So, I've got a question for the PB staff:
If evidence (server logs) can be provided clearly showing that a player is attempting to (and successfully did) hack a server, is that enough to place a manual PB ban on said player? Two Bunker servers were attacked on the 25th by the same guy, one which he crashed.
Is this a possibility, or out of the question?
Welcome to PBBans
 |
Welcome to PBBans, like most online communities you must register to view or post in our community, but don't worry this is a simple free process that requires minimal information for you to signup. Be apart of PBBans by signing in or creating an account.
|
Guest Message by DevFuse
1
Manual Bans?Question
Started by Relentless, Feb 27 2008 03:36
9 replies to this topic
#2
-
- Retired Staff
-
-
Reputation: 11On a distinguished road
- 3.763 berichten
Santa Claus
- Gender:Male
- Location:Slovak Republic
Geschrieben Feb 27, 2008 - 03:53
You can ban anyone you want.
#3
-
- League Admin
-
-
Reputation: 3A step in the right direction
- 66 berichten
Normal User
- Gender:Male
- Location:Columbia, TN
Geschrieben Feb 27, 2008 - 05:15
You can of course ban them from your server but, it will not go onto the pbbans.com MBI. You can however report the user to their ISP and you can even take legal action against them. You need to make sure that they weren't using a proxy so that you can verify if it's really a known person but, the next question is how do you know that they hacked your server? Guessing the rcon? That's one of the major reasons that people upgraded to the latest version of your game to avoid a player from getting your rcon since previous versions of the game were vulnerable to getting that information if you didn't know how to hide it. There are other programs which are supposed to safeguard your server against someone being able to crash it. So you might want to look into one of those programs that would stop the Q3info boom attack. http://qmm.planetquake.gamespy.com/ is a program that is used to help stop such crashes.
#4
-
- Members
-
-
Reputation: 8A step in the right direction
- 2.857 berichten
Retired Staff
- Gender:Male
- Location:UK
- XFire:o1onightmare
Geschrieben Feb 27, 2008 - 05:59
The group of server's he's referencing are in .6b.
#5
-
- Members
-
-
Reputation: 0None
- 35 berichten
Normal User
- Gender:Male
- XFire:aerler
Geschrieben Feb 28, 2008 - 03:05
We have manually added them.
We do run 2.6b (on all servers).
We are currently attempting to take legal action against them (talking to their ISP atm).
The attack they used has been posted here before: Connect with no GUID, and then generate lots of phony players (names like: SHD787SAK389WS) and attempt to hack the RCON attempting to crash the server. With a Shrubbot ban, everyone is banned (invalid ban entry - no GUID).
We do run 2.6b (on all servers).
We are currently attempting to take legal action against them (talking to their ISP atm).
The attack they used has been posted here before: Connect with no GUID, and then generate lots of phony players (names like: SHD787SAK389WS) and attempt to hack the RCON attempting to crash the server. With a Shrubbot ban, everyone is banned (invalid ban entry - no GUID).
#6
-
- Retired Staff
-
-
Reputation: 80Will become famous
- 3.549 berichten
Normal User
- Gender:Male
- Location:Canada
Geschrieben Feb 28, 2008 - 03:13
If you've got commandline access, change the name of your server.cfg file to something only you'd know, and exec it via the commandline on your server. That will save you the issue of the player being able to download your server.cfg file and thus allow him to have your rcon pass.
#7
-
- Members
-
-
Reputation: 0None
- 35 berichten
Normal User
- Gender:Male
- XFire:aerler
Geschrieben Feb 28, 2008 - 03:20
RoadWarrior, op Feb 28th 2008, 01:13 PM, zei:
If you've got commandline access, change the name of your server.cfg file to something only you'd know, and exec it via the commandline on your server. That will save you the issue of the player being able to download your server.cfg file and thus allow him to have your rcon pass.
He doesn't have the password, he's attempting to bruteforce it using numerous random accounts that he generates once he connects.
We went from 30/64 to 60/64 within minutes of him connecting, and once we were able to ban him via IP we were back to 30.
#8
-
- League Admin
-
-
Reputation: 3A step in the right direction
- 66 berichten
Normal User
- Gender:Male
- Location:Columbia, TN
Geschrieben Feb 28, 2008 - 11:12
I actually did look up your servers to see the version so I was a little curious about what means the hacker was using to try to gain access to your servers since I hadn't heard of that previously.
Dieser Beitrag wurde von STA - DynoSauR bearbeitet: Feb 28, 2008 - 11:13
#9
-
- Members
-
-
Reputation: 8A step in the right direction
- 2.857 berichten
Retired Staff
- Gender:Male
- Location:UK
- XFire:o1onightmare
Geschrieben Feb 29, 2008 - 04:14
There's a brute force password guesser about which will simply try all passwords. I.e. aa, ab, ac....ba, bb, bc etc until it guesses it correctly.
Change your rcon password to one which has both upper and lower case characters, and preferably a number or two aswell. This means it'll take days for the program to obtain the password, and it's unlikely the hacker will wait for so long.
Change your rcon password to one which has both upper and lower case characters, and preferably a number or two aswell. This means it'll take days for the program to obtain the password, and it's unlikely the hacker will wait for so long.
#10
-
- Members
-
-
Reputation: 0None
- 35 berichten
Normal User
- Gender:Male
- XFire:aerler
Geschrieben Feb 29, 2008 - 10:29
=BLACKWOLF=, op Feb 29th 2008, 01:14 AM, zei:
There's a brute force password guesser about which will simply try all passwords. I.e. aa, ab, ac....ba, bb, bc etc until it guesses it correctly.
Change your rcon password to one which has both upper and lower case characters, and preferably a number or two aswell. This means it'll take days for the program to obtain the password, and it's unlikely the hacker will wait for so long.
Change your rcon password to one which has both upper and lower case characters, and preferably a number or two aswell. This means it'll take days for the program to obtain the password, and it's unlikely the hacker will wait for so long.
Our rcon is long, has numbers, upper case, lower case, etc... Trust me, we stream every server to PB, have some very smart anti-cheat experts/programmers, etc...
The hack's effects: A player will connect with no GUID, and begin to generate numerous, false players with names composed of random numbers/letters. You can kick the false players as much as possible, but they keep regenerating. When you check the logs, you see that they are all attempting to brute-force RCON.
Only way to stop it for the short-term (that we've found) is to Ban via IP. The problem with that, any hacker smart enough to do this can easily fake/get a new IP...
Hence, is there anything PB and/or EB can do?
1 Besucher lesen dieses Thema
Mitglieder: 0 | Gäste: 1 | Anonyme Mitglieder: 0
