To all Tantra newbie developers I think you might like this

[A v a r a]

It doesn't matter how many times you change your ports. There are programs that will always find those ports no matter what. You can't block everthing.

Yeah I think so too. Do you think there are ways to prevent those duping and zone crash hacks? Please shred me some lights. Security indeed a good offense especially for players.

 

[jbeitz107]

If you are using K4 then the answer is no. It costs approx $2000/month to achieve the correct level of protection to guarantee that you will not be ddosed on your zones. There is no true software based firewall that can filter the good packets and bad bad packets without blocking all traffic. What you need is a hardware based firewall or some other form of protection with your DNS. These are the only suggestions I can suggest for K4.

If this is K6 then the answer has already been done in here which is the exploits for them. I don't have the information to give to resolve this other than what I have suggested to everyone. But, the flaws are in your boards, mail and /ashramlv using %. This is code used by both the zone.exe and HTLauncher.exe. It is used to send and receive information from both. Just a thought to think about.

 

[Terrified]

sorry for the late reply. port scanners can easily determine your flaws. you can mirror your server (that means you have to pay a lot of $$$), or purchase hardware. But since this issues of exploits, it will continue to divulge in several ways. All of us knows how the SQL works... We know how Zones and HTLauncher connect with each other... We know well how SQLDAEMON.EXE and CHATSRV.EXE get our data from client... and we certainly know how packets are transmitted even though we alter the time stamps. This are the main exploits every tantra server is facing.

Disabling Ashramboards and Msgboards might lessen the damage. The server is prone to attack that most previous exploiters are still happily doing... because the files especially K4 (no 3-skillbar) has lack of protection from exploits... However, K5 has been addressed most of the exploits before it was discontinued.

MY experience, the server was attacked thru several ways... typing % /n /% on message boards, ashram boards or even simply on private message... the very dangerous one are trainers made in c++ that can directly connect like HTLauncher function and shuts down your server... the others are just resetting your server and duping items... some are HTLauncher based re-engineering... and several others to mention that totally stuck your server.

KyleMarvin give up his server online due to this exploits. but with his permission, only selected can connect thru online. I do the same. Less people, the more you know them... less connection., less exploits... You will also find who your real friends are.

I also re-engineered everything, because of several glitches that spawned... and resolve most of it. Friends are helping me by reporting glitches, so we all enjoy playing.

 

[A v a r a]

If you are using K4 then the answer is no. It costs approx $2000/month to achieve the correct level of protection to guarantee that you will not be ddosed on your zones. There is no true software based firewall that can filter the good packets and bad bad packets without blocking all traffic. What you need is a hardware based firewall or some other form of protection with your DNS. These are the only suggestions I can suggest for K4.

If this is K6 then the answer has already been done in here which is the exploits for them. I don't have the information to give to resolve this other than what I have suggested to everyone. But, the flaws are in your boards, mail and /ashramlv using %. This is code used by both the zone.exe and HTLauncher.exe. It is used to send and receive information from both. Just a thought to think about.

Ok thanks. So what are the key identifiers that you are using K4 and not K6 and vice versa? (K6 is equal to K5.2 correct?) Can I ask also what you have suggested?

------------------------------------------------------------------------------

sorry for the late reply. port scanners can easily determine your flaws. you can mirror your server (that means you have to pay a lot of $$$), or purchase hardware. But since this issues of exploits, it will continue to divulge in several ways. All of us knows how the SQL works... We know how Zones and HTLauncher connect with each other... We know well how SQLDAEMON.EXE and CHATSRV.EXE get our data from client... and we certainly know how packets are transmitted even though we alter the time stamps. This are the main exploits every tantra server is facing.

Disabling Ashramboards and Msgboards might lessen the damage. The server is prone to attack that most previous exploiters are still happily doing... because the files especially K4 (no 3-skillbar) has lack of protection from exploits... However, K5 has been addressed most of the exploits before it was discontinued.

MY experience, the server was attacked thru several ways... typing % /n /% on message boards, ashram boards or even simply on private message... the very dangerous one are trainers made in c++ that can directly connect like HTLauncher function and shuts down your server... the others are just resetting your server and duping items... some are HTLauncher based re-engineering... and several others to mention that totally stuck your server.

KyleMarvin give up his server online due to this exploits. but with his permission, only selected can connect thru online. I do the same. Less people, the more you know them... less connection., less exploits... You will also find who your real friends are.

I also re-engineered everything, because of several glitches that spawned... and resolve most of it. Friends are helping me by reporting glitches, so we all enjoy playing.

I really like your principle sir and money is not everything for you and like me I value friendship as well. I really hope that there's a simple way to enable /ashramlv for this matter without damaging my server.

Btw, Ashram Online status is not that accurate. Some members are online but when you look in Ashram Window they are showing offline. Any how to fix this?

 

[Terrified]

at sir elitegeek can you elaborate more regarding ashram status? it is just simple SELECT sql statement that extracts data and post online. and with regards to ashramlv it is the rank so, it is activated.

 

[A v a r a]

Sorry for the confusion. What I meant about ashram status is that when you press "G" to view your guild and the members online or offline. Because atm, like for example Player 1 is chatting in the guild chat but when you check it in ashram member Player 1 is showing offline.

..and with regards to /ashramlv is there other way I can enable this because atm I disabled it so no one can crash the zone using the the exploit code %s %n etc. and the consequence is that Ashram owners can't promote their members.

Appreciate your help.

 

[jbeitz107]

Those that have it fixed are not willing to share how they have it done but, they haved offer hints so that you can figure it out.

 

[A v a r a]

Those that have it fixed are not willing to share how they have it done but, they haved offer hints so that you can figure it out.

I assume you have it fixed sir jbeitz107?

 

[Terrified]

And I thank everyone who shared the hint.

 

[A v a r a]

And I thank everyone who shared the hint.

Maybe I should be thankful too if I could simply grab the hint but unfortunately I couldn't get it. I am really having problems with regards to this /ashramlv issue. Please shred me some lights and be forever thankful to you guys.

Thanks.

--------------------------------------------------------------------------

Hi again,

I hope everyone is going well. Just want to ask why Monthly Master Point is not updating. I have my server running for a month now but the MBrahmanPoints didn't reset back to 0. Any idea please.

Regards,

 

[Terrified]

Hi sorry for just replying now... I have been looking for ISP bonding router. Fortunately after a long search, I have found 2 working routers... 1 from Australia and the other one from Sweden/Finland.

With regards to your query about Master Points not updating, you have to restructure your MSSQL table. using several scripts. Some shared by heterojeneo.

With regards to the ports found by port scanners... it is possible. But with the technologies, the bogus port somehow give the idea and drop packets everytime they wanted to access it. However it gives way to ping requests. For packet editors, its a new maze. Eventually they will find it but, I think it will take time. Thanks to KyleMarvin for referring some of them.

Right now my solution not just for Tantra Server but for all my servers is to bond 3 to 4 ISP's and make 1 Public IP. Hope this idea could help most server creating and developing team again. Still testing the vulnerabilities and glitches without disabling and compromising the game functions.

And to others inspiring me to do programming and developing job, I am now in a crash course of C++ and PHP Programming and luckily the fruit of my studies are working good. Also found some friends to manage and control/administer servers. Tantra is one of them. I call it "Tantra K5 Dark Terror Edition" just a name lol. And still restricting access to minimize casualties on server part. We maintain our servers without asking donations. Moreover, we enjoy most of the time (getting very serious will kill you).

 

[A v a r a]

Anyways, is there a way to reset the MBrahmanPoints back to 0 in .TAD files?

 

[jbeitz107]

only by use of the gmtool to reset the accounts mb points. there is no other way at this time

 

[A v a r a]

only by use of the gmtool to reset the accounts mb points. there is no other way at this time

Which part of the GMTool bro?

 

[jbeitz107]

when you open up the accounts you can see the master points in it. simple reset them back to 0 and save the account

 

[A v a r a]

when you open up the accounts you can see the master points in it. simple reset them back to 0 and save the account

Thats the BrahmanPoints right? but what I meant was MBrahmanPoints (monthy master points)

 

[Terrified]

in my opinion, MBrahmanPoints was a subsidiary of Master Point that displays in the Website (not the actual Master Point) so it can be reverted to zero by creating an sql script. (e.g. SELECT * from dboTantra WHERE MBrahmanPoint > 0; ).

That's my opinion. But I don't revert them to 0. I don't know for what purpose is that.

 

[A v a r a]

in my opinion, MBrahmanPoints was a subsidiary of Master Point that displays in the Website (not the actual Master Point) so it can be reverted to zero by creating an sql script. (e.g. SELECT * from dboTantra WHERE MBrahmanPoint > 0; ).

That's my opinion. But I don't revert them to 0. I don't know for what purpose is that.

Yes I already tried that SQL Script it did reset the MBrahmanPoints in SQL to 0 but when the player logged back in his MBrahmanPoints goes back to what it was before. So I am thinking this should be done in .TAD files (account file/player files).

 

[Terrified]

That Area was not in my scope so I believe you should try GM tool as suggested by jbietz107. Thats the only access you can reach in .TAD file.

 

[A v a r a]

Anyone knows how to prevent this error in Zone Logs = "-system err GetGuildID:[]"

Appreciate your response guys!