Regarding 2.2.3.2 Server Free hack possibility

[Magenik]

Hello guys as 2.2.3.2 is so dam vulnerable
we have to catch hacker by our own

atm i'm working on all server side for able to re-enable log that we missing for check who is hacking

so in wait i've decide to make it public on SVN so owner of server can block account and search also who is hacking

atm i can catch hacker by SQL query that i run on server for know who has item i 'm don't give to players its how i catched him

https://www.assembla.com/spaces/rf-p...s_Black_listed

so here i will post his info IP/MAIL used and password he used also

And moderators here can search also who use that IP so he will have an eyes on him on forum

[MentaL]

[Magenik]

just catch that guy on RZ

he was on my Facebook page so i pmed him and link him here

he is BlackMax here from RZ communauty :) lamer man

[Busman]

Yeah some people have no respect for others and basically some servers turn into war zones and people trying ti close them down with hacks.

[Magenik]

Well i just catch him
right now my server is not protected as it should be because i just came back after 3 years of inactivity on RF

so first i need implement things for make ppl come back ect

then when players will be happy i'll work on security etc....


but this guy is so lame he can't even think that if he hack with low population we wont catch him

in DB all his stuff was from GM command lolll well i got him on facebook and here on RZ ppl will know that is this guy who try hack :) (maybe hakced their server too)

[Busman]

Yeah one of the reasons i don't work on 2.2.3.1 just so many unknowns and a lot of bugs.

Should be a fix for the none gms spawning gm items.

[Magenik]

I will post a Tutorial how implement "ipsec Policies" for block Hacker

So far you can see on his picture he posted on his facebook
that he use GM command from his client

https://fbcdn-sphotos-a-a.akamaihd.n...95824223_o.jpg

so the only way for now for block it is change all GM command on Zone

atm i dunno how this is possible but i'll work on it :)

[Busman]

I think nova posted a fix for it basically stopping unauthorized users form being able to use gm commands.

[Magenik]

Found the thread but not sure if it's what you are talking about
http://forum.ragezone.com/f152/help-...7/#post7116850

[ROSLAW]

I've warned you in a previous thread, be careful in sharing information and files on RF.
Many people from my country is a member here just to be a leecher and use it for something bad.

That's why I do not like when there are people who always give answers, information, and file for any problems in RF Online without letting them try to solve it first.

because things like that just makes them so dependent with all the files and information from us

[Magenik]

I've warned you in a previous thread, be careful in sharing information and files on RF.
Many people from my country is a member here just to be a leecher and use it for something bad.

That's why I do not like when there are people who always give answers, information, and file for any problems in RF Online without letting them try to solve it first.

because things like that just makes them so dependent with all the files and information from us

and who the hell are you for saying me / judge me about if i want share or not

let me tell you something if from the past we never share file no one today will have RF server

sharing info = make you able to fix things
how u can fix something if no one know about it ? u will keep it for u ? then fine also tell me why you are on ragezone then if u wont share? leeching ?

and you say be carefull !!! loll i dev RF since 2004 i stopped 3 years for sure but i'm one of the old RF dev around here
the first one passed away aka Akaruz we was in same team when started dev RF
we had hackers and found always the way for block them

so year sharing is always good make you with more knowledge else i don't know why you try to be a developper if u can't fix things :)

[ROSLAW]

Since I joined here I also learned from you guys, I'm trying to learn every explanation and tutorial of you. I just made a thread to ask if I find a problem I can not solve.
That's why the number of my posts to date only 50.

until now I finally know and understand how to make RF Online Private Server. thank you to you all

reading and trying the best thing to be able to understand anything.

Ask before trying or studying will not solve the problem. That's what the new members at this time, they only know how to ask. but they do not want to try and learn it first.

and who the hell are you for saying me / judge me about if i want share or not

let me tell you something if from the past we never share file no one today will have RF server

sharing info = make you able to fix things
how u can fix something if no one know about it ? u will keep it for u ? then fine also tell me why you are on ragezone then if u wont share? leeching ?

and you say be carefull !!! loll i dev RF since 2004 i stopped 3 years for sure but i'm one of the old RF dev around here
the first one passed away aka Akaruz we was in same team when started dev RF
we had hackers and found always the way for block them

so year sharing is always good make you with more knowledge else i don't know why you try to be a developper if u can't fix things :)

no no i`m not judge u... u miss undestanding with me
sorry for that. i just wont u becarefull if share anything

[Magenik]

You should be happy that i share here^^

and please stay on topic its about hacking not sharing

[ROSLAW]

Okay sorry for that

Back to topic

I know the ip is from my country
This is the information

inetnum: 115.124.76.156 - 115.124.76.159
netname: TACHYON-SUBNET-CLIENT
descr: G_Games.Net
descr: Bandung
descr: Bandung
country: ID
admin-c: BA96-AP
tech-c: RK2011-AP
status: ASSIGNED NON-PORTABLE
remarks: Send Spam & Abuse report to: abuse@tachyon.net.id
mnt-by: MAINT-ID-TACHYON
mnt-irt: IRT-ID-TACHYON
changed: hostmaster@tachyon.net.id 20110127
source: APNIC

route: 115.124.64.0/19
descr: Route object of PT Remala Abadi
descr: Broadband Internet Service Provider
descr: Jakarta Selatan
origin: AS38511
country: ID
mnt-by: MAINT-ID-TACHYON
changed: hostmaster@idnic.net 20110526
notify: noc@tachyon.net.id
source: APNIC

person: Budi Aditya
address: JL Kejaksaan 201-202
address: Pondok Bambu - 13430, Jakarta - Timur
address: DKI - Jakarta, Indonesia
country: ID
phone: +62-21-8611746
fax-no: +62-21-84994564
e-mail: hostmaster@tachyon.net.id
nic-hdl: BA96-AP
mnt-by: MAINT-ID-TACHYON
changed: hostmaster@tachyon.net.id 20060801
source: APNIC

person: Rianto Kurniawan
address: Graha Mustika Ratu
address: JL Gatot Subroto Kav 74-75 12780, Indonesia
country: ID
phone: +62 21 8611746
fax-no: +62 21 84994564
e-mail: rianto@tachyon.net.id
nic-hdl: RK2011-AP
notify: hostmaster@tachyon.net.id
mnt-by: MAINT-ID-TACHYON
changed: rianto@tachyon.net.id 20110124
source: APNIC

I think i know who he is
he use WPE packet to run command GM in normal account and the value of the packet is obtained after recording the GM account when performing command GM

by filtering out some of the value of the packet, it can create a normal account to get permission to run the command GM

just my opinion
CMIIW

[novanakal]

all files from rf-dev just pure files, not edited for separating Account Normal and GM Account.

lets talk about it,..
everythings in Serverside, CCR have do this from thief.
different with 223 files...

1 offset from zoneserver , can solve this prob.


and for you magenik.
its has been ascertained, he use WPE, RPE, SPE, Charles Proxy, NPE and other like that. Sending Packet.

change GM Command not 100% protect your Command GM.
i have all Hex Bad Packet for GM Command, not recording from WPE like Roslaw said

[Ron]

Why not share the method in a tutorial? Don't spoonfeed by giving everyone files, just post up how to do it. Once hackers know the fix then they will find a way around it. If they do eventually find a way to bypass it then we know the method isn't 100% secure.

By sharing knowledge regarding hacking we can work to prevent them. Sharing fixes forces hackers to find new methods. Eventually they wont be able to find a new method for hacking and they'll be forced to play on servers whos owners are too lazy to learn to fix their files.

[novanakal]

iam not sure bout this method...

some ppl have selling this method for own self.
and they say "This is my work"
and this method, not my work. but some offset i 've reconfig for some improvement

my big thx for Edaks, Emka and Trirozhka
their's my teacher, how to use IDA PRO
you save my server


only a few ppl that I'll tell ,...
Ron / Magenik , You can PMing Me.

[lifestream]

what we would need is a public ip blacklist that authorized server owners could update (to avoid randoms adding legal players they don't like to blacklist or hackers screwing it on purpose) so the list could be used for servers around to block listed potential hacker IP-s.
I just wish that gamecp would save banned user IP-s to the txt log also Oo. Tho... lol could create a simple script to get ip from useraccount table and store it. hmm

[Busman]

There was a anti hack created for another game that was integrated into rf tho it was buggy and had major defects with its run cycle. The anti hack was basically given out to server owners and had 1 master database updated when these owners found new hacks i am sure it could be recoded to have it also IP block and stop people connecting via the client also.

Doesn't sound all that good but could work also the database was updated and never required a client patch but i could be mistaken.

[jbrannon2]

oh if you want a list of "known' hackers, my I've been running the same firewall for 3+ years now and have a list out of this world.

Granted, alot of these are now obsolete with the better and better anti-cheat programs out. As far as searching for those utilizing GM commands to get items on 2.2.3.2 a vast majority come from Russia / China IPs. I ended up block nearly all of russia,china, and brazil

the fastest way to check for them (though not convenient) on 2.2.3.2 is to use TextCrawler and search through the Item logs for the word "Cheat" gets most of them but will pick up your GMs also

what we would need is a public ip blacklist that authorized server owners could update (to avoid randoms adding legal players they don't like to blacklist or hackers screwing it on purpose) so the list could be used for servers around to block listed potential hacker IP-s.
I just wish that gamecp would save banned user IP-s to the txt log also Oo. Tho... lol could create a simple script to get ip from useraccount table and store it. hmm

woudlnt' be that hard, i can write one up.

I have so many stupid scripts it's not funny. I actually keep in database old / new passwords upon change password
in order to track MAVing and scammed accounts as before there was no way to tell.

Code:

Use RF_User_GA  /*  Change to your USER Database name*/

SELECT [serial]
      ,convert(varchar(15),[id])
      ,szReason
      ,[lastconnectip]
    
  FROM dbo.tbl_UserAccount
  inner join dbo.tbl_UserBan on dbo.tbl_UserAccount.serial =  dbo.tbl_UserBan.nAccountSerial 
  Where exists
  (select * from dbo.tbl_UserBan
  where dbo.tbl_UserBan.nAccountSerial = dbo.tbl_UserAccount.serial  and nPeriod > '100000') and lastconnectip <> '0'
  order by lastconnectip

you can put it out as a report and have a hard copy though won't be pretty.

Ok, editted it to ignore "Temp Bans" and cleaned it up to put them in order to make easier to see.

I had to add the "lastconnectip <> '0'" because i do dormant blocks and they don't have a connect IP on them. most won't need that

[lifestream]

well i was thinking about it and it will come out more complex then initially thought - cuz of cafes. So id have to add a new column to useraccount (accept nulls to avoid it breaking procedures etc). So the column would be "cafe ID" - if user gets banned ill just let a trigger also remove the cafe id - and when saving ip-s to a file it would skip all with the cafe id anything but NULL (need to still find a nice way to add the cafe id to users, that isn't manual db edit). Then use a nice script to import the ip list to the firewall and block them all. - but that would mean lots of wasted resources. Wonder if there is a decent way to add IP-s to existing rule through DB (could turn it into a nice little trigger).

[jbrannon2]

well i was thinking about it and it will come out more complex then initially thought - cuz of cafes. So id have to add a new column to useraccount (accept nulls to avoid it breaking procedures etc). So the column would be "cafe ID" - if user gets banned ill just let a trigger also remove the cafe id - and when saving ip-s to a file it would skip all with the cafe id anything but NULL (need to still find a nice way to add the cafe id to users, that isn't manual db edit). Then use a nice script to import the ip list to the firewall and block them all. - but that would mean lots of wasted resources. Wonder if there is a decent way to add IP-s to existing rule through DB (could turn it into a nice little trigger).

could just make it column 'Cafe' make it bit type 0 = user 1 = cafe user

Then check against 1 during search.

The trigger wouldn't be too hard. Forcing it to spit out a hard file report that is structured they way you need immediately for a firewall import may be the more pressing matter.

I have a report that comes out daily and gives me all the temp bans on the server so i keep a hard copy for those "problem" players. but if you're running a job and "append" the file you'll get the
column heads etc.. in the file which would not meet the format requirements


The query i had i noticed had alot of false positives, rewriting it to include ban reason and verify it is 100% accurate before posting again

Code re-written to include ban reason also. And definitely more accurate, my bad if anyone got it before, i put the inner join in wrong spot

[lifestream]

yeh still in case of the 0/1 for cafe id would need a convenient way to update it for players who actually are from cafe.

im looking if sql triggers support the use of powershell or CMD. the firewall management is using netsh.
Also id filter by ban type. sometimes char is allowed to play again from scratch, or some of hes accounts are banned.

[jbrannon2]

yeh still in case of the 0/1 for cafe id would need a convenient way to update it for players who actually are from cafe.

im looking if sql triggers support the use of powershell or CMD. the firewall management is using netsh.
Also id filter by ban type. sometimes char is allowed to play again from scratch, or some of hes accounts are banned.

as for cafe players, i'm assuming you have them PM you in forums or something to give you there accounts.
a simple page could be written with an insert that GMs have access to. Sure it's manual but easily done in those cases

I do something similar with password recoveries. Since the GameCP i use only gives the main password to the users, i have a page set up
that retrieves both the password and Fireguard password / hint and emails it immediately to the address on the account.
The GMs only have to know the account name and Submit, they're done

[Chobito]

I fixxed this fucking hack by editing the zoneserver with IDA.

damn annoying hack...fixxed one week ago...but I suppose there will be new ones...,,and ill finish deleting the zonseserver xD

[letjen]

all files from rf-dev just pure files, not edited for separating Account Normal and GM Account.

lets talk about it,..
everythings in Serverside, CCR have do this from thief.
different with 223 files...

1 offset from zoneserver , can solve this prob.


and for you magenik.
its has been ascertained, he use WPE, RPE, SPE, Charles Proxy, NPE and other like that. Sending Packet.

change GM Command not 100% protect your Command GM.
i have all Hex Bad Packet for GM Command, not recording from WPE like Roslaw said

and don't forget block port 28000