Server Crash

[Ksyrium]

Hi,

I'm just gonna report epic.larry (fake ? i dunno). He crashed 5 different servers (M#A Massacre, sbG, MaxFrags, and 2 others. He was just writing "Crashing 5 4 3 2 1". And the server + AC app crashed. He did it 7 or 8 times.

Screenshots :

http://img43.imageshack.us/i/clich20100727014700.png/

http://img685.imageshack.us/i/clich20100727014502.png/

http://img38.imageshack.us/i/clich20100727014438.png/

http://img22.imageshack.us/i/servercrash.jpg/

http://img828.imageshack.us/i/servercrash2.jpg/

http://img594.imageshack.us/i/clich20100727003522.png/

http://img718.imageshack.us/i/clich20100727004128.png/


(I had to change my name he was following us :/)

Is there something to do against this kind of hack, or shall we start AC every 5 mins when someone decides to do this ?

[V-Man]

http://forum.cubers.net/thread-1-post-6043.html#pid6043
I'm about ready for 1.1 now.

[Zarjio]

I've e-mailed this person's ISP informing them of the abuse.
If someone who was there at the time could please post the exact time that these attacks occurred at (including the timezone), that would be very helpful.

[Undead]

12am gmt+10, i dont remember too well but its around that time.
he was doing it for a while though

[pwnage{TyD}]

Blacklist 68.32.39.200

[V-Man]

The time I reported to his ISP was 7/26/2010 14:33 Mountain Standard Time (20:33 UTC). This was the time he said "3... 2... 1..." before the crash.

[tempest]

I'm about ready for 1.1 now.

"It's ready when it's ready."
Maybe they should release a fix for 1.0.4?
AFAIK, stef has found at least two buffer overflows that are now fixed in SVN.

[HappyIsNotSad]

What the ISP replyed: "Privacy policy" the first time. after explaining crashing of servers and computer they replyed "The person(s) responsible for accused action contempt no failure in TOS, nor has show activity at responsible time. If you have concerns about the accused action please call our redirection hotline: number"

unfortunately their is nothing their ISP can do. if you take a look at the server log (i have my own to proceed with debug information on packets) the moron did not send beyond 5000 (MAXTRANSfer client.cpp). i don't know if this is the same person ("guilde_IS_FAIL", where clan is replaced with some guilde), but this was not DDOS (i think).

(editorial: check the server log. my server was up 24 hour yesterday but instead everytime the person came in the clients crashed not my server)

remember the fret0 (spelling?)? I believe this is just a modified client like all the other hacking go around.
since this is an modified client just blacklist the IP. in fact this person is already blacklisted:

68.32.39.200 // [2010-03-26] RKR - Weapon hack

if you want your server to be safe (is this person still online?), find out how the client is creating the crash. i'm assuming he is messing around with the weapon vector target (notice the server crash when he shoot weapon?), or just BLACKLIST the person.

(sorry for english, this pass through translator)

[Larry]

I am the original epic.Larry. I saw the guy crashing servers and he accused me of crashing them. I assume he then impersonated me.

Either way, a few servers have name-banned "epic.Larry". Since you can IP-ban the real perpetrator, and name banning is pathetically useless anyway, I'd request that people unban me.

In the future I'd suggest not name-banning impersonators. Somewhat defeats the point don't you think?

[Jason]

Indeed, was a rather silly idea to name ban someone blatantly insulting, trolling, and impersonating other people.

[Luc@s]

I am the original epic.Larry. I saw the guy crashing servers and he accused me of crashing them. I assume he then impersonated me.

Either way, a few servers have name-banned "epic.Larry". Since you can IP-ban the real perpetrator, and name banning is pathetically useless anyway, I'd request that people unban me.

In the future I'd suggest not name-banning impersonators. Somewhat defeats the point don't you think?

welcome to assault cube.

[Larry]

welcome to assault cube.

Thanks! :)

[NightHawkd]

there was also another person named RadarOne (i wasnt able to get any info on him) but he kept crashing my servers (~TgS~ NE1 and ~TgS~ NE2). I wasnt able to get any info on him because every time i claimed admin he would crash the servers.

[Apollo{TyD}]

there was also another person named RadarOne (i wasnt able to get any info on him) but he kept crashing my servers (~TgS~ NE1 and ~TgS~ NE2). I wasnt able to get any info on him because every time i claimed admin he would crash the servers.

The minimum requirement of a good administration is to log all activities on a server. With logging you should be able to get the IP of this guy.

[HappyIsNotSad]

i have found this video on youtube: http://www.youtube.com/watch?v=UKMyuVf62R8

the video description has this message:

"Recently found this exploit by accident. Harm not intended.

(To AssaultCube devs: I can assure you, this was a one night stand. I am no longer playing the game, and sincerely apologize if I have caused an abnormal amount of trouble with your game. I understand running an open-source game will bring hell, so if you need help with securing the project feel free to contact me.)
~ RoyceRK"

i don't know how much we can trust this guy.

[V-Man]

"Harm not intended" = "I hope that when I am getting my jollies by crashing your computer, it doesn't cause too much damage by making you have to force a hard reset. Like, hopefully you didn't have any important computer files open at the time, and hopefully the cops don't pay any attention to the fact that I knew what this does and did it on purpose anyway. And hopefully my ISP has enough bureaucratic red tape that all your complaints become so many dead flies so that I get away with this blatant cyber-crime."

[HappyIsNotSad]

if the victims of this person would archive server logs, reported incidents, and other related information, I believe i can come with contact with the ISP to prevent the trouble of multiple emails into one email.

"I am no longer playing the game, "

i dont know about this statement. Blacklisting him and me sending the collective information to his ISP will straighten his mindset out. I havent seen any report today about server crash so i assume he well of could be gone.

"One night stand"

what does this mean? O.o

[V-Man]

it's not pretty... http://www.urbandictionary.com/define.ph...ht%20stand

I don't have any real information or evidence aside from my own memory, since my client log failed to write as a result of the crash. I believe there's a demo... But of course, the data is in the demo, and watching it will cause your computer to crash just the same as if it were live.

[Huntsman]

If you looked he had 9 other videos of hacking and stuff

[Kirin]

RoyceRK is the one who created *** Hack, hope he gets his ass ruled, he gived so much trouble to this game...

[Larry]

Those hacks looked so obvious that they are essentially invites for the user of them to be banned. Hacks as obvious as that are only used to troll, not to cheat competitively.

[NightHawkd]

there was also another person named RadarOne (i wasnt able to get any info on him) but he kept crashing my servers (~TgS~ NE1 and ~TgS~ NE2). I wasnt able to get any info on him because every time i claimed admin he would crash the servers.

I would if i had the sever info on my computer but my 2 clan servers were donated to my clan. So I am not able to access the server info unless he allows m to have access to his comuter.
But in the video HappyIsNotSad put up shows atlease one of my servers being crashed(~TgS~ NE2 i think it was)

[Joe Smith]

i think its about time to ban |BOPE| from all servers they hack, spam, and now crash servers.

[JGAN]

yea haha nighthawkd he showed your server going down XD .

hmmm, is he pinging the servers like crazy? this used to be an old school hack, and EXTREMELY effective. And it will cause your whole server system to crash. he/she may not be exceeding 5000 packets, but if enough are sent suddenly, the server may seize up. or he/she could be exceeding 5000, just your server goes down before it can be logged. blacklisting may not be effective if this is the case because all they would need is an ip address... this is all just a hypothesis so dont shut me down on this :P

sos! save our servers!

[NightHawkd]

ya it just froze AC and i had to close it and reopen and then it was fine until he did it again.
and i beat this wasnt a one time deal! he is probally gonna do it again but we wont know when or where or his name.

[JGAN]

ahhhh your ne1 server is lagging again! :P no offense, but since you guys took over, your servers have kinda sucked... just saying... [EDIT] and now i was just banned from ne1 for no known reason? i was just playing! :P [/EDIT]

if you can get grandpa to let you get access to all logs and data, you might get some info. i know mac servers will record the log into a txt file. maybe you can just have grandpa send you the file via email or something. or you can just blacklist him with the ip pwnage{TyD} provided.

[NightHawkd]

grandpa isnt running NE2 atm Armed is and soon armed is moving both to a custom computer and i will be able to access it.
And who banned you? I will deal with them cuz im a founding member XD

[JGAN]

this is getting off topic, but i think they were banning for fun, lj cuz he called a vote to ban himself, then to ban me... oh well no hard feeling takin. btw, i played klezmer today in a fun clan match. we had a tgs & private vs FsC . it was a great game, but we were trying to get lj to join :P oh well. check your forums; we are planning to have an official one tomorrow or friday.

back to topic, while playing the clan match, we had somebody named epic`Larry join it, ip address 87.194.x.x . it was on my server, so i was admin and quickly kicked him because i wasent so sure. if i am wrong, i am sorry to the real epic Larry. i was just cautious :S . anyway, i have a log of everything before i kicked him, but he didnt do anything bad... so the log probably will not help but i will include it anyway. the part of where he joined is posted:

Aug 04 14:26:57 [87.194.x.x] client connected
Aug 04 14:26:57 [87.194.x.x] epic`Larry logged in (default)
Aug 04 14:26:57 [87.194.x.x] runs AC 1041 (defs: 41)
Aug 04 14:26:58 [x.x.x.x] ~TgS~*Klezmer!* says: 'hehe'
Aug 04 14:26:59
Aug 04 14:26:59 Game status: team one shot, one kill on ac_desert, 1 minutes remaining, open
Aug 04 14:26:59 cn name team frag death tk ping role host
Aug 04 14:26:59 0 {FsC}fragBike CLA 36 31 1 11 admin x.x.x.x
Aug 04 14:26:59 1 ~TgS~*Klezmer!* RVSF 36 27 0 185 normal x.x.x.x
Aug 04 14:26:59 2 epic`Larry CLA 0 0 0 116 normal x.x.x.x
Aug 04 14:26:59 3 Face|^_^ RVSF 50 28 1 158 normal x.x.x.x
Aug 04 14:26:59 5 {FsC}#RedTears# CLA 20 35 0 162 normal x.x.x.x
Aug 04 14:26:59 Team CLA: 3 players, 56 frags
Aug 04 14:26:59 Team RVSF: 2 players, 86 frags
Aug 04 14:26:59
Aug 04 14:26:59 Status at 04-08-2010 14:26:59: 5 remote clients, 3.2 send, 1.1 rec (K/sec)
Aug 04 14:27:07 [x.x.x.x] {FsC}#RedTears# fragged Face|^_^
Aug 04 14:27:07 [x.x.x.x] client {FsC}fragBike called a vote: kick player epic`Larry
Aug 04 14:27:07 [87.194.x.x] disconnecting client epic`Larry (kicked by server operator) cn 2, 10 seconds played, score saved

Mod edit: IPs removed/edited

[DrauL]

Remove the IP's of inncocent players.

[jamz]

...we had somebody named epic`Larry join it, ip address 87.194.x.x...

This is the real epic`Larry (UK based IP). Not the guy who just used his name to trick feeble-minded server admins into kicking/banning innocent players.