Results 1 to 9 of 9

Thread: mohaa server hacked and crashed

  1. #1
    Junior Member
    Join Date
    Jun 2003
    Posts
    3

    mohaa server hacked and crashed

    i have a server running for medal of honor allied assault and recently some hacked it, got my rcon password and crashed my server...how did they go about doing this????

  2. #2
    Banned
    Join Date
    Apr 2003
    Posts
    3,839
    ok do you want us to tell you "How they crashed it" or "How you can secure it so it will not be crashed again"?

  3. #3
    Junior Member
    Join Date
    Jun 2003
    Posts
    3
    both would be nice

  4. #4
    Purveyor of Lather Syini666's Avatar
    Join Date
    Aug 2001
    Posts
    553
    The simple version: most likely they used some vulnerability found in the mohaa server to compromise and subsequently crash the machine. Without going through the logs on your server theres really no precise way to say exactly what they did. As for preventing it, keep the server up to date is the only real way to prevent such things from happening other than not running it. I might be wrong on this, but its my understanding that exploits for game servers arent as well covered as exploits and vulns in software like Apache, MySQL, and others, so it might take more work to track down fixes for the bugs, but the time invested will be worth it if you can keep people out and continue to enjoy playing.
    You're not your post count, You're not your avatar or sig, You're not how fast your internet connection is, You are not your processor, hard drive, or graphics card. You're the all-singing, all-dancing crap of AO
    09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0

  5. #5
    Junior Member
    Join Date
    Jun 2003
    Posts
    3
    if they are using a program..and i find out what it is i can hex edit it to see what is being done to hack the server and prevent it.

  6. #6
    Purveyor of Lather Syini666's Avatar
    Join Date
    Aug 2001
    Posts
    553
    Lobo8 > You wont be able to see what program they are running (if any) from their end but you might catch a glimpse into the server to see what is going on, but unless you are a master programmer its best left to those who are intimately familiar with the server source-code and how it functions.
    You're not your post count, You're not your avatar or sig, You're not how fast your internet connection is, You are not your processor, hard drive, or graphics card. You're the all-singing, all-dancing crap of AO
    09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0

  7. #7
    Banned
    Join Date
    Jul 2002
    Posts
    877
    Originally posted here by Lobo8
    if they are using a program..and i find out what it is i can hex edit it to see what is being done to hack the server and prevent it.
    Actually yes and no. If you have a hex editor and you somehow manage to find the same program out of the millions of other cheats and utilities out there you could maybe find out what it was coded in or maybe even study/edit a few of its strings & things but trainers, cheats, and crap mainly abuse packets and memory blocks. If you go pokeing around with your server not knowing what your doing then that'll just screw things up even worse...

  8. #8
    Now for the simple explanation:-

    The problem was your weak rcon password. They guessed it or brute-forced it. They then crashed the server by issuing the quit command. This can be prevented by using a longer password containing both numbers and letters. I admin game servers as well. I got my own clan server, and admin some RTCW servers for a well-known UK-based GSP, and have seen this happen before. Both RTCW and MOHAA use the same game engine, so commands are the same in both games, not counting the punkbuster extensions in wolfenstein...

  9. #9
    Senior Member RoadClosed's Avatar
    Join Date
    Jun 2003
    Posts
    3,834
    Yes, I too admin a game server. I agree the RCON password was most likely weak and they just guessed it. OR you have given it out to other admins and they compromised it by trying it out on another server where it was logged and then someone snatched it. I run into that very issue myself. If you didn't give it out then it was sniffed or brute forced etc. Hopefully you have a log or some record of the ip of the bastard who crashed the server. If you don't see repeated attempts as failed log ins, then he has your password through other methods I mentioned at first. If you don't see any logs, then it is perhaps a little more than a scripty or a very stealthy approach and he or she has a vandetta against you. Look at who you banned or flammed recently on the server, see if the IPs cross reference. I know these are a lot of "if"s but that's all I got on the info given.

    This is where backups come in handy, if you can't trace how he got in, what he did and be able to see what files where changed, then I would relaod the backup image or rebuild the server. That may be extreme in this case since it just sounds like he crashed the server out of spite (ah, look for logs in game of someone threatening to crash the server,I get those all the time and cross reference) and didn't do any damage, so at a minimum keep a closer eye for a while.

    ()Peace
    West of House
    You are standing in an open field west of a white house, with a boarded front door.
    There is a small mailbox here.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •