Suggestions Administrators can use to Strengthen TS Security

[WolfStar76]

Many of the problems you describe (like not being able to kick a user, and getting an error (RichEdit error I'm betting) ) have been fixed in the latest server versions.

Try downloading the latest version 2.0.23.15 for starters.

Secondly, if that in and of itself doesn't solve your problem, make sure that each an every person on your server who has (SA) rights is using a nice, strong passphrase. "money" "sex" or "1337" are NOT good passwords.

"T34mSp34kIsK3wl" on the other hand, would be pretty hard to "hack".

Lastly - yes, it's upsetting to have to start over, but there are several things you can do right to avoid that kind of problem. The first would be to make regular backups of your server.dbs and server.ini file. Someone hacks your server? Shut it down, restore those files, and BLAM, in 60 seconds you're right back to normal.

What you should NOT do, is start posting in a forum, half-cocked, angry at the wrong people, for problems that are, frankly, as likely to be your own as they are anyone else's.

Remember - we learn from our mistakes. The catch is, you can learn one of two things - that "it isn't my fault, so I've got nothing to learn" or "what can I do to stop this happening again".

The choice is yours.

I hope you're happy with whichever one you choose.

[sgtbenc]

It's sad when my friends come to me asking to help them get their server back under their control. Their providers are stupid. The provider does not realize that they would not have those problems if they had only upgraded from their 2.0.20.1!

[ratster53]

I heard you could incript a certain file on the server and no one could take over the server. Has anyone heard of this technique? or is it blah blah blah

[BHKai]

I heard you could incript a certain file on the server and no one could take over the server. Has anyone heard of this technique? or is it blah blah blah

blah blah blah

Keep it updated and do not fall for the tricks and no one can take over the server.

[spatieman]

Stupid that logging all channels and users are default enabled.
i didnt know that it was possible.
and i am admin my self now for some years.

[Derivative]

Moving this post.

[hilsoe]

I would like if it became possible to set a password on a sub-channel.

[michandrfz]

^^^^ changing ports does not do anything. You can change your ports all you want I can scan the box and have the new ports in a matter of minutes. That only slow's them down for about 2 to 3 minutes.

(sorry to single you out)

If you are that worried/paranoid about security there is a program out there called snort(http://www.snort.org/) if you have got a LOT of time,. energy, and patience this will detect port scans and block that IP


NAT IP firewalls/routers are also a good security it enables you to keep all your administration ports open but only assessable on your local network

as for passwords they are the biggest unavoidable security hole out there but here is a few suggestions 1. at least 6 characters at a bear minimum 2. use uppercase lowercase and symbols 3. DO NOT BASS PASSWORDS OFF DICTIONARY WORDS 4.in my opinion the most secure way to make a password is to write something random like "AEfw010@#kielw*" and writing it down in a safe place is the best way to go . one password cracking program (John The Ripper) has an time frame on app. how long it would take to guess your password, the more random and long your password is the longer it takes to crack it SPECIAL CHARACTERS MAKE A DIFFERENCE

MIGRATE TO MYSQL AND STORE PASSWORDS USING SOME FORM OF ENCRYPTION MD5 SHA1 RSA2 ANYTHING DO NOT KEEP USING THE OPEN TEXT FORM OF PASSWORD STORAGE IT IS INSECURE AS IT GETS

use the mod_perl for teamspeak it is a great program i recommended on the flood setting it to 3 joins every 30 seconds there is also a TS admin client if you can use it however i did not post a link to it in here

for those of you who can't figure out what that thing at the top left is called a "search bar" here are a few links to help you out and a few places of where i base all my information off of

sitename - link - information
comptia - http://www.comptia.org - basic networking and security (i am A+ cert. remote support, IT and Depot tech. and at the time of writing am working on the server+ linux+ security+ and network+)
Cisco - http://www.cisco.com/web/learning/le...type_home.html - more advanced networking (at time of writing am studying close to taking CCNA)
John the Riper - http://www.openwall.com/john/ - recommendations on passwords
snort - http://www.snort.com/ - snort Firewall
MySQL - http://www.mysql.com/ - MySQL open source database
PHPMyADMIN - http://www.phpmyadmin.net/ - Esay to use MySQL web management software
another thread - http://forum.teamspeak.com/showthread.php?t=12365 - contains a guide on implementing MD5 in a MySQL/TS envirnment
another thread - http://forum.teamspeak.com/showthrea...ODBC+connector - Guide on implementing MySql with Teamspeak


didn't mean for this to be so long hope it wasn't a complete waste of time hope this helps some of the more inexperienced users(experienced users you should already know most of this )

[djs5566]

I set my pswd for superadmin and admin with to many characters, whe i go to log in it wont let me put full pswd in, do i need to wipe out server and start over?

[ANR Daemon]

You can read your existing password from database using almost any text viewer.
Copy server.dbs to separate location.
Open that copy as plain text file
Search for username. Before that will be your password.

[ladyCAZ]

I found this extremely helpful, but we've applied most
of the suggestions already and still are having spammers/
hacks on a daily basis.

I wish we could add more than 20 ban ips though.

[ANR Daemon]

Honestly, I don't see what you're complaining about. Get used to normal firewall and ban IP's there.

[ladyCAZ]

[QUOTE=ANR Daemon;195213 Get used to normal firewall and ban IP's there.[/QUOTE]

Sorry but I'm not aware of how this may be done.

[maxi1990]

Do you know what firewall you are currently using? After you figured that out you ought to use google in order to find out how to ban ips =)

[ladyCAZ]

I'm using McAfee as my security program. Is this the firewall you
are referring too?