Author Topic: BIG smal problem  (Read 3970 times)

0 Members and 1 Guest are viewing this topic.

Offline Psycho_Chihuahua

  • Systemspecialist IT
  • Emperor
  • **
  • Posts: 1 054
  • Karma: +112/-1
  • I am wherever i want to be
    • PtokaX Luaboard
BIG smal problem
« on: 06 June, 2004, 23:54:42 »
Hi

I am running Ptokax Hub 0.326 TD4 and i have 1 small problem.


There is someone reading all PM's written. I don't know exactly who it is but i know he's running NeoModus DC.

Does someone know a) how he does that, and b) how i can stop him doing so?

Blocking all NMDC Clients wouldn't help seeming though i would lose more Users that way.

Gratefull for all Help
« Last Edit: 06 June, 2004, 23:57:45 by Psycho_Chihuahua »
PtokaxWiki ?PtokaX Mirror + latest Libs

01100001011011000111001101101111001000000110101101101110011011110111011101101110001000000110000101110011001000000101010001101111011010110110111101101100011011110111001101101000

PtokaX forum

BIG smal problem
« on: 06 June, 2004, 23:54:42 »

Offline Flux

  • Triple Ace
  • **
  • Posts: 150
  • Karma: +8/-0
  • Founder of House of Dance
    • House of Dance
(No subject)
« Reply #1 on: 07 June, 2004, 01:29:19 »
I am not an expert on this, but really i think it can't be done for a aperson able to read all PM sent in hub.

As i am sitting here looking at the script and looking at my hub and thinking if other programs can do this inside a hub. But i think this can't be done.

Tho I could be wrong. Hope others can asnwer you too.
? Official HoD Website - http://www.houseofdance.net
? Official HoD Hub Community -  hodhub.dyndns.org:2007

Offline Shurlock

  • Fulll Member
  • ****
  • Posts: 56
  • Karma: +1/-0
(No subject)
« Reply #2 on: 07 June, 2004, 01:40:03 »
Perhaps it would help all experts if you could tell how you noticed this?

If you're correct in your assumption, then there's a real leak somewhere! I'd hate to think of it!
« Last Edit: 07 June, 2004, 01:41:11 by Shurlock »
If it's raining and your roof leaks, fix the roof. DON'T try to stop the rain!!

Offline Corayzon

  • Lord
  • ***
  • Posts: 464
  • Karma: +1/-0
(No subject)
« Reply #3 on: 07 June, 2004, 02:49:48 »
awhile ago when i was hosting psydream i came accross the same feeling sometimes and then found some proof to back it up.

i had a user entering the hub, forcing himself in as a bot! what he was doing was spamming under the operators names, adding operators to the hub, and spamming fake users as ops accross the hub.

this leads me to beleive that there is indeed a backdoor in how the bots are loaded from ptokax, but i think this is fixed in the td4.99 release, but cant really say...

noza

Offline Psycho_Chihuahua

  • Systemspecialist IT
  • Emperor
  • **
  • Posts: 1 054
  • Karma: +112/-1
  • I am wherever i want to be
    • PtokaX Luaboard
(No subject)
« Reply #4 on: 07 June, 2004, 03:13:19 »
I was alerted by some of my Users

They were discussing something via PM and got answers from this other guy.

Like i say: i haven't a clue on how this guy does it, if it is a script, user command, fake bot or whatever. All i know is that he can read PM's.
« Last Edit: 07 June, 2004, 03:14:45 by Psycho_Chihuahua »
PtokaxWiki ?PtokaX Mirror + latest Libs

01100001011011000111001101101111001000000110101101101110011011110111011101101110001000000110000101110011001000000101010001101111011010110110111101101100011011110111001101101000

Offline Corayzon

  • Lord
  • ***
  • Posts: 464
  • Karma: +1/-0
(No subject)
« Reply #5 on: 07 June, 2004, 03:18:59 »
um, well, if its a bot, then anything can be done!

ppls passwords could be stolen, and hubs are completly open to attacks...

i sujest running td4.99 and see if the weird shit seems to happen still...if so, tri get a debug version (15.25) and see if it still happens again

also, who is this user? whats his name?

noza

Offline Psycho_Chihuahua

  • Systemspecialist IT
  • Emperor
  • **
  • Posts: 1 054
  • Karma: +112/-1
  • I am wherever i want to be
    • PtokaX Luaboard
(No subject)
« Reply #6 on: 07 June, 2004, 03:54:35 »
Quote
i sujest running td4.99 and see if the weird shit seems to happen still...if so, tri get a debug version (15.25) and see if it still happens again


I am already running TD 4.99  ;(  so i guess i'll give the debug version a try (if i find it)

As far as i can make out he goes under the name: sunshine

Btw: Build 15.25 is in beta stage as i gather so i cant get that  ;(  ;(
« Last Edit: 07 June, 2004, 04:03:36 by Psycho_Chihuahua »
PtokaxWiki ?PtokaX Mirror + latest Libs

01100001011011000111001101101111001000000110101101101110011011110111011101101110001000000110000101110011001000000101010001101111011010110110111101101100011011110111001101101000

Offline NotRabidWombat

  • Lord
  • ***
  • Posts: 384
  • Karma: +2/-0
(No subject)
« Reply #7 on: 07 June, 2004, 04:15:58 »
Ok, a person can not force himself/herself as a "bot". A bot is scripting interface through lua.

My first question, how secure are your password and your hub?

Next, do you use any kind of regme script?

Last, do you have any logs or actual proof of what is going on?

-NotRabidWombat


I like childish behavior. Maybe this post will be deleted next.

Offline Psycho_Chihuahua

  • Systemspecialist IT
  • Emperor
  • **
  • Posts: 1 054
  • Karma: +112/-1
  • I am wherever i want to be
    • PtokaX Luaboard
(No subject)
« Reply #8 on: 07 June, 2004, 04:33:38 »
I own one of three Hubs connected with MHS.
Only registered Users are allowed in.
No register script is available for anyone under Operator Status.
Scripts used are: SecuLite_V_0.44, a HubMail script, Nickbot and a ASCII Picture Bot. All translated into German.

Sorry but i dont have any Logs on that, just complaints from four of our Users that he has interfered with User to User Communication refering to what had just been said via PM and not through Mainchat.
PtokaxWiki ?PtokaX Mirror + latest Libs

01100001011011000111001101101111001000000110101101101110011011110111011101101110001000000110000101110011001000000101010001101111011010110110111101101100011011110111001101101000

Offline NotRabidWombat

  • Lord
  • ***
  • Posts: 384
  • Karma: +2/-0
(No subject)
« Reply #9 on: 07 June, 2004, 05:21:06 »
"Sorry but i dont have any Logs on that, just complaints from four of our Users that he has interfered with User to User Communication refering to what had just been said via PM and not through Mainchat."

Hrm, I wonder if there is some possible spoofing / packet snifing going on. Do these four users have something in common, such as they are all on the same subnet?

-NotRabidWombat


I like childish behavior. Maybe this post will be deleted next.

Offline Psycho_Chihuahua

  • Systemspecialist IT
  • Emperor
  • **
  • Posts: 1 054
  • Karma: +112/-1
  • I am wherever i want to be
    • PtokaX Luaboard
(No subject)
« Reply #10 on: 07 June, 2004, 17:07:01 »
No they don't

One Hub (my one) stands in Switzerland and the other 2 are in Germany.
The only possibility in that occasion would be that they have the same Provider.
PtokaxWiki ?PtokaX Mirror + latest Libs

01100001011011000111001101101111001000000110101101101110011011110111011101101110001000000110000101110011001000000101010001101111011010110110111101101100011011110111001101101000

Offline NotRabidWombat

  • Lord
  • ***
  • Posts: 384
  • Karma: +2/-0
(No subject)
« Reply #11 on: 07 June, 2004, 17:26:11 »
Not the hubs. The users, do the four users who were complaining have anything in common (take a look at their IPs)

-NotRabidWombat
« Last Edit: 07 June, 2004, 17:26:27 by NotRabidWombat »


I like childish behavior. Maybe this post will be deleted next.

Offline Psycho_Chihuahua

  • Systemspecialist IT
  • Emperor
  • **
  • Posts: 1 054
  • Karma: +112/-1
  • I am wherever i want to be
    • PtokaX Luaboard
2 providers
« Reply #12 on: 07 June, 2004, 21:20:04 »
Like i said:
Quote
The only possibility in that occasion would be that they have the same Provider

All four are with T-Online so they all have similar Dial-Up IP's.
« Last Edit: 07 June, 2004, 21:21:39 by Psycho_Chihuahua »
PtokaxWiki ?PtokaX Mirror + latest Libs

01100001011011000111001101101111001000000110101101101110011011110111011101101110001000000110000101110011001000000101010001101111011010110110111101101100011011110111001101101000

Offline NotRabidWombat

  • Lord
  • ***
  • Posts: 384
  • Karma: +2/-0
(No subject)
« Reply #13 on: 07 June, 2004, 22:15:52 »
Well, that is a possibility. What about the person who was listening in on the conversation?

-NotRabidWombat


I like childish behavior. Maybe this post will be deleted next.

Offline Psycho_Chihuahua

  • Systemspecialist IT
  • Emperor
  • **
  • Posts: 1 054
  • Karma: +112/-1
  • I am wherever i want to be
    • PtokaX Luaboard
(No subject)
« Reply #14 on: 07 June, 2004, 23:30:12 »
well he's not with T-Online as far as i know.

So could it be that he hacked them instead of the hub?

« Last Edit: 10 June, 2004, 08:20:22 by Psycho_Chihuahua »
PtokaxWiki ?PtokaX Mirror + latest Libs

01100001011011000111001101101111001000000110101101101110011011110111011101101110001000000110000101110011001000000101010001101111011010110110111101101100011011110111001101101000

PtokaX forum

(No subject)
« Reply #14 on: 07 June, 2004, 23:30:12 »