Ok... this is annoying
Someone keeps joining and leaving... ban them they change there IP! Constantly changing IP's...
How can I ban this guy? Ban his migration or something? if so how?

Hello. You should make friends with one of the following third party applications:

TS2PerlMod (http://www.goteamspeak.com/index.php?page=3rdparty&id=4&item=14)
or TeamSpeak 2 Anti-Flood Daemon (http://www.goteamspeak.com/index.php?page=3rdparty&id=4&item=1)

Good luck. :)

Or you might want to ban some ip-"range", for example 123.123.123.*, or 123.123.*.*

Dude you dont' understand. None of that would help.. I met friends with TSPerlMod and the anti-flood mod ages ago...

And banning the IP Range .. won't work because his whole IP address changes. He's using a hack... everytime he leaves the teamspeak, or gets kicked/banned his "whole" ip changes instantly and constantly.

Thanks for ur help anyway.

Ok that's it .. its all over. I have to stop my teamspeak. No matter what he does he grants himself SA .. he has super server admin.. he deletes all the users... all the server admins.. all the super server admins. He doesnt need them he can just create them.. and ban us...

We cant use a teamspeak no more and I seriously doubt this can be prevented. He has something beyong super-server admin. Ultra super-server admin, he controls it all.

Bye all -> Last post, unless I see something a positive reply :(

Using a PW doesn't work? Are you on a static IP or Dynamic? If you're on a Dynamic, try renewing your IP Address, also, remove your TS from the Public Server, if its not already. Have you tried setting TS on a different port as well maybe?

No I am running linux on a webserver. Donno if it's static or dynamic... what's the difference? When I use a server password he still can join because he's always a registered super or server admin.

No it must be static... running this off a webhost. Removing it off public.. well what's the point he knows my IP. Changed ports and still can track us down :(

No I am running linux on a webserver. Donno if it's static or dynamic... what's the difference? When I use a server password he still can join because he's always a registered super or server admin.

No it must be static... running this off a webhost. Removing it off public.. well what's the point he knows my IP. Changed ports and still can track us down :(

Static the ip stays the same

Dynamic, it changes

If you access it via a domain name, it shouldnt matter which it is as long as the dns servers are updated

No I am running linux on a webserver. Donno if it's static or dynamic... what's the difference? When I use a server password he still can join because he's always a registered super or server admin.

No it must be static... running this off a webhost. Removing it off public.. well what's the point he knows my IP. Changed ports and still can track us down :(

Quitting isn't a solution.

There is no such thing as ultra-superserveradmin. If there would be, public teamspeaks would be under attack currently. Changing port isn't pretty long solution.. if he wants, he can scan the new ports in.. 15 minutes.

The only possible reason for this is a compromised SA or SSA.
Do you have strong passwords?
How many SSA:s there is?
How many SA:s there is?

You should check that info with some tool (look for one in 3rd party applications).
Server password doesn't help as long as he is able to get a registered account. Creating new account can be made using TCPQuery.

Keep fighting, and message if problems continue after removing all unnecessary SSA:s/SA:s, and remember to remove "Grant SA" right from Server Admins.

Quitting isn't a solution.

There is no such thing as ultra-superserveradmin. If there would be, public teamspeaks would be under attack currently. Changing port isn't pretty long solution.. if he wants, he can scan the new ports in.. 15 minutes.

The only possible reason for this is a compromised SA or SSA.
Do you have strong passwords?
How many SSA:s there is?
How many SA:s there is?

You should check that info with some tool (look for one in 3rd party applications).
Server password doesn't help as long as he is able to get a registered account. Creating new account can be made using TCPQuery.

Keep fighting, and message if problems continue after removing all unnecessary SSA:s/SA:s, and remember to remove "Grant SA" right from Server Admins.

Yes.. it's status DNS are updated. Yeah I know there's isn't something as 'ultra-ssa' but that's the type of control he has over our teamspeak server. He just 'looks and destroys' from the web-server list. He won't stop coming !!! Just playing music.. I have no choice I have to stop the server because of his annoyance.

Trust me there is and public teamspeak servers are under attack... this is what I am saying.. he even gave me examples of the teamspeak server he destroyed. (Delete all registrations, create himself ssa .. he can even delete ssa) even without having any ssa. He has ultimate power over everything like he owns private and public teamspeak servers. Don't think there's a way to stop him and very unlucky for us he found our server.

I don't think this can be prevented as he coded this at home. I asked him what's your problem? He just said

"stfu n00b I'm a 1337 c0d£r ha4x0r, I live to destroy teamspeak servers private or public, gay teamspeak.. we all know vent pwnz it and that's what I am trying to archieve"

Sorry for the faul language, I am just quoting.

Do you have strong passwords?
How many SSA:s there is? -
How many SA:s there is?

Lol.... really I tell you what I mean now. Only one SA account and one SSA with a password liek "1fg5FgkG5fdgd5" mine something around those lines...

He joins our teamspeak.. I go hello? He threatens us.. he says I am going to fuck up ur teamspeak.... so suddenly just creates an "unknown" ssa and sa account... this account wasn't made by us.. it was made by him! Remove his SA remove his registration... comes back again with SA same login.

TCPQuery.. how on earth can he know the TCPQuery.. I changed this.. no way he would of beable to get it. I changed it completely... changed everything ... he just joins the ts. . Yeah did all that... eveything you told me... he's still here :( He's messing our teamspeak.. doing wierd stuff... creating over 1000 channels, changing all our status in one blow. My PC freezes... etc

So as you can see I can't host my server again because of this situation. I even host multiple-teamspaek servers on different IP's for my clients and I had to close them too because he just goes there aswell. So I might have to go to vent which I will hate to do :(

Could the system be infected? Is teamspeak directory accessible from the net? If so, he's able to read all information he wants.
Are you using MySQL or SQLite?
If you change TCPQuery port, it takes only few minutes to port scan the new ports, like I mentioned already.

And please, take your server from the web list.

Edit: One more thing, log everything.

Could the system be infected? Is teamspeak directory accessible from the net? If so, he's able to read all information he wants.
Are you using MySQL or SQLite?
If you change TCPQuery port, it takes only few minutes to port scan the new ports, like I mentioned already.

And please, take your server from the web list.

Edit: One more thing, log everything.

Yeah... he is able to see all the information. I am not using either.. I am not sure what it is/what it does and how to get it. I just simply uploaded tss2_rc2 and run the start command.. and that's about it.

Yeah I know with the port thing...
a) How do I remove my server from the weblist? Wouldn't make a difference he still knows where I am of course :( static IP don't forget.

b) How do I log everything?

a) How do I remove my server from the weblist? Wouldn't make a difference he still knows where I am of course :( static IP don't forget.

b) How do I log everything?

a) Atleast some other persons wouldn't get your ip served to them. ;)
1) Go to Webadmin, and login with superserveradmin.
2) Select "Global settings", and uncheck the checkbox "List Public".
3) Save.

b) edit server.ini, and turn logging on:
[log]
access_r=1
access_u=1
channel_registerred=1
channel_unregisterred=1
sa=1
chat=1
kick_server=1
kick_channel=1

And you might also give me your ip (with private message), I bet I can't cause more damage than he has caused.

a) Atleast some other persons wouldn't get your ip served to them. ;)
1) Go to Webadmin, and login with superserveradmin.
2) Select "Global settings", and uncheck the checkbox "List Public".
3) Save.

b) edit server.ini, and turn logging on:
[log]
access_r=1
access_u=1
channel_registerred=1
channel_unregisterred=1
sa=1
chat=1
kick_server=1
kick_channel=1

And you might also give me your ip (with private message), I bet I can't cause more damage than he has caused.

hey really??? Thank you :)
What can you do?

hey really??? Thank you :)
What can you do?

I just check if teamspeak folder is accessible from the web. It's the only possible explanation.. :)

Ah ok I see ^^

As an experiment, have you tried chmod'ing the db to read-only in the OS via ssh?

I know you will not be able to make any further changes to the db, but perhaps he will have the same problem...?

As an experiment, have you tried chmod'ing the db to read-only in the OS via ssh?

I know you will not be able to make any further changes to the db, but perhaps he will have the same problem...?

Clever, never thought about that, well I had to beg this guy to get the hell our of my server and he said

"Sorry I didn't mean to cause any trouble, I didn't like that guy who banned me for no reason, I am sorry I see your the host, good bye!" Well I was there and he banned him because he constantly played music...

He hasn't returned. Well to me I think he's just spamming the web server lists in joining other teamspeak servers him expecting someone to ban him and him taking serious consequences in hacking the server. As you say he must have access to the webserver and that's the only explanation, I haven't really tried, he hasn't joined the TS in a loong time now.

He ain't coming but on the other hand I don't feel safe... to be truthful I don't think a lot does. I am on TSViewer.com and in the previous past my teamspeak has been hacked by the same guy causing servere problems on the whole network. He told me he has found us from TSViewer and that he doesn't like how my friend banned him as "Guest1" so that's why I had to delete my account and teamspeak server information of TSViewer and because of this, this is the main reason why I rather host a ventrilo server. I will take your advice, and let you know if the teamspeak has been hacked again... I don't know what else I could do :(

Chmod...
Secured SSA and SA Passwords as well as webserver password.
Remove from weblists and websites
Enable Server Password
possibly more..

Anyway peace ;D