I'd need some help from RZ community with this problem:
A few days ago, a new kind of hacker appeared on our PT server.
He is able to create items ingame, such as he has GM rights...
He's using a NPC skin, so i can't see his name or anything else.
I think he's acting like this:
Using a modified server.exe wich is able to connect to our main PT server. He put himself in his local hotuk file, connects his client to his server, and his server is connected to OUR pt server.
Basically, he's able to connect to any PT private server through a modified server.exe, with GM rights...
it looks like a pro hacker
i cant help you that much but this what i was do
change the hotuk gms into id and not ip untill you found a better way to fix it because he hack you and log as gm by his ip and not id
just put "//" b4 the DEBUG_IP
I think that is the wrong way around. His ID is checked by HIS server, and then he plays your game.
I would say, your server logs who is logged in and who isn't? Use a "tail" program to disconnect anyone playing who is not in that list.
How do you know who is playing and who is logging on? Connection live for more than 10 Seconds? How long does it take to log in?
If you use a different login server to your game server, then the trick is kin'a easy, because the login server will create the log, tail will use that to open the IP to the game server, and the game server will let them play ONLY if YOUR login server has authenticated them. Your Tail program should then close the IP to the game server when the player logs out again.
What if I don't have two servers? Yea, most of us don't, and then you just need to kill any connection that has been active for too long without being logged as a logged in player.
This is actually an old trick, but it's used more commonly by other server owners trying to take down their competition than by cheaters.
Does Ultimate Defence address this issue DarkKnight? I know it's the sort of way it works.
The ideal way to stop it once and for all would be to have a proxy gateway, that would only accept and pass on game play signals to the server if it has seen valid logon details from that IP and an password accepted packet from the server back to it already. But that would take a lot of development time, and I'm sure you want to stop them quick.
Hope that there is something in there you can use.
--Edit
Some ideas of "tail" style software that may help.
Alternatively, you could call the Server-2003 Resource Kit "tail.exe" command with the "-t" option on todays log from an AutoIt script redirecting output to your script (as I did for the GUI version of the automated database setup tool) and catch logon and logoff entries updating your firewall (or PeerGuardian2) with allow and block IPs.
--Edit
Err... The NT command "NetStat" with the option "-ant" might give you a good idea which IPs are currently connected to your system, but you'd have to call that repeatedly to find out how long they have been active... I'm struggling to find a program that would just run in the background logging to file new connections and disconnections. Especially if it would log only one port. :s
--Edit
Wait! Of course, NetStat / NetStatP from SysInternals! Unfortunatly Microsoft obviously didn't like this tool as they are not distributing it now they own SysInternals... luckily, I keep backups, and with source. Please see attachment.
the login server is on the same host as the PT server and it doesnt create any connection logs, only in the "(Àü¾÷)9¿ù29ÀÏ.log" ... But that file only shows who had connected that day to the server, not the live connections...
It's kinda hard to solve, that's why i asked some support here...
Yes... that is odd. My servers usually log everyone logging in, and logging out. But a lot of logging is turned on or off via the Server hotuk.ini. I never know what enables or disables what.
Dynamic IPs are not used nation wide in any country to my knowledge. To do that, the nation would have to act as ISP for all users... that's usually a lot more work that any nation wants.
China and very small countries maybe. (Not because China is a very small country of course, but they do take more control over users internet usage than most nations.) Maybe, like Tahiti or Jamaica... I'm fairly certain there are a couple of good Jamaican ISPs, but something that size of nation. Nothing much bigger than Belgium I wouldn't think.
I have seen some smaller UAE nations that seem to interchange Dynamic IPs a fair bit... In any case, WhoIs will tell you the block... ban the block. If that is a small nation, that's just too bad.
I think if it costs the custom of a single nation, I could do without even China to keep that kind of hacker at bay.
Reply With Quote
