-
July 10th, 2003, 07:27 AM
#1
Junior Member
mohaa server hacked and crashed
i have a server running for medal of honor allied assault and recently some hacked it, got my rcon password and crashed my server...how did they go about doing this????
-
July 10th, 2003, 07:59 AM
#2
ok do you want us to tell you "How they crashed it" or "How you can secure it so it will not be crashed again"?
-
July 10th, 2003, 08:11 AM
#3
Junior Member
-
July 10th, 2003, 08:17 AM
#4
The simple version: most likely they used some vulnerability found in the mohaa server to compromise and subsequently crash the machine. Without going through the logs on your server theres really no precise way to say exactly what they did. As for preventing it, keep the server up to date is the only real way to prevent such things from happening other than not running it. I might be wrong on this, but its my understanding that exploits for game servers arent as well covered as exploits and vulns in software like Apache, MySQL, and others, so it might take more work to track down fixes for the bugs, but the time invested will be worth it if you can keep people out and continue to enjoy playing.
You're not your post count, You're not your avatar or sig, You're not how fast your internet connection is, You are not your processor, hard drive, or graphics card. You're the all-singing, all-dancing crap of AO
09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
-
July 10th, 2003, 08:21 AM
#5
Junior Member
if they are using a program..and i find out what it is i can hex edit it to see what is being done to hack the server and prevent it.
-
July 10th, 2003, 08:40 AM
#6
Lobo8 > You wont be able to see what program they are running (if any) from their end but you might catch a glimpse into the server to see what is going on, but unless you are a master programmer its best left to those who are intimately familiar with the server source-code and how it functions.
You're not your post count, You're not your avatar or sig, You're not how fast your internet connection is, You are not your processor, hard drive, or graphics card. You're the all-singing, all-dancing crap of AO
09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
-
July 10th, 2003, 08:41 AM
#7
Originally posted here by Lobo8
if they are using a program..and i find out what it is i can hex edit it to see what is being done to hack the server and prevent it.
Actually yes and no. If you have a hex editor and you somehow manage to find the same program out of the millions of other cheats and utilities out there you could maybe find out what it was coded in or maybe even study/edit a few of its strings & things but trainers, cheats, and crap mainly abuse packets and memory blocks. If you go pokeing around with your server not knowing what your doing then that'll just screw things up even worse...
-
July 10th, 2003, 07:34 PM
#8
Now for the simple explanation:-
The problem was your weak rcon password. They guessed it or brute-forced it. They then crashed the server by issuing the quit command. This can be prevented by using a longer password containing both numbers and letters. I admin game servers as well. I got my own clan server, and admin some RTCW servers for a well-known UK-based GSP, and have seen this happen before. Both RTCW and MOHAA use the same game engine, so commands are the same in both games, not counting the punkbuster extensions in wolfenstein...
-
July 10th, 2003, 08:11 PM
#9
Yes, I too admin a game server. I agree the RCON password was most likely weak and they just guessed it. OR you have given it out to other admins and they compromised it by trying it out on another server where it was logged and then someone snatched it. I run into that very issue myself. If you didn't give it out then it was sniffed or brute forced etc. Hopefully you have a log or some record of the ip of the bastard who crashed the server. If you don't see repeated attempts as failed log ins, then he has your password through other methods I mentioned at first. If you don't see any logs, then it is perhaps a little more than a scripty or a very stealthy approach and he or she has a vandetta against you. Look at who you banned or flammed recently on the server, see if the IPs cross reference. I know these are a lot of "if"s but that's all I got on the info given.
This is where backups come in handy, if you can't trace how he got in, what he did and be able to see what files where changed, then I would relaod the backup image or rebuild the server. That may be extreme in this case since it just sounds like he crashed the server out of spite (ah, look for logs in game of someone threatening to crash the server,I get those all the time and cross reference) and didn't do any damage, so at a minimum keep a closer eye for a while.
()Peace
West of House
You are standing in an open field west of a white house, with a boarded front door.
There is a small mailbox here.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|