Forum

ASSIST, AMERICA'S ARMY COMMUNITY - RELIVE THE GLORY DAYS OF AMERICA'S ARMY 2.5

Author Topic: caught the attackers  (Read 9441 times)

0 Members and 1 Guest are viewing this topic.

Offline FTCmarco12

Re: caught the attackers
« Reply #15 on: Thursday, February 22, 2018, 16:30:20 PM »
Cpt ma homie is clean merlin go sleep!

Offline [F.U.N]Cpt

Re: caught the attackers
« Reply #16 on: Thursday, February 22, 2018, 17:23:31 PM »
merlin write to me he can ddos. wow, strange. he say to me hi is administrator by SWISS bank. and we see? he have experience in it. I showed the alleged fox how to attack from within. instead of a thank you for showing the security hole, there is even more hate from him. HERE, look at this. his servers were literally rubbed up like a vacuum cleaner. What a superadmin of money everyone wants. In assist chat I only see money money. do not be fooled. the next admin who gets angry could do just that. you are not independent, you are dependent on a single person. are you crazy?

Offline [F.U.N]Cpt

Re: caught the attackers
« Reply #17 on: Thursday, February 22, 2018, 17:25:10 PM »
stoppe das beleidigen und lügen und ich verrate keine internas der letzten 5 monate. kleine auszüge?  okt2017: "VANOKE DOOF", sagt merlin. ich so? ok, ich schaue mal ob man euch beide nicht wieder verbinden kann. ergebniss? verbunden. dumm über h. aka VANOKE hat er trotzdem geredet. next? "ich weis das es eddie ist, ich würde so gern zurück ddos, ich kann das. eddie ist raus." ergebniss? eddie ist raus. davon mal abgesehen das du wie ein staubsaugevertreter den leuten hier was aufgequatscht hast. pass auf: wann waren die angriffe vorbei? nachdem ihr beiden euch wieder verbrüdert habt. ganz geile action. noch mehr? ja die sechse die bei h.noch mitmachen, sind alle doof. das gehtze gegen vanoke und seinen  2.8.5 usern war bei dir sofort an der tagesordnung und ich habe auch seine meinung dazu gehört. H, im not your enemy, but i think you :). der richtige feind versucht gerade hier die macht an sich zu reissen. merlin? mir ist es egal ob ich irgendwo ein admin bin, aber ich bin es nunmal bei vielen. was wollte ich nun damit sagen? ich mache sowas gerne und unterstütze und verlange nicht eine gegenleistung. ddos ist weg seid 93. . . . . .
und noch etwas. freunde? hier? bekanntschaften ja, etwas dicker mit einigen aber freunde? das ist ein onlingame im bereich killing. oh men.
« Last Edit: Thursday, February 22, 2018, 17:51:47 PM by [F.U.N]Cpt »

Offline ~=W!CK!D=~

  • Epic Poster
  • ******
  • Posts: 1,614
    • View Profile
Re: caught the attackers
« Reply #18 on: Thursday, February 22, 2018, 17:41:54 PM »
wait merlin I'm a bit confused , Stress My PC is stress testing software to do a computer stress testing?? by running this software will take down servers, I can't agree on him earning a ban for using that software it's not like what eddie was doing

maybe you can explain it better , just just by him running that software shouldn't be able to take down servers alone??

Offline [F.U.N]Cpt

Re: caught the attackers
« Reply #19 on: Thursday, February 22, 2018, 17:53:31 PM »
yes wicked, i show him a security whole and now?  :banned:

Offline ~=W!CK!D=~

  • Epic Poster
  • ******
  • Posts: 1,614
    • View Profile
Re: caught the attackers
« Reply #20 on: Thursday, February 22, 2018, 18:30:29 PM »
i just want merlin to explain it a bit better cause if that software does what he says it does to servers then anyone can do this not just you

Offline [F.U.N]Cpt

Re: caught the attackers
« Reply #21 on: Thursday, February 22, 2018, 19:08:27 PM »
its simple. you got this

Offline Alex

Re: caught the attackers
« Reply #22 on: Thursday, February 22, 2018, 19:46:19 PM »
i just want merlin to explain it a bit better cause if that software does what he says it does to servers then anyone can do this not just you
No. The only way a stress test could bog down a server is if it was running on said server. The screenshots must have been from the machine running the servers or none of this makes any sense.

Offline [SWISS]Merlin

Re: caught the attackers
« Reply #23 on: Friday, February 23, 2018, 03:31:13 AM »
It was like KillaMan did say. There is no security whole, he did use a regular account to jump on the server where he did know the password. Then, in his own environment, he could - also normal - run this cpu stressing program. And we do not run a virtual machine on each account (would cost much more then 300 euros), therefore a 100% cpu load will block all accounts, servers and everything. It runs as designed. So he jumped on the server with a known account and password and did it.

And yes Wickid, everybody with an account on this server can do it. As you can stop and start your own server there (but only your own server, not others. But you can run a program - works as designed). This is the part of trust i did not understand... So he is banned now and can't do nothing more there.
« Last Edit: Friday, February 23, 2018, 03:36:44 AM by [SWISS]Merlin »

Offline ICON-BoMBer

Re: caught the attackers
« Reply #24 on: Friday, February 23, 2018, 04:01:29 AM »
Cpt.Blei You could easily discuss it with other serverowners if you really think this was a security issue...its not....
the only security issue is the admin of the server itself....you!  :mad:
Merlin took appropriate action by cancelling his servers because the trust is gone...

I mean a hacker can probably shut down the whole game by hacking the sites.... but should we allow a hacker to do this to proof that he can??
I don"t think so.

if the community doesn't ban you ,than  I already did it on my  ddos and now lagg free server thanks to merlin .




Offline ronski

Re: caught the attackers
« Reply #25 on: Friday, February 23, 2018, 04:08:36 AM »
It was like KillaMan did say. There is no security whole, he did use a regular account to jump on the server where he did know the password. Then, in his own environment, he could - also normal - run this cpu stressing program. And we do not run a virtual machine on each account (would cost much more then 300 euros), therefore a 100% cpu load will block all accounts, servers and everything. It runs as designed. So he jumped on the server with a known account and password and did it.

And yes Wickid, everybody with an account on this server can do it. As you can stop and start your own server there (but only your own server, not others. But you can run a program - works as designed). This is the part of trust i did not understand... So he is banned now and can't do nothing more there.
Cpt.Blei brought up one big ass security hole imo. Similar usage leaves a mark and can easily be spotted afterwards but it's still possible - therefore anyone with privileges can cause same or even worse. I honestly don't know but I guess his actions weren't meant to be harmful, if it was just a test and a reminder that even this kind of arrangement isn't flawless? I personally never gave a thought if you could stress a datacenter like that by installing a software on it to crash it all, clearly someone else have been wondering about it and there's no other way to be sure about it than give it a try, if it works it's a serious risk and needs to be taken care of, if it doesn't work then there's no need to worry. Clearly this method kills the whole service so it's a security hole. Have I missed something very obvious or why I think we should actually thank Blei for figuring this one out than wondering should he be banned or not?

Is there a way to prevent this happening again? Could you simply block file edit permissions from users and add exceptions to .ini- etc game files that needs to be edited personally?

Offline General_alkos

Re: caught the attackers
« Reply #26 on: Friday, February 23, 2018, 04:53:21 AM »
I do not understand in this,but anyone who harmed the game should get life ban.
the player's base was down due to the previous ddos and similar things.

Offline [SWISS]Merlin

Re: caught the attackers
« Reply #27 on: Friday, February 23, 2018, 05:45:40 AM »
I try to repeat, this is not a security issue. It works as designed! We would need separate vm's for each server/user to be sure or save. But this would cost much more to do so.
What is better? Having a bit trust in the server owners or pay more for save server?
I did prefer first way. And i do trust in server owners that they do not missuse it like Blei did (he was not even a server owner, 20 Euros was to much for him to pay). He only misused the trust i gave to him with login in to the account he had while testing it (i did not canceled it, my fault).

If anyone others would like to run a server with protection, feel free to do so. I would be in for renting one.

Now i will not comment this further, i know what it was and it will not come up again. and yes, blei will be banned on swiss for sure, maybe other server owners will follow. Not my deal.
« Last Edit: Friday, February 23, 2018, 05:49:46 AM by [SWISS]Merlin »

Offline ICON-BoMBer

Re: caught the attackers
« Reply #28 on: Friday, February 23, 2018, 06:08:12 AM »
he should be banned.

I don't need a noob to look for "security holes" and test how you can put a whole community down.
we all know how we can crash our pc's...
it's like installing a hack and when banned afterward saying  i only installed to see what it does...
You know what a cpu overload tool does and you know what a hack does.
STAY AWAY FROM IT.

do we allow it?I don't

Offline ronski

Re: caught the attackers
« Reply #29 on: Friday, February 23, 2018, 06:19:09 AM »
I try to repeat, this is not a security issue. It works as designed! We would need separate vm's for each server/user to be sure or save. But this would cost much more to do so.
What is better? Having a bit trust in the server owners or pay more for save server?
I did prefer first way. And i do trust in server owners that they do not missuse it like Blei did (he was not even a server owner, 20 Euros was to much for him to pay). He only misused the trust i gave to him with login in to the account he hade while testing it (i did not canceled it, my fault).

If anyone others would like to run a server with protection, feel free to do so. I would be in for renting one.

Now i will not comment this further, i know what it was and it will not come up again. and yes, blei will be banned on swiss for sure, maybe other server owners will follow. Not my deal.
So because you can crash the whole service like that (because it works like designed), it's a feature - not a security issue? If the feature is no security issue, is handing an account a security issue then, because with privileges you can abuse the feature? :) How ever I agree that abusing the feature should result a ban to datacenter, but hypothetically speaking - was installing other software to server forbidden in ToS? Just saying for some people you have to put everything straight, otherwise you will end up screwed lol


Anyway I think it's good that this kind of feature is now known, but it feels like there's something else between you two than just this, otherwise this thread wouldn't exist :)
« Last Edit: Friday, February 23, 2018, 06:21:29 AM by ronski »

 

Download Assist

×

Download Game Client

Important: Battletracker no longer exists. However, old Battletracker accounts may still work. You can create a new 25Assist account here

Download Server Manager