TS server hacked

[n000b]

Hi,

Yesterday my Teamspeak server was hacked - I wasn't around but one of the other SA's told me that someone told him that there were people playing up in the Teamspeak server - when he joined, they had already removed his SA and they had also registered accounts by themselves (we have self-registration turned off) and were deleting all the channels. Fortunately, he has access to the box that the server is located on so he shut down the Teamspeak server and removed their accounts.

This got me thinking - are there any known vulnerabilities on Teamspeak 2.0.20.1? How could they have gotten in? I thought about it for a while and considered that it may have been possible that they brute forced the superadmin login on the web interface and used that - does Teamspeak have any protection against brute force attacks against the web interface?

Also, does Teamspeak keep logs of people who have joined the Teamspeak server, including their username's and IP addresses?

Thanks

[Conman5]

Teamspeak does not keep logs unless you tell it too. You can find out how to configure your log settings here http://www.goteamspeak.com/index.php...=4&item=59#q59

As for security, it is possible they could have done a brute force crack of the superadmin, then used webpost and TCP combined to do all you say. I believe the best way to secure your server is to put the box behind a router. u'll have to configure it to let things through on port 8767, or whatever one u use, but then the only way someone can access ur webpost or TCP connections is if they had access to ur LAN network.

Also changing the passsword to something very complex might help