So.... the fact that TS transmits passwords in clear text is not considered a vulnerability/security flaw??


My teamspeak server 'got hacked' the other day and I'm a bit frustrated (as one can imagine). :mad:

Two guys came in that I've never seen before (and who's IPs have NEVER been on our TS channel before.. i checked the logs) and they both had server admin status. Before i knew it, they revoked our server admin and started kicking all of our players out.

They changed the name of our TS server... NOT the channel, the actual name of the server which can only be done by a Database Admin that is logged into the Admin panel correct???

Anyway, i had no way of stopping them. Everytime I logged into the admin panel, deleted the DB Admin account that they created and made a new one for myself, logged back in, kicked them out, they would do the same thing all over again!!!!


This went on all night!


So I ask this...... how did this happen? I think it's a security flaw/vulnerabilty.


1) My password was not simple.. it was very complicated. No one would have been able to guess it.
2) Only 3 people have registered SA access on my Server and it was not given to anyone else (also verified in the logs).


Please feel free to prove me wrong. :confused:

First off, I'm just guessing here, so don't take what I say for granted.

I don't think the server itself has some inbuild vulnerability which enables anyone to bypass login procedures. I DO think you're on the right track with requesting the passwords to not be send in cleartext over the internet, this may be intercepted and used against you. Passwords could be send MD5'd , which enables password authentication without ever having to send the password itself (MD5 is a way to encrypt text, where the encrypted text cannot be translated back into the original text. You then only have to compare the MD5'd password with the MD5'd text send to the server).

Why do 3 people on your TS server have SA access? Isn't a simple Channel Admin enough? I'd be carefull with giving that much power to others who may not even need that much power.

Maybe one of you three doesn't guard the password that strong, and someone got access to it. Sometimes people brag about their powers and reveil just enough info about the password for others to guess it.

Maybe the computer itself (not the TS server) got hacked, then the password can be easily read from the TS log file. OTOH, I don't think that happened, then he just would delete the DBS file and create all new passwords. Besides, who would care about a simple TS server when he'd have acces to a whole internet connected computer?


But it's obvious that it IS possible to get hold of 'the passwords'/'a TS server'. I hope the TS team is building a more cracker-proof passwording system for TS version 3.

Well,

please show us the logfiles, so we can verify your claims...It is of course possible for people to "sniff" your teamspeak packets and extract the password from this, but keep in mind:

- the attacker needs to be between you and the server, which is not normally the case

Lets see the logs before we decide that they stole the accounts via sniffing :).

3 people (including myself) had it, but the paswords were secure. There is no way that the password got out.



As far as the logs. They were deleted when we reinstalled TS after the chaos.

But if (and/or when) this happens again, you'll be the first person I come crying to. :D


Actually.. you know.. i changed the port that the hacked server was on to throw the scent, but I will put that server back up in attempt to lure the hackers back.


Only a matter of time :-)

please also make sure you are logging as much as possible in server.ini

I can currently think of the following:

1. You mentioned DB. That means you probably use MySQL for storage. Did you put skip_networking into my.cnf or at least bind mysql to lo only?

2. Did you install you TS server to a directory that is www-visible?

3. Indeed, someone could've sniffed out your passwords. In that case everybody in your server hoster's network might be the culprit.

4. The human factor. 3 people have SA you say. Could it be that one of the other two is pulling your leg? Or maybe one of the three has a key-logging trojan.

5. Teamspeak indeed has some kind of exploitable vulnerability that is yet to be reported to the devs. It does seem strange though, because if such a vulnerability really would exist one would expect to see a lot more compromised servers.