Graal Forums  

Go Back   Graal Forums > PlayerWorlds > PlayerWorlds Main Forum
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply
 
Thread Tools Search this Thread Display Modes
  #1  
Old 08-13-2014, 04:34 PM
Jakov_the_Jakovasaur Jakov_the_Jakovasaur is offline
Deleted by Darlene159
Jakov_the_Jakovasaur's Avatar
Join Date: Sep 2013
Location: Deleted by Darlene159
Posts: 353
Jakov_the_Jakovasaur has much to be proud ofJakov_the_Jakovasaur has much to be proud ofJakov_the_Jakovasaur has much to be proud ofJakov_the_Jakovasaur has much to be proud ofJakov_the_Jakovasaur has much to be proud ofJakov_the_Jakovasaur has much to be proud ofJakov_the_Jakovasaur has much to be proud of
security irc channel

hello!

lately my systems seem to have been catching more unique players using a certain tool to inject weapon code, and usually this will cause them to be disconnected among other potential consequences, but another thing ive noticed is that typically they just log on to another server afterwards where a new set of staff may be oblivious to their intentions

i then realised that through a combination of using both global irc channels and remote control tabbed irc channels, it would be possible to setup a system where servers can report hack warnings to a global irc channel, and then through onReceiveText() any participating individual servers can relay these warnings to a tabbed remote control channel for logged in rc staff to automatically receive

does anything think it would be worth setting up?
it would ofcourse be open to potential abuse, false-positives and potential spam
__________________
This signature has been deleted by Darlene159.
Reply With Quote
  #2  
Old 08-17-2014, 10:21 AM
PhantosP2P PhantosP2P is offline
Pizza Wizard
PhantosP2P's Avatar
Join Date: Aug 2011
Location: California, USA
Posts: 122
PhantosP2P will become famous soon enough
The only thing we ever notice on Valikorlia, a server without any economy or anything to abuse with hacks, is that sometimes RC rings off about a user logging in with a proxy or something along those lines (logged in as 127.0.0.1). Is that related, or of any use to share?
Reply With Quote
  #3  
Old 08-17-2014, 11:16 AM
Jakov_the_Jakovasaur Jakov_the_Jakovasaur is offline
Deleted by Darlene159
Jakov_the_Jakovasaur's Avatar
Join Date: Sep 2013
Location: Deleted by Darlene159
Posts: 353
Jakov_the_Jakovasaur has much to be proud ofJakov_the_Jakovasaur has much to be proud ofJakov_the_Jakovasaur has much to be proud ofJakov_the_Jakovasaur has much to be proud ofJakov_the_Jakovasaur has much to be proud ofJakov_the_Jakovasaur has much to be proud ofJakov_the_Jakovasaur has much to be proud of
127.0.0.1 is a users localhost, which is used as part of the weapon injecting mechanism instead of communicating directly between client and server. though it does not necessarily mean someone is injecting code so would be more suitable as a warning than an alert

i have never noticed that message however despite successfully catching a lot of weapon injects through scripted security, surely that is a detection which has been scripted by someone on val?

other than code injections i also still notice the occasional x/y hacking, memory editing of function names to bypass systems like wall detection, and attempts to use the movie gani exploit even though it doesnt work in v6 having worked in v5
__________________
This signature has been deleted by Darlene159.
Reply With Quote
  #4  
Old 08-17-2014, 07:33 PM
callimuc callimuc is offline
callimuc's Avatar
Join Date: Nov 2010
Location: Germany
Posts: 1,015
callimuc is a splendid one to beholdcallimuc is a splendid one to beholdcallimuc is a splendid one to beholdcallimuc is a splendid one to beholdcallimuc is a splendid one to behold
Quote:
Originally Posted by Jakov_the_Jakovasaur View Post
i have never noticed that message however despite successfully catching a lot of weapon injects through scripted security, surely that is a detection which has been scripted by someone on val?
neither did i ever see it, and we got some hackers and lot's of "hackers" on era iphone. must be a costum script you're using on val
__________________
MEEP!
Reply With Quote
  #5  
Old 08-17-2014, 08:25 PM
scriptless scriptless is offline
Banned
Join Date: Dec 2008
Location: N-Pulse
Posts: 1,412
scriptless is a splendid one to beholdscriptless is a splendid one to beholdscriptless is a splendid one to beholdscriptless is a splendid one to behold
Quote:
Originally Posted by callimuc View Post
neither did i ever see it, and we got some hackers and lot's of "hackers" on era iphone. must be a costum script you're using on val
I have seen it on one other server. Not sure if they share the script or if it's a server option that needs turned on.
Reply With Quote
  #6  
Old 08-17-2014, 09:29 PM
NicoX NicoX is offline
Kingdoms Management
NicoX's Avatar
Join Date: Mar 2004
Location: Frankfurt/Main, Germany
Posts: 1,933
NicoX will become famous soon enough
Send a message via AIM to NicoX Send a message via MSN to NicoX
Quote:
Originally Posted by scriptless View Post
I have seen it on one other server. Not sure if they share the script or if it's a server option that needs turned on.
It is a script Stowen shared with GK. I also added it on Val too.
__________________
Yours Sincerely,

-Nico
(GK Management)

Clash: Nico, I'm going to give you an example of good management.
Clash: One of my staff removed my RC and banned me.
Clash: I didn't ban or remove their RC after I got another one to fix me.
Clash: Do you know why?
Björn: Because you IP banned him ?

Stefan logged on.
(npcserver) has reset the attributes of Stefan
*Stefan: ah my client crashed








Reply With Quote
  #7  
Old 09-06-2014, 06:09 PM
Jakov_the_Jakovasaur Jakov_the_Jakovasaur is offline
Deleted by Darlene159
Jakov_the_Jakovasaur's Avatar
Join Date: Sep 2013
Location: Deleted by Darlene159
Posts: 353
Jakov_the_Jakovasaur has much to be proud ofJakov_the_Jakovasaur has much to be proud ofJakov_the_Jakovasaur has much to be proud ofJakov_the_Jakovasaur has much to be proud ofJakov_the_Jakovasaur has much to be proud ofJakov_the_Jakovasaur has much to be proud ofJakov_the_Jakovasaur has much to be proud of
hello!

i have now discovered the way that you can tell if someone is relaying data through localhost, does anyone know with 100% certainty if there is a good reason or potential false positive which means you shouldnt just disconnect such players automatically?

thank you!
__________________
This signature has been deleted by Darlene159.

Last edited by Jakov_the_Jakovasaur; 09-06-2014 at 06:26 PM..
Reply With Quote
  #8  
Old 09-06-2014, 07:20 PM
fowlplay4 fowlplay4 is offline
team canada
fowlplay4's Avatar
Join Date: Jul 2004
Location: Canada
Posts: 5,200
fowlplay4 has a reputation beyond reputefowlplay4 has a reputation beyond reputefowlplay4 has a reputation beyond reputefowlplay4 has a reputation beyond reputefowlplay4 has a reputation beyond reputefowlplay4 has a reputation beyond reputefowlplay4 has a reputation beyond reputefowlplay4 has a reputation beyond reputefowlplay4 has a reputation beyond reputefowlplay4 has a reputation beyond reputefowlplay4 has a reputation beyond repute
Quote:
Originally Posted by Jakov_the_Jakovasaur View Post
hello!

i have now discovered the way that you can tell if someone is relaying data through localhost, does anyone know with 100% certainty if there is a good reason or potential false positive which means you shouldnt just disconnect such players automatically?

thank you!
pm me your method.
__________________
Quote:
Reply With Quote
  #9  
Old 09-06-2014, 07:23 PM
PhantosP2P PhantosP2P is offline
Pizza Wizard
PhantosP2P's Avatar
Join Date: Aug 2011
Location: California, USA
Posts: 122
PhantosP2P will become famous soon enough
Quote:
Originally Posted by NicoX View Post
It is a script Stowen shared with GK. I also added it on Val too.
Well that explains that.

Jak: I see this easily 2-3 times a day. We never have people come back or try to communicate with us outside of the client, e.g. on forums, to try to rectify the issue so my assumption is that they are up to no good or otherwise do not belong to our usual roster of 40-60 people.
Reply With Quote
  #10  
Old 09-06-2014, 08:13 PM
Jakov_the_Jakovasaur Jakov_the_Jakovasaur is offline
Deleted by Darlene159
Jakov_the_Jakovasaur's Avatar
Join Date: Sep 2013
Location: Deleted by Darlene159
Posts: 353
Jakov_the_Jakovasaur has much to be proud ofJakov_the_Jakovasaur has much to be proud ofJakov_the_Jakovasaur has much to be proud ofJakov_the_Jakovasaur has much to be proud ofJakov_the_Jakovasaur has much to be proud ofJakov_the_Jakovasaur has much to be proud ofJakov_the_Jakovasaur has much to be proud of
Quote:
Originally Posted by PhantosP2P View Post
Well that explains that.

Jak: I see this easily 2-3 times a day. We never have people come back or try to communicate with us outside of the client, e.g. on forums, to try to rectify the issue so my assumption is that they are up to no good or otherwise do not belong to our usual roster of 40-60 people.
i would guess that it is 99% certain that anyone relaying data through their localhost is up to no good, however i do not know with 100% certainty whether this could occur for a perfectly valid reason
__________________
This signature has been deleted by Darlene159.
Reply With Quote
  #11  
Old 09-07-2014, 10:11 AM
xAndrewx xAndrewx is offline
Registered User
xAndrewx's Avatar
Join Date: Sep 2004
Posts: 5,260
xAndrewx has much to be proud ofxAndrewx has much to be proud ofxAndrewx has much to be proud ofxAndrewx has much to be proud ofxAndrewx has much to be proud ofxAndrewx has much to be proud ofxAndrewx has much to be proud of
got a fix on iEra, hit me back if you need it.
__________________
Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT +2. The time now is 12:29 PM.


Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2024, vBulletin Solutions Inc.
Copyright (C) 1998-2019 Toonslab All Rights Reserved.