AAO25.com
America's Army => General Chat => Topic started by: [SWISS]Merlin on Wednesday, February 21, 2018, 18:41:33 PM
-
good news!!
i did find the other attackers doing bad to our community. it was Cpt.Blei, i will send you the proof tomorrow. enjoy now a free and undisruptable game.
and to say, it was a real poor kind of trying ......
btw: blei, you are out - barnes you will get the 20 euros back tomorrow
-
hhaha boyayayaya
-
it was not a ddos attack. he jumped on the server of his friend and started a stressing cpu tool. so the server was 100% on cpu load. only because the did start that tool. and now, i guess he did loose another friend. a real poor action, maybe drunk, but not really understandable.
i wil ask the community - with the proof tomorrow - to have him banned out of this game.
good night, enjoy a free and smooth game now.
and thanks for the trust in this all. you see, the time will fix this all.
-
your fault after insult me, you give me this and i show you the hole, say thx and stop insult me. noob
-
ähn merlin? i used also my by you. noob
-
fine
-
das war gemein nicht war? warum bist du es mir gegenüber? schöhn zu sehen das auch ein merlin lernt :D
damit hat er nicht gerechnet.
-
and my take was online for all, merlin is not the superman :D. i say this all time in game, by fb and ansta. open chat on 3 sites
-
I have described the error in merlins configuration on three platforms. 2 weeks ago. I have not ddossed, look for 158.181.79.153. he is just incapable and outdated
-
i lost a friend? no hear him since 2 months. alter komm mal back to earth.
-
Good Job merlin? Was me, Not him. He found nothing, was my
-
Admin can do the oppriate thing now. Life ban him now all admin.
-
[N.U.F]Cpt.BLEI232 there are manny ways to make a point...
but i see that your communication skills are as bad as your AA-skills.
messing up the servers and gameplay off ALL the people donating to it is really not the way! :shock:
Really immature.
-
First of it, I would like to thank you all because of supporting this nice game and its community. And no, it is not my game, I only try to help that it will not die soon. Behind this, it is very sad to see some players doing as much as they can to attack it and the fun of all of us. This all now is going to another chapter. And it is not easy – at least for me – to understand why.
The most of you do know that we had excessive distributed denial of service (DDoS) attacks in the past – almost over one year. Because none of you did it before, I tried to find a solution against those attacks. And with the help of Possessed, I did try to find a datacenter which do protect servers against those DDoS attacks. After three unsuccessful tests with different datacenters, we did find a professional datacenter located at the Netherlands, which is doing the protection very good – but sadly not as cheap as we would like to have. The costs for this service is Euro 292.40 each month.
I tried my very best to show you all the concept to protect our servers as well as how to use this new service as a server owner. And I did know that one of the server owners, renting such a server, could be a possible attacker. During December, you all had the chance to test this new concept for free. And at this point, the sad new chapter starts.
[N.U.F.]Cpt.BLEI232 also tested one of those servers, letting me know that he would like to rent one of it to support this game and its community. And as every server owner do need an account to login, Cpt.BLEI232 also had one of those accounts - with the login name of "NUF". Since about three weeks, we could see that our new protected servers did – from time to time - react like they would have been attacked. But after searching through several log files, nothing did look like an attack - since yesterday.
As you can see, while using the links below, BLEI shamelessly used the confidence in him by installing a CPU stressing program, which he did run yesterday so hard, that all servers crashed!
I do not understand, why he did this to all of us. To the server owners, which do pay the 20 Euros each month, to the players and it's fun to play this game in peace. I do not understand why he shows us a face from a nice guy and in the back ground he is doing this accompanied with lies about others. Sad to see this kind of attack, misusing the trust in him. For sure I did now cancel his account, and sorry that I did it not earlier.
Here is the proof of it:
http://www.mediafire.com/view/1s2wq19f39fwfur/22-02-2018%2000-35-58.jpg
http://www.mediafire.com/view/o7g7jtm7ltgsygg/22-02-2018%2000-36-32.jpg
-
https://picload.org/view/dadlpcol/lol.jpg.html seid drei wochen? LÜGNER
leute grundlos doof machen ist dein ding wie ich sehe. ich muss mich nicht von dir beleidigen lassen unterhalb der gürtellinie. da sollte man sich nicht wundern wenn zurück gefeuert wird.
-
Cpt ma homie is clean merlin go sleep!
-
merlin write to me he can ddos. wow, strange. he say to me hi is administrator by SWISS bank. and we see? he have experience in it. I showed the alleged fox how to attack from within. instead of a thank you for showing the security hole, there is even more hate from him. HERE, look at this. his servers were literally rubbed up like a vacuum cleaner. What a superadmin of money everyone wants. In assist chat I only see money money. do not be fooled. the next admin who gets angry could do just that. you are not independent, you are dependent on a single person. are you crazy?
-
stoppe das beleidigen und lügen und ich verrate keine internas der letzten 5 monate. kleine auszüge? okt2017: "VANOKE DOOF", sagt merlin. ich so? ok, ich schaue mal ob man euch beide nicht wieder verbinden kann. ergebniss? verbunden. dumm über h. aka VANOKE hat er trotzdem geredet. next? "ich weis das es eddie ist, ich würde so gern zurück ddos, ich kann das. eddie ist raus." ergebniss? eddie ist raus. davon mal abgesehen das du wie ein staubsaugevertreter den leuten hier was aufgequatscht hast. pass auf: wann waren die angriffe vorbei? nachdem ihr beiden euch wieder verbrüdert habt. ganz geile action. noch mehr? ja die sechse die bei h.noch mitmachen, sind alle doof. das gehtze gegen vanoke und seinen 2.8.5 usern war bei dir sofort an der tagesordnung und ich habe auch seine meinung dazu gehört. H, im not your enemy, but i think you :). der richtige feind versucht gerade hier die macht an sich zu reissen. merlin? mir ist es egal ob ich irgendwo ein admin bin, aber ich bin es nunmal bei vielen. was wollte ich nun damit sagen? ich mache sowas gerne und unterstütze und verlange nicht eine gegenleistung. ddos ist weg seid 93. . . . . .
und noch etwas. freunde? hier? bekanntschaften ja, etwas dicker mit einigen aber freunde? das ist ein onlingame im bereich killing. oh men.
-
wait merlin I'm a bit confused , Stress My PC is stress testing software to do a computer stress testing?? by running this software will take down servers, I can't agree on him earning a ban for using that software it's not like what eddie was doing
maybe you can explain it better , just just by him running that software shouldn't be able to take down servers alone??
-
yes wicked, i show him a security whole and now? :banned:
-
i just want merlin to explain it a bit better cause if that software does what he says it does to servers then anyone can do this not just you
-
its simple. you got this
-
i just want merlin to explain it a bit better cause if that software does what he says it does to servers then anyone can do this not just you
No. The only way a stress test could bog down a server is if it was running on said server. The screenshots must have been from the machine running the servers or none of this makes any sense.
-
It was like KillaMan did say. There is no security whole, he did use a regular account to jump on the server where he did know the password. Then, in his own environment, he could - also normal - run this cpu stressing program. And we do not run a virtual machine on each account (would cost much more then 300 euros), therefore a 100% cpu load will block all accounts, servers and everything. It runs as designed. So he jumped on the server with a known account and password and did it.
And yes Wickid, everybody with an account on this server can do it. As you can stop and start your own server there (but only your own server, not others. But you can run a program - works as designed). This is the part of trust i did not understand... So he is banned now and can't do nothing more there.
-
Cpt.Blei You could easily discuss it with other serverowners if you really think this was a security issue...its not....
the only security issue is the admin of the server itself....you! :mad:
Merlin took appropriate action by cancelling his servers because the trust is gone...
I mean a hacker can probably shut down the whole game by hacking the sites.... but should we allow a hacker to do this to proof that he can??
I don"t think so.
if the community doesn't ban you ,than I already did it on my ddos and now lagg free server thanks to merlin .
-
It was like KillaMan did say. There is no security whole, he did use a regular account to jump on the server where he did know the password. Then, in his own environment, he could - also normal - run this cpu stressing program. And we do not run a virtual machine on each account (would cost much more then 300 euros), therefore a 100% cpu load will block all accounts, servers and everything. It runs as designed. So he jumped on the server with a known account and password and did it.
And yes Wickid, everybody with an account on this server can do it. As you can stop and start your own server there (but only your own server, not others. But you can run a program - works as designed). This is the part of trust i did not understand... So he is banned now and can't do nothing more there.
Cpt.Blei brought up one big ass security hole imo. Similar usage leaves a mark and can easily be spotted afterwards but it's still possible - therefore anyone with privileges can cause same or even worse. I honestly don't know but I guess his actions weren't meant to be harmful, if it was just a test and a reminder that even this kind of arrangement isn't flawless? I personally never gave a thought if you could stress a datacenter like that by installing a software on it to crash it all, clearly someone else have been wondering about it and there's no other way to be sure about it than give it a try, if it works it's a serious risk and needs to be taken care of, if it doesn't work then there's no need to worry. Clearly this method kills the whole service so it's a security hole. Have I missed something very obvious or why I think we should actually thank Blei for figuring this one out than wondering should he be banned or not?
Is there a way to prevent this happening again? Could you simply block file edit permissions from users and add exceptions to .ini- etc game files that needs to be edited personally?
-
I do not understand in this,but anyone who harmed the game should get life ban.
the player's base was down due to the previous ddos and similar things.
-
I try to repeat, this is not a security issue. It works as designed! We would need separate vm's for each server/user to be sure or save. But this would cost much more to do so.
What is better? Having a bit trust in the server owners or pay more for save server?
I did prefer first way. And i do trust in server owners that they do not missuse it like Blei did (he was not even a server owner, 20 Euros was to much for him to pay). He only misused the trust i gave to him with login in to the account he had while testing it (i did not canceled it, my fault).
If anyone others would like to run a server with protection, feel free to do so. I would be in for renting one.
Now i will not comment this further, i know what it was and it will not come up again. and yes, blei will be banned on swiss for sure, maybe other server owners will follow. Not my deal.
-
he should be banned.
I don't need a noob to look for "security holes" and test how you can put a whole community down.
we all know how we can crash our pc's...
it's like installing a hack and when banned afterward saying i only installed to see what it does...
You know what a cpu overload tool does and you know what a hack does.
STAY AWAY FROM IT.
do we allow it?I don't
-
I try to repeat, this is not a security issue. It works as designed! We would need separate vm's for each server/user to be sure or save. But this would cost much more to do so.
What is better? Having a bit trust in the server owners or pay more for save server?
I did prefer first way. And i do trust in server owners that they do not missuse it like Blei did (he was not even a server owner, 20 Euros was to much for him to pay). He only misused the trust i gave to him with login in to the account he hade while testing it (i did not canceled it, my fault).
If anyone others would like to run a server with protection, feel free to do so. I would be in for renting one.
Now i will not comment this further, i know what it was and it will not come up again. and yes, blei will be banned on swiss for sure, maybe other server owners will follow. Not my deal.
So because you can crash the whole service like that (because it works like designed), it's a feature - not a security issue? If the feature is no security issue, is handing an account a security issue then, because with privileges you can abuse the feature? :) How ever I agree that abusing the feature should result a ban to datacenter, but hypothetically speaking - was installing other software to server forbidden in ToS? Just saying for some people you have to put everything straight, otherwise you will end up screwed lol
(https://i.imgur.com/BNmPIgv.png)
Anyway I think it's good that this kind of feature is now known, but it feels like there's something else between you two than just this, otherwise this thread wouldn't exist :)
-
@Merlin, since it is a Windows node I recommend installing the Hyper-V role/addon and on top of that you either have a set limit your SPLA license from the datacenter allows for installing Windows VPS's that you can allocate a specific core/RAM/disk space etc or if unable to go the Windows route then simply do linux based VM's and give the renters access via SSH etc if needed to their VM's.
I personally have most the AA servers running on linux and see much better performance and don't miss paintball map too much :P
Food for thought if you want to segregate things a bit or simply setup TCAdmin and just give them access to start/stop/File manager all for an extra $15/mo for peace of mind on your side bud through a web panel or if looking to go fully free/cheaper there look into firedaemon fusion web panel (will allow you to assign users access to reboot a specific service on the machine and only that one) and setting up file access via FileZilla Server to give each of your users a FTP account to just their game directory. This way you are not giving out full RDP access leaving you wide open to a lot of issues.
Best of luck!
-
I will try to clear this up here. The ONLY way a stress test could affect a game server is if it is running on the computer that is running the AA server. That is it. So the person running the program would have to be on that server. This is not something a user can do on his own computer and affect some server somewhere.
This is NOT a security risk.
As for the calls for a ban. There will be no ban. Who you give access to your servers is completely up to you and if you get burned by it it's not up to use to hand out punishment for it.
-
nick, im ask him linux? and he mean he cant handle it. perhaps he hears now to other. the point is a linux server is cheaper and runs better.
peace
-
I will try to clear this up here. The ONLY way a stress test could affect a game server is if it is running on the computer that is running the AA server. That is it. So the person running the program would have to be on that server. This is not something a user can do on his own computer and affect some server somewhere.
This is NOT a security risk.
As for the calls for a ban. There will be no ban. Who you give access to your servers is completely up to you and if you get burned by it it's not up to use to hand out punishment for it.
Servers already crashed because of the action described above. If there's no security issue how someone was able to crash them just like that at the first place? I get it that you need to have privileges, you need to pay to get access to server files, and every action executed with privileges will leave a mark, so it all will be easily sorted out, but it doesn't remove the fact that crashing is still possible.
So as long as it's possible, I find it as an issue and if it's not a security issue then what is it?
-
Servers already crashed because of the action described above. If there's no security issue how someone was able to crash them just like that at the first place? I get it that you need to have privileges, you need to pay to get access to server files, and every action executed with privileges will leave a mark, so it all will be easily sorted out, but it doesn't remove the fact that crashing is still possible.
So as long as it's possible, I find it as an issue and if it's not a security issue then what is it?
I don't think you're completely understanding what I am saying. The person who did this was given access to that server. They used their access to use a stress test program on the server. If they were never given access to the server, this wouldn't have been possible. We're not talking about something like server admin here, we're talking FTP access to the machine the server is running on.
Not only is this not a security risk, it's not even an issue at all. Bottom line, don't give strangers direct access to your server. That's all there is to it.
-
kiss
-
I don't think you're completely understanding what I am saying. The person who did this was given access to that server. They used their access to use a stress test program on the server. If they were never given access to the server, this wouldn't have been possible. We're not talking about something like server admin here, we're talking FTP access to the machine the server is running on.
Not only is this not a security risk, it's not even an issue at all. Bottom line, don't give strangers direct access to your server. That's all there is to it.
Killa I dont thibk anyone has direct excess to his direct data. I thought he just rented servers and gave each server owner there own control and own pw to there own server. I can be mistaken
Not sure how merlin set things up. Long as these idiots cant ddos where happy
-
Killa I dont thibk anyone has direct excess to his direct data. I thought he just rented servers and gave each server owner there own control and own pw to there own server. I can be mistaken
Not sure how merlin set things up. Long as these idiots cant ddos where happy
Right. He gave them FTP access to the server, which they could then add or remove files. That was the problem. Don't give people direct access to your server unless you completely trust them.
-
Yes, i did trust him, like i did trust you Ronski. You had exactly the same access as he had, but he also did misuse the trust of another friend. Because he did not have a folder to put in (i deleted it with the server on his account), he used the folder of his friend, who did run/rent also a server. And copied the executable on his desktop and did start it. So sad it is.
As you now do know the whole story, i will lock this topic. And i still trust in the most of you guys, for sure.
-
Servers already crashed because of the action described above. If there's no security issue how someone was able to crash them just like that at the first place? I get it that you need to have privileges, you need to pay to get access to server files, and every action executed with privileges will leave a mark, so it all will be easily sorted out, but it doesn't remove the fact that crashing is still possible.
So as long as it's possible, I find it as an issue and if it's not a security issue then what is it?
If you give your computer's password to a friend and he comes in and formats your drive, it's not a security issue to do with your OS (be it Windows, Mac OS or Linux).
EDIT: Whoops, it's locked