hey, i'm running soldatserver 1.2.1 dedicated on linux.

now there is a guy who had hacked my soldatserver. after i changed the adminpassword he did it again.

last piece of log:
[code]
69.179.160.81:62618 requesting game...
Sniper Man joining game (69.179.160.81:62618)
Sniper Man has joined bravo team.
[Sniper Man] i will hack this server
[super_ik] why?
Runtime error 0 at BF1FFAD8
Admin connected.
/ban 1
has been kicked and permanently banned
/ban 2
has been kicked and permanently banned
/ban 3
/ban 4
/ban 5
/ban 6
[/code]
what to do now? i still want to run soldatserver, but this guy hacked is within a minute.

WOWOWOW! I had never heard of something like this beeing posible, i strongly recommend to install a firewall on a server, like ZoneAlarm or so...

well u got his ip? o.0

I know who sniper man is. Hes another one of 3nesc3's lackys.

i got his ip, its in my post: 69.179.160.81, zonealarm wont run on a linux server and has nothing to do with this i think. I think he uses a soldat bug or sow to do this.

mancer: who are the 3nesc3's ?

Well, his isp is centurytel.net

Send an email with the logs to abuse@centurytel.net or call the 'abuse-phone' at +1-800-809-1410.

-EDIT-

3nesce is just one guy who made a few hacks for soldat.

I have informed FliesLikeABrick about this, and Michal Marcinkowski has been notified of this bug.

All servers that use the following versions are vulnerable... Michal this really needs to be fixed... Me, nightcabbage and Silk had an encounter with "Sniper Man" today, his IP is static.

-
2.2.0
2.2.1
2.2.2
2.2.3
2.2.4
-

I was quite amused when this noob came into my server and 'hijacked' it... he said to me
"I CAN SEE STUFF NO ONE ELSE IS MEANT TO SEE!"
then I said
"What can you see exactly?"
the he said
"I CAN SEE PEOPLE REQUESTING THE GAME!!!"

Nuff' said...

Download link for the only secure version: http://www.soldat.pl/downloads/soldatserver220.zip Scratch that, 2.2.0 is vulnerable aswell.

And no, this noob is not one of my "lackies"...

And you guys question why I still release trainers? Once again, you ban my account for HELPING. Pretty sad...

you get banned for creating trainers....and you create trainers because you are banned....who started this chain of events?

Show me you want to _really_ help by taking all your trainer downloads offline and put up a public apollogy to all Soldat players out there for the trouble you have caused to server ops, clan players and anyone who has tried to enjoy a 'fair' game of Soldat online.

Until then /ban

Hmph, let's not turn this into a hacker discussion (Deleted unhelpful, off-topic replies :<)

As far as I know, this vulnerability only works on Linux servers. I don't think there is a way to deal with this, besides getting an auto-restart script, such as tank's server fix, although I'm not sure it will work since I've only used it to detect crash messages.

I don't think I got the mail, send me it again. 2.2.0 is not secure.

Hi all!
i'm running soldat server 1.2.1 dedicated on linux too.
...and Sniper Man is the same hacker for my server:

[code]Sniper Man joining game (69.179.160.81:62651)
Sniper Man has joined bravo team.
[Sniper Man] i will hack this server
[...]
Admin connected.
has been kicked and permanently banned
has been kicked and permanently banned
has been kicked and permanently banned
xxx.xxx.xxx.xxx:3708 requesting game...
has been kicked and permanently banned
Jinn joining game
Jinn has joined alpha team.
Jinn has been kicked and permanently banned
xxx.xxx.xxx.xxx:3056 requesting game...
[HAC]Alter joining game
[HAC]Alter has joined bravo team.
[HAC]Alter has been kicked and permanently banned
69.179.160.81:62659 requesting game...
Sniper Man joining game (69.179.160.81:62659)
Sniper Man has joined alpha team.
Sniper Man has left alpha team.[/code]

quote:what to do now? i still want to run soldatserver, but this guy hacked is within a minute.

It's interesting to notice he seems to have a fix ip :)

[IMAGE]? the cheater?

eh is it possible for michal to ban ips from the lobby?

quote:Originally posted by 4kiLL-HunterZ[IMAGE]? the cheater?


Please read what I say more carefully:
quote: Hmph, let's not turn this into a hacker discussion (Deleted unhelpful, off-topic replies :<)

Don't repost stuff I've already deleted.

..Moving on
quote: eh is it possible for michal to ban ips from the lobby?
Yes, but there are still ways he could get the server list.

And guys, Please don't keep posting lol-confirmations or off-topic stuff..this is server corps, not the lounge or the general discussions, keep this pretty thread clean! Don't wanna hafta lock it :<

Yes, [IMAGE] actually realized the severity of this bug and told me about it so that I could pass it on to MM.

Michal, I believe by now you saw my PMs detailing the exploit. Thanks to [IMAGE] for passing the word on.

The sad thing too, is it is easier than FliesLikeABrick has explained.
It is a lot easier than ANYONE can imagine.

It is pretty said.


Fix this, and fix it fast.

Theres a easy fix to this problem if your hosting on linux and have root access. Just block TCP connections on your join port using IP Tables. Heres an example of how mine is setup.

[code]
iptables -N Soldat
iptables -A Soldat --protocol tcp --dport 23073 -j DROP
iptables -I Soldat 1 -s 1.2.3.4 -j ACCEPT
iptables -I INPUT 1 -j Soldat
[/code]

Where 1.2.3.4 is your ip, so you may still connect via remote admin. You may add as many ips as you wish, and to delete just use iptables -D Soldat N, where N is the rule number. For more info read the iptables manual page ("man iptables").

I've done this to my server "! ! Apaxteam 12p CTF ! !" and it hardly ever crashes now. The same idea will also work on Windows, but you will need a firewall.

"Sniper Man" should be banned from the lobby server, hes tried this on my server many times.

Ok, this is one of the main reason Tanks script was invented. Hes doing a very simple method of getting the adminpass that I will not post here. Go grab tanks script (its stickied here) and install. Dont ask me for instructions tho ^^. It will make admins verify their password, and wont show them anything untill they do, simple.

We've had problems with sniper man before with ordinary cheating, but he allways gets flood kicked after like 60 seconds, if he isnt banned immediatly. He has since not been back.