Hackers, crackers what ever you want to call this children :)

[Applesauce]

Over the past 3 months or so, Since i started Mu4Kings, There has been a group of Polish Kids, not sure what else to call them. Causing havoc on both my server and my personal network. It started with a DDoS and moved onto more serious things. I was resorting to paying then to 'stop'. Some say this is stupid, yes it is.

After Moving to 2 different Dedicated machines i finally found one that had DDos protection. Then they started hacking (call it what you want) and creating items in my server and selling them to people on the server. They changed my donation email in MuCore to @mu4king.net after registering this domain. Stealing over 200$. After improving security on the server with the help of my team, the server itself is safe(for now). They then resorted to brute force attacks, Hacking a GM account(yes it was my GMs fault for not having a difficult password.) Non the less i will get to my point.

I want to start this Thread to help everyone against people like this.

I , myself am not very technically minded but i can give you some pointers.

If your being DDosed and consider your server a worthy investment or don't mind paying some money. Move your Dedicated machine to OVH.

You must be registered to see links

They have very nice DDoS protection and cheapest dedicated machines Ive seen for what they offer.

From personal experience NEVER trust what they tell you, Don't even speak to them and certainly don't pay them a cent.

They Generally target new servers.

Hope this helps someone one day :S
If anyone else has some pointers to add please do.

Thanks
Apple :3

 

[[GM]Terrorian]

sadly some people cant keep their nice servers up..and most sadly is cause they attack only good servers...the crap servers still running.

im really curious if is possible to be fully protected by these worms of society.

 

[Ooo Yee]

i had the same problem too, some polish kid ddosed my servers. it messed up my servers for about 5 days. but after anti ddos routers was upgraded, all was fixed. from one side it was bad, from other, now i have realy good anti ddos protection and web security

 

[[RCZ]ShadowKing]

Host your servers in a datacenter which uses HARDWARE firewals and not crappy softwares. Noobs that uses public softwares to dos/ddos will be blocked before they reach your machine.

 

[Applesauce]

There is SWEET FA you can do about ddos unless you have a hardware solution inplace to stop it. Software does nothing. It may help with http attacks but any moderately intelligent attacker will know MANY dos methods.

It is very sad that they attack so many good servers. Really S**ts me to tears. Anyway hope we can get a nice discussion regarding protection against this scum going to help future and ongoing servers spit in their faces.

Apple

 

[xDarKyx]

Host your servers in a datacenter which uses HARDWARE firewals and not crappy softwares. Noobs that uses public softwares to dos/ddos will be blocked before they reach your machine.

It is up to the company.
One of my experiences was that when i got DDoSd,my server could take it easily ,and it didn't even lag a bit.
But my connection provider decided to kick me out of the internet for about 4 Hours for the reason that I've been using alot of bandwidth even tough the packet I had bought from them was 'Unlimited bandwidth'.

 

[[GM]Terrorian]

So it seems DDOS attack is the major problem of the private servers..

I dont have enough founds to host a server on a datacenter but i have a dedicated in my home..
Also i dont have static Ip..i have dinamic one...every reconnection on internet change my IP..it help me a bit this dinamic IP? i have seen anti ddos firewalls on internet..they are not good?

 

[xDarKyx]

So it seems DDOS attack is the major problem of the private servers..

I dont have enough founds to host a server on a datacenter but i have a dedicated in my home..
Also i dont have static Ip..i have dinamic one...every reconnection on internet change my IP..it help me a bit this dinamic IP? i have seen anti ddos firewalls on internet..they are not good?

Software Firewalls can't stop Distributed Denial Of Service( DDoS).
They are usefull incase someone's attacking you via DoS.

DDoS- You are being attacked by hundreds of IPs and the Software firewall won't block them , only Hardware Firewall is going to filter them.

DoS- You are being attacked by a single IP address so even the software Firewall is going to block that specific IP.

 

[[GM]Terrorian]

but what about my dynamic IP? in case i am attacked..just reconnect to network change IP in ServerList.dat and start server again..this until attacker become bored and quit... it will work? im using no-ip as DNS.

 

[xDarKyx]

but what about my dynamic IP? in case i am attacked..just reconnect to network change IP in ServerList.dat and start server again..this until attacker become bored and quit... it will work? im using no-ip as DNS.

Yes ,some use this tehnique.
And probably after half an hour of having to find out your IP over and over again he'll get bored and just quit.
The main thing is to not let the attacker(or anyone else) know your DNS. ;]

 

[KarLi]

its normal to get hacked , and its ur fault that u cant do nothing bout it.
cus none spends some goød time to work on his files host web client etc and secure it as much he can . . .

it's really not that simple to be an gameserver owner : >

 

[Applesauce]

its normal to get hacked , and its ur fault that u cant do nothing bout it.
cus none spends some goød time to work on his files host web client etc and secure it as much he can . . .

it's really not that simple to be an gameserver owner : >

This is why people learn from there mistakes, ^^ yeh i had a bad start damaged my reputation abit, but now we seem to have a stable server so they decided to move onto other methods of messing with my server once again, learning from my mistakes, more security changes this time around GM accounts and password policy.

Made this topic for people to pool together ideas about how to help against hackers not for people to come and flame saying your fault if you get hacked. lol

Apple

but i do agree with you , hosting a private server is not for the faint hearted lol. If i made my server for profit i would have called it quits 2 months ago.

 

[KarLi]

This is why people learn from there mistakes, ^^ yeh i had a bad start damaged my reputation abit, but now we seem to have a stable server so they decided to move onto other methods of messing with my server once again, learning from my mistakes, more security changes this time around GM accounts and password policy.

Made this topic for people to pool together ideas about how to help against hackers not for people to come and flame saying your fault if you get hacked. lol

Apple

but i do agree with you , hosting a private server is not for the faint hearted lol. If i made my server for profit i would have called it quits 2 months ago.

i didn't came to flame its just the truth ;D ...
everyone wants to cheat in game and have free items and lvl and stuff.. so what they do find way and hack ur pc , attack it ddos it whatever they do..




what i recommend for ppl who gettin those problems is
shut down server for 2-3 days
and change SQL passes , muwebsite admin passes pc passwords everything
then search hard for a good security tips on google
and follow them ...
client can always gt hacked easy .. get the best antihack.dll u can find..
get great launcher which is secure
and secure ur main.exe pack it so even ur IP inside its hidden
secure ur pc firewall good
have a good antivirus
have ur router panel , modem secure too ..

also important its not to work alone on server
to work with team so someone can check the server and see whats going on etc..


its nice to have muserver but not nice if ur not experienced on it..

 

[Stifi]

----
client can always gt hacked easy .. get the best antihack.dll u can find..
get great launcher which is secure
and secure ur main.exe pack it so even ur IP inside its hidden
secure ur pc firewall good
----
1. client anti cheat is aways crackable (trust me, i'know why i sayd
2. server firewall will not help to protect , if the "owner" of d-machine dnt know what to do with it

 

[Applesauce]

Great pointers Stifi, thanks

 

[JeaN]

----
client can always gt hacked easy .. get the best antihack.dll u can find..
get great launcher which is secure
and secure ur main.exe pack it so even ur IP inside its hidden
secure ur pc firewall good
----
1. client anti cheat is aways crackable (trust me, i'know why i sayd
2. server firewall will not help to protect , if the "owner" of d-machine dnt know what to do with it

So you can crack BoR anti cheat mega hacker?

 

[xDarKyx]

Usualy it's easier to bypass the Game Guard than cracking it.

 

[Takamura12]

for new servers, its easy to hack. because usually admins install their 1st website with holes...
and some admins uses 1 easy password only for everything. 1 password for sql pass, admin acc. facebook, yahoo e-mail, hotmail, paypal and etc. :closedeyes:

so when the hacker hacks the website for the 1st time and found out ur pass...

then they know all about you.,

so i suggest, in the beginning.....you should make 1 strong password and try to use a different password for your e-mail and other stuff^^.

its just human errorstt1: (mostly)

 

[theguyontherun]

Man... the neewbie-ness...

First and foremost; [STOP USING ZONEALARM, MCAFFEE, ETC].
Use a good firewall that supports [SNORT RULES/IDS/IPS] and then you can filter traffic based on [PACKETS] not [IP ADDRESSES] and that will keep your servers from being "HACKED"...
Also, come on paying them to stop, its just the dumbest thing I have ever heard, EVER!!!!!!

If you are using 'template" based sites... well you deserve to get hacked, even more so if you arent smart enough to change all the default passwords.

On another note, if you have a "staff/team/mods/gms", whatever you want to call them, !!!!!!demand!!!! secure passwords and NEVER, EVER, EVER give them direct sql access.... [thats just stupid] .... make sure that you take it upon yourself to change your sql/web passwords and enforce strong passwords from your "staff/team", if a member wont follow the rules, then remove the bad apple before all the apples rot.