Anyone else have any troubles with people hacking your server? Haven't even had mine up for a day and someone is already running DOS commands on my server. Any recomendations on keeping them out? I have to be able to remote access it as I don't have a monitor setup. It's a Windows Media Center pc as well.


Plus how do I lock my server down? And how do I ban accounts? I hate to already have to go to this, but putting with fucking hackers is not something I was setting up my server for.

Thanks in advance ..and sorry for the language, none too happy right now

Probably, you are using a regular windows 98 or XP OS? I would suggest you set up a secure - Linux EqEmu server, as the windows version is very costly.
I didn't know it was so easy to hack in like that - are you sure you don't have any Trojans, Virus, Malware, etc?

wish i had time to setup a linux server, but it took me a few days to get what I have up and running. The OS is basically XP, but the Media Center version. I'm installing anti-virus, spybot, etc right now. It's pretty much a fresh install so i didn't have all that going *smacks head*. we'll see what happens i suppose.

If anyone knows what to do about IP addresses, I found this in my run command (along with some dos commands ..ftp included)

66.189.7.127

Do you have a router? if so, shut all ports, void ones in use (shut ftp port too) - I know XP has a firewall, but I think router firewall is better (it's a hardware firewall), you can disable windows firewall if you have router firewall

I've identify 87 places where it can be exploited. I don’t want to post exactly where they are, due to the potential security risk, but I am preparing a patch.

- froglok

The wiki used to have an article about securing a linux server. If the spambots haven't completely trashed it, you might want to check it out.

If you're running anything bigger than a private LAN server, perhaps the most important rule of thumb -- and this applies regardless of OS -- is don't run your server under the "root" account for linux OS's, or with administrator access on Windows systems. Run them under an account that has no more access than it absolutely needs to run the world/zone servers, and set permissions on your file system so that areas that hold your personal documents/items are off-limits to the account the emu server runs under.

(Edit: Ok, now I'm confused. I posted AFTER the two posts that follow this one, but it's located above Angelox's in the sequence. Maybe the clock was wrong and got moved back between their posts and mine...)

aneriel, here's your new Hacker thread, sorry about the old one

To recap part of the old thread:

Shutting down ports will not help because the exploit is an buffer overflow inside the world or zone binaries.
Such an buffer overflow might allow the attacker to gain higher privileges inside the binary or even execute commands on the host system.

Normally the first step after such an attack is to get an trojan package from a remote site and execute it on the host system. This trojan will look for other exploitable holes on the system to gain superuser privileges and hide itself from detection.

Sad thing is most Linux systems are as vulnerable for these 'local root exploits' as the average windows system because not many people give a thought about securing their server or installing security fixes.

Unfortunately just looking around in the sourcecode until we find that exploit could be the proverbial search for a needle in a haystack. There are tools out there that can help with identifying potential security risks in your sourcecode but someone still has to interpret what is harmless and what not.

I notified Doodman of an authentication bug existant in the LoginServer and his reply was:
[11:22] <Doodman> It's completely new code.

Although I looked in the World Server and the same authentication exploit exists (in the 0.7.0 source).

Image, all you can do is try... though it does cause one to lose faith if there is no interest in something that could be exploitable - maybeit is for a reason? ;)

I imagine you posting your findings would single-handedly destroy every emulator on the LS, since the little haxXorZ would definitely use it to be the destructive little puke-faces they are. :)

Lmao @ doodman.

man I hope somone exploits that bug and hacks all the servers connected to the login server. Maybe then the dev team will do somthing to fix stuff that needs to be fixed.

Saying "Its all new" is bull, and dissmissing it before he even looks at it is rather egotistical dont you think?

Anyone find one of the 30 remote command exploits yet?

So why don't you go ahead and disclose the exploit but not the fix? You definitely will get the attention of the devs then.
Or is there nothing to show and this is all about spreading FUD and feeling important?

Question to the Moderators: How many crap someone can produce till he gets a reprimand/ban?

I could tell you where it was, but i dont remember I havent touched the emu source code since i was ejected from the team for knowing image irl. That isnt my job i no longer work on or support the emu in anyway. Would you still do work for a job that fired you for bullshit reasons? Sorry, wife kid, bong are all more important to me than some exploit. This is Doodman/Rogean/FNW's Job to find and fix this exploit, they are the Developers they are the ones in charge.

Image found a bug, reported it, and got brushed off.

Yes indeed how many times you gotta troll posts i make before you get banned.

Sorry, wife kid, bong are all more important to me than some exploit.
I certainly cannot argue with that. :)

So why don't you go ahead and disclose the exploit but not the fix? You definitely will get the attention of the devs then.
Or is there nothing to show and this is all about spreading FUD and feeling important?

Question to the Moderators: How many crap someone can produce till he gets a reprimand/ban?

Oldlurker I have to say you are a real thorn in peoples side, you really need to think before you post, all I have seen from you so far are rants and nothing constructive ever comes out of it. The information I released is very vague in terms of pinpointing any specific exploit. I will NOT release any proof of concept or fix to the public because then people who wish to exploit any eqemu server would have the information they need. I am not opening pandoras box on the whim like you would so blindly do.

lol, this thread went down fast, now we are back to the old thread. Just goes to show that you cant run from the problems, and they must be addressed no matter which way you turn.

Who's running from problems? I only thought we'd help the guy out with his problem. I know this is all aggravating, but this is a "General Support" forum, and we should try to stick to that. If it were a bunch of newbe shit, it would be different - easy to tell them to "shape up or ship out"- But you guys are mostly seniors to these forums. I got a lot of respect for someone who's been around here longer than me, and I'm sure all the new people look and admire what you have to say too.
So, what are we fighting about? It's not going to help or solve anything. I know it's not because everybody just wants to see what they see and not what the other sees. We all want everyone to think in our own terms, right?
So far, just about everything I've said comes back to me in the form of a giant, enema, and this thread has helped out just about as much as it can, so, other than continue another "roast the devs" thread, case closed.