Forum

ASSIST, AMERICA'S ARMY COMMUNITY - RELIVE THE GLORY DAYS OF AMERICA'S ARMY 2.5

Author Topic: caught the attackers  (Read 9456 times)

0 Members and 1 Guest are viewing this topic.

Offline Nick

  • Administrator
  • Loyal Member
  • *
  • Posts: 555
    • View Profile
Re: caught the attackers
« Reply #30 on: Friday, February 23, 2018, 12:51:40 PM »
@Merlin, since it is a Windows node I recommend installing the Hyper-V role/addon and on top of that you either have a set limit your SPLA license from the datacenter allows for installing Windows VPS's that you can allocate a specific core/RAM/disk space etc or if unable to go the Windows route then simply do linux based VM's and give the renters access via SSH etc if needed to their VM's.

I personally have most the AA servers running on linux and see much better performance and don't miss paintball map too much :P

Food for thought if you want to segregate things a bit or simply setup TCAdmin and just give them access to start/stop/File manager all for an extra $15/mo for peace of mind on your side bud through a web panel or if looking to go fully free/cheaper there look into firedaemon fusion web panel (will allow you to assign users access to reboot a specific service on the machine and only that one) and setting up file access via FileZilla Server to give each of your users a FTP account to just their game directory. This way you are not giving out full RDP access leaving you wide open to a lot of issues.

Best of luck!
« Last Edit: Friday, February 23, 2018, 12:54:24 PM by Nick »

Offline Alex

Re: caught the attackers
« Reply #31 on: Friday, February 23, 2018, 14:51:50 PM »
I will try to clear this up here. The ONLY way a stress test could affect a game server is if it is running on the computer that is running the AA server. That is it. So the person running the program would have to be on that server. This is not something a user can do on his own computer and affect some server somewhere.
This is NOT a security risk.

As for the calls for a ban. There will be no ban. Who you give access to your servers is completely up to you and if you get burned by it it's not up to use to hand out punishment for it.

Offline [F.U.N]Cpt

Re: caught the attackers
« Reply #32 on: Friday, February 23, 2018, 18:43:21 PM »
nick, im ask him linux? and he mean he cant handle it. perhaps he hears now to other. the point is a linux server is cheaper and runs better.
peace

Offline ronski

Re: caught the attackers
« Reply #33 on: Friday, February 23, 2018, 20:45:29 PM »
I will try to clear this up here. The ONLY way a stress test could affect a game server is if it is running on the computer that is running the AA server. That is it. So the person running the program would have to be on that server. This is not something a user can do on his own computer and affect some server somewhere.
This is NOT a security risk.

As for the calls for a ban. There will be no ban. Who you give access to your servers is completely up to you and if you get burned by it it's not up to use to hand out punishment for it.
Servers already crashed because of the action described above. If there's no security issue how someone was able to crash them just like that at the first place? I get it that you need to have privileges, you need to pay to get access to server files, and every action executed with privileges will leave a mark, so it all will be easily sorted out, but it doesn't remove the fact that crashing is still possible.

So as long as it's possible, I find it as an issue and if it's not a security issue then what is it?

Offline Alex

Re: caught the attackers
« Reply #34 on: Friday, February 23, 2018, 20:58:27 PM »
Servers already crashed because of the action described above. If there's no security issue how someone was able to crash them just like that at the first place? I get it that you need to have privileges, you need to pay to get access to server files, and every action executed with privileges will leave a mark, so it all will be easily sorted out, but it doesn't remove the fact that crashing is still possible.

So as long as it's possible, I find it as an issue and if it's not a security issue then what is it?
I don't think you're completely understanding what I am saying. The person who did this was given access to that server. They used their access to use a stress test program on the server. If they were never given access to the server, this wouldn't have been possible.  We're not talking about something like server admin here, we're talking FTP access to the machine the server is running on.

Not only is this not a security risk, it's not even an issue at all. Bottom line, don't give strangers direct access to your server. That's all there is to it.
« Last Edit: Friday, February 23, 2018, 21:00:52 PM by KiLLaMaN »

Offline [F.U.N]Cpt

Re: caught the attackers
« Reply #35 on: Friday, February 23, 2018, 20:59:31 PM »
kiss

Offline ~=W!CK!D=~

  • Epic Poster
  • ******
  • Posts: 1,614
    • View Profile
Re: caught the attackers
« Reply #36 on: Friday, February 23, 2018, 21:11:31 PM »
I don't think you're completely understanding what I am saying. The person who did this was given access to that server. They used their access to use a stress test program on the server. If they were never given access to the server, this wouldn't have been possible.  We're not talking about something like server admin here, we're talking FTP access to the machine the server is running on.

Not only is this not a security risk, it's not even an issue at all. Bottom line, don't give strangers direct access to your server. That's all there is to it.

Killa I dont thibk anyone has direct excess to his direct data. I thought he just rented servers and gave each server owner there own control and own pw to there own server. I can be mistaken
Not sure how merlin set things up. Long as these idiots cant ddos where happy

Offline Alex

Re: caught the attackers
« Reply #37 on: Friday, February 23, 2018, 21:22:03 PM »
Killa I dont thibk anyone has direct excess to his direct data. I thought he just rented servers and gave each server owner there own control and own pw to there own server. I can be mistaken
Not sure how merlin set things up. Long as these idiots cant ddos where happy
Right. He gave them FTP access to the server, which they could then add or remove files. That was the problem. Don't give people direct access to your server unless you completely trust them.

Offline [SWISS]Merlin

Re: caught the attackers
« Reply #38 on: Saturday, February 24, 2018, 08:44:20 AM »
Yes, i did trust him, like i did trust you Ronski. You had exactly the same access as he had, but he also did misuse the trust of another friend. Because he did not have a folder to put in (i deleted it with the server on his account), he used the folder of his friend, who did run/rent also a server. And copied the executable on his desktop and did start it. So sad it is.
As you now do know the whole story, i will lock this topic. And i still trust in the most of you guys, for sure.

Offline teddy_grizzly_bear

  • Used to be known as nobody
  • Administrator
  • Epic Poster
  • *
  • Posts: 5,699
  • what are you looking at?
    • View Profile
  • AA: teddy_grizzIy_bear
Re: caught the attackers
« Reply #39 on: Saturday, February 24, 2018, 17:17:35 PM »
Servers already crashed because of the action described above. If there's no security issue how someone was able to crash them just like that at the first place? I get it that you need to have privileges, you need to pay to get access to server files, and every action executed with privileges will leave a mark, so it all will be easily sorted out, but it doesn't remove the fact that crashing is still possible.

So as long as it's possible, I find it as an issue and if it's not a security issue then what is it?
If you give your computer's password to a friend and he comes in and formats your drive, it's not a security issue to do with your OS (be it Windows, Mac OS or Linux).

EDIT: Whoops, it's locked
« Last Edit: Saturday, February 24, 2018, 17:21:04 PM by teddy_grizzly_bear »
<image removed due to imgur stuff - probably for the best>

"Mathematics may be defined as the subject in which we never know what we are talking about, nor whether what we are saying is true." Bertrand Russell

 

Download Assist

×

Download Game Client

Important: Battletracker no longer exists. However, old Battletracker accounts may still work. You can create a new 25Assist account here

Download Server Manager