PDA

View Full Version : Strange personal message - how this is possible?

zoroto
28-05-2007, 15:46
Hi,

I am new here and little disoriented so if there is some information about this please redirect me to there.

I am posting and image with strange pm which my friend have on his teamspeak:
[19:41:38]*==>*telnet.Admin:Global Warning: I'm here

As I can understand this is a message send from LOCAL computer(teamspeak) to user telnet.Admin ..... but my friend said that he NEVER sent such message and this member is not existing in login members of the server?!?!

How this is possible. Please advice!

http://img516.imageshack.us/img516/209/tsstrange1jl5.jpg (http://imageshack.us)
Reedy Boy
28-05-2007, 17:09
Hi,

I am new here and little disoriented so if there is some information about this please redirect me to there.

I am posting and image with strange pm which my friend have on his teamspeak:
[19:41:38]*==>*telnet.Admin:Global Warning: I'm here

As I can understand this is a message send from LOCAL computer(teamspeak) to user telnet.Admin ..... but my friend said that he NEVER sent such message and this member is not existing in login members of the server?!?!

How this is possible. Please advice!

http://img516.imageshack.us/img516/209/tsstrange1jl5.jpg (http://imageshack.us)

Sounds like the TCP query port is open to the public
zoroto
29-05-2007, 10:54
Thanks for answer! :)

Yes you are right, ports are opened for public .... :mad:
I simulate this on my local computer. Seems somebody made a joke !
JustHarry™
03-06-2007, 16:01
Same thing happened to me but from a user

any ideas ?

[03:35:35] *priv* . / : 892.27.113.490.\\send\users\getinfo[ejx19f]\trojantspass.exe
[03:36:37] *priv* . / : Action complete.
[03:36:48] . / quit

firewall log shows traffic at same time

2007-06-03 03:35:35 OPEN-INBOUND TCP 80.41.250.95 82.**.***.*** 56518 80 - - - - - - - -
2007-06-03 03:35:40 CLOSE TCP 80.41.250.95 82.**.***.*** 56518 80 - - - - - - - -

any suggestions ?

I think I know the responsible person for this as I had kicked him earlier

but wanted to check if anyone knew about this

Thanks
BHKai
03-06-2007, 18:00
Block your telnet port to only ips that you trust.
JustHarry™
03-06-2007, 19:25
I'm not sure if the server blocks telnet port, but I dont have telnet port open from the outside either, so that wouldn't be the case

the port used was 80, but no records of any files of that name on google either

trojantspass.exe or anything about \\send\users\getinfo

so it might have just been a private message from him with out meaning anything
ANR Daemon
04-06-2007, 00:33
1. Copy of Your server.ini
2. netstat -aon

Where?