Yeah I think so too. Do you think there are ways to prevent those duping and zone crash hacks? Please shred me some lights. Security indeed a good offense especially for players.Originally Posted by jbeitz107
Yeah I think so too. Do you think there are ways to prevent those duping and zone crash hacks? Please shred me some lights. Security indeed a good offense especially for players.
If you are using K4 then the answer is no. It costs approx $2000/month to achieve the correct level of protection to guarantee that you will not be ddosed on your zones. There is no true software based firewall that can filter the good packets and bad bad packets without blocking all traffic. What you need is a hardware based firewall or some other form of protection with your DNS. These are the only suggestions I can suggest for K4.
If this is K6 then the answer has already been done in here which is the exploits for them. I don't have the information to give to resolve this other than what I have suggested to everyone. But, the flaws are in your boards, mail and /ashramlv using %. This is code used by both the zone.exe and HTLauncher.exe. It is used to send and receive information from both. Just a thought to think about.
sorry for the late reply. port scanners can easily determine your flaws. you can mirror your server (that means you have to pay a lot of $$$), or purchase hardware. But since this issues of exploits, it will continue to divulge in several ways. All of us knows how the SQL works... We know how Zones and HTLauncher connect with each other... We know well how SQLDAEMON.EXE and CHATSRV.EXE get our data from client... and we certainly know how packets are transmitted even though we alter the time stamps. This are the main exploits every tantra server is facing.
Disabling Ashramboards and Msgboards might lessen the damage. The server is prone to attack that most previous exploiters are still happily doing... because the files especially K4 (no 3-skillbar) has lack of protection from exploits... However, K5 has been addressed most of the exploits before it was discontinued.
MY experience, the server was attacked thru several ways... typing % /n /% on message boards, ashram boards or even simply on private message... the very dangerous one are trainers made in c++ that can directly connect like HTLauncher function and shuts down your server... the others are just resetting your server and duping items... some are HTLauncher based re-engineering... and several others to mention that totally stuck your server.
KyleMarvin give up his server online due to this exploits. but with his permission, only selected can connect thru online. I do the same. Less people, the more you know them... less connection., less exploits... You will also find who your real friends are.
I also re-engineered everything, because of several glitches that spawned... and resolve most of it. Friends are helping me by reporting glitches, so we all enjoy playing.
Ok thanks. So what are the key identifiers that you are using K4 and not K6 and vice versa? (K6 is equal to K5.2 correct?) Can I ask also what you have suggested?
------------------------------------------------------------------------------
I really like your principle sir and money is not everything for you and like me I value friendship as well. I really hope that there's a simple way to enable /ashramlv for this matter without damaging my server.
Btw, Ashram Online status is not that accurate. Some members are online but when you look in Ashram Window they are showing offline. Any how to fix this?
Last edited by PyroSamurai; 10-12-20 at 06:54 PM. Reason: multi-post
at sir elitegeek can you elaborate more regarding ashram status? it is just simple SELECT sql statement that extracts data and post online. and with regards to ashramlv it is the rank so, it is activated.
Sorry for the confusion. What I meant about ashram status is that when you press "G" to view your guild and the members online or offline. Because atm, like for example Player 1 is chatting in the guild chat but when you check it in ashram member Player 1 is showing offline.
..and with regards to /ashramlv is there other way I can enable this because atm I disabled it so no one can crash the zone using the the exploit code %s %n etc. and the consequence is that Ashram owners can't promote their members.
Appreciate your help.
Those that have it fixed are not willing to share how they have it done but, they haved offer hints so that you can figure it out.
I assume you have it fixed sir @jbeitz107?
And I thank everyone who shared the hint.
Maybe I should be thankful too if I could simply grab the hint but unfortunately I couldn't get it. I am really having problems with regards to this /ashramlv issue. Please shred me some lights and be forever thankful to you guys.
Thanks.
--------------------------------------------------------------------------
Hi again,
I hope everyone is going well. Just want to ask why Monthly Master Point is not updating. I have my server running for a month now but the MBrahmanPoints didn't reset back to 0. Any idea please.
Regards,
Last edited by PyroSamurai; 10-12-20 at 06:56 PM. Reason: multi-post
Hi sorry for just replying now... I have been looking for ISP bonding router. Fortunately after a long search, I have found 2 working routers... 1 from Australia and the other one from Sweden/Finland.
With regards to your query about Master Points not updating, you have to restructure your MSSQL table. using several scripts. Some shared by heterojeneo.
With regards to the ports found by port scanners... it is possible. But with the technologies, the bogus port somehow give the idea and drop packets everytime they wanted to access it. However it gives way to ping requests. For packet editors, its a new maze. Eventually they will find it but, I think it will take time. Thanks to KyleMarvin for referring some of them.
Right now my solution not just for Tantra Server but for all my servers is to bond 3 to 4 ISP's and make 1 Public IP. Hope this idea could help most server creating and developing team again. Still testing the vulnerabilities and glitches without disabling and compromising the game functions.
And to others inspiring me to do programming and developing job, I am now in a crash course of C++ and PHP Programming and luckily the fruit of my studies are working good. Also found some friends to manage and control/administer servers. Tantra is one of them. I call it "Tantra K5 Dark Terror Edition" just a name lol. And still restricting access to minimize casualties on server part. We maintain our servers without asking donations. Moreover, we enjoy most of the time (getting very serious will kill you).
Anyways, is there a way to reset the MBrahmanPoints back to 0 in .TAD files?
only by use of the gmtool to reset the accounts mb points. there is no other way at this time
Which part of the GMTool bro?
when you open up the accounts you can see the master points in it. simple reset them back to 0 and save the account
Reply With Quote