Suggestions Administrators can use to Strengthen TS Security

[sgtbenc]

How about commands so you can do them in a chatbox like IRC, and also, block the possibility of a SERVER ADMIN (ROOT/Owner) to be banned or edit, only normal server admins should be killed, not the owner like I did! That needs to be fixed in your next version also time bas and other commands that are not there.

There is no way to do any of those things in TS2.

[Rijor]

If I could add something, I'd say that disallowing Bans would help out, because it kind of saved me from having to go through the hassle of deleting the server and making a new one.

[Conman5]

Why dont you just put ur computer behind a rounter and not all connections on the web interface and the TCP. Thats was I do. I guess if you want to be safe you could also change the superadmin passwords. Of course only give SA to people who u really trust, like ur friends.

[kohlrak]

There is a program called "networkactiv" that you can use to host websites. I will let how you go about this to you, but you can use networkactive (and certain other servers, don't know which ones) to log ips. The idea will be to force people to use that as the HTTP server to access your webadmin. That way, you can log who's trying to get who's passowrd and stuff. And ban them before they reak havoc on your teamspeak server. It will allow you to see what ip is attempting to view what file. Good luck!

[H4rMXP]

3. Revoke the ability for SA's to login Via the Web and TCP server

4. Revoke the ability for SA's to Grant SA's and revoke SA's

5. Disable the ability for SA's to remove a users registration or delete players

How can I do these steps 'before' starting my TS server?
My TS Server is a local machine at my home, and I would like to know how to have very secure settings prior to starting it up, but still allow me to admin it locally, not via the webinterface if this is possible.
Would it be possible to add 3, 4, and 5 to my server.ini file?

Is it also possible to make my TS server a registered user only entrance, for private useage? If so, how?

[H4rMXP]

It is a good idea to change the TCP Query port and the Web Interface port to something otehr then the default. Or for even more protection, just close those port with your router. Here are the lines in the "server.ini" file that you should change:

HTTPServer Port=14534
TCPQueryPort=51234

Just change them to anything not already being used.

If you want to disable others from using your web interface then change the value on this line:

HTTPServer Enabled=1

to 0

When I set mine like this

HTTPServer Enabled=0

My TS server won't even start ( administration is also greyed out on the local machine running the TS server)
So if the TS channel doesn't start with this setting, how do I get this to work?

Also, when I set the BoundToIp1=127.0.0.1 in my server.ini file the even registered users cant login

[Vaevictis]

Don't be so sure, man. You would not find any ports on my TS-server, because nearly all ports (including those of TS) are hidden. Port-knocking does the trick of opening them. In my case, it is ~60000^12 combinations. Happy scanning! :-)

OTOH, a port knocking implementation is a totally different beast than a simple change of ports as was originally posited. You're comparing apples to oranges.

[bhs-715]

well i can't wait until TS3 is released...

i am tired of coming home everyday reconstructing everything these kids mess up. I have take just about every step possible to make it secure except the "knocking" option as mentioned before...

there are toooooooo many websites that have people making hack programs to screw with TS...
For example... ***** & nox

They have their own little utilities that give the power to a (u) user to create an admin account.... they have all kinds of tricky little programs that do other things as well... i discovered them by googling teamspeak hacks...

they have sites devoted to doing this type of stuff... i dont understand what things are motivated to do this... they need role models...

i was on my server along with my other members and i heard someone talking... but i couldn't see them... they have a program that makes them invisible... then they started spamming by making over 1000 channels and by having about 1000 users with the same name log on...

i really hope TS3 rids the world of these exploits! Come on guys/gals... I love TS... i know you can do it... make us proud!

[Annimo]

1. Change the superadmin password to a harder password*

2. Limit the amount of SA's to people you fully trust and use harder passwords*

3. Revoke the ability for SA's to login Via the Web and TCP server

4. Revoke the ability for SA's to Grant SA's and revoke SA's

5. Disable the ability for SA's to remove a users registration or delete players

6. Disable the use of the web-interface and tcpquery-port through the server.ini (or you can block the ports by using a firewall and limit the access to certain IPs)

7. Add more characters to the DisAllowedClientNameChars in the server.ini
DisAllowedClientNameChars=()[]{}`~!@#$%^&*_-+=|\'";:<>,./?

8. Enable all logging to catch them if the try again

Also turn on logging and cut down on the commands per second in your server.ini

Code:

[log]
access_r=1
access_u=1
channel_registerred=1
channel_unregisterred=1
sa=1
chat=1
kick_server=1
kick_channel=1
[Spam]
max_commands=10
in_seconds=10

*Harder Password are:
- 8 to 20 characters
- Contain Upper and Lower case characters
- Contain embedded numbers
- Contain embedded non-Alphanumeric characters


If you have any more suggestions, please post them here.


(If it still gets hacked and messed up be sure to backup the server.ini file and the server.dbs file so you can reset the server back to its last backup)

How do I go about setting up No 8. I've not done this before an I don't want to mess it up.

[sgtbenc]

If you read #8 you can see exactly how to do it: goto the server.ini and edit those last lines to look like the code section of the post you quoted.

[Bob_8712E]

I have followed every security suggestion that I can find. The only port I have open is the one needed to make Teamspeak work. SA's can only kick, ban and grant registration. Everyone else can do nothing. I also have the Flood Daemon running and yet I have been "Owned" twice this week.
Obviously TeamSpeak has a wide open front door security problem. Any program that allows a "Guest" to fully access the server database and do what ever they want to it totaly sucks.
What the hell drugs were the programmers on when they included complete access to the server by anyone?
What's the purpose of assigning rights and privaliges when anyone can do that themselves with the access that TeamSpeak gives them?

It's a great for online chatting but it just makes no sense to me why they added the extra functions to leave the barn door wide open to terrorists.

[Bastian]

OK. Let me summarize this.

1. You have been "Owned" but you don't tell us in which way.
2. You say TeamSpeak has a wide open front door security problem, but you won't tell us what kind of problem.
3. TeamSpeak allows a "Guest" to fully access the server database, but you have no type of evidence for this. You didn't even attach a log file or anything that could help us investigating the issue you are having.
4. TeamSpeak sucks, because of point 3.
5. Our programmers intentionally "included" complete access to the server by anyone.
6. Our programmers where on drugs while doing so.

Do you think that this is the correct attitude? Do you think that anyone here still wants to help you after reading that?

[WalkaboutTigger]

I have been operating 14 free TeamSpeak servers for over 3 years now. I have had ONE hacked and that was because one of my admins incorrectly configured the firewall rules for that one server.

It is clear to me that many people who "operate" TeamSpeak servers:

A) Do not read the instructions, the FAQs or the forums to learn how to operate a server correctly
B) Think that free software should be perfect
C) Have no idea how to properly ask questions to resolve issues
D) Have no idea how to gather the information needed to help identify the problem(s) they are experiencing and
E) Would rather rant and flame about a problem likely caused by their own ignorance or apathy rather than provide the necessary information to identify what they did incorrectly to cause their issue in the first place.

While I believe I started this thread, I don't feel I have been rude or insulting to the developers or support staff. If I appear to have been, I apologize.

Bob, before you post here again, I ask you to walk around the block to regain your composure and try to provide useful information so the people here can actually provide you help.

Walkabout

[BHKai]

I have been operating 14 free TeamSpeak servers for over 3 years now. I have had ONE hacked and that was because one of my admins incorrectly configured the firewall rules for that one server.

It is clear to me that many people who "operate" TeamSpeak servers:

A) Do not read the instructions, the FAQs or the forums to learn how to operate a server correctly
B) Think that free software should be perfect
C) Have no idea how to properly ask questions to resolve issues
D) Have no idea how to gather the information needed to help identify the problem(s) they are experiencing and
E) Would rather rant and flame about a problem likely caused by their own ignorance or apathy rather than provide the necessary information to identify what they did incorrectly to cause their issue in the first place.

While I believe I started this thread, I don't feel I have been rude or insulting to the developers or support staff. If I appear to have been, I apologize.

Bob, before you post here again, I ask you to walk around the block to regain your composure and try to provide useful information so the people here can actually provide you help.

Walkabout

I will back up that post anyday!

[Bob_8712E]

1. You have been "Owned" but you don't tell us in which way.

If I knew which way then I might know how to fix it!

They made themselves an SA then turned on all SA privilages, created about 300 SA users, wiped out all rooms and created about 300 rooms with all the same name "Owned".
My SA's can only kick, ban, text message, allow registration and move but they were able to make themselves an SA then they connected again and then turned on all permissions and took over the server.
I have all logging turned on but it shows nothing about how they did it except for a couple of failed sql commands.
Apparently they have full access to the server database and the log does not record sucessful sql scripts.

Also I have seen hackers with a long space at the begining of their name and a right click on them generates an error message before I can ban them.
Now they have a new trick. They do something to their "Guest" login so that an SA or CA can't do anything to them. If I right click on them all options are grayed out and I have no way to remove them.

6. Disable the use of the web-interface and tcpquery-port through the server.ini (or you can block the ports by using a firewall and limit the access to certain IPs)

These ports are not open on my router and cannot be accessed from the Internet.

"Do you think that this is the correct attitude? Do you think that anyone here still wants to help you after reading that?"

I'm sorry if I don't have a "correct attitude" but after having to start over and set up my server a number of times with the rooms, descriptions, re-register users, etc. I have a tendency to be a little upset. (pissed off).
It's not a matter of helping me, it's helping everyone as anyone's TS server could be their next conquest.