Hello sysops, this is a warning to all sysops, I run zonealarm pro, i have a windows firewall up also.
this morning i was working at keys and just b4 8 am, i noticed a unknown user log to my twgs, so i spyed on the node and almost instantly saw this unknown user enter the editor and start running active player info.
i instantly banned this ip and rebooted the twgs system.
this is the ip# if anyone has any information on this plz reaspond here asap.!!!

IP was 216.12.58.147

This is what I could dig up Zen...
I don't have a record of this IP on my system.  I wish there was a way to track IP's of thos logging in, without having to scan the logs, and write them down
IP address: 216.12.58.147
Host name: 216-12-58-147.access.ntelos.net
216.12.58.147 is from United States(US) in region North America
Retrieving DNS records for 216-12-58-147.access.ntelos.net...
DNS servers
ns1.ntelos.net [216.12.0.7]
ns2.ntelos.net [209.145.84.130]
 
Answer records
216-12-58-147.access.ntelos.net 1 A 216.12.58.147 86400s
Authority records
access.ntelos.net 1 NS ns2.ntelos.net 3600s
access.ntelos.net 1 NS ns1.ntelos.net 3600s
Additional records
ns1.ntelos.net 1 A 216.12.0.7 3600s
ns2.ntelos.net 1 A 209.145.84.130 3600s
216.12.58.147 is from United States(US) in region North America

whois query for 216.12.58.147...
Results returned from whois.arin.net:
Ntelos Inc. NTELO-BLK-1 (NET-216-12-0-0-1)
                                     216.12.0.0 - 216.12.127.255
CFW Network - Access c4s10-c5s CFW-216-12-58 (NET-216-12-58-0-1)
                                     216.12.58.0 - 216.12.58.255
# ARIN WHOIS database, last updated 2007-05-24 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.
Results returned from whois.arin.net:

OrgName:    CFW Network - Access c4s10-c5s
OrgID:      CNAC-9
Address:    401 Spring Lane
City:       Waynesboro
StateProv:  VA
PostalCode: 22980
Country:    US
NetRange:   216.12.58.0 - 216.12.58.255
CIDR:       216.12.58.0/24
NetName:    CFW-216-12-58
NetHandle:  NET-216-12-58-0-1
Parent:     NET-216-12-0-0-1
NetType:    Reassigned
NameServer: NS.CFW.COM
NameServer: NS4.CFW.COM
Comment:   
RegDate:    1999-12-23
Updated:    1999-12-23
RTechHandle: DNS56-ORG-ARIN
RTechName:   Domain Name Services
RTechPhone:  +1-540-946-2638
RTechEmail:  ns@ntelos.net">dns@ntelos.net

Good work RP!

Also as a note to other sysops, whenever an upgrade is added to your twgs, the admin pw is reset to the default pw, this is how this user got access.
additional if you look on the ip area of the configuration part of the twgs you can set admin access to local only, this is advised for all sysops who do not have any game ops telneting to there admin ports.

The above information was supplied by Sage , Sysop of UltimateTW.com

THnaks Zen.  I was just going to mention or ask that of RP as that had happened a couple years ago to me and i hadn't noticed that it changes to admin.  What a mess i had.  I will run a search on that IP when i get home tonight or tomorrow and see if i can come up with a match.  Be nice to corner this person and tell he he is not wanted.  We have just learned in the last few weeks what happens when something is hacked.

You might also want to edit your router setup. (if you have one) Don't allow access to the port you use to edit games with from the outside. Special ports like 2002 have to be specifically applied as TCP type settings users have access to from the outside. There are other advantages to using routers, one of which is another password they would have to crack to get into your board. They make routers with mega speed capabilities these days. Might be a good idea to set one up even if your server machine is the only one you have.

Both are good suggestions.
If you are going to have your admin port open, change it to something else and make sure the password is changed.
It was a good catch you made Zentock!

Also, Zen, I would let your players know that their passwords might be compromised. Some players use the same passwords for multiple TWGS, and if that person was fishing for usernames and passwords, they might be able to exploit that on another server.

Good job being on the ball and catching this guy.
RP, I'll chat with you later about digging through this guy's IP.

OK everyone, the user who "hacked" my twgs has fessed up, and been identified, however i am not going to publicly name the person, but i am going to post there reasoning for the "hack".

This user decided to play on my twgs, but this user does the port 2003, and port 513, admin port, default admin pw check before joining the sites games to determine if the site is safe to play on.

i didnt get the follow up report from this user till 5:30 pm today, and i have been discussing it with them via icq.

i am satisfied that this was not a "hack" with the intent to do harm or cheat, that this was a security test that i failed .

however i understand the users intention and i will now do the same thing myself before i join any new servers.
however i will contact the sysop asap rather then wait 9 hrs. Which if i had been contacted then, this topic would have been alot different.

Thank you to Runaway Proton, Aileron and to Sage for there prompt responses and the information supplied to assist with this issue.
And thank you to Oso, the area moderator for his input also. : )

Good going all, and hope things finally get the way we all want TW to be, good work all on it all, and glad to hear it was not a serious transgression. But still I would let others know their passwords may have been compromised, just in case.

Ok i can understand checking the admin port (i guess) ( kinda like A Bank Robber getting caught and saying he wanted to see how secure his money was before he deposited it)  However you stated 
"  I noticed a unknown user log to my twgs, so i spyed on the node and almost instantly saw this unknown user enter the editor and start running active player info. i instantly banned this user "
 
So i guess if he was just checking to see if it was secure WHY pray tell, Would he be running active player info??? there is NO excuse for that is there?
Please id this guy to the rest of the sysops and game ops.
 
 

That's what I was thinking.  He either accessed tedit or he didn't.  If he actually accessed tedit and there was a password set, then that by definition is a hack, and he was probably up to no good.

Well i noticed this person also tried to log into my admin port.  I really don't trust anyone that does that.  I do know his game name but not familiar with it. He goes but "ac" least on my server.
 

Any one who tries to access the admin port on my server gets banned permanently. That should let them know my twgs is secure, then they can tell their friends.

The days of passing off hack attempts as security checks are just lame excuses for when they get caught and went out with main frames.

Cerne

Laff, of course it's easy to mistype port numbers... I've done it more than once. So paranoia is one thing, but senseless paranoia...

While it is easy to mistype a port number, it is harder to mistype your way into TEDIT...

I want to know who it was too.

I use 513, not 2003.