So guys, want the low down on actually MAINTAINING a JD server?

[Valkyrie]

Well guys, here it is.
I have tried and tried and tried again.
Security wise, Jade Dynasty is all but nearly a waste.
There is absolutely nothing you can do to stop people from getting in.


For example, cjack's Mailing Tool can be used by anyone, regardless of whether Port 24100 is open or not. And it just happens to be that one of my players/arseheads got their hands on it and poofed themselves +16 gears, OP espers and all sorts.

And not only that, but all of the MySQL & Apache loopholes, and the fact that most of us built our server files from raw means more security holes and more concerns.



So what did I do to fix it all?
I closed down my server.

You will never be able to seal off every loophole.
You will never be able to cut off any means of intrusion.


And better yet?
There's just some idiots out there that think hacking servers is fun.
Well let me tell you something mate...

The only fun you took away was the fun my players were having. You have brought no personal expense to me.


So before you start running off making JD servers... consider the following questions...

1. Do I have the skill required to seal off 99.9% of all security holes and uphold the protection and integrity of my users' data?

2. Do I have the required experience in any Operating System to make sure I can carry out Regular Security Checks to the best of my ability?

3. If there is any loopholes, what is the worst case scenario? And is it repairable?


I urge you to consider these and the tips below.
Most JD tools are unsafe.
All but most of the JD files are unsafe.
Most JD tools require no authentication on either side and work REGARDLESS of the ports they portrait they use.

Obviously, I don't possess the knowledge to make sure every possible breach point is sealed.
My lesson from that? Learn more before I do.


Sincerely,
Ling

 

[coolgirlpwns]

Which tools can be used to ruin a server? Is it really just the mailing tool u complaining about?

 

[cjack]

Well it's not a hacking tool nor should it be used, any gm can block it pretty simple , and about me hacking jd server ? i have no interest in this childish hobby , destruction is much simpler then creating , BUT i have 1 rule leave me and my servers alone and i'll leave u alone . simple , i now again i have ppl advertising and i warned them once , i hope they read this , and just for any one reading i'm not talking about Ling, i don't even know her server, please go ahead gm or mod who ever weals the sword and delete that mailer if it's a problem, but there are 100 of them instead of deleting i suggest learning from it . Ling if u need help blocking it just call me on msn i'll be happy to explain .

 

[Ron]

Packet filters. Problem solved.

 

[cjack]

well i did shear the mailer on the forum and to block it is simple u don't need packet filter , just don't open your gamedb port to the world -.- , and yes it's not a hack tool and if i wanted to destroy server why would i post it on here ? for every one 2 have ???? come on stop the bickering i thought u guy's wanna move up with the leaning curve a bit.. guess not ok stay and suffer from 2 much ego and 2 little eagerness to shut up and learn something . PPl that wanna lean know were 2 find me for the rest closed minded ppl just keep yelling , So far any one who contacted me i helped , as much i can , but i have no time for ppl with an ego bigger then there brain. The las thing i wanted is to come to this forum and start drama so i'll take my leave good luck with all your endeavors , and sorry for the crap engl -.-

Ow and PS. no one Luke instructs me to do any thing , i feel some one deserves it and i wanna give or sell it to them i will and it has no concern to any one but me, . .." instructed to share the x11 tools" piff this tools is own by me and payed by me and developed in part by me .

 

[Valkyrie]

I approached all methods of sealing off this tool for use...
Packet filters, Intrusion Detection methods, Port Sealing...
None of it worked.

If I find a permanent solution, I'll post.

 

[SheenBR]

All off-topic posts is deleted. Focus in the thread's subject and do not start whining about who is the greater dev, or who helped more the community and all that childish stuff. And this is not a tutorial actually, so I moved it to the right section.

 

[bytecode]

The chinese Iweb tool can also mess your server as well, if you allow all ports open.

Allow only port 80 and 29000, deny the rest!

 

[JiLing]

The Chinese iWebs tool also has the potential to be manipulated into a hacking tool quite easily with some C# editing, and this can be used to an advantage, so I tend to keep packet filters up on my servers at all times.

Beware: If a good hacker, they will only need a Source Port, not a destination port. This method is used to trick the server.
If you'd like to know more about it, PM me.

 

[Lynn]

yeah, that's the reason i don't share stuff that access the server in/directly.. they're too dangerous.

 

[Valkyrie]

Exactly.
It doesn't matter what you do..
My favourite quote...
"If a company could make a computer/server/system that was completely impenetrable and hack-proof, you wouldn't be able to use it."

All methods of hacking, cracking and exploiting all start with the user.

 

[cjack]

Sorry have not been around but to block this tool is easy just open 29000 game port for the net and close the rest unless it comes from your ip so u can use it, if u wanna lock it completely don't bind the game services to ip 0.0.0.0 bind it to 127.0.0.1 that is your loop back interface(localhost) but then not even iweb will work for the gm lol , best is on a normal Linux firewall u only need few simple rule ofc nice to run more complete but thisEILL do what u ask as in blocking iweb, mailer ect..

let's say u have a linux box it has 1 Ethernet(network card) mostly known as eth0 but can be changed to any thing then u will also have 1 called lo (localhost or loop back) so on your firewall in this case will use iptables as it comes with most linux distros by default even noobbunto use it but they call it something dif (ufb) but it's based on the same system. so this is what u need to do , there are 3 parts to it Input (data coming into the server) Forward (Data passing through the server after mangling it or changing it or natting it) then last output (data coming from your server it sending it out or data that came in got forwarded then coming out) Still with me ? ok so all u wanna do is drop all inbound connections, but make sure that port 29000(or what ever u change your game port to) is open and the trick is to also allow connection related to that , wen a client talks to a server first the state of the connection is new, then established then syn, now a basic firewall for jd could be this if u really wanna make it simple .
NOTE: THIS IS REALLY BASIC AND NOT A FULL FIREWALL BUT IT WILL STOP WHAT LING IS TALKING ABOUT

-A INPUT -p tcp -m tcp -i eth1 --dport 80 -j ACCEPT <<--(if u hosting your webpage on the same box)
-A INPUT -p tcp -m tcp -i eth1 --dport 29000 -j ACCEPT
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -i lo -j ACCEPT <<--(needed if u not binding your game services to 127.0.0.1)
-A INPUT -j REJECT

 

[rbb138]

Can somebody please explain this "mailer" exploit?

The serverfiles themselves are completely secure. They designed this server enviroment 8 years ago and still use it to this day on 10,000+ servers. Only port 29000 should ever be open, the rest should always be locked to 127.0.0.1 or lo network interface only (use nmap to scan open ports). You should also be aware that GS will broadcast in the 10xxxx range on 0.0.0.0 by default, or atleast it does in PW.

If you are having problems with bad tools then i do have some good news for you, it was recently worked out how to extract the labeled format of elements and tasks from any PWRD game in a matter of seconds. Tools should in time be universal across all PWRD games.

As for iweb, you should only ever use the stock iweb from the server package or an open source alternative such as pwAdmin is for PW.

3+ years experience with the PWRD server image

 

[DNC]

cjack nice of you to add the information for those out there that could use it. Take it easy bud.