Getting hacked.. :(

[Rafter]

Some dude: 'Bujii de la Motor'(id:141) from IP 92.83.139.143:15503, connected the other day and somehow kicked two of my Servers clients.
It looked like this:

27-08-2010 21:03:40 VirtualServer Info client disconnected 'phx'(id:115) reason 'invokerid=11 invokername=Bujii de la Motor invokeruid=p4G8HviB1Us0+t2B3VCLxIeYKdE= reasonmsg'

I know that he didnt get permissions granted from me or the other dude I gave Server Admin rights.

My server is: 3.0.0-beta27 [Build: 12002] on an up-to-date Ubuntu Server Linux.

Anyone knows how this is possible, and what to do to prevent it happening again? Other than smart advices to shut down the server

[poisonpanik]

Most likely it's your permission setup. Verify that the needed_group_member_add, needed_group_member_remove and needed_group_member_modify powers are properly set.

What does your server log show this client did once they joined the server? Verify that he hasn't been given client permissions or left an identity in the Server Admin group.

[Rafter]

Hi
i_group_needed_modify_power is set to 75 in default server group. This is the ONLY setting that is enabled in Group Modify Section for Default Server Group.

Default Channel Group:
i_group_needed_modify_power: 75
i_group_needed_member_add_power: 20 (low setting, but should be no problem should it?)
i_group_needed_member_remove_power: 40 (low setting, but should be no problem should it?)
Everything else is disabled in the Modify Section.

4 things happend:
The person connected. Then made the two other clients disc. Then he disc. too with reason msg: 'reasonmsg=shhtyTT in Love!(papa idiotilor)'

The log shows nothing else happend, and I have checked that there is no permission Ident left in neither server or channel group areas.

What does '...reason 'invokerid=11.....' actually mean? Is it referring to a client, group, server, channel ID or something?

[poisonpanik]

Honestly, I'd raise the needed powers to match what your SAs have that way the only people who could add/remove/modify that group would be an SA.

[Rafter]

Ye, you are right. I have done that now..
Just wondering if that was the reason? Seems more likely something else would be the issue, right?

[Rafter]

And now it happend again!

28-08-2010 17:43:01 VirtualServer Info client connected 'HubbaBubba'(id:141) from 92.83.155.5:12556

Copy/Paste from Client Server window of what happend:

<17:43:00> "HubbaBubba" connected
<17:43:02> "HubbaBubba" switched from channel "Lobby Channel" to "Chit Chat"
<17:43:02> Channel group "Hi-Tx Guest (8)" was assigned to "HubbaBubba" by Hi-Tx.
<17:43:05> You were moved from channel "Chit Chat" to "Mix - PCW" by "HubbaBubba"
<17:43:05> Channel group "Channel Admin (5)" was assigned to "Rafter" by Hi-Tx.
<17:43:07> You were moved from channel "Mix - PCW" to "Chit Chat" by "HubbaBubba"
<17:43:07> Channel group "Channel Admin (5)" was assigned to "Rafter" by Hi-Tx.
<17:43:10> "phx" was moved from channel "Chit Chat" to "StarCraft 2" by "HubbaBubba"
<17:43:10> Channel group "Hi-Tx Guest (8)" was assigned to "phx" by Hi-Tx.
<17:43:12> "HubbaBubba" was banned permanently from the server by "Rafter"

I did an WhoIs on both IP's: They seem to come from Romania

I could really need some advice on what to do to prevent this! :S

[florian_fr40]

Hello

Use this to check your "Client", "Channel" and "Channel to client" permissions :
http://forum.teamspeak.com/showthread.php?t=57794

If you find nothing can you give us an serversnapshot :

login serveradmin <password>
use <server ID> or use port=<server port>
serversnapshotcreate

[Alcazar]

Also check the "i_client_kick_power", "i_client_needed_kick_power", "i_client_move_power" and "i_client_needed_move_power" values of your groups.

[poisonpanik]

and if all else fails delete your database and start fresh!

[Rafter]

The php permission check tool did not work from my own webserver, though i added the IP to whitelist But used the other webservice and it worked instantly:
The results are here:

*** Client Permissions ***
No sensitive permissions in 'Client Permissions'

*** Channel permissions ***

Channel ID => 1, Name Lobby Channel
PermID => 17295, Name => i_group_needed_modify_power, Value => 100.

Channel ID => 1, Name Lobby Channel
PermID => 21169, Name => i_client_needed_move_power, Value => 30.

Channel ID => 93, Name Chit Chat
PermID => 17295, Name => i_group_needed_modify_power, Value => 100.

Channel ID => 92, Name Mix - PCW
PermID => 17295, Name => i_group_needed_modify_power, Value => 100.

Channel ID => 115, Name Poker
PermID => 17295, Name => i_group_needed_modify_power, Value => 100.

Channel ID => 130, Name BF Bad Company 2
PermID => 17295, Name => i_group_needed_modify_power, Value => 100.

Channel ID => 141, Name Left 4 Dead 2
PermID => 17295, Name => i_group_needed_modify_power, Value => 100.

Channel ID => 142, Name StarCraft 2
PermID => 17295, Name => i_group_needed_modify_power, Value => 100.

Channel ID => 124, Name AFK
PermID => 17295, Name => i_group_needed_modify_power, Value => 100.

Channel ID => 117, Name [KALAK]
PermID => 17295, Name => i_group_needed_modify_power, Value => 100.

Channel ID => 120, Name Mix
PermID => 17295, Name => i_group_needed_modify_power, Value => 100.

Channel ID => 121, Name Chit Chat
PermID => 17295, Name => i_group_needed_modify_power, Value => 100.

Channel ID => 129, Name FFA
PermID => 17295, Name => i_group_needed_modify_power, Value => 100.

Channel ID => 126, Name Poker
PermID => 17295, Name => i_group_needed_modify_power, Value => 100.

Channel ID => 131, Name Battlefield BC2
PermID => 17295, Name => i_group_needed_modify_power, Value => 100.

Channel ID => 118, Name KALAK Thor
PermID => 17295, Name => i_group_needed_modify_power, Value => 100.

Channel ID => 119, Name KALAK Havskum
PermID => 17295, Name => i_group_needed_modify_power, Value => 100.

Channel ID => 125, Name KALAK Royal
PermID => 17295, Name => i_group_needed_modify_power, Value => 100.

Channel ID => 127, Name Br.B Turnering
PermID => 17295, Name => i_group_needed_modify_power, Value => 100.

Channel ID => 122, Name Privat snak
PermID => 17295, Name => i_group_needed_modify_power, Value => 100.

Channel ID => 123, Name AFK
PermID => 17295, Name => i_group_needed_modify_power, Value => 100.

Channel ID => 128, Name File Share Folder
PermID => 17295, Name => i_group_needed_modify_power, Value => 100.

Channel ID => 132, Name Mix_Game
PermID => 17295, Name => i_group_needed_modify_power, Value => 100.

*** Channel to Client Permissions ***
For Channel => Lobby Channel :
No sensitive permissions
------------------------------------
For Channel => Chit Chat :
No sensitive permissions
--------------------------------
For Channel => Mix - PCW :
No sensitive permissions
--------------------------------
For Channel => FFA :
No sensitive permissions
--------------------------
For Channel => Poker :
No sensitive permissions
----------------------------
For Channel => BF Bad Company 2 :
No sensitive permissions
---------------------------------------
For Channel => Left 4 Dead 2 :
No sensitive permissions
------------------------------------
For Channel => StarCraft 2 :
No sensitive permissions
----------------------------------
For Channel => AFK :
No sensitive permissions
--------------------------
For Channel => [KALAK] :
No sensitive permissions
------------------------------
For Channel => Mix :
No sensitive permissions
--------------------------
For Channel => Chit Chat :
No sensitive permissions
--------------------------------
For Channel => FFA :
No sensitive permissions
--------------------------
For Channel => Poker :
No sensitive permissions
----------------------------
For Channel => Battlefield BC2 :
No sensitive permissions
--------------------------------------
For Channel => KALAK Thor :
No sensitive permissions
---------------------------------
For Channel => KALAK Havskum :
No sensitive permissions
------------------------------------
For Channel => KALAK Royal :
No sensitive permissions
----------------------------------
For Channel => Br.B Turnering :
No sensitive permissions
-------------------------------------
For Channel => Privat snak :
No sensitive permissions
----------------------------------
For Channel => AFK :
No sensitive permissions
--------------------------
For Channel => File Share Folder :
No sensitive permissions
----------------------------------------
For Channel => Mix_Game :
No sensitive permissions
-------------------------------

I can give you a serversnapshot, but it is an awful lot of info that command brings up :S
Let me know..

Server Group: Server Admin
i_client_kick_power: value=75, grant=75
i_client_needed_kick_power: value=75, grant=75
i_client_move_power: value=75, grant=75
i_client_needed_move_power: value=30, grant=75

Server Group: Normal
i_client_kick_power: no permissions!
i_client_needed_kick_power: value=50
i_client_move_power: no permissions!
i_client_needed_move_power: value=30

Server Group: Hi-Tx User (Default Server Group)
i_client_kick_power: no permissions!
i_client_needed_kick_power: no permissions!
i_client_move_power: value=30 (I know this one is not good and I will change it/remove it)
i_client_needed_move_power: value=30

Channel Group: Hi-Tx Guests (Default Channel Group)
i_client_kick_power: no permissions!
i_client_needed_kick_power: no permissions!
i_client_move_power: no permissions!
i_client_needed_move_power: value=30

I did not go through the other Channel Groups, as i thought the default was most important!
The reason why I have set i_client_needed_move_power to 30 is.. I want every other player in our clan to be able to move everyone to another channel. But I have recently changed things(channel groups and channels). Which means the Clan players have permissions to do more in the KLAN-Channel area, but should not have the permissions in the guests area. The move_power should not be permitted to guest ofcourse..
I'll change that and I guess that is why the last "hacker" could do the things he did. But as for the first "hacker" Im still unsure..

Thank you for helping..

[Alcazar]

Let me know..

Server Group: Server Admin
i_client_kick_power: value=75, grant=75
i_client_needed_kick_power: value=75, grant=75
i_client_move_power: value=75, grant=75
i_client_needed_move_power: value=30, grant=75 <- 1

Server Group: Hi-Tx User (Default Server Group)
i_client_kick_power: no permissions!
i_client_needed_kick_power: no permissions! <- 2
i_client_move_power: value=30 (I know this one is not good and I will change it/remove it)
i_client_needed_move_power: value=30

1) Is this wanted? Should SA users be moved by others (who have 30 move power) ?

2) Set a value here, else each user of this group can kick other users of this group!