we were on a server and some kids came in and gave themselves server admin rights...they didnt own the server they were never on it

how can they do that?

maybe a logfile would be nice.

I had reports of a kid coming in and saying someone gave him admin, which of course, no one did. He kicked everyone and deleted all of the accounts. I managed to get in under the SuperUser account and saw they had added 10 users of their own. They had created several hundred channels mainly with obscene titles. I replaced the server.dbs and server.ini files and restarted. Nothing was listed in the log file except for the server had initialized.

which server are you running ?
2.0.19.40 or 2.0.19.46?

Hum,

check your passwords - I strongly suggest somebody brute-forced your passwords (passwords like "god" "password" "master" etc. are very bad...). Also check that it wasnt one of your serveradmins that a) told someone the pass b) let xyz use his client (and therefor his SA account). Also checking the logfile to find out what account the attackers used might be interesting.
Note: Even though I try to brake teamspeak every day as hard as I can (being a tester among other things =) ), I have never ever been able to steal SA rights...so, its unlikely its a teamspeak bug.

we know it wasnt the password because we tried it and the server admins were there minus the main admin

these kids managed to hack onto everything it was a real pain

plus the other admins couldnt strip their admin status

including the main admin

I wonder why people should hack "small" servers when they're able to hack everything ? I have never heard that big servers (public servers,...) have been hacked. So the conclusion that this is not a TS problem but rather a server admin problem (too easy pw, someone spread the pw, permission settings not correct,....) is very near.
Something far-fetched: could it be that the server is not protected right. Someone could have gotten read access which is enough to open the server.dbs and get out the pw's :confused:

yeah, the passwords should be sorted in the file with md5 encryption, it's very easy to implement. and it's much safer

"Is this a hack?" - Most likely not, sounds like tighter controls needed. I only set up maxium 3 [hand picked]people with (SA) in the clan I belong too. The most anyone else gets is (CA)

Use encoding in your password for instance say you choose bread as your password make it br34d or even better put it backwards and encoded like d43rb and im 100 percent sure you wont ever get hacked. One more thing.. Dont give out your Admin rights... You manage it all thats the best way to go! :)

1337-speak is known to dictionary hackers, as are *backwards*typing*tricks*.

and with a sniffer it does not matter how genious your password is. the only solution is encription.

but i'm sure it will be ready for the final :)

Im not sure but Im very hopefull :P

i was pondering....

if you send out the password one as MD5 it has no use either.
you just can fetch the password and send it back to the server in encoded form. so it still can be hacked.

you need to md5 the IP+password in one hash.
thay way it's not possable to get the password, and if they send the whole MD5 key, the server will not send the data to the correct client. so spoofing is not possable!

It happened to mine, (linux 2.0.19.40, same as quick links file) A kid came in asking why he had admin rights. Changed admin rights away from every other admin and started trashing the place. Log said nothing so I didn't know who he was, closed teamspeak and reset everything and he never came back.

Posts like this are not very helpfull, did you not get his name or IP or anything?

Bet you have your server is a bit more protected now.

Originally posted by Cstar_maxim
Posts like this are not very helpfull, did you not get his name or IP or anything?

Bet you have your server is a bit more protected now.

Nope....

His nick was sLick..... If I had his IP, how much more 'usefull' would my post be? Would you personally call his ISP, get his address and head to germany and spy on him using his computer? c'mon.

It's really no big deal to me, I can simply run a simple tar command to get it back the way it was that morning. But if it starts to become a hassle running these servers and nobody wants to even consider somebody might be hacking 'teamspeak', I see no reason why I can't simply switch my servers to something else.

Although, I find it funny that all of a sudden a few admins, (or whoever) start giving off the similar stories at the exact same time.

Originally posted by EaTeM_uP
I had reports of a kid coming in and saying someone gave him admin, which of course, no one did. He kicked everyone and deleted all of the accounts. I managed to get in under the SuperUser account and saw they had added 10 users of their own. They had created several hundred channels mainly with obscene titles. I replaced the server.dbs and server.ini files and restarted. Nothing was listed in the log file except for the server had initialized.

I was told almost the exact same story, it was a 'kid' asking why he had admin rights and deleting accounts. I was told about it in time to catch him making the acounts. To which I just shut it down on him like I said before.

Originally posted by DustSmoke
His nick was sLick..... If I had his IP, how much more 'usefull' would my post be? Would you personally call his ISP, get his address and head to germany and spy on him using his computer?
The TeamSpeak guys would have that option and they are in Germany.

Originally posted by DustSmoke
It's really no big deal to me, I can simply run a simple tar command to get it back the way it was that morning.
If it was a hack, better to find out what he is doing and save everyone the trouble.

Originally posted by DustSmoke
But if it starts to become a hassle running these servers and nobody wants to even consider somebody might be hacking 'teamspeak', I see no reason why I can't simply switch my servers to something else.
Need to know what he is doing to "hack" it so it can be corrected.

Originally posted by DustSmoke
Although, I find it funny that all of a sudden a few admins, (or whoever) start giving off the similar stories at the exact same time.
The story has always been the same. COMMON SENCE.
A hack thread you might like to see. (http://www.teamspeak.org/forums/showthread.php?s=&threadid=6337&perpage=15&highlight=security%20hack&pagenumber=1)

If you have the "Developers Releases" catagory showing on the forum, you can download a more up to date server binary that has a few bug fixes that may help tighten the security of your server. Install carefully tho, it's not a Install but and overwrite.

OK Cstar_maxim, I'll watch for any other reports and let everybody know if I have any more reports of it again.

For what its worth, I did trace 2 perculuar IP's which were came in from dial up pools in germany (aol) and the united states. (US was chicago area/mindspring) One of them was again a kid who came back and started taunting everybody on the server. The server was a clan server with less than 20 members so it's pretty obvious when somebody nobody knows is on it.

Up until I came acrost this post, I just assumed it was a mistake by one of the admins. But the stories being so identical made me think there is probably another answer. To me, it sounded like you were simply discrediting my security policy as a sarcastic but definitive solution to what you assumed the problem might be. While the policy is fine, it's only as good as the application it runs on. The whole event really didn't bother me too much, and I didn't keep the log because I myself 'assumed' the problem was the admin. So I lazily pulled the archive out over the current install. The admin didn't really sound too sure that it 'wasn't' him so you see the thought process. But then again, I had a hard time believing a 34 year old would monkey around with something indiscriminatly.

"I figured it was just a mistake"

Everyone who is able to hack team speak, i give you permission to hack my team speak service

you can access it on IP 130.89.166.55:8767 it's online 24/7


edit:
Oh as reward i can give you almost any program/movie/game you want.

:) By no means was I intending to take it lightly. It is a very serious thing in my opinion. Not only the possibility that it is being 'hacked' but also when it is 'joked'.

The 'hacks' are much fewer that the 'Jokes' but both have a negative effect on the presentation of this great application and the posting of un-substantiated accounts of such miss-use is appalling and does nothing for the gaming community let alone the poster.

all i care about is, well protected, well written programs on my machiene, if there is a bug, i'd like to get it fixed.

the only reason i can come up with is, spoofing the users/password.
because i logon on my backend of the router i know, my admin user/pwd will never show up on the internet.

the other possibility is the crappy telnet session you can create, i think there could be a error there, and therefor i also have disabled it.

If they can hack my teamspeak server, it has to be a fault in the software, and i'd like to see it fixed.
that's what white hackers do... make software more protective.

ok this is also just another story
but we wised up got 7 ips and a name laxen
they came into our ts server and tried to hack my GFs computer
really big no no not only did they re create our whole server but banned many others i want theses fuckers heads cause its my girl they fucked with
any help from yall would be greatly appriciated
u can reach me at dwaynehannah********.com
thanks for any help
DOGZ