before you click on a download link. A dirty .exe with a filename disguised to look like a Blizzard downloader for the Alpha client is out there. There are probably more than one. Nobody wants to lose their account, and we don't want you to lose yours, either.

There have been a lot of scares recently about AddOns having keyloggers in them. For the most part, it turned out to be ads on the sites that were the problem. And now we have the Fraps scare. Unfortunately, no one is immune and it's best to be as careful as possible. Recently, I came across another particularly sneaky way you could get keylogged.

I don't use many AddOns when I play. Cartographer, Auctioneer and Gatherer are pretty much it. I've tried tarting my UI up with some of the fancier mods, but I always come back to my minimalist setup. Because I don't use many, I don't have to upgrade very often and I always neglect to bookmark the appropriate download sites. I'm also a believer in convenience, so I make full use of my Firefox address bar to do my "searches". Firefox will either bring up a Google search for whatever I type in or it will bring up the closest webpage to what I have typed.

While the Incgamers malware problem is fixed, it looks like there's another malware flare up in the world of addons. The WoW Ace Updater, according to many users, may be passing off a trojan from an ad in the guise of an antivirus program. The program, called Winfixer, pops up in a window and (in some cases automatically) installs malware while claiming your computer is compromised and that you need to buy the full retail version to fix it. It can be detected and removed by Spybot Search and Destroy and Vundofix, and Symantec includes instructions on how to manually remove it here.

Wowace.com site owner Kaelten has disabled the ads on WoW Ace Updater completely for now, and is talking to his Ad provider to find out what went wrong and which ads might be causing problems.

This isn't the first time a popular WoW site has had trouble with trojans in ads, and unfortunately, it is unlikely to be the last. Kaelten seems to be on top of it, though, so hopefully he'll get to the bottom of these claims. Since the ads are currently disabled, the program itself should already be safe to use. If you're feeling a bit skittish, though, you can check out some of Sean's recommendations for other upgrade programs here.

I should note that, being a religious user of WoW Ace Updater myself (I run it at least a good 5 times a week), I just made sure to scan my computer with the aforementioned Spybot Search and Destroy as well as AVG Free Edition. According to those programs, It has a clean bill of health.

Yesterday, I reported to you that Google (via Stopbadware.org) had marked wowui.incgamers.com (which redirects to wowui.worldofwar.net) as a bad site. Today, the site is reported as clean according to the same report (you can check it out here).

Rushter of Incgamers.com explained to us on the comments of the previous article that the problem was with a seperate attack on a different hosted site (which was quickly dealt with, and unrelated to worldofwar.net, says Rushster), but Google marked the whole site as bad. The worldofwar.net UI database was unaffected, he says, and after some back and forth, Google has now dropped the warning.

Of course, it's still always a good idea to check your computer for viruses, trojans, and keyloggers regularly, and realize that no website is completely safe (though having a good defense always helps). That said, at the moment it looks like wowui.incgamers.com, also known as wowui.worldofwar.net, is a safe spot to grab your addons from.

Here at WoW Insider, we've noticed an unusual and disturbing glut of people having trouble with being keylogged or otherwise hacked soon after installing new addons lately (which wouldn't be a surprise -- lots of people were grabbing addons after patch 2.4, so that makes them a likely route for attackers). While it's too early to make any definite connections, It seems like there's one new lead that's just popped up: popular addon site wowui.incgamers.com (not linked for obvious reasons) is apparently passing off bad files, according to reports from Stopbadware.org and other anonymous sources.

If you've been using the site for your addons, especially in the past week or so, it might be a good idea to exercise some caution and run your favorite anti-virus or anti-malware program. The site has already been in trouble recently with reports that their UICentral addon updater (now discontinued) was using copyrighted code, and now it looks like there's more trouble abrewing for them.

Update: Wowui.incgamers not infested with malware. Full story here.

Recently we've had several posts about being hacked, guild banks assaulted, and Blizzard's typical response. The Customer Service Forum is filled with threads started by desperate World of Warcraft players seeking the return of their accounts and belongings as a gesture of goodwill. It is our responsibility to keep our accounts safe from hackers.

I speak from experience when I say that being hacked is just dreadful. Although it is usually possible to have your account returned, there is usually significant damage done in the process. In the past, even Blizzard employees have had their accounts compromised. This post is designed to help you do the best you can to protect your World of Warcraft investment.

The worst part of the keylogging episode was that my Shaman was transferred from a PvP to PvE server. After about a week in limbo my beloved Tauren was returned to her proper place. I was extremely relieved. Unfortunately that's the only thing on my account that Blizzard was kind enough to restore. They refused to return any of my gear or gold and did nothing about the items ninjaed from the guild bank. I appealed their decision with several emails. Those appeals were ubiquitously denied despite logical arguments and heart-filled plights. I thought it was all over, for better or for worse.

I got more bad news in my email box the other day:

Our Guild had been going downhill for a while now. At the beginning of the year, key officers and members, cornerstones of our raiding team, quit the game for one reason or another. Some of our members got hacked, just like WoW Insider's Amanda Dean. This took the wind out from under our sails, despite great success in Serpentshrine Cavern and Tempest Keep. As 2007 closed, I envisioned us taking down Vashj and Kael within the first quarter of 2008. I was stoked. There were good times when we'd take down two new bosses a week. Of course, Murphy's Law happens. While key team members quit the game, others took extended (sometimes unannounced) leaves of absence, and with diminishing raid attendance and obviously performance, other members looked elsewhere for better raiding opportunities. And when it rains, it pours.

A little over a week ago our Guild bank was robbed. It was cleaned out -- so empty I could almost imagine the sound of flies buzzing about -- well, okay, it wasn't that empty. On the third tab, the robber was kind enough to leave us ten stacks of Roasted Clefthooves. At first it struck me as odd because we had fixed our Guild permissions somewhat after our GM left the game to take a shot at a relationship and play with his Nintendo Wii. In what order exactly, I can't be sure. He passed the mantle off to one officer who passed it to another officer who later passed it on to me. So for a while, I was GM of a Guild that wasn't quite doing anything but waiting on people to come back to the game. So imagine my shock (more like anesthetized indifference, to be honest) when I was going to deposit items into the Guild bank only to find that it had nothing. Well, nothing but those clefthooves.

World of Warcraft's European site has posted a new page of their FAQ aiming to describe the effects and consequences of third party gold selling, also known as RMT (Real Money Trade or Real Money Transactions). There doesn't seem to be a similar page added to the American site yet, but we've seen enough to know very well that they disapprove as well.

The page mostly focuses on the more underhanded tactics the companies use to get money, such as keyloggers and trojans, or simply stealing the accounts of people who paid for powerleveling, and using them as farming bots, or spamming in high traffic areas on level 1 characters with hard to spell names. It's a good start, and certainly reminds people of the harm that these gold farmers do, and how it can hit close to home.

As a veteran MMORPGer who's watched Johnathan Yantis and Brock Pierce practically invent the industry and most of the dirty tricks it pulls, I'm glad to see Blizzard continue to make a stand against these types of leeches and hope they continue to do so. I'd love to see them explain more fully how the constant amount of kill stealing and spawn and AH camping they do hurts the game. A campaign of information might be just what we need to stop the gold farmers once and for all. Legal measures and community shame (and thus shrinking of their customer base) for a one-two punch? Here's hoping!

Thanks for the heads up, Richard!