PDA

View Full Version : Hacking Outbreak


Equinox
07-11-2012, 08:14 PM
On a server I'm developing for there has been a recent hack outbreak in the last 2 days. Apparently hackers are "injecting" themselves with staff boots and other items. It's all client based so its impossible to deal with them besides a ban. The program they use is called "Graal Relay".

This is probably in the wrong place, forgive me.

ffcmike
07-11-2012, 08:28 PM
A lot of the time this occurs (aka some newbie who doesn't know what they're doing), they are using the default command which is quite easy to detect, and can also be used to show you what weapons they are trying to inject, which can in turn be checked for by script (such as when the player.weapons array is altered) incase they or someone else has switched to a different command.

Starfire2001
07-11-2012, 08:35 PM
Might be able to help you out here, send a you a forum pm.

Fatel
07-11-2012, 09:29 PM
try this.

//#CLIENTSIDE
function onPlayerChats() {
if (player.chat == "/iw System_Staffboots") {
serverwarp(servername);
}
}

ffcmike
07-11-2012, 09:39 PM
try this.

//#CLIENTSIDE
function onPlayerChats() {
if (player.chat == "/iw System_Staffboots") {
serverwarp(servername);
}
}

The reason why myself or Starfire_2001 haven't been specific is that if potential culprits see it publicly they'll know to alter the command rather than keep using the default one.

Regardless this solution would only detect that specific weapon name which can also be avoided easily, it's better to check player.chat.starts("/iw") (and preferably within the ChatBar.onAction event).

It's also a good idea to trigger the name of what they're trying to inject to serverside and log it, any common occurrences (such as the one you mentioned, and actually got caught trying on Classic using a guest account) can then be checked for existing.

Fatel
07-11-2012, 09:55 PM
i was about to edit my post to fix my error then just decided to let someone else do it

Fatel
07-14-2012, 04:34 AM
//#CLIENTSIDE
function onPlayerChats() {
if(player.chat.starts("/iw")) {
serverwarp(servername);
}
}

Emera
07-14-2012, 12:09 PM
I believe Nalin coded the relay system, and it was used so he could get onto an iPhone server via the PC client. It's also used so iPhone systems can get onto PC servers (like yours). You can get around it by detecting their OS and kicking them off.

ff7chocoboknight
07-17-2012, 07:31 PM
No, the program was created as a debug tool. Someone passed it around as a hacking tool.

CrypticMyst
07-19-2012, 01:09 PM
No, the program was created as a debug tool. Someone passed it around as a hacking tool.

This statement is true.

Pandar
07-19-2012, 02:11 PM
On a server I'm developing for there has been a recent hack outbreak in the last 2 days. Apparently hackers are "injecting" themselves with staff boots and other items. It's all client based so its impossible to deal with them besides a ban. The program they use is called "Graal Relay".

This is probably in the wrong place, forgive me.

You should really have a staff list somewhere on your server, whether it's in a Database NPC or whatever. That way you could have some easy preventive measures for any staff npcs. Just have your Boots run a check every time you turn them on, that refers to this staff list; if they're not on it, don't let it work, or even serverwarp their asses like the people above suggested.

Hezzy002
07-19-2012, 02:33 PM
You should really have a staff list somewhere on your server, whether it's in a Database NPC or whatever. That way you could have some easy preventive measures for any staff npcs. Just have your Boots run a check every time you turn them on, that refers to this staff list; if they're not on it, don't let it work, or even serverwarp their asses like the people above suggested.

That's not how it works. It injects clientside bytecode, doesn't add the NPCs on the server to them.

Pandar
07-19-2012, 02:38 PM
That's not how it works. It injects clientside bytecode, doesn't add the NPCs on the server to them.

Ohh, I see.

Clever girl.

Hezzy002
07-19-2012, 02:53 PM
Ohh, I see.

Clever girl.

well the other way is impossible unless someone finds an exploit l0l

ff7chocoboknight
07-19-2012, 08:15 PM
Nalin told Stefan how to block the Relay, but Stefan ignored him.

Tashkin
07-19-2012, 09:20 PM
Create a speed check for the server. When players are going faster then the stated speed kick them to the login server. Add an ignore for the staff members. Just a thought... not sure if you can do that.

DustyPorViva
07-19-2012, 09:32 PM
Create a speed check for the server. When players are going faster then the stated speed kick them to the login server. Add an ignore for the staff members. Just a thought... not sure if you can do that.

That is but a bandaid fix to a much large problem.

Tashkin
07-19-2012, 09:37 PM
That is but a bandaid fix to a much large problem.

This is true but... until Stefan does something to fix the issue you might as well use the bandaid.

DustyPorViva
07-19-2012, 09:45 PM
This is true but... until Stefan does something to fix the issue you might as well use the bandaid.

This problem has been here for a long time. I remember scripting a little notifier for Streety when he was still managing UN.

Also speed checks are in use on many servers, but it can be somewhat unreliable at times, and downright useless if you have absolutely any method of traveling faster(like a car or horse).

Tashkin
07-20-2012, 11:06 AM
Also speed checks are in use on many servers, but it can be somewhat unreliable at times, and downright useless if you have absolutely any method of traveling faster(like a car or horse).

Valid point... regardless there should be some type of security feature added to the servers/clients what ever needs to be done. I see multiple bans daily simply due to these people using these third party programs. It gets a bit tedious after so long.

PrinceDark
07-28-2012, 03:33 PM
Wow. Yeah I would server warp them or like we did back in the days on N-Pulse there was a level we would warp them to filled with a bunch of bad scripts that crashed them.