!!Teamspeak hackers!!

[jonboysheps]

these are ip addresses of two ppl causing damage to servers:
***.***.***.***
***.***.***.***
they are suspected of being pakistani!!!

if you have similar problems please post here
many thanks

[pim]

oops this can be dangerous, posting IP's with no real check on what they've done, mmmmmmm dont like this

[Kyver]

Jonboysheps and i are server admins in the same server these are two of the three assholes who hacked into our server tonight deleted our registration details & all the channels and banned 4 other server admins so we are posting there ips to warn other ppl about these sad little people. as we have just spent the last few hours cleaning the mess they left behind.

I hope someone can use these ip's to cause serious damage to their pc's.

Why Should we spend all this money on a server for someone to come along and try to ruin it for us.

[Peter]

1. They are not pakistani, but German (as a whois on their IP would have told you).

2. These are dynamic IPs, so they change every 24 hours... (-> no good posting them)

3. Maybe (instead of posting some useless IPs), you make sure your server is setup in a safe way, and your admins are tought about what not to do.

Also you might want to read about the nickfaking tricks, here http://www.teamspeak.org/forums/show...&threadid=8520

[-={Walshy}=-]

Hi i was the SA at the front of all the hacking on our server thay come in with (SA R) not nickname (SA R)(U) no one can give them SA in the server you have to set it up in web admin "so im telling you our server was hacked"thay come in took SA and R off me then kicked me i went back in so thay band me,so i used someones login to get back in it,when i did there was 5 in there with (SA R) not nickname(SA R)(U) thay kicked me again it took us 3 hours to get it back and set up again so how can we stop it from happening again

[Peter]

Well,

doesnt change nothing, maybe one of your other admins was fooled before and gave SA once...if that happens just one time, the attacker can create himself various "backup" accounts for later use.

Oh and you assuring how it was doesnt help me, or you. Get the newest server version (currently 2.0.19.51), and switch on the logging capabilities.

[st2_pootin]

I was ahck attached recently too. I found a virus and a back door trojan in the system and i wasnt running a firewall. scan you system to make sure someone hasn't given you a little present.

[SatanClaus]

Originally posted by -={Walshy}=-
thay come in with (SA R) not nickname (SA R)(U)

sorry, but do your really expect us to take such a post serious? It really shows that you don't seem to know enough about TeamSpeak as the flags are (R SA) and (U SA). Everything containing a double (...) is most probably used to fake the flag-tag... Also you can insert a lot of whitespace behind your nick so that you won't see the (U) when looking at that nickname for the first time.
So it's sort of unbelievable that you all come into this forum, close your eyes and complain about TeamSpeak not being safe... As far as we know there aren't any security issues except from that nick-rights-faking... and that should be solved with the current developer-release (2.0.19.51) as you can block all parentheses.

Just tell us why the publics were never hacked!?!?

cu
SatanClaus

[-={Walshy}=-]

I can not see one of the admins giveing out sa coz no one can,it is off in web admin and that goes for ca 2,you see the server we have,has 5 sa.That pay for it and yes its a public server from pulsegaming.com oh and sorry for getting the (R SA) not right...LOL...silly me but it was 4:30am when i put it on oh one more,all SA done a scan for trojens ect.and not one of us had any,same goes for virus(thats one of the first things we done)But.....if you say its safe then it ispulsegaming are keeping an eye on things there end

BUT...... .......im not putting TS2 down it works good and ive been useing it for a long time and will do for a long time to come

[EL-Angel-Eyes]

I had the same sort of problem last night with a user from down south in the UK. Using multiple ip's, etc. My ban list has increased no end with this muppet trying to put on a fake pakistani accent. It turns out he's on a BTopenworld adsl line. Does anyone know if those bt adsl lines are static or dynamic ips?

[Peter]

most probably they are dynamic IPs...as he is changing his to come back to your server . Actually nearly all home lines I know have dynamic IPs...static IPs are more expensive, since they can be useful when acting as a server.

[Brain]

AFAIK BTOpenworld issues dynamic IP Addresses that only change when you reconnect. There doesn't seem to be a forced disconnection like T-Doof does as a friend of mine had the same IP address for weeks until he plugged out his NAT Gateway (Router).

I think the best you can do is drop the whole IP block they're in for 10 minutes or so, then they should have given up and gone off to bugger someone else.

Additionally you might want to block incoming and outgoing traffic for 62.4.81.225 and 213.202.254.116 for your server to make sure it doesn't appear in that weblist thing. The amount of socially retarded kids sitting in our lobby burping, farting and insulting people as they join has decreased drastically after i did that