UPDATE:

For a few Moments, my Provider has contacted me again and has described more detailed about the Incident.
It looks like, thadt an automated SPAMCOP Scan has automatically detected the IP-Adresse where Teamspeak2
is listening on my Server.

Thadts sound verry strange. By Firewall, there are all Ports are closed, exceptionally the TS2 Port and no other Process is
running on this IP, only Teamspeak2.

Hi,

For a few minutes my Provider has contacted me while my TS Server producing
a lot of SMTP Spam. I have the latest release of the updated server_linux
installed:

This one:

TeamSpeak 2 Server (Updated Binary)
SHA1: fa589b3502f0f205395856b19374bb111f940f57
MD5: 55dac0e5c05760f1e8232b32a2920db0
Version: 2.0.23.19

It looks like, thadt somebody has integrated a Spambot to it, is there
a bit more info about thadt?

Thx Marc

I've checked the binary i downloaded onto my system and it matches the md5 checksum that is posted on the downloads page. I'll be watching this thread to see what the admins say.

The only thing it does extra is contacting TS / Triton with information. This to be able to keep track of people not paying athp fees. If they charge for the server.

And for the rest it is just normal TS traffic..

More usefull would be to have the logs with the socalled "spam"

The only thing it does extra is contacting TS / Triton with information. This to be able to keep track of people not paying athp fees. If they charge for the server.

And for the rest it is just normal TS traffic..

More usefull would be to have the logs with the socalled "spam"

Good Morning,

Ok, i will try to bring more Light in this strange Situation.
My Provider has sent me a Spamwarning Message from Spamcop,
while Spamcop has detected some Spam Messages sending by a
IP-Adresse thadt was mounted on a Subdevice (ifup: eth0:3)
at my Rootserver.

Going into the Details:
On the WebConfig Menu of my Provider, there is a Trafficcontrol Console
where you can watch some Incomning and outgoing Traffic. On the suspect
IP-Adresse there is only a TS2-Deamon (Linux) running und the User
"ts" group "ts" without any sticky and this user cannot Login from network.

TeamSpeak 2 Server / Version: 2.0.23.19
SHA1: 645dc564a7dda61212c8c6e7f2d5e6a3094f9c74
MD5: 05e2bdec80eeed3d935eacb9ada3623e

Downloaded from:
ftp://ftp.freenet.de/pub/4players/teamspeak.org/releases/ts2_server_rc2_202319.tar.bz2

If i start the Deamon, the Traffic explode and if i stop the Deamon there is
no Traffic on this IP.

Were does it lead to? And have you tried to redownload?
Its weird that on a official release the traffic boosts through the roof..
how much traffic is generated?

Were does it lead to? And have you tried to redownload?
Its weird that on a official release the traffic boosts through the roof..
how much traffic is generated?

IP-Adresse RDNS Incoming Outgoing Summary

xxx.xxx.xxx.xxx 1,436 4,770 6,206

Total: 6,206 MBytes

Thadts the Total Value of Activity of the TS2-Deamon in 24 Days
since startup of the TS2 Deamon.

On this IP-Adress, only TS2- Version: 2.0.23.19 runs on from the

SHA1: 645dc564a7dda61212c8c6e7f2d5e6a3094f9c74
MD5: 05e2bdec80eeed3d935eacb9ada3623e

Downloadlocation:
ftp://ftp.freenet.de/pub/4players/teamspeak.org/releases/ts2_server_rc2_202319.tar.bz2

Hmm personally i dont think that alot.. If i look at my server stats..
hmm If i look at my data as told by server info i come on 5.75GB send in 10 days and 1.97 received in the same time..
So personally i dont think that 6Mb shoudl classify as spam then.. Roughyl said im hitting half a GB a day on send out data..

You should find out what evidence spam cop has against your ip, because it could have been a spoofed ip address. Meaning, that someone could be sending spam emails but changing the ip to make it look like it was coming from your computer. Reason i say this is cause ts2 should not be sending any smtp traffic what-so-ever.

Total: 6,206 MBytes



PS, is that as in 6K Mbytes or 6 Mbytes?
Kinda confusing sometimes since some people tend to use " , " as separator for thousands.

PS, is that as in 6K Mbytes or 6 Mbytes?
Kinda confusing sometimes since some people tend to use " , " as separator for thousands.


6 GBytes in 24 Days!

You should find out what evidence spam cop has against your ip, because it could have been a spoofed ip address. Meaning, that someone could be sending spam emails but changing the ip to make it look like it was coming from your computer. Reason i say this is cause ts2 should not be sending any smtp traffic what-so-ever.

Its lear thadt server_linux should not do thadt, but there are some
Ways to bring this Feature into the Deamon by patching it into it.

The RFC 821 wich specified the SMTP Protocoll has not big amount
of Features. You can send Emails simply if u are using the same Steps as
Telnet do. Code for a tiny SMTP engine using the RFC 821 Specification
are written within a few Hours. The next thing you have to do is simple to
attach your own ELF linked Binary code to the executable binary Image.

(Thadts exactly what Virues doing over the last 30 Years).