PtokaX forum

PtokaX => Bugs => Topic started by: Psycho_Chihuahua on 06 June, 2004, 23:54:42

Title: BIG smal problem
Post by: Psycho_Chihuahua on 06 June, 2004, 23:54:42
Hi

I am running Ptokax Hub 0.326 TD4 and i have 1 small problem.


There is someone reading all PM's written. I don't know exactly who it is but i know he's running NeoModus DC.

Does someone know a) how he does that, and b) how i can stop him doing so?

Blocking all NMDC Clients wouldn't help seeming though i would lose more Users that way.

Gratefull for all Help
Title:
Post by: Flux on 07 June, 2004, 01:29:19
I am not an expert on this, but really i think it can't be done for a aperson able to read all PM sent in hub.

As i am sitting here looking at the script and looking at my hub and thinking if other programs can do this inside a hub. But i think this can't be done.

Tho I could be wrong. Hope others can asnwer you too.
Title:
Post by: Shurlock on 07 June, 2004, 01:40:03
Perhaps it would help all experts if you could tell how you noticed this?

If you're correct in your assumption, then there's a real leak somewhere! I'd hate to think of it!
Title:
Post by: Corayzon on 07 June, 2004, 02:49:48
awhile ago when i was hosting psydream i came accross the same feeling sometimes and then found some proof to back it up.

i had a user entering the hub, forcing himself in as a bot! what he was doing was spamming under the operators names, adding operators to the hub, and spamming fake users as ops accross the hub.

this leads me to beleive that there is indeed a backdoor in how the bots are loaded from ptokax, but i think this is fixed in the td4.99 release, but cant really say...

noza
Title:
Post by: Psycho_Chihuahua on 07 June, 2004, 03:13:19
I was alerted by some of my Users

They were discussing something via PM and got answers from this other guy.

Like i say: i haven't a clue on how this guy does it, if it is a script, user command, fake bot or whatever. All i know is that he can read PM's.
Title:
Post by: Corayzon on 07 June, 2004, 03:18:59
um, well, if its a bot, then anything can be done!

ppls passwords could be stolen, and hubs are completly open to attacks...

i sujest running td4.99 and see if the weird shit seems to happen still...if so, tri get a debug version (15.25) and see if it still happens again

also, who is this user? whats his name?

noza
Title:
Post by: Psycho_Chihuahua on 07 June, 2004, 03:54:35
Quotei sujest running td4.99 and see if the weird shit seems to happen still...if so, tri get a debug version (15.25) and see if it still happens again

I am already running TD 4.99  ;(  so i guess i'll give the debug version a try (if i find it)

As far as i can make out he goes under the name: sunshine

Btw: Build 15.25 is in beta stage as i gather so i cant get that  ;(  ;(
Title:
Post by: NotRabidWombat on 07 June, 2004, 04:15:58
Ok, a person can not force himself/herself as a "bot". A bot is scripting interface through lua.

My first question, how secure are your password and your hub?

Next, do you use any kind of regme script?

Last, do you have any logs or actual proof of what is going on?

-NotRabidWombat
Title:
Post by: Psycho_Chihuahua on 07 June, 2004, 04:33:38
I own one of three Hubs connected with MHS.
Only registered Users are allowed in.
No register script is available for anyone under Operator Status.
Scripts used are: SecuLite_V_0.44, a HubMail script, Nickbot and a ASCII Picture Bot. All translated into German.

Sorry but i dont have any Logs on that, just complaints from four of our Users that he has interfered with User to User Communication refering to what had just been said via PM and not through Mainchat.
Title:
Post by: NotRabidWombat on 07 June, 2004, 05:21:06
"Sorry but i dont have any Logs on that, just complaints from four of our Users that he has interfered with User to User Communication refering to what had just been said via PM and not through Mainchat."

Hrm, I wonder if there is some possible spoofing / packet snifing going on. Do these four users have something in common, such as they are all on the same subnet?

-NotRabidWombat
Title:
Post by: Psycho_Chihuahua on 07 June, 2004, 17:07:01
No they don't

One Hub (my one) stands in Switzerland and the other 2 are in Germany.
The only possibility in that occasion would be that they have the same Provider.
Title:
Post by: NotRabidWombat on 07 June, 2004, 17:26:11
Not the hubs. The users, do the four users who were complaining have anything in common (take a look at their IPs)

-NotRabidWombat
Title: 2 providers
Post by: Psycho_Chihuahua on 07 June, 2004, 21:20:04
Like i said:
QuoteThe only possibility in that occasion would be that they have the same Provider
All four are with T-Online so they all have similar Dial-Up IP's.
Title:
Post by: NotRabidWombat on 07 June, 2004, 22:15:52
Well, that is a possibility. What about the person who was listening in on the conversation?

-NotRabidWombat
Title:
Post by: Psycho_Chihuahua on 07 June, 2004, 23:30:12
well he's not with T-Online as far as i know.

So could it be that he hacked them instead of the hub?