Jump to content

A new hack/vulnerability?

yiorgos

By yiorgos ,
in Enemy Territory

 Share

Recommended Posts

yiorgos Contributor

yiorgos

Posted
Posted

Our server is patched up with the 2.60b yet there is one player who joins the server and can:

1) do name changes as he wishes

2) kick/ban people

 

We ban him and he can come back and do he likes.

We have his giud and IP yet there's nothing we can do about it.

 

He also attacked a server of a sister clan and crashed it (apparently from performing a simultaneous name change on all players but I can't confirm this)

 

Any idea what this is, and what can be done about it?

 

Any help will be greatly appreciated

Thanks

Link to comment
Share on other sites
Raistlin Community Regular

Raistlin

Posted
Posted

First thing would be to change your rcon password in your server config and restart the server and make sure it's not just a case of he's found it somehow,

 

Name change is not difficult and a lot of servers don't use the pb_cvars to restrict the number of name changes in a set time

 

PB_SV_ChangePeriod [1-999]

This setting works in combination with pb_sv_changemax. It defines a period of time (in seconds) during which a player may do up to pb_sv_changemax name changes. Default is 999 which means disabled.

 

PB_SV_ChangeMax [1-50]

This setting works in combination with pb_sv_changeperiod. This setting defines how many name changes can be done over a specified period of seconds (pb_sv_changeperoid). If the player does more name changes during this period the player will be kicked.

Link to comment
Share on other sites
yiorgos Contributor

yiorgos

Posted
  • Author
Posted

My server is streaming to PBBANS. How can I banmask his ip?

 

I'll try the PB_SV commands but I don't think that will help a lot.

Apparently the guy has a script that changes the slots of the players hence fooling the server to think that he is an admin.

As a result of this the name changes happen as he moved people to the next slot until he reaches a slot with an admin.

Makes sense?

Link to comment
Share on other sites
gobbo Community Regular

gobbo

Posted
Posted

After you upgraded to 2.60b have you changed your rcon password/s . As before this a vulnerabilty existed where your ref and rcon passwords could be downloaded. We should know as this was done to our server .

As for name changing : on our etpro server : in pbsv.cfg

pb_sv_ChangePeriod 500 //[seconds]

pb_sv_ChangeMax 3 //[Max name changes allowed]

pb_sv_DupNameGrace 20 //[seconds]

 

stops idiots name changing to avoid detection.Would help with your problem . after 3 changes they get kicked.

 

by the way what mod are you running ?

if you are on jaymod or noquarter their is apparently a vulnerability to stop you banning people and getting other players kicked/banned etpub aswell for getting players dropped.Guess you would need to report this to the mod makers and see if their is a fix ?

Link to comment
Share on other sites
mcsteve Community Regular

mcsteve

Posted
Posted

First things first, update your profile plz, it took me a while to track down your current server IP and find out what mod you are running.

 

You should definitely perform the following steps:

 

1) Change your rcon password, ideally to something that scores "BEST" on the checker below:

password strength check

2) Change your ref and any semi-admin passwords;

3) Subnet banmask this person for a minimum of 1 month.

 

How to banmask with PB:

i) Find the player's IP from your PB logs

ii) Open up rcon and type "pb_sv_banmask abc.def", where abc.def are the first 2 fields of his IP e.g. if his IP is 213.200.95.43, then do "pb_sv_banmask 213.200".

 

There are a couple of known vulnerabilities with even the 2.60b ETDED server. It has not been widely publicised for obvious reasons, and I'm not going to mention them here just yet. There is a fix however, and I'm currently looking into the most appropriate way of promulgating the information. Once I've done a couple of quick checks, I shall pm you the fix.

 

This patch should really be advertised openly so that server admins can patch, as was the case with 2.60b. The SGA forums should be an appropriate place to start doing this, but I'd like to check with the head PBBans chaps before I post.

 

If you really want to take things as far as possible, note that if this chap is crashing servers then it counts as a DOS attack, which is illegal (in most countries anyway). Do a WHOIS lookup and find the contact for reporting abuse. Follow guidelines on how to submit evidence to the ISP which they can then take forward. This can be a time-consuming business however, but you have this option if you wish to go down that road.

Link to comment
Share on other sites
yiorgos Contributor

yiorgos

Posted
  • Author
Posted

Thanks for the help. We are running ETpub with etadmin as well

We are currently contacting his provider as well and following that route as well.

I'll let you know if and how we sort it out and if there is a vulnerability involved

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.

  I accept