Hacker Problem

[aneriel]

Anyone else have any troubles with people hacking your server? Haven't even had mine up for a day and someone is already running DOS commands on my server. Any recomendations on keeping them out? I have to be able to remote access it as I don't have a monitor setup. It's a Windows Media Center pc as well.


Plus how do I lock my server down? And how do I ban accounts? I hate to already have to go to this, but putting with fucking hackers is not something I was setting up my server for.

Thanks in advance ..and sorry for the language, none too happy right now

[Angelox]

Probably, you are using a regular windows 98 or XP OS? I would suggest you set up a secure - Linux EqEmu server, as the windows version is very costly.
I didn't know it was so easy to hack in like that - are you sure you don't have any Trojans, Virus, Malware, etc?

[aneriel]

wish i had time to setup a linux server, but it took me a few days to get what I have up and running. The OS is basically XP, but the Media Center version. I'm installing anti-virus, spybot, etc right now. It's pretty much a fresh install so i didn't have all that going *smacks head*. we'll see what happens i suppose.

[aneriel]

If anyone knows what to do about IP addresses, I found this in my run command (along with some dos commands ..ftp included)

66.189.7.127

[Angelox]

Do you have a router? if so, shut all ports, void ones in use (shut ftp port too) - I know XP has a firewall, but I think router firewall is better (it's a hardware firewall), you can disable windows firewall if you have router firewall

[froglok23]

I've identify 87 places where it can be exploited. I don’t want to post exactly where they are, due to the potential security risk, but I am preparing a patch.

- froglok

[RangerDown]

The wiki used to have an article about securing a linux server. If the spambots haven't completely trashed it, you might want to check it out.

If you're running anything bigger than a private LAN server, perhaps the most important rule of thumb -- and this applies regardless of OS -- is don't run your server under the "root" account for linux OS's, or with administrator access on Windows systems. Run them under an account that has no more access than it absolutely needs to run the world/zone servers, and set permissions on your file system so that areas that hold your personal documents/items are off-limits to the account the emu server runs under.

(Edit: Ok, now I'm confused. I posted AFTER the two posts that follow this one, but it's located above Angelox's in the sequence. Maybe the clock was wrong and got moved back between their posts and mine...)

[Angelox]

aneriel, here's your new Hacker thread, sorry about the old one

[oldlurker]

To recap part of the old thread:

Shutting down ports will not help because the exploit is an buffer overflow inside the world or zone binaries.
Such an buffer overflow might allow the attacker to gain higher privileges inside the binary or even execute commands on the host system.

Normally the first step after such an attack is to get an trojan package from a remote site and execute it on the host system. This trojan will look for other exploitable holes on the system to gain superuser privileges and hide itself from detection.

Sad thing is most Linux systems are as vulnerable for these 'local root exploits' as the average windows system because not many people give a thought about securing their server or installing security fixes.

Unfortunately just looking around in the sourcecode until we find that exploit could be the proverbial search for a needle in a haystack. There are tools out there that can help with identifying potential security risks in your sourcecode but someone still has to interpret what is harmless and what not.

[image]

I notified Doodman of an authentication bug existant in the LoginServer and his reply was:
[11:22] <Doodman> It's completely new code.

Although I looked in the World Server and the same authentication exploit exists (in the 0.7.0 source).

[John Adams]

Image, all you can do is try... though it does cause one to lose faith if there is no interest in something that could be exploitable - maybeit is for a reason?

I imagine you posting your findings would single-handedly destroy every emulator on the LS, since the little haxXorZ would definitely use it to be the destructive little puke-faces they are.

[devn00b]

Lmao @ doodman.

man I hope somone exploits that bug and hacks all the servers connected to the login server. Maybe then the dev team will do somthing to fix stuff that needs to be fixed.

Saying "Its all new" is bull, and dissmissing it before he even looks at it is rather egotistical dont you think?

Anyone find one of the 30 remote command exploits yet?

[oldlurker]

So why don't you go ahead and disclose the exploit but not the fix? You definitely will get the attention of the devs then.
Or is there nothing to show and this is all about spreading FUD and feeling important?

Question to the Moderators: How many crap someone can produce till he gets a reprimand/ban?

[devn00b]

I could tell you where it was, but i dont remember I havent touched the emu source code since i was ejected from the team for knowing image irl. That isnt my job i no longer work on or support the emu in anyway. Would you still do work for a job that fired you for bullshit reasons? Sorry, wife kid, bong are all more important to me than some exploit. This is Doodman/Rogean/FNW's Job to find and fix this exploit, they are the Developers they are the ones in charge.

Image found a bug, reported it, and got brushed off.

Yes indeed how many times you gotta troll posts i make before you get banned.

[John Adams]

Quote:

Originally Posted by devn00b

Sorry, wife kid, bong are all more important to me than some exploit.

I certainly cannot argue with that.