Server hack of Nov 8/9

View previous topic View next topic Go down

Server hack of Nov 8/9

Post  Ablationer on November 9th 2014, 4:30 am

At around 1 am today on Nov 9th, the server was most likely injected with a script to retrieve rcon access. It was probably done using the upload weakness left by the source engine upload system used to send sprays to servers, which still hasn't been fixed ever since it was first discovered years ago. Several people were banned, the server name was changed, but other than that, nothing else seems to have been fucked with. I say most likely because that would be the easiest and fastest way to do it, but I'm not entirely certain on it.

We have at least 2 suspects so far:
Baby Elephant
STEAM_0:0:97254312
http://steamcommunity.com/profiles/76561198154774352
Last seen banned by Daisuke (Alfonso) after saying: Fix the teams or else this server will be cancelled.

Shortly after that ban, someone joined for the first time:
aStonedPenguin
STEAM_0:1:57264173
http://steamcommunity.com/profiles/76561198074794075
He slayed everyone and then when everyone framed Zail for it, he banned him with the reason "admin abuse", with no one claiming to have done it. After that, everyone got banned at the same time with reason "bad server", except that guy, who left 5 seconds after the multi-ban.
He's had 3 vac bans and his last one was less than a month ago. His description also says that he can help with scripting but not making servers because he thinks that's retarded. Clearly he's done this before.

Again, these are only suspects, we have no concrete proof that these are the ones that did it.

What probably happened?
This only a guess, but in short, what seems to have happened is:
Baby Elephant joined, got killed a couple of times, got angry about it and made threats to shut down the server, which got him banned. Then, he called his script buddy in backup and told him to fuck with the server because it was such a bad server.
He joined, said hi there, then was led around by server greeters to be greeted properly. Then he tried his hand at using rcon commands to see if he could get away with it. First slaying everyone, then banning Zail, and then everyone else as well.


What can we do?
In short, not much.
There are plug-ins which help against the uploading or downloading of unallowed files, but most of them are obsolete and would have to be updated. I'd have to keep looking. And that's only IF that's how they did it, I'm not even sure it is, but like I said, it would be likely to be the case, given it's one of the oldest and easiest ways to do it.

What we can do however, is watch our fucking attitude. Honestly, I'm fairly sure that none of this would have happened if Daisuke didn't ban that Elephant kid. That's not to say we should let people threaten the server, but you have to understand that people like this purposely try to poke at the wasp's nest to get that exact reaction and then justify their actions using that same reaction they provoked in the first place. People like this have to be dealt with in a responsible and mature manner. You simply ignore their threats and give them the help they need as if it was asked normally. Now, I'm not saying you should give in to their demands, that would only make it look like threatening is the way to go. But I'm saying you should deal with this with a cool head and a sense of priorities.
Think of it as an hostage negotiation for example. You can't be aggressive with the guy because he might kill hostages, yet you can't give him what he wants because then that would reinforce his sense of control and he might just keep doing it or ask for more. What you have to do is defuse the scene in a neutral or friendly manner and try to get him to calm down and forget all about it.

In conclusion: Never provoke someone who threatens to hack the server, because even if 95% of it is BS without anything to back it up, you never know when it will be for real and they'll act because you gave them a reason to. For the time being, be extra lenient with rulebreakers. They might be trying to lure us into yet another hack. So just play it cool and be more permissive than you would normally be.

PS: If you're gonna post in this thread, don't post something retarded, this isn't a "lolol so funneh xD" kind of thread. I'll delete anything that's not constructive or related to this issue, thank you.


Last edited by Ablationer on November 20th 2014, 7:18 am; edited 4 times in total

_________________
avatar
Ablationer
AKA Bob Frenchman

Posts : 1261
Join date : 2012-05-27
Age : 28
Location : Canada

View user profile http://bobszrp.idfforum.com

Back to top Go down

aStonedPenguin

Post  The Original RaptorJesus on November 9th 2014, 7:43 am

I played on aStondPenguin's zs server before, he seemed like a nice guy, and I believe coded the server himself. If I remember, he was learning coding like LUA or something, I had forgot. But he did sometimes tell regular players this. So he has made his own server. However I've seen multiple cases where he has used scripts to demote people, ban people, and delete content from servers that I've played on. It's a off topic thing, but my personal opinion is to ban the guy's account from steam. I do know a few friends who did this before (couple of them know LUA coding I believe and others.), I could ask if they know aStonedPenguin and what he could've used in the situation. I could tell what the things are if they know, it could help the server protect against possible future incidents like this. I dunno.

_________________
Hide yo printers, hide yo bp, and hide yo selfs cuz Raptor's coming for dem

The Original RaptorJesus

Posts : 50
Join date : 2014-10-21

View user profile

Back to top Go down

Prevention

Post  Billy_ on November 9th 2014, 10:42 am

If we're going to prevent stuff like this from happening then we need to be careful, everyone has to be really nice and easy on the new guys. People flying around making derogatory remarks is normal to a lot of us, but to the new people who come from super immerse serious RP servers they might take offense to it. If there is a huge influx of players, maybe do an event? The new people need to be hooked from the beginning, if people like this server the chance of them hacking it is very slim.

When people threaten to hack the server:

There needs to be ONE STAFF, and I'm emphasizing that because we don't need 6 more staff hovering around the alleged hacker. Spectate if you need to, just don't badger the person because that might come off as threatening. Try to act extremely calm and laid back, then deal with it accordingly.

Billy_

Posts : 53
Join date : 2014-05-26
Age : 19
Location : United States of America

View user profile http://Burnie.com

Back to top Go down

Re: Server hack of Nov 8/9

Post  RoboReptile on November 9th 2014, 1:46 pm

This is a great lesson to all of us. Think of staff like customer support. You can never be rude or talking back even if they yell at you first. I've been warning staff about this for a while, and this happens.

_________________
Jesus RaptorJesus
avatar
RoboReptile

Posts : 937
Join date : 2013-01-02
Age : 17
Location : Behind you

View user profile

Back to top Go down

Re: Server hack of Nov 8/9

Post  The Dark Wolf on November 9th 2014, 2:36 pm

Personally i the staff shouldn't get too aggressive as bob said we shouldn't provoke someone who threatens the server. if we were less aggressive and sent one person on staff like billy said then we can most likely stop this from happening in the future and such.

but i have a question as well, what if it was a regular user who provoked this person? as i said above can stop staff from provoking a "Hacker" (ill use this term for now since it is unknown wither he used a program or acted alone for this) but what if a user says
"Hey you, Fuck off" For the Hacker threatening the server? what do we do then? you could gag the user but then the damage might have been done already.

I also like robos idea of "customer support" attitude for the staff but to be honest some staff might forget to act like that.
 So i think maybe we should make this a bit known for the staff and users by saying in-game " All staff and users should check this link [insert page link here] " you guys should also have a meeting so that even if the staff were not there at the time thy can still be aware of how bob said to not provoke someone who threatens the server.

                ~Sincerely, Dark Wolf
avatar
The Dark Wolf

Posts : 13
Join date : 2014-01-27
Age : 47
Location : A Chair

View user profile http://www.notareallink.com

Back to top Go down

Re: Server hack of Nov 8/9

Post  RoboReptile on November 9th 2014, 3:16 pm

The thing is, dark, that you sometimes never know if it's just a so-called "Regular User" or if it is a hacker or someone who knows a hacker.

Even if you're somehow 100% sure someone isn't a hacker, they can have friends who do this stuff. They might not even give a threat or warning.

_________________
Jesus RaptorJesus
avatar
RoboReptile

Posts : 937
Join date : 2013-01-02
Age : 17
Location : Behind you

View user profile

Back to top Go down

Re: Server hack of Nov 8/9

Post  Ablationer on November 20th 2014, 7:21 am

goddamnit again. wtf do they want?

i gotta note some shit down for later

aStonedPenguin (STEAM_0:1:41249453) 209.112.136.253:27005
GamingGunthor (STEAM_0:0:62391535) 73.12.104.34:27005
Syntality (STEAM_0:0:20785529) 66.69.137.64:27005
Acecool (STEAM_0:1:82770028) 209.112.136.253:27005

_________________
avatar
Ablationer
AKA Bob Frenchman

Posts : 1261
Join date : 2012-05-27
Age : 28
Location : Canada

View user profile http://bobszrp.idfforum.com

Back to top Go down

Re: Server hack of Nov 8/9

Post  RoboReptile on November 20th 2014, 10:29 am

Well since ddos is illegal and you have their IPs...Unless they have something to mask it or change it can't you report them in some way?

_________________
Jesus RaptorJesus
avatar
RoboReptile

Posts : 937
Join date : 2013-01-02
Age : 17
Location : Behind you

View user profile

Back to top Go down

Re: Server hack of Nov 8/9

Post  Ablationer on November 20th 2014, 3:24 pm

these are all masked anyway

_________________
avatar
Ablationer
AKA Bob Frenchman

Posts : 1261
Join date : 2012-05-27
Age : 28
Location : Canada

View user profile http://bobszrp.idfforum.com

Back to top Go down

Re: Server hack of Nov 8/9

Post  tomisord on November 23rd 2014, 6:38 am

Yet again today on the 23rd of november, we were attacked again, its obvious they want something done

tomisord

Posts : 21
Join date : 2013-10-02

View user profile

Back to top Go down

Re: Server hack of Nov 8/9

Post  Sponsored content


Sponsored content


Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum