OldUnreal (Engine)

Leader Dante hacked my server just today...so anyone who sees him should bann him...

but anywayz...is there a later nepthys than 1.1 or no? if not that whoever made it needs to update it cause apparently its not hack proof like it should be...i dunno what Dante used exactly to hack me...but he figured out away...

i banned him but he said he could get around the bann...i doubt this but u never know...so be careful...

just lettin' u guyz know incase hes hacked you or anyone else

Yes there is its up to ver 1.4a now
http://zzora.altervista.org/Nephthys.html

On another note Ive been admining now for nearly 9 years.
we first srtarted off that we didnt have any of the protections available today and we always got by.

You always have the good old firewall, log his IP and then use a util to find out who his ISP is, then you can find out what range the ISP has available to all its users.. You can block the entire range and he will never bother you again.

OR you can use the preffered method of having a good admin that Likes to torture trouble makers. it was always my preference and gave me some amusement to boot.

With the dos attacks nepthys should help you with that. So basically you can tell him to go suck eggs.

Really the so called unreal hackers are pathetic and lead a dismal life trying to spoil things. All you need to do is be determined and stuborn and dont forget its only a game.

Cheers

You haven't even written what -EXACTLY- he did and what happened, so how do you know he hacked Nephthys at all? Maybe he just guessed your admin password?

I doubt this is a hack due to nepthys, but as nepthys offers security its to blame for things that can go wrong

Most likely its due to some of the little tricks floating around atm.

Really I guess we need a topic area that is a sticky (smiftsch) for known vunerabilities, and perhaps suggested fixes.

Some of these bugs are probablly easilly be squashed. Perhaps addressed further in the non beta ver.

The bots hack for example probablly only needs a few rules added. (travel rules) I havent put a lot of thought into it myself as yet, but Im sure somebody has a solution already if not, I have a few ideas, but would help to know what were dealing with rather to try and blind fix.

Once the beta is out, most likely there will be a lot more people willing to add there little bits to help.

Really the so called unreal hackers are pathetic and lead a dismal life trying to spoil things.

No arguement there. IMO you shouldn't even post these things publicly as the lamers crave this kind of attention. The people who work on the security stuff know what's going on and while warning people is a nice gesture it merely serves to draw attention to the script kiddies.

This is nothing new...why do you think it needs updates constantly?

omg 1.4a lol...wow im behind aint i?

all he did was keep making the level restart over and over and somehow he managed to get every kicked from my server...but he didn't guess my admin password...i would have seen the log in notification...besides its something really long and weird that no one would even suspect of me saying...and he told me flat out that he was hacking me....he's in Klingon u know.

and yes agreed Asgard...Unreal's community is to small to have ppl getting hacked, pissed off, and leaving Unreal...its just not needed. as far as im concerned there are problably less than 100 players total still playing Unreal online...but im just guessing from what i see on the player count for all servers...its usually under 70

and i don't mean to start a lamer post...i was just concerned...thats all...i thought nepthys was supposed to protect u against DOS and RJA attacks and such....but i guess i just need to update...like i said, i dunno what he did to hack me...but he figured out something

I run radar hacks for unreal but noone seems to care exept hyper  :-X

(not him personally... just his server's security)


I honestly think if your playing coop, security is only needed to protect the system running the server.  If the system can be harmed through "hacking" then it is important.  If people are just going around and kicking people, its not that big of deal.  Sometimes you just gotta put up with those "Klingon" and just accept it!



In fact, I would be one to vote that Smirftch turn off that extra security for *ONLY* coop by default.  It makes sense.. after all, your just playing against AI.  Believe me, AI don't care if you cheat.

It does protect you against DOS etc attacks. That wasn't a DOS attack or anything like it. It's a bug (stupid feature?) in the replication definitions. Level switches are caused (in DM gametypes, not in coop) by pressing the fire button after the game ends. So they just replicated that function... making it so if you just call the function the map switches. Coop doesn't use a map list so the level just resets. If the level resets while people are joining they get kicked. It's fixed in most gametypes, which begs the question...
Aren't you using JCoopx? if not, WHY?

I run radar hacks for unreal but noone seems to care exept hyper  :-X

(not him personally... just his server's security)


I honestly think if your playing coop, security is only needed to protect the system running the server.  If the system can be harmed through "hacking" then it is important.  If people are just going around and kicking people, its not that big of deal.  Sometimes you just gotta put up with those "Klingon" and just accept it!



In fact, I would be one to vote that Smirftch turn off that extra security for *ONLY* coop by default.  It makes sense.. after all, your just playing against AI.  Believe me, AI don't care if you cheat.

Hmm, you say kicking people isn't that big of deal. Believe me when I tell you, I don't have to put up with those "Klingon" people nor do I just have to accept it. A cheat is a cheat is a cheat is a cheat!!!! Personally I play for fun and any hack certainly takes away from that fun. Going to someone's server is like visiting their house and I certainly wouldn't want that in my house. I also would bet Hyper would agree. (not his server) Why else would his server have protection. Words like yours are enough to make me walk away from Unreal altogether.  :(

About 2 years ago, Dante did hack the CW server which is run from TNN. I honestly admid he did something which i always believed till that day was totally impossible.


He logged into the server (forgot what exactly he did in the server, but if correct he simply stated he was hacking the server) BringIt did gave him an inmediate ban and booted him from the server. He came in again directly after the ban. The server tried to boot him again, since he was in the banlist. But incredible enough he was able to swich IP while he was in the server. Which is something i never ever thought possible. But still he did get it done somehow.

The server definatelly got "confused" about what happened but failled to ban him because he was switching IP that fast. The server simply reacted to slow, which ment it tried to ban an IP that wasnt present anymore. Ping did start to topple in the tenthousends untill the server went down.


Needs to be said, the guy does know his stuff alright, sad but true...........

And again, i was thrown off my feet seeing he was able to switch IP within the server. It did happen while i was at work, and BringIt told me what had happened, and my reply was, thats impossible, but she did sent me the screenshots. (Still must have them somewhere) And sure enough it showed player 40-60 having different IPs, while BringIt and Thrasher stated that only 3 people were in the server including themselves. And the one other player(Dante) only left the server once after the innitial first ban. After that he never left the server till it chrashed, but he did switch IP never the less.


In that respect, a ban for an IP wouldnt work either, if someone is capable of pulling off such a stunt. It still baffles me that such a thing is possible, and a little admiration at the same time, mixed feeling at best lol.


Btw, i know Dante and Packleader arnt too much into getting attention, i know someone that does know both those guys, and to be honest, they simply are mad at the world, and dislike anyone. I know for a fact they actually hate my guts because i make textures for Unreal. Its more they are complete freaks, than anything else, attention has nothing to do with it.
.
.
.

I did dig up the info



The innitial mail:

Diehard
I will explain this more later, but one guy came in the server,with 2 names, and 2 ips, and then started to crash the server, he was
LoggedIPs[455]=,Player23,80.126.166.236,??????????
LoggedIPs[456]=,Player25,66.90.211.48,??????????
LoggedIPs[457]=,Player26,66.90.211.48,??????????
LoggedIPs[458]=,Player27,66.90.211.48,??????????
LoggedIPs[459]=,Player28,66.90.211.48,??????????
LoggedIPs[460]=,Player29,66.90.211.48,??????????
LoggedIPs[461]=,Player30,66.90.211.48,??????????
LoggedIPs[462]=,Player31,66.90.211.48,??????????
LoggedIPs[463]=,Player32,66.90.211.48,??????????
LoggedIPs[464]=,Player33,66.90.211.48,??????????
LoggedIPs[465]=,Player34,66.90.211.48,??????????
LoggedIPs[466]=,Player35,66.90.211.48,??????????
LoggedIPs[467]=,Player36,66.90.211.48,??????????
LoggedIPs[468]=,Player37,66.90.211.48,???????

He was coming under two names, and then switching his ip, and coming in really fast under player names, I mean the names were switching in a matter of one second time frames, and then the server would crash, then he would come in again under a name Cleitc gunCW.. and also the name test, and then Do it again, the kickban would ban both ips.

Screenshots:

http://www.celticwarriors.net/Media/Pictures/01Hack03_08_2005.jpg
http://www.celticwarriors.net/Media/Pictures/02Hack03_08_2005.jpg
http://www.celticwarriors.net/Media/Pictures/03Hack03_08_2005.jpg
http://www.celticwarriors.net/Media/Pictures/04Hack03_08_2005.jpg
http://www.celticwarriors.net/Media/Pictures/05Hack03_08_2005.jpg
http://www.celticwarriors.net/Media/Pictures/06Hack03_08_2005.jpg


From the mail later on, its clear Nepthys was installed after that incident, Daniel did press official charges, but i have no idea what happend with that. The other thing i forgot was he even added a smiley to the IP adress. And clearify the quote, we did found out later on it had been Dante that did hack the server, and additionally, he did switch IP within the server and even pulled out smileys in the IP adres.
.
.
.

Lol...well I don't about you guys but I personally think Dante is an awesome unreal player and Packleader is pretty good too (never really had any problems)...and Klingon rocks...but then again this is coming from a Klingon clan member. Well, I just have to say that anything is possible over the internet...if NASA can have their website defaced then a game server can be crashed regardless of protection.

Words like yours are enough to make me walk away from Unreal altogether.  

Pitbull, you are personally attacking me for no reason whatsoever.  You have totally missed the fact that I do support the highest security support for gametypes including Deathmatch, Team Deathmatch, Capture the Flag, Infiltration, Serpentine, and even Darkmatch.  I am SPECIFIALLY talking about Co-op game servers (Which is what shivaxi is running).  In these servers, we dont compete against other players but against AI and/or Bots.  You must understand that many of us are scripters and are very capable of using the language Tim Sweeny provided to our utmost advantage.  You should be thanking most of us for pointing out these security breaches that have helped shape the security features today.

Please read my post more carefully, I do respect fairplay in the highest respect when It comes to competition.


And believe me, when I enter any deathmatch server, my radars are replaced with the default unreal HUD. I do not have this "cheat" feature during competition

In fact, I would be one to vote that Smirftch turn off that extra security for *ONLY* coop by default. It makes sense.. after all, your just playing against AI. Believe me, AI don't care if you cheat.

Cheating against AI isn't always why some run an anti-cheat for coop. Any form of cheating that gives an unfair competitive advantage (whatever that can be) to one player over others could be unwanted.

It does protect you against DOS etc attacks. That wasn't a DOS attack or anything like it. It's a bug (stupid feature?) in the replication definitions. Level switches are caused (in DM gametypes, not in coop) by pressing the fire button after the game ends. So they just replicated that function... making it so if you just call the function the map switches. Coop doesn't use a map list so the level just resets.

It can still be classified as a form of DoS. Uscript code was exploited by a player in the server to keep the server tied up on resets that denied players from service. Of course the main point to be made here in Shivaxi's thread is it's a vulnerability in flawed uscript code, and Nephthys is designed to handle types of connection requests. A fix of this for 224-226 is the responsibility of a gametype mod.

You should be thanking most of us for pointing out these security breaches that have helped shape the security features today.

Many deserve no thanks. Most vulnerabilities seem to be revealed as exploits delivered by method of malicious action.

DieHard:
Any mod that retreives an IP using a sockets parsing method (like EDM, KickBan and others) cannot always give results reliably. This is especially true in circumstances when the server is under load. That means a potential for false-positives or incorrect retrieval of IP information to reject banned players. To me the smiley face seems to me like an error in the sockets parser when the server was under heavy load from the connection DoS. The "Test" name is a sign that the once-popular U1 DoS tool was used. With Nephthys installed there is a better source to go by because it does not have the weaknesses of socket parsing IP loggers.

It's also against networking logic to say that a player changed IP addresses DURING gameplay (in server). There must be end-to-end communication for a player to successfully join a server and play. Somehow changing an IP during gameplay would instantly break end-to-end communication, and the player would timeout (leave). There is a such thing as IP spoofing, but it's always a one-way transmission making handshaked connections impossible. Any spoofing attacker could only make initial connection requests, and nothing more.


-Zombie

Cheating against AI isn't always why some run an anti-cheat for coop. Any form of cheating that gives an unfair competitive advantage (whatever that can be) to one player over others could be unwanted.

Co-op is meant for playing against AI, not other players. I feel that as a user, I am entitled in coop game to play against the AI in any shape or form regardless of the advantages over the other players in the server. If you want to play with an automatic rifle that does 9999 damage each shot, then so be it. If other players in the server don't like you playing your own way online, then they should go find another server. Simple as that.

Pitbull, you are personally attacking me for no reason whatsoever.  You have totally missed the fact that I do support the highest security support for gametypes including Deathmatch, Team Deathmatch, Capture the Flag, Infiltration, Serpentine, and even Darkmatch.  I am SPECIFIALLY talking about Co-op game servers (Which is what shivaxi is running).  In these servers, we dont compete against other players but against AI and/or Bots.  You must understand that many of us are scripters and are very capable of using the language Tim Sweeny provided to our utmost advantage.  You should be thanking most of us for pointing out these security breaches that have helped shape the security features today.

Please read my post more carefully, I do respect fairplay in the highest respect when It comes to competition.


And believe me, when I enter any deathmatch server, my radars are replaced with the default unreal HUD.  I do not have this "cheat" feature during competition

If you feel I attacked you personally so be it but I merely stated the obvious. A cheat is a cheat. If people didn't write radars and hacks people like Zora and Zombie could put their time to creating other things instead of utilizing their time to write protections. As far as thanking people, believe me I have already thanked the needed parties many times. The people who use their talent to make this game better and not to exploit it. Me personnally, I feel this. If you use any form of enhancement while playing on public servers, your cheating, period. I don't care if it's COOP, DM or whatever.

I haven't received any notices from Zora about weaknesses being exploited with it. Nor I see any notices, warnings or upgrade advices at her website. I see you run an older version of npt (v1.1) so you may want to upgrade to 1.3 which is the latest official release. If you want to test you may want to try the current non-final build of npt 1.4.

It does protect you against DOS etc attacks. That wasn't a DOS attack or anything like it. It's a bug (stupid feature?) in the replication definitions. Level switches are caused (in DM gametypes, not in coop) by pressing the fire button after the game ends. So they just replicated that function... making it so if you just call the function the map switches. Coop doesn't use a map list so the level just resets.

It can still be classified as a form of DoS. Uscript code was exploited by a player in the server to keep the server tied up on resets that denied players from service. Of course the main point to be made here in Shivaxi's thread is it's a vulnerability in flawed uscript code, and Nephthys is designed to handle types of connection requests. A fix of this for 224-226 is the responsibility of a gametype mod.

My point was that neph didn't block it because it isn't supposed to block it. It's the wrong kind of attack. I've seen a few people get the idea that because they have nephthys installed it will protect them from everything, which is obviously a stupid (and potentially dangerous) belief to hold.

Cheating against AI isn't always why some run an anti-cheat for coop. Any form of cheating that gives an unfair competitive advantage (whatever that can be) to one player over others could be unwanted.  

Co-op is meant for playing against AI, not other players.  I feel that as a user, I am entitled in coop game to play against the AI in any shape or form regardless of the advantages over the other players in the server.  If you want to play with an automatic rifle that does 9999 damage each shot, then so be it.  If other players in the server don't like you playing your own way online, then they should go find another server.  Simple as that.

The admin is in charge of the server. If the admin doesn't want you using a radar in his server (and even if this is not explicitly said, the presence of a cheat detector should make it obvious that he does not), then don't use a radar in his server. If it's your own server, do whatever the hell you want. Otherwise, do what the admin says, and don't try to hide something like a radar or wallhack from him either. Most people don't like individuals players cheating, even in coop where admin-based cheating is the norm. Also, keep in mind that it's much harder to crash a server without having some modified or additional package. What dante did could not have been done without having a console hack or similar. Admins have every right to prevent unknown packages.

Klingon is cool

Hello all,
Don't post here very often but I just had to comment on Pit's comment.
I agree with you 100% man.The cheats,hacks,scripts,exploits have ruined the game.You never know you're getting a fair game unless it's with a group of people you know personally.
My game is uninstalled until 227 becomes a reality,then I'll reinstall to see all the hard work that was put into it.Unfortuneatly it will just be a matter of time until it's hacked to peices(Sorry Smirftsch) as usual.
Personally(I believe and have seen)my thoughts are that anyone who uses any kind of script,hack,cheat,will continue doing it regardless of the "I don't do that anymore garbage they spew".
As for Klingon,they are the scum of the earth.They have never done anything except attack servers in every way,shape or form they could.
Been around since 99,it was a good run but for now the cd is put away.
I have to say Unreal was definetly my gateway into the realm of the internet and computers.Many good friends and times.Still looking for that FPS that feels as good as Unreal but to this day no luck.
It's okay though,we still have golf.
Hiya Wolf!
Minus out.

Co-op and DM are 2 completely different things.  I think these co-op server trying to protect themself's from simple addons that cannot possibly harm the server in any way are a complete waste...  Why try to limit ones imagniation?  If someone wants an console addon that makes the canvas have 100 gadgets, they should be entitled to do that regardless in a coop game.


I can understand the admin that would like to prevent kicking in some form of a "cheat". This is absolutly fine. But to add unessesary protection like what I see in Hyper.NL servers is a waste. Your playing against scripts, not people.

then, when one player asks another in coopgame "How on earth did you know where that skaarj was hiding?" or "How can you chat in those cool colors?" hopefully the other person will respond and let the other know a possibility of adding to your armory with cool little tools and gadgets (which SHOULD be protected from in a DM game)

As for Klingon,they are the scum of the earth.They have never done anything except attack servers in every way,shape or form they could.

Ok, you obviously don't know and have never talked to any of the clan members.  You can get along with anyone in Klingon and have a great time hanging around with them in the game if you just give it a chance.  I'm in Klingon, most people like me in the game...I admit I have my enemies and most of them are idiots, like Anarchy, Leo(T.C.K.)...or Jackson, etc.

I think these co-op server trying to protect themself's from simple addons that cannot possibly harm the server in any way are a complete waste...

Also, keep in mind that it's much harder to crash a server without having some modified or additional package. What dante did could not have been done without having a console hack or similar. Admins have every right to prevent unknown packages.

Might I suggust reading the posts people make? They are NOT harmless. You can claim it isn't capable of doing anything bad all you want, you can't prove it. Also, sending text in other colors annoys a lot of people.

As for Klingon,they are the scum of the earth.They have never done anything except attack servers in every way,shape or form they could.

Ok, you obviously don't know and have never talked to any of the clan members.  You can get along with anyone in Klingon and have a great time hanging around with them in the game if you just give it a chance.  I'm in Klingon, most people like me in the game...I admit I have my enemies and most of them are idiots, like Anarchy, Leo(T.C.K.)...or Jackson, etc.

No, trust me on this, they're total bitches. I've had a good number of run-ins with Packleader. He's the one who got me to create my admin mag. I made it for the sole purpose of getting rid of him if he dared to go into my server again. It works perfectly at kicking him and keeping him kicked (yes, admin abuse, terrible, etc, when talking about him and people like him I do not want to hear it). He's done his best to crash my server several times. Why? Cause he hates me, cause I was friends with KOOPA888 back when I played coop. I think that's the only reason. Every single time he has come into my server he has tried to fuck it up. Without me even provoking him. He tried doing a suicide spam in my Hide and Seek server after realizing that all it does is lower your score (which led to me making it auto-kick people). Not just in my server either. I once saw him in the oldunreal serpentine server suicide spamming it. I once saw him in a few INF StandOff servers, teamkilling and suiciding (although you can't suicide spam, because you only have 1 life per round).  Why does he do this? Fuck if I know. I don't even care anymore. If I see him (not that I even host a server anymore. Or play much), I get rid of him as quickly as possible.