Hacker

[devn00b]

HAHAHAHA this is funny, many many moons ago i had found several such buffer overruns and other such nastys in the code and had fixed them, but because i was removed from the team, along with image, i kept them private.

I warned eqemu someday somone would use them for bad. Way to listen devs!

btw Linux isnt immune, or any more secure, just need a different shellcode, and an extra 10 seconds to exploit this.

[Angelox]

Well, I meant Linux is more secure in the sense that, when they do hack in, it will be as what ever username I run the EqEmu server under, and can't damage my whole machine.
As for my EqEmu server, I keep many back-ups for when someone does decide to screw me.
I don't really keep my own server on the public log in anyway, I'm content to play or do work alone on my MinI Login set up.
Since most interest is with the "preferred" servers, these will be the ones to have most of these problems; although the Preferred Servers listings have no meaning at all for the moment, they still are "eye candy" for anyone just logging into EqEmu - the casual player thinks he/she has a free ticket to a "preferred" server, that offers more, and go straight to play there. Just like anyone else, hackers need attention too- so they will spend most their time hacking into the populated "preferred" servers.
All the people who make new servers under the normal listing should probably lock it down and let players they know, come in and play.

[sdabbs65]

Quote:

Originally Posted by devn00b

HAHAHAHA this is funny, many many moons ago i had found several such buffer overruns and other such nastys in the code and had fixed them, but because i was removed from the team, along with image, i kept them private.
I warned eqemu someday somone would use them for bad. Way to listen devs!

Whats so funny about getting all you hard work trashed ?
and keeping all your work private is helpfull how ?
hmmm whatever.
They hit my server at least 3 times a night nowdays.
I long ago learned to backup everything at least once a day nowdays.
anyways if you find a fix for the DOS hacks let me know.
seems there tons of servers...IF NOT ALL OF THEM.. with this explot in them.
I would suggest tinyfirewall pro.... it lets you ban specific ip address's.
and basicly anything from .ru should be blocked out as they are nothing but spammers nowdays.

[Angelox]

Quote:

Originally Posted by sdabbs65

Whats so funny about getting all you hard work trashed ?
and keeping all your work private is helpfull how ?
hmmm whatever.
They hit my server at least 3 times a night nowdays.
I long ago learned to backup everything at least once a day nowdays.
anyways if you find a fix for the DOS hacks let me know.
seems there tons of servers...IF NOT ALL OF THEM.. with this explot in them.
I would suggest tinyfirewall pro.... it lets you ban specific ip address's.
and basicly anything from .ru should be blocked out as they are nothing but spammers nowdays.

didn't mean my work, just the server

[aneriel]

Quote:

Originally Posted by sdabbs65

Whats so funny about getting all you hard work trashed ?
and keeping all your work private is helpfull how ?
hmmm whatever.
They hit my server at least 3 times a night nowdays.
I long ago learned to backup everything at least once a day nowdays.
anyways if you find a fix for the DOS hacks let me know.
seems there tons of servers...IF NOT ALL OF THEM.. with this explot in them.
I would suggest tinyfirewall pro.... it lets you ban specific ip address's.
and basicly anything from .ru should be blocked out as they are nothing but spammers nowdays.

My sentiments exactly. I didn't go through all the effort, not only setting everything up, but the hours scouring these forums just to have someone, with nothing better to, try and bring my server down/corrupt my DB/do whatever it is they do.

At any rate, I've completely closed my system down as best I could. Turned on windows firewall, closed all ports, installed Symantec AV corp edition and spybot. We'll see what happens I suppose. Only thing that worries me is they've been in before which generally means I should be starting with a clean install.

[devn00b]

Firewalls wont stop this exploit, it comes over the same port as the server runs on, if your server is open to the public, your vulnerable.

Its not funny that you got hacked, i am sorry for that, What is funny however that i warned of this happening, and what would happen when someone with some talent checked shiz out, and started using this exploit.

When it comes to hard work there are very few people 'round here left that have put in as much work as I have. I was hours from giving the fixes to this when image and myself (senior developers mind you) where removed from the team. All the fixes are long gone now, nor do I have the desire to re-do them so some other security expert is going to have to do them. Oh wait, there aren't any real devs left....

Bravo Dev Team Bravo.

[oldlurker]

Quote:

Originally Posted by devn00b

When it comes to hard work there are very few people 'round here left that have put in as much work as I have. I was hours from giving the fixes to this when image and myself (senior developers mind you) where removed from the team. All the fixes are long gone now, nor do I have the desire to re-do them so some other security expert is going to have to do them. Oh wait, there aren't any real devs left....

So you are just posting to feed your ego?
From what I remember you and image(and I still think that you are one and the same people) got rightfully bootet from this project because of exactly this type of sh*t.

[devn00b]

This has nothing to do with me. This has everything to do with the fact that there has been a KNOWN exploit that gives a remote user access to the server pc, and nothing has been done about it at all.

This would be akin to say gaim, or even linux itself (both open source software) leaving exploits in their code for however long its been. Wouldn't you be upset? Wouldn't you be a little upset that a fix was there, but the ruling king decided hey we dont need the fix we'll boot the dev that has it, and let the exploit stay? Now i sit here seeing that my fears have come true...Forgive me for being a little upset...

As for my leaving the project, Doodman and image had a dispute, they kicked image, THEN myself. I had nothing to do with the original dispute.

here we go my log from my chat with doodman

Quote:

Session Start (cronikusgw:HLTHMSF): Mon Aug 23 19:43:54 2004
cronikusgw: -NickServ- Nickname devn00b is suspended and may not be used or identified for.
cronikusgw: see thats bullshit
cronikusgw: wtf did i ever do besides devote 4 years to the emulator
HLTHMSF: Hmm.. He claimed you were not banned.. Let me see.
cronikusgw: wtf ever.
cronikusgw: thats bullshit
HLTHMSF: Jesus.. let me check..
cronikusgw: there is no reason for me to EVER be suspended
cronikusgw: i did NOTHING
HLTHMSF: Fixed..
HLTHMSF: C'mon.. Someone suspended you . Dunno why.. But it's undone.
cronikusgw: it should never have been done
cronikusgw: nor my server delinked
cronikusgw: nor my admin removed again from the forums
cronikusgw: thats bullshit
HLTHMSF: Give me a chance..
cronikusgw: sure
HLTHMSF: I think people were concerned that with removing image, that he would go to you to unleash havoc on the rest of us. Which was obviously unfounded. But I think that is why that was done.. It was handled poorly, I agree.

So yeah i was removed because of "this shit". Please before you pretend to know something get it straight. As for us being the same people, think what you will, anyone realy in the know knows we arent the same people, hell we used to get on rogeans vent server and talk, so please...

//edit: keeping all my work private? haha 90% of my work is in the fucking emu base code, i kept my db private. And didnt release my exploit fix because i wasnt a developer here anymore, and i was banned from irc and the forums, because of what i posted above.

[Angelox]

I really don't understand what the point is here, or if there is a "point", how big it should be?
As far as I'm concerned, anyone who has ever done any small piece of code, or is doing any code work now, is a Dev, reguardless if they are part of any special "EgEmu Dev" group or not.
lately, I've become aggravated with the whole scene, due to lack of interest by the people who control what goes into the "official" code. But this has always been so, ever since I started in the EqEmu scene. Anyways, this last time around, I got so frustrated, I was not planning to post anymore of my stuff.
But really, this is no way to be - very few of us do any "public" work any more, and this is what keeps this "open source" project alive. I've always been against people who keep stuff to themselves and not publish what they do to these forums or to the source. when I started here, *no one* was doing anything: no updates to any database or nothing to the source. This didn't mean there was no one doing any work, just meant who ever was doing work, kept it to themselves (like what happens now).
What FNW or Doodman does or doesn't do, shouldn't really matter or hinder what YOU are doing - you have the source and everything else you need. They only hide the log in server code, but you could use the mini-login server, just the same, for public logins.
So far, all the ones who rant and criticize, have not shown me where I sould trust them with the "official" source code. Especially the guy who tried to hack into what little we have left and ruin it (you know who you are).
What a lot of us do not understand is, EqEmu *already* belongs to all of us, and we can do as we please with it.
So what fuck it up, hack it , ruin it so everyone gets screwed?
Anyways, I'm working on something I consider to be really big, it's a lot of work, so will take a while, but when I get done, I will post it for all of us to either share or keep it for youself and don't share at all.

[gernblan]

I need to say something:

You're willing to spend gobs of time fighting all sorts of problems running the emu server on an OS that the entire world knows has more holes than swiss cheese, yet you won't just sit down and put up a linux box and have a secure server once and for all?

I submit that you're spending (read: wasting) a lot more time struggling with windows security (especially since it doesn't exist--if Microsoft can't even lock down their own OS, what makes you think you can?) whereas you could just invest the time to learn how to do it right on Linux and be done with it.

[gernblan]

Quote:

Originally Posted by Angelox

lately, I've become aggravated with the whole scene, due to lack of interest by the people who control what goes into the "official" code. But this has always been so, ever since I started in the EqEmu scene. Anyways, this last time around, I got so frustrated, I was not planning to post anymore of my stuff.

I cannot agree with you more.

If they are going to control freak a GPL PROJECT like this, then they at least better be attentive to it.

If something is submitted, and it works, then it needs to get into the tree, NOW.

If they sit on it, then frankly, eqemu needs a fork. It's GPL, thus fair game for this.

The whole point of the GPL is to be able to share code changes freely and easily. If a certain set of people are making it frustrating and difficult to do so, then someone else who will get these fixes in becomes necessary.

While we're on the subject, I'd like to know who thought it was appropriate to originally license the LS code as GPL, then make it unavailable to anyone. Sorry, but you can't do that. And this isn't a copyright issue. You released it under a free license. You don't get to change your mind after the fact.

[sfisque]

this really begs the question though. if there is something exploitable, why is the patch not made available, regardless if it was rejected by any inner circle. by that argument, organizations like CERT shouldnt bother posting issues, because vendors like MS and others sometimes deny them or "scoff" at the danger rating.

== sfisque

[devn00b]

Because i was banned from the website, and the irc. After that ive gone through so many hard drives and shit the code just got lost. Again fault of the "devs" not mine

[EliseusKayne]

soo idk if dev is trying to help or prove something stupid or is butt hurt he was kicked? idk

[moydock]

Quote:

Originally Posted by EliseusKayne

soo idk if dev is trying to help or prove something stupid or is butt hurt he was kicked? idk

i'd say all of the above.