Post by hladgunnr on Sept 24, 2007 6:46:42 GMT -5
Greetings Elite Rifles Clan,
I want to express my thanks to one of your clan members. Last night one of your members appeared on our servers after we suffered another Plutoniumserver hacker banning everyone. Identified as member ~El!te:.Lt.Premium, he or she let us know that you guys had also just been hacked. Thanks to Lt. Premium, I was able to find a similar person on our servers during the time our server was compromised by searching through our server log. "Noob" was the only person left on our server once the bans were activated. These two pieces of information convinced me that "Noob" was the right person to ban.
Here is the information I gleaned:
1224202 noob
The other names that have appeared with that guid are:
^2'^7sP^2|^7Srm^2.^7Defa^2u^7lt
^1'^9sP^1|Srm.^9Glitch
^^99'^^77sP^^99|Srm.^^77Glitch
^^99'^^00sP^^99|Srm.^^00Equinix
A quick run through of our logs indicates that sP|Srm. also recruits for the clan iPx~ Clan (that's his old clan I believe) . Hopefully that will help you guys sort out anymore bad guys. The last two players left on the server with "noob" were:
1404539 ^1<^7.:EK:.^1>^9.^1D^7uck|ldr
1633615 [MOK] Col.Farrow
If these two players were also present when your server crashed, please let me know. For all I know, this hacking is a team effort. We've also disabled downloading on our plutionium server to protect against the flaw in the game engine that allows people to get our server passwords.
The only other thing I'd like to add is this snip from a forum that I read back when we were first ban hacked a little over a week ago.
------------------------------------------------
Q: DOES ANYONE KNOW PERSON INGAME NAME an innocent bystander
HES GOIN IN MY SERVER SCREWING IT UP MAKIN PLYERS RUN REALLY FAST CHANGING MAPS SHUTTING MY SERVER DOWN ASWELL DONT KNOW HOW HELL DO THAT BUT DOIN IT IN OTHER SERVERS TO WHO EVER IT IS PLZZ DONT DO IT IN MINE
DONT DO THAT SCREW PEOPLES SERVERS UP SHUT SERVER DOWN ETC MIGHT NOT EVEN BE ANYONE IN HERE JUST SAYIN LIKE
A: He's probably using the CL_BeginDownload exploit, I made my own version of it and managed to get the rcon password from a CoD 2 server before.
You've just got to make sure your rcon password isn't in your config_mp.cfg file for your server. If you're running a mod then you need to check your mod folder for the appropriate config_mp.cfg file.
Q: my pass word is in game fs folder file name server.cfg so wot can i do to sort this out
A Ok I have no idea about setting up servers seeing as I've never done it, but basically...you need to put the server's config file either in a different folder to the IWD files that are loaded on the server (because the location of the IWD files is the location of the files that are possible to download from a server...and you don't want your config file being accessible to download), or take out your password from the config file and just write it in (if you have access to be able to do so).
------------------------------------------------
Hopefully this information is useful to you guys. Let me know if you want me to check up on any other potential server hackers within our server log. I co-admin our Rifles server with Doc Phil just so you know I'm legit.
Thanks again Elite clan and ~El!te:.Lt.Premium for sharing information with us. It was very helpful.
Sincerely,
-=USAF=- Colonel Hladgunnr
P.S. Please add me as a contact in your xfire. Thanks xfire = hladgunnr
I found more "info" from the first hack but I don't want to repost.
I want to express my thanks to one of your clan members. Last night one of your members appeared on our servers after we suffered another Plutoniumserver hacker banning everyone. Identified as member ~El!te:.Lt.Premium, he or she let us know that you guys had also just been hacked. Thanks to Lt. Premium, I was able to find a similar person on our servers during the time our server was compromised by searching through our server log. "Noob" was the only person left on our server once the bans were activated. These two pieces of information convinced me that "Noob" was the right person to ban.
Here is the information I gleaned:
1224202 noob
The other names that have appeared with that guid are:
^2'^7sP^2|^7Srm^2.^7Defa^2u^7lt
^1'^9sP^1|Srm.^9Glitch
^^99'^^77sP^^99|Srm.^^77Glitch
^^99'^^00sP^^99|Srm.^^00Equinix
A quick run through of our logs indicates that sP|Srm. also recruits for the clan iPx~ Clan (that's his old clan I believe) . Hopefully that will help you guys sort out anymore bad guys. The last two players left on the server with "noob" were:
1404539 ^1<^7.:EK:.^1>^9.^1D^7uck|ldr
1633615 [MOK] Col.Farrow
If these two players were also present when your server crashed, please let me know. For all I know, this hacking is a team effort. We've also disabled downloading on our plutionium server to protect against the flaw in the game engine that allows people to get our server passwords.
The only other thing I'd like to add is this snip from a forum that I read back when we were first ban hacked a little over a week ago.
------------------------------------------------
Q: DOES ANYONE KNOW PERSON INGAME NAME an innocent bystander
HES GOIN IN MY SERVER SCREWING IT UP MAKIN PLYERS RUN REALLY FAST CHANGING MAPS SHUTTING MY SERVER DOWN ASWELL DONT KNOW HOW HELL DO THAT BUT DOIN IT IN OTHER SERVERS TO WHO EVER IT IS PLZZ DONT DO IT IN MINE
DONT DO THAT SCREW PEOPLES SERVERS UP SHUT SERVER DOWN ETC MIGHT NOT EVEN BE ANYONE IN HERE JUST SAYIN LIKE
A: He's probably using the CL_BeginDownload exploit, I made my own version of it and managed to get the rcon password from a CoD 2 server before.
You've just got to make sure your rcon password isn't in your config_mp.cfg file for your server. If you're running a mod then you need to check your mod folder for the appropriate config_mp.cfg file.
Q: my pass word is in game fs folder file name server.cfg so wot can i do to sort this out
A Ok I have no idea about setting up servers seeing as I've never done it, but basically...you need to put the server's config file either in a different folder to the IWD files that are loaded on the server (because the location of the IWD files is the location of the files that are possible to download from a server...and you don't want your config file being accessible to download), or take out your password from the config file and just write it in (if you have access to be able to do so).
------------------------------------------------
Hopefully this information is useful to you guys. Let me know if you want me to check up on any other potential server hackers within our server log. I co-admin our Rifles server with Doc Phil just so you know I'm legit.
Thanks again Elite clan and ~El!te:.Lt.Premium for sharing information with us. It was very helpful.
Sincerely,
-=USAF=- Colonel Hladgunnr
P.S. Please add me as a contact in your xfire. Thanks xfire = hladgunnr
I found more "info" from the first hack but I don't want to repost.