Relentless Posted February 27, 2008 Share Posted February 27, 2008 So, I've got a question for the PB staff: If evidence (server logs) can be provided clearly showing that a player is attempting to (and successfully did) hack a server, is that enough to place a manual PB ban on said player? Two Bunker servers were attacked on the 25th by the same guy, one which he crashed. Is this a possibility, or out of the question? Quote Link to comment Share on other sites More sharing options...
foxdie Posted February 27, 2008 Share Posted February 27, 2008 You can ban anyone you want. Quote Link to comment Share on other sites More sharing options...
STA - DynoSauR Posted February 27, 2008 Share Posted February 27, 2008 You can of course ban them from your server but, it will not go onto the pbbans.com MBI. You can however report the user to their ISP and you can even take legal action against them. You need to make sure that they weren't using a proxy so that you can verify if it's really a known person but, the next question is how do you know that they hacked your server? Guessing the rcon? That's one of the major reasons that people upgraded to the latest version of your game to avoid a player from getting your rcon since previous versions of the game were vulnerable to getting that information if you didn't know how to hide it. There are other programs which are supposed to safeguard your server against someone being able to crash it. So you might want to look into one of those programs that would stop the Q3info boom attack. http://qmm.planetquake.gamespy.com/ is a program that is used to help stop such crashes. Quote Link to comment Share on other sites More sharing options...
=BLACKWOLF= Posted February 27, 2008 Share Posted February 27, 2008 The group of server's he's referencing are in .6b. Quote Link to comment Share on other sites More sharing options...
Relentless Posted February 28, 2008 Author Share Posted February 28, 2008 We have manually added them. We do run 2.6b (on all servers). We are currently attempting to take legal action against them (talking to their ISP atm). The attack they used has been posted here before: Connect with no GUID, and then generate lots of phony players (names like: SHD787SAK389WS) and attempt to hack the RCON attempting to crash the server. With a Shrubbot ban, everyone is banned (invalid ban entry - no GUID). Quote Link to comment Share on other sites More sharing options...
RoadWarrior Posted February 28, 2008 Share Posted February 28, 2008 If you've got commandline access, change the name of your server.cfg file to something only you'd know, and exec it via the commandline on your server. That will save you the issue of the player being able to download your server.cfg file and thus allow him to have your rcon pass. Quote Link to comment Share on other sites More sharing options...
Relentless Posted February 28, 2008 Author Share Posted February 28, 2008 If you've got commandline access, change the name of your server.cfg file to something only you'd know, and exec it via the commandline on your server. That will save you the issue of the player being able to download your server.cfg file and thus allow him to have your rcon pass. He doesn't have the password, he's attempting to bruteforce it using numerous random accounts that he generates once he connects. We went from 30/64 to 60/64 within minutes of him connecting, and once we were able to ban him via IP we were back to 30. Quote Link to comment Share on other sites More sharing options...
STA - DynoSauR Posted February 29, 2008 Share Posted February 29, 2008 (edited) I actually did look up your servers to see the version so I was a little curious about what means the hacker was using to try to gain access to your servers since I hadn't heard of that previously. Edited February 29, 2008 by STA - DynoSauR Quote Link to comment Share on other sites More sharing options...
=BLACKWOLF= Posted February 29, 2008 Share Posted February 29, 2008 There's a brute force password guesser about which will simply try all passwords. I.e. aa, ab, ac....ba, bb, bc etc until it guesses it correctly. Change your rcon password to one which has both upper and lower case characters, and preferably a number or two aswell. This means it'll take days for the program to obtain the password, and it's unlikely the hacker will wait for so long. Quote Link to comment Share on other sites More sharing options...
Relentless Posted March 1, 2008 Author Share Posted March 1, 2008 There's a brute force password guesser about which will simply try all passwords. I.e. aa, ab, ac....ba, bb, bc etc until it guesses it correctly. Change your rcon password to one which has both upper and lower case characters, and preferably a number or two aswell. This means it'll take days for the program to obtain the password, and it's unlikely the hacker will wait for so long. Our rcon is long, has numbers, upper case, lower case, etc... Trust me, we stream every server to PB, have some very smart anti-cheat experts/programmers, etc... The hack's effects: A player will connect with no GUID, and begin to generate numerous, false players with names composed of random numbers/letters. You can kick the false players as much as possible, but they keep regenerating. When you check the logs, you see that they are all attempting to brute-force RCON. Only way to stop it for the short-term (that we've found) is to Ban via IP. The problem with that, any hacker smart enough to do this can easily fake/get a new IP... Hence, is there anything PB and/or EB can do? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.