Jump to content
Sign in to follow this  
Relentless

Hack Attack On Server

Recommended Posts

Just wondering if there's any defense against this?

 

We've been attacked a number of times (10+) over the past week.

 

h4x0rdo1.jpg

Share this post


Link to post
Share on other sites
Just wondering if there's any defense against this?

 

We've been attacked a number of times (10+) over the past week.

 

h4x0rdo1.jpg

 

Whats the server address ?

Share this post


Link to post
Share on other sites

64.34.183.34:27960

 

Its streaming to PB. This is a screenshot we have of it. It's happened numerous other times in the past week as well.

Share this post


Link to post
Share on other sites

Its for W:ET.

 

What happens (as far as we can tell) is that someone connects with no GUID and begins to generate a lot of 'false' or 'bot' players. Each 'bot' has their hunkmegs cranked up all the way to try and crash the server. Also, we believe that they might be running RCON Brute Force hacking, but are not positive.

Share this post


Link to post
Share on other sites

Hi Relentless,

 

I think within your server.cfg file make it run an exe someone writes in C++ or Visual C++, and have that file check that each nick has an associated GUID# so that the first nick that doesn't have one, it bans the person by his CD key and GUID #. Also have each nick checked to see if it grows B 4 U let it go as you say, it is not going to violate anything with the original 1st signon, it is the growth nicks without GUID's

I used to be really sharp at Visual C++, if I was given TOO MUCH time and explained a little technical info that is fed as a person is signed on, I could do such a thing.

 

The program would not be that hard once had a full understanding of sign on process. I suppose I am wasting your time.

 

I always try to help and I know how badly you want a solution yesterday for this nice fellow but he is not going to just stick with you, he will hit others, this is a very serious issue.

 

Sorry for wasting your time,

Wolfman2008 :blink:

Share this post


Link to post
Share on other sites

Try a subnet ban.

 

If that fails, firewall ban (I believe |>B<| servers are hosted on your own dedicated machines and not rented from a GSP?)

Share this post


Link to post
Share on other sites

We have subnet bans on the, but they just avoid them. If we make them any bigger we lose some Regulars and Members.

 

Yes, we do own our own servers and host them at locations such as Server Beach, etc...

 

Problem is there, if we make the firewalls to block them, we wind up blocking Regulars/Members.

Share this post


Link to post
Share on other sites

What mod and version of ET? I am sorry. I believe there is no patch, or fix for this fake player bug which denies service. Unless you run etpro mod and use the combined fix lua.

See here. http://bani.anime.net/banimod/forums/viewtopic.php?t=6777

Please note they inform other mod makers!

" to fill up servers with bogus players"

 

I checked Luigi Auriemma's site. He also offers no patch. Although he does have a patch for RCON brute force. I would suggest you pressure the powers to be with the mod you are using. If the mod is no longer supported. I feel for ya.

 

Edit: If the mod makers went to etpro, and asked for help on the fix. They would probably help them.

Edited by EvilJohn

Share this post


Link to post
Share on other sites

We run an older version of ETPub, largely because the newer versions will cause MAX_GAMESTATE_CHARS more often (64 players).

 

Any chance there will be a PB update that will help fight this?

Share this post


Link to post
Share on other sites
We run an older version of ETPub, largely because the newer versions will cause MAX_GAMESTATE_CHARS more often (64 players).

 

Any chance there will be a PB update that will help fight this?

 

The question should be;

Any chance there will be a mod update that will help fight this? and should be directed at the mod makers.

Share this post


Link to post
Share on other sites

I'm just wondering, as the program I guess can run on ALL Quake3 based games.

Edited by Relentless

Share this post


Link to post
Share on other sites

ITs a really old bug, there already is fixes for it, the onyl one I know of is for etpro, its all ive used and its a .lua fix.

 

But I think there is a cvar you can set, that doesnt allow more then 1 player from the same IP connect.

 

This will fix it.

 

The .lua fix is called fakeplimit.lua I believe, and the exploit is something called q3 fake player bug or something.

 

Same bug for most q3 based games.

Share this post


Link to post
Share on other sites
But I think there is a cvar you can set, that doesnt allow more then 1 player from the same IP connect.

if there are 2 brothers who wanna play, they can't. do they all connect from the same IP? you said they're "bots" and normal "0" "bots" don't have an IP or?

Share this post


Link to post
Share on other sites

There is a way to limit the number of connections, but I can't remember if this was coded into certain mods, or even etadmin_mod.

 

Probably best to allow about 2-3 connections per IP address incase two players play from the same household.

Share this post


Link to post
Share on other sites
ETpub 0.8.x has a g_spoofOptions cvar

This is the only way to stop q3fill tool on an etpub server that I know of. The lua mod mentioned is for ETPro and works quite well, but this guy isn't asking about ETPro.

 

If you version of ETPub does not have g_spoofOptions then all I can tell you is to update. :(

Share this post


Link to post
Share on other sites
This is the only way to stop q3fill tool on an etpub server that I know of. The lua mod mentioned is for ETPro and works quite well, but this guy isn't asking about ETPro.

 

If you version of ETPub does not have g_spoofOptions then all I can tell you is to update. :(

 

 

This has been fixed in a beta version of etpub (open source btw)

 

You can find it here. But be warned "beta"

 

http://www.etpub.org/e107_plugins/forum/fo...topic.php?27638

 

http://www.etpub.org/e107_plugins/forum/fo...topic.php?27171

Share this post


Link to post
Share on other sites
This is the only way to stop q3fill tool on an etpub server that I know of. The lua mod mentioned is for ETPro and works quite well, but this guy isn't asking about ETPro.

 

If you version of ETPub does not have g_spoofOptions then all I can tell you is to update. :(

 

It would be nice if you/anyone can remove the tool name bec anyone can see what its being used and someone will use to harm other servers.

 

On the side note try nightly 9.1 has it has connection limit to 4 per IP. But as said its "nightly".

Share this post


Link to post
Share on other sites

I have 2 ET servers, one runs ETPro with the .lua combined fixes script.

 

The other server is NoQuarter which has the CVAR "ip_max_clients" available, which I've set to 3.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×

Important Information

By using this site, you agree to our Terms of Use.