TS scripted again

Talon

Active Member
Yep, again. CGA ts server got hacked again. Its down for about half an hour right now so the scripts ping out and the people give up.

We had about 6 idiots get on the server and cause trouble just before we got hit.
 
Had 6 people get on, all Diff IPs, last person had a hacked TS client "g00ns Own!" was the ts client, instead of saying "Windows XP".

Then bandwidth usage jumped to 150KB/s and cpu usage maxed out a cpu, a 2.4ghz AMD Opteron.
 
lovely, sounds like they may have used a modified version of the team speex client designed for DOS attacks, might be time to start changing the password monthly to prevent casual jerks from walking in
 
Perhaps your right.

Still hasnt subsided, Most likely I'll have to leave TS down till tomorrow.
 
Yep, they are a known hacker community, yet the Law wont do anything about it.

For GW players, i'm hosting a backup server till tomorrow, others who dont play GW, pm or IM me for the info.
 
might want to put some limitation quotas on the user that ts is installed on, I know in linux you can limit the quotas on certain perameters for the user, probably caused the server to max out its memory, 160kbs is pretty nasty to be handling for a lightweight protocol.

Best bet is to file the log with teamspeak and they may release a patch to cover the exploit.
 
TS is backup and the attack has stopped. I'ma rotate the server Unregisted password once a month from now on.
 
if you have full access to the server you could set up snort to filter for certain perameters to add the offending ip to the block list in iptables, of course it would be a pain to test the settings to make sure it would work
 
about 99% of the people that get on have changeing ips, and they change evey 24 hrs so there is no real way to bock an ip
 
Perhaps its time to go someplace more secure like X-Fire or what about Vent.

Just find a place where stuff like that won't happen.
 
Oh I didn't know that you posted about vent.
I got rid of vent along time ago I didn't like it.
Nor do I use X-Fire or TS anymore.
I have no need at this time for such a thing.
To each his own.
However I do understand its benefts for gaming and clan meetings as well as bible studies etc, etc...
 
Do a whois on their ip and report them to their ISP with the time, ip, and a copy of the log. You need to report them or they wont learn their lesson...
 
I would, but i didnt take a screen shot of bandwidth usage or cpu usage via Top command. I have all logging on for TS, I have thier IPs and the date/time.

Make sure everyone that uses our TS server gets Registered, cause the Password will be changing quite frequentlly. To find out what the password is, check my Sig or Guild Wars message.

When you are Registered, it doesnt matter if you have the password or not.

Note* I backup TS SS (server side) almost every day and download it to my comp and also keep a folder on the server with backed up tgz's.
 
Last edited:
Submit whatever you have, even a partial match is enough for the isp to look for attacks, doing DOS attacks is against almost all ISP TOS, so if they are suspected the company has to look into it.
 
Why would people do stuff like that, what do they gain? Do they have fun makeing peoples lifes complicated?
 
Stc95 said:
Why would people do stuff like that, what do they gain? Do they have fun makeing peoples lifes complicated?

its a wierd question, however i believe a good answer is that, the world hates us. it hates us for what we stand for and who we serve. There is no real reason for people attacking us.
 
Back
Top