Tremulous Forum
Community => Servers => Topic started by: spidey1 on August 05, 2007, 03:48:25 am
-
i'm not sure if this is against the rules, i couldn't find a thread of rules for
this forum
there's been 3 or more people going around spamming the 2 servers
i'm a server admin of i'm pretty sure they've been doing it to other serves
that have pm's enabled...they'll spam everyone out of the game, then
sit there and spam others who try to connect, i've disabled pm's and banned
them took awhile but i managed to get there info from the logs
hope this helps other server admins.
http://fallin-angels.org/spammers
i also found this in the logs
http://fallin-angels.org/morons
--spidey
-
PM spam is fun, when you do it with friends. But it sucks when you're really trying to play. Rules are set by each individual server, not by the Tremulous devs (or community for that matter).
-
yea, but i'm talking about the rules for this forum, if there are any?
couldn't find 'em :)
-
yea, but i'm talking about the rules for this forum, if there are any?
couldn't find 'em :)
you mean these? (http://tremulous.net/phpBB2/viewtopic.php?t=4305) trem 1.2 will probabably include flood protection to keep this from happening, but until then you should play on servers with admins that can do something about it (well, you technically need a server op to check the logs for pm spam).
-
flux is a chronic pm spammer. the other day he tried to overflow me and ended up overflowing himself :roll:
-
yes, those but i figured there'd be a bit more than that :)
also, there's no time to actually alert a admin, they do it
with 2 or 3 people at one time, by the time you notice, you
get disconnected.it happened to me on my own server, i was
disconnected before i could even ban one of them.
-
yes, those but i figured there'd be a bit more than that :)
also, there's no time to actually alert a admin, they do it
with 2 or 3 people at one time, by the time you notice, you
get disconnected.it happened to me on my own server, i was
disconnected before i could even ban one of them.
ssh ftw (and consider lakitu's qvm, it has flood protection built in (but not enabled by default) iirc)
-
wait. i are cunfuzled about pm spam. i thought it disconnected both the spammer AND the spammed. if your comp is better than the other's though, you won't be disconnected?
-
wait. i are cunfuzled about pm spam. i thought it disconnected both the spammer AND the spammed. if your comp is better than the other's though, you won't be disconnected?
it's more about connection than your system specs, and as has been mentioned, it takes much less bandwidth if the load is split among more than one player.
-
(and consider lakitu's qvm, it has flood protection built in (but not enabled by default) iirc)
If I remember correctly myself, it's there and on by default, but doesn't cover private messages. However, my upcoming release has flood protection that is better as a whole and now covers all forms of /say, private messages, and admin commands.
-
flux is a chronic pm spammer. the other day he tried to overflow me and ended up overflowing himself :roll:
Thanks for stating the obvious
-
i'm not sure if this is against the rules, i couldn't find a thread of rules for
this forum
there's been 3 or more people going around spamming the 2 servers
i'm a server admin of i'm pretty sure they've been doing it to other serves
that have pm's enabled...they'll spam everyone out of the game, then
sit there and spam others who try to connect, i've disabled pm's and banned
them took awhile but i managed to get there info from the logs
hope this helps other server admins.
http://fallin-angels.org/spammers
i also found this in the logs
http://fallin-angels.org/morons
--spidey
Spidey I dont give a fuck that you put my IP's and GUID's out there, not hard to change mine and or spoof it :) You aren't dealing with a couple of kids here, we are not finished with your servers and forums. So you blocked a couple of web proxies who gives.
Subnet banning will do nothing, we are unstopable, GUID ban also impossible. Removing PMs from server, doesnt slow us down either, we have a bunch of ways to cause your server hell.
We have only targetted your server, heard a few have tried to copy us and failed at other servers though, you fuckin script kiddies.
Our spammers will become publically available in a few weeks once we finish fine tuning our scripts, as will all our other tools like the RCON bruteforcer and others scripts I won't name at this time.
X0rz spends alot of our time developing things to help fix tremulous. We spammed your servers, you turn off PMs, why dont you go get an antispam QVM like lakitu 7's for you server helps alot. We are a security group, once a few server rcon are cracked I bet anything everyone will have 18 character long RCON passwords. Personally I wont crack anything over 9 characters but that doesnt mean the other members wont develop anything :)
Expect 4 or 5 guys on there next time something happens, it might be tommorow, might be next week, might be never. Watch it.
~ ]X0rz[FluxflAsh0r]
-
Spidey I dont give a fuck that you put my IP's and GUID's out there, not hard to change mine and or spoof it :) You aren't dealing with a couple of kids here, we are not finished with your servers and forums. So you blocked a couple of web proxies who gives.
easily fixed
Subnet banning will do nothing, we are unstopable, GUID ban also impossible. Removing PMs from server, doesnt slow us down either, we have a bunch of ways to cause your server hell.
i'd really like to see this.
We have only targetted your server, heard a few have tried to copy us and failed at other servers though, you fuckin script kiddies.
why us?
scriptkiddies? you really expect me to believe you made this stuff?
wow, you can bind a few keys to spam, way to go you developer!
Our spammers will become publically available in a few weeks once we finish fine tuning our scripts, as will all our other tools like the RCON bruteforcer and others scripts I won't name at this time.
wow, you can bruteforce, goodjob, if this becomes i problem i'll post a wrapper for trem that'll use iptables to ban a ip after x amount of failed tries
X0rz spends alot of our time developing things to help fix tremulous. We spammed your servers, you turn off PMs, why dont you go get an antispam QVM like lakitu 7's for you server helps alot. We are a security group, once a few server rcon are cracked I bet anything everyone will have 18 character long RCON passwords. Personally I wont crack anything over 9 characters but that doesnt mean the other members wont develop anything :)
as stated before, easily fixed, lets see you change your ip after 4 failed
logins, every...single...time, a "security team" doesn't go around doing
malicious activities after they've already found a flaw, they post the proof
of concept and send a copy to the devs of that app so they can fix it
you're nothing more than a group of people that have way to much time
on there hands and can't do anything more than bind a few keys in a game
get a life
Expect 4 or 5 guys on there next time something happens, it might be tommorow, might be next week, might be never. Watch it.
goodluck
you may concider this flaming, i'm just stating the obvious, if it's to much
sorry, edit it :)
if you concider the facts, we have your real ips,i'm sure your isp would be happy to know of this, with all the cyber-laws should we test this theory?
spidey
-
Trying to force people to fix problems by adding to them is wrong. See plague bringer's 'anti-spam' spam.
-
Everybody wants to calm down here and stop suggesting doing nefarious things, or bans will be handed out.
-
as stated before, easily fixed, lets see you change your ip after 4 failed
logins, every...single...time, a "security team" doesn't go around doing
malicious activities after they've already found a flaw, they post the proof
of concept and send a copy to the devs of that app so they can fix it
you're nothing more than a group of people that have way to much time
on there hands and can't do anything more than bind a few keys in a game
get a life
Yes but we are not security teams, we are individuals who can't live without fun. Dretch-bsuit model hack found, publicized -> OMG HAX ! Open source -> aimbots, wallhacks, released -> ZOMG HAX !! Sucking security -> PM spam -> ZOMG WTF HAX !!!
And shut up, it's not fun until you get to really do it. (0) hax
for( n = 1;; n++ ) {
(n): hey (n-1) you motherfucking h4x0r, why the fuck do you hack?
(n-1): shut up (n), here's the hax and fuck off
}
-
Not a big issue towards me.
-
[quote="spidey teh douchebag]if you concider the facts, we have your real ips,i'm sure your isp would be happy to know of this, with all the cyber-laws should we test this theory?
[/quote]
Im scared mommy
-
This is just retarded. Stop. Now.
-
Sounds like this is becoming too much of an epidemic for me to wait until my next release to put the fix into my qvm. I'll try and put out a new 4.x + the new flood protection tomorrow afternoon sometime, followed by its regularly scheduled inclusion in my slick new 5.x release when it's been good and tested in a couple weeks.
-
This thread has had me laughing for the last 20minutes, gg work newbs.
-
ty thorn, I was everyone whose GUID ended in ^1X0rz^7 :D
yaah spiedy we r ubr hak3rs plz dunt get me in trubbel by mah ISP
iptables, also lol, auto-switch IPs after said x-amount of tries
my ISP is bellsouth-ilm, current IP is 68.221.239.171, hope this helps get rid of those darn spammers! ):<
-
MOD EDIT:No need to give us your information. Deleted for now.
Stop deleting mah infos!
-
omg lfux now u get in trubbel 2 :\
wtf speidy pls dont tell on us bbq.
-
lol, now you're sounding pathetic, isn't this spamming?
either way, last time i'm looking at this thread :)
-
I lol'd.
-
lol, now you're sounding pathetic, isn't this spamming?
either way, last time i'm looking at this thread :)
OH NOES! ITS LAS TIME THE CREATOR LOKS AT HIS THREAD!!!! LETS ALL RUN AND EAT PANCAKES!
Incase you haven't noticed spidey1, if that is your real name, this forum is filled with alot of spam, and this cannot be classified as spam, it is classified as a reply to your idiotic topic.
AM OWN ALL SPIDEYS SERVARS!!! R A W R!
-
Yep, this might be his real IP 70.48.14.11, not to good with IPs though, so i'm sorry if i'm wrong. (It's a pretty old IP from a long time ago)
-
Yep, this might be his real IP 70.48.14.11, not to good with IPs though, so i'm sorry if i'm wrong. (It's a pretty old IP from a long time ago)
Browser to http://192.168.2.1
Hit the button that says disconnect
Hit the button that says connect
Browse to C:\documents and settings\fluxflashor\local settings\application data\tremulous\base
Rename qkey to oldguid
Boot up trem
Open up console type /exec hax.cfg
Cause more hell with Spidey
TYKTKXBAI
-
Yep, this might be his real IP 70.48.14.11, not to good with IPs though, so i'm sorry if i'm wrong. (It's a pretty old IP from a long time ago)
Browser to http://192.168.2.1
Hit the button that says disconnect
Hit the button that says connect
Browse to C:\documents and settings\fluxflashor\local settings\application data\tremulous\base
Rename qkey to oldguid
Boot up trem
Open up console type /exec hax.cfg
Cause more hell with Spidey
TYKTKXBAI
70.48.0.0/16
65.95.0.0/16
65.92.0.0/16
209.221.0.0/16
have fun server ops (i think at least one of those is a bit smaller than a /16, but it's pretty close)
-
Yep, this might be his real IP 70.48.14.11, not to good with IPs though, so i'm sorry if i'm wrong. (It's a pretty old IP from a long time ago)
Browser to http://192.168.2.1
Hit the button that says disconnect
Hit the button that says connect
Browse to C:\documents and settings\fluxflashor\local settings\application data\tremulous\base
Rename qkey to oldguid
Boot up trem
Open up console type /exec hax.cfg
Cause more hell with Spidey
TYKTKXBAI
70.48.0.0/16
65.95.0.0/16
65.92.0.0/16
209.221.0.0/16
have fun server ops (i think at least one of those is a bit smaller than a /16, but it's pretty close)
I laugh at the fools that think they can ban me LMAO
Server Ops, this is an invite for you all to ban my IP addresses, I will continue getting more of them, I only play on my server anyways, so it doesnt really matter.
-
You don't seem to understand how IPs work. The bans listed by kevlarman would ban all IPs that you could possibly get through your ISP. Sure, it would ban a good chunk or Bell Canada customers, but oh well. You cannot get any potential IP in existence, you are limited to the range leased by bell canada. The range can very easily be looked up on teh intarweb.
A firewall rule could be set up instead, so you wouldn't even see the server to know it exists.
Sure, you could use tor or another proxy. Pretty extensive lists exist which would only need to be pointed to by some pretty simple scripts to block those at the firewall. It wouldn't stop you completely, but it would mean even more work for you to connect to a simple server.
What I mean is:
You can piss in your neighbors pool all you want. They won't really mind so much, the chlorine will take care of it. But you'll never be invited to their parties. In fact, they'll never help you in any way.
But you just go on pissing all over everyone. We're used to watching people grief like crazy, and then cry that noone talks to them when they've had a change of heart.
-
I have done an early update of my qvm to address this issue.
http://tremulous.net/phpBB2/viewtopic.php?t=4902
-
Im lost whats Flux done apart from hacking SST?
-
This thread is in large part what's wrong with Tremulous, and why I don't frequent here much anymore...
First, Timbo, you really need to bring out the ban hammer on flux. He openly admits (and is quite arrogant) about griefing a tremulous server admin. You would think the devs (and mods) here would show a little more appreciation to the server ops.
Second, in conjunction with the first, this board is way too tolerant of flamers and spammers. Wasn't so in the past. And so what if you have to start banning left and right for a few weeks as they continually create new accounts. They'll eventually get tired or get with the program. And if you're not up to the task, maybe you shouldn't be a moderator here.
Third, spidey, I would suggest you direct an email to his ISP and state that he's flooding your server (comparable to a DOS in effect). Just attach this email thread as well. When flux's ISP drops his service, watch how quickly you get his attention. If someone is hosting your server, contact them as well. Apparently, you don't get much support here from this community.
-
You don't seem to understand how IPs work. The bans listed by kevlarman would ban all IPs that you could possibly get through your ISP.
Then get the IPs that your ISP doesn't provide. Ever heard of an IP spoofer? Freely available to any g00n, 4chan, X0rz, or curse-x registered member that feels like using the search button on the forums.
-
One word: Proxies.
We can't ban all of them, people. :-?
Hopefully people too stupid to learn to play, a.k.a Cheaters, are too stupid to adopt these.
-
Your ping through a proxy sucks.
-
Why don't we just ban the whole world and make Tremulous invite only? :P
-
This thread is in large part what's wrong with Tremulous, and why I don't frequent here much anymore...
First, Timbo, you really need to bring out the ban hammer on flux. He openly admits (and is quite arrogant) about griefing a tremulous server admin. You would think the devs (and mods) here would show a little more appreciation to the server ops.
We do show appreciation and I am all for banning him. That you can't see what goes on behind the scene is sad since you were a nice member back then and I don't think you've changed.
Second, in conjunction with the first, this board is way too tolerant of flamers and spammers. Wasn't so in the past. And so what if you have to start banning left and right for a few weeks as they continually create new accounts. They'll eventually get tired or get with the program. And if you're not up to the task, maybe you shouldn't be a moderator here.
Moderators currently cannot ban. It is not our fault. We can only delete and contain. And yes we have been to tolerant but only because the rules that were set up actually had an unwritten one alongside them. It was 'Use your common sense'. But people don't want to and now we're in the shitpool.
Third, spidey, I would suggest you direct an email to his ISP and state that he's flooding your server (comparable to a DOS in effect). Just attach this email thread as well. When flux's ISP drops his service, watch how quickly you get his attention. If someone is hosting your server, contact them as well. Apparently, you don't get much support here from this community.
Indeed, if possible this is a course of action which is totally legal since most ISPs forbid his intent. And what support is there to give? An all-out flamewar?
-
use your brains and stop complaining about grievers...
- patch the qvm
- disable rcon
- use server-unique-guids
- ban by subnet :)
-
use your brains and stop complaining about grievers...
- patch the qvm
- disable rcon
- use server-unique-guids
- ban by subnet :)
+1
But this does show how many flaws there are in Tremulous.
-
omg, why u paople gotta b hatin on fluxs security team!
-
omg, why u paople gotta b hatin on fluxs security team!
I KNOW EH GREEN? X0rz FTW!
-
games are not good places to show your leet hacking skills. they are not made to be secure but fun
-
In many cases, 'not being secure' can lead to 'not being fun'.
-
In many cases, 'not being secure' can lead to 'not being fun'.
I would have to agree with that. Why is punk buster introduced in so many games? It gets rid of the cheaters [most of the time]. Cheating is done because of insecurities. The server fixed their spam issue which makes the game fun again.
Games have to be ruined to help make the game itself more secure.
-
In many cases, 'not being secure' can lead to 'not being fun'.
I would have to agree with that. Why is punk buster introduced in so many games? It gets rid of the cheaters [most of the time]. Cheating is done because of insecurities. The server fixed their spam issue which makes the game fun again.
Games have to be ruined to help make the game itself more secure.
.....if people didn't ruin the games, then they wouldn't have to be more secure.
-
Games have to be ruined to help make the game itself more secure.
that is not a good reasoning ... you can always find a way to ruin games
welcome to the open source gaming
-
There is the kind of people that always pulled legs from spiders and there the kind of people that would bring a wounded bird home.
-
Games have to be ruined to help make the game itself more secure.
that is not a good reasoning ... you can always find a way to ruin games
welcome to the open source gaming
Ruining games has nothing to do with open source. Where there are assholes, there is a will to crap on everything. (figuratively and literally)
See Gears of War and other very very closed source games where you can't even really load an aimbot or use some other kind of external exploit. People still find a way.
-
See Gears of War and other very very closed source games where you can't even really load an aimbot or use some other kind of external exploit. People still find a way.
Sorry, but i have to bring it up.
Ever read about the hackers on a small game called halo 2?
-
LoL Halo is full of aimbot just type it in youtube watch the aimbots...
-
Since this thread is kind of about Fluxflashor versus spidey's server, I'll move it to the appropriate section.
Well, not exactly the appropriate section, since we lack a garbage bin.
-
better lock it. it is about hacking
-
flux is not part of a "security team". Do not insult real security teams with that. You know, the ones with the sense not to brag that they cannot be caught or stopped.
While its true that proxies cannot be blocked completely, it is also true that so many of them can be blocked that it would make it time consuming to find one that isn't. It is also true that using an unblocked proxy maliciously exposes that fact to the operator, causing it to soon be blocked. I won't even go into the difficulty of finding a proxy with a low enough ping to allow you to connect to a server. If this became a problem, I would think that operators would share proxy blocking lists and methods quite readily. Sadly, this is what happens with free services (like proxies and game servers) when people abuse them.
Computer security is a risk/reward calculation, not the creation of the perfectly secure system. Such a system does not exist in the real world. Using security flaws to crack public systems, particularly donated systems that were created to have fun, is a testament to the ego of the person doing the cracking, and nothing else.
-
There is the kind of people that always pulled legs from spiders and there the kind of people that would bring a wounded bird home.
And then there are the people that ripped legs from birds and that would bring a wounded spider home.
Or was that just me?