| www.ClassicTW.com https://mail.black-squirrel.com/ |
|
| I've Been Hacked https://mail.black-squirrel.com/viewtopic.php?f=1&t=11086 |
Page 1 of 2 |
| Author: | CampusParty [ Mon Oct 07, 2002 10:06 am ] |
| Post subject: | |
Hello, Does anybody know how to stop people from hacking into your system? Is there a known exploit that would allow a person to invisibly enter T-Edit? Is there a fix??? Was playing the other night and all of a sudden all characters were removed from game. They happened sequentially player 1,2,3 etc. When checking the settings there is no evidence of a sysop connecting, other than me. I am running under NT using Black Ice Defender as my firewall. Help! |
|
| Author: | Rand [ Mon Oct 07, 2002 12:23 pm ] |
| Post subject: | |
Ok, first check the game logs to see if the players had timed out. (Was it about when extern would run?) Change you admin password to a secure password just in case you were hacked. Also you can restrict admin sessions to local only on the IP/List section of TWGS server configuration. (I the hacker has installed a trojan on your computer this won't stop him/her) I would also run a virus scan just to be sure. |
|
| Author: | CampusParty [ Mon Oct 07, 2002 1:03 pm ] |
| Post subject: | |
Hello, It did happen shortly after extern. The players didn't time out, and the deletions happened in sequence. I've changed the port and password. The black ice firewall should prevent any unauthorized break-in, though. Why the question about Extern? |
|
| Author: | Rave [ Mon Oct 07, 2002 4:45 pm ] |
| Post subject: | |
There are no known security vulnerabilities in TWGS at the moment. In fact, I can't remember there ever having been any vulnerabilities regarding the remote administration system. If you find out anything else that would indicate that there was a vulnerability being exploited please let me know. |
|
| Author: | -=sdragon=- [ Tue Oct 08, 2002 2:56 pm ] |
| Post subject: | |
I was asked to take a look at this thread. I am in the same boat as rave. As far as I know their is no security hole in the TWGS anywhere. So I would follow the advice given above, do a virus scan, change your admin password. Infact to be really sure change the admin port. Some advice, never use the same password in more then 1 spot espeacially admin passwords. Never use it as your password on another system because I have had run ins with dishonest sysops. Also dont leave the admin port open unless you really need it. Sorry I couldnt be more of a help. Keep us posted if things like this continue. Silver Dragon (SYSOP Hardcoded TWGS) |
|
| Author: | xblack_knightx [ Thu Oct 10, 2002 5:16 pm ] |
| Post subject: | |
quote:Originally posted by CampusParty Hello, Does anybody know how to stop people from hacking into your system? Is there a known exploit that would allow a person to invisibly enter T-Edit? Is there a fix??? Was playing the other night and all of a sudden all characters were removed from game. They happened sequentially player 1,2,3 etc. When checking the settings there is no evidence of a sysop connecting, other than me. I am running under NT using Black Ice Defender as my firewall. Help! "NT" I am assuming is Windows NT. Windows being the key word. Every windows OS save Windows 3.1/3.11 is buggy beyond belief. Chances are your NT box either deleted a registry for god knows whatever reason or the OS just farted in essence. Ive seen worse happen to my ME box. Also it is possible the harddrive could be to blame, its possible. But if a "hacker" was in your system you would have no OS to use. And yes, I can say I know what I speak. I took advantage of one of Windows 95's old exploits back in the day when someone spammed me on IRC. And if it was a trojan blackice would have a hissy fit and beep endlessly, I used that too awhile back.... until my bigfoot harddrive died. And just as a side note, if you use Bigfoot... replace it immediately. |
|
| Author: | CampusParty [ Fri Oct 11, 2002 7:30 pm ] |
| Post subject: | |
Hello, Yes Windows NT. Windows NT is Very stable and with the firewall I have in place it is quite secure. I isn't a missing file, it was most certainly a hack. I've changed tedit port and password and I've restricted access to tedit; only 2 ip's can connect. Though if it were a normal login through tedit I'd see it... something else is afoot. No viruses found. Hrumpf. Sven ---- |
|
| Author: | Rand [ Fri Oct 11, 2002 10:24 pm ] |
| Post subject: | |
What are the days until inactive users deleted set to in tedit ? Could it be that the users hadn't logged on for awhile ? |
|
| Author: | xblack_knightx [ Sat Oct 12, 2002 6:12 pm ] |
| Post subject: | |
quote:Originally posted by Rand What are the days until inactive users deleted set to in tedit ? Could it be that the users hadn't logged on for awhile ? That's a good point. Like I said earlier, if CampusParty was hax0red I doubt the damage would be so minimal. And whats the point in deleting every account? If it were me for instance I woulda done a super user. I hafta give Rand points for this point [:)]. |
|
| Author: | CampusParty [ Sat Oct 12, 2002 6:36 pm ] |
| Post subject: | |
The players were all active at the time it occured and the days to delete was set to 1. This all occured approximately 6 hours after the game opened. I am talking about a TWGS hack... from an angry player... the NT system may have been hacked; but there is no other evidence of invasion. It is certainly possible to locate the t-edit port and guess at the pw until you get in... but I'm wondering if anyone has ever seen t-edit modifications with no evidence of entry in the logs. But again, the access ports user name and pw have all been changed at this point. And the access is limited to 2 particular ip addys. |
|
| Author: | Taz [ Sun Oct 13, 2002 12:54 am ] |
| Post subject: | |
My thoughts.... You already said that this happened right after extern and also that you had days to delete set to 1. Is it possible that it deleted them at extern? I went to test this theory. I made a test game, logged on with 5 characters, and set my days to delete = 1. But since setting one game to days to delete = 1, all my games went to 1 (guess its a global setting). I was going to hit the extern button but didn't want to find out I was right and have everyone deleted. Maybe someone else out there has a setup they can test this on. BTW, IS days to delete a global setting? Like some of the other setting i.e. Max commands per cycle I notice if you change it on one game it changes it on all. Just throwing ideas in the wind! Taz's Underground |
|
| Author: | --drehmini-- [ Sun Oct 13, 2002 3:03 am ] |
| Post subject: | |
Ok, lemme put my 2 cents in (because i was a ex-h4X0R5) anyways sounds like maybe they were just only mad at the game and they were a novice player umm most new firewalls have a stealth ip feature that allows them to not be detected at all but TWGS should have logged the logging in... so therefore I would only change the Tedit prog. through the TWGS to local access only so they cannot log in anytime (but if you have multiple sysops) then i reccommend ummm.... have the game port set at i high number and the Tedit port set at a really low port number (ie.. telnet://dude.com:9999 telnet://myexample.com:1) <<--- as pointed also if you have a dynamic ip change one of them so that only the second can be used to login into Tedit remember this is just my 2-cents |
|
| Author: | Vid Kid [ Sun Oct 13, 2002 3:53 am ] |
| Post subject: | |
quote:Originally posted by CampusParty The players were all active at the time it occured and the days to delete was set to 1. This all occured approximately 6 hours after the game opened. I am talking about a TWGS hack... from an angry player... the NT system may have been hacked; but there is no other evidence of invasion. It is certainly possible to locate the t-edit port and guess at the pw until you get in... but I'm wondering if anyone has ever seen t-edit modifications with no evidence of entry in the logs. But again, the access ports user name and pw have all been changed at this point. And the access is limited to 2 particular ip addys. Take precausions with your admin port .. but your problem is the global feature .."Days till Delete" I set mine at 30 days others set it at 15 days or 60 days. If its set to 1 day , at the stroke of midnite and extern runs ..they get deleted. This is how you set it , its running fine if that is what you want. If not , then set it to 15 days or so ..if player doesnt come in 15 days , then after midnight and extern ..they will be gone. BTW the only hack way in I've seen or heard ..is a program (search your system for) Vixion .. delete it ..and its over [:)] Vid Kid |
|
| Author: | CampusParty [ Sun Oct 13, 2002 11:08 am ] |
| Post subject: | |
It was set to delete after one day... meaning one day of inactivity. All players were active when one by one they were deleted. Also all players in the other game on the same server were deleted... that game had been running for several months. I will search for Vixion |
|
| Author: | Taz [ Sun Oct 13, 2002 12:02 pm ] |
| Post subject: | |
Right!.... since setting your new game to 1 day delete, ALL games went to 1 day delete.... The days to delete is a Global setting (whatever you set it in one game, changes it in all). Also it is my belief that a setting of one is an unusable setting. I know the instructions say about one day of INACTIVITY, but it could be a glitch. To get the effect I think you wanted, you might have to set it to 2. Again though, in order to test to see if I am right, Someone with an inactive server, would have to make a game, log in with a few characters, change the setting of days to delete=1 , and activate extern (or wait till auto extern) and see if those few characters dissapear, Even though those players were active that day. This way you would know if it is just the setiing of 1 that did this, or if there is another problem (like being hacked)! Again..... just my thoughts! PS... Please someone out there that has TWGS installed just for strategy testing purposes try this out so I can see if I am right! Taz's Underground |
|
| Page 1 of 2 | All times are UTC - 5 hours |
| Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group http://www.phpbb.com/ |
|