Forum

Page 1 of 2 12 LastLast
Results 1 to 15 of 28
  1. #1
    Join Date
    March 2013
    Posts
    39

    Exclamation Cracked TS3 Spam - Hacked?

    <time censored> "GameTracker": The cracked server and license for slots 16776960 and 65535 servers...
    Test server: URL CENSORED
    Free Android and iOS client.
    Crack to bypass blackList and advanced bans!
    Link : http://URL CENSORED
    We admins were chatted at by this bot with that message, the log is not showing any IP or UID, because I didn't log the ServerQuery so far (we never had this problem before). After clicking the name in the serverchat and trying to ban, I'm getting this error:
    <time censored> missing required parameter

    A look into the ban list after that only had the UID "ServerQuery" banned (makes no sense?!)

    I guess I will have to whitelist the query from now on.

  2. #2
    Join Date
    May 2012
    Location
    The 3rd dimension
    Posts
    956
    Add the client id of ServerQuery to a server group and on that server group block the ability to send messages. You could also do this via client permissions. However this ability will be removed with the upcoming server update for new servers. So likely you will need to put these settings in manually. New servers guard against this by default.

  3. #3
    Join Date
    March 2013
    Posts
    39
    We already have default permissions set so far, that regular users won't receive those messages anyways.
    I just can't understand, why I can't ban that Client.

  4. #4
    Join Date
    December 2004
    Location
    RF
    Posts
    3,006
    Limit access to a serverquery. And adjust permissions to prevent guests from sending messages through it.

  5. #5
    Join Date
    June 2013
    Location
    Germany, Bremen
    Posts
    79
    Its the Guest Server Query, no hack.

  6. #6
    Join Date
    June 2011
    Location
    Germany
    Posts
    4,365
    Was actually a query user or some very strange hack? I mean it advertises ignoring bans and if TS accepts ServerQuery as a voice client ID (can't say if it does), it's over.
    Last edited by numma_cway; August 25th, 2014 at 06:38 PM. Reason: I meant ID, not IP

  7. #7
    Join Date
    March 2013
    Posts
    39
    YES! That's what I mean.
    It's using a not possible ID, does not save an IP AND also, it sends private messages, even though it can't!
    I just checked the Guest Query permissions and it does not have the private textmessage power set at all!

    The advertised "hacks" do work!
    It's advertising even more, from ignoring antiflood to ignoring server passwords!
    Please understand: You can not even ban people using that tool now!

    @Teamspeak Devs: If you need the real link, I can send you that through PM if you like
    We are using TS3 Server v. 3.0.10.3 on Windows x64
    Last edited by Chris; August 27th, 2014 at 10:10 AM. Reason: stripped excessive formatting

  8. #8
    Join Date
    June 2011
    Location
    Baghdad, Iraq
    Posts
    367
    i remember a guy once asked me about this said he banned him from his server but he still connects he even came back as a voice user talked to him a little and then DDoSed his server for few min

  9. #9
    Join Date
    June 2011
    Location
    Germany
    Posts
    4,365
    Quote Originally Posted by bbqeater View Post

    I just checked the Guest Query permissions and it does not have the private textmessage power set at all!
    [...]
    We are using TS3 Server v. 3.0.10.3 on Windows x64
    You are using an outdated server where the Guest Query group does not affect people on virtual servers. Guest Query group only works when using a the recent server version.
    And even then, having no permission that might actually be enough to PM certain people. But not sure about that.

  10. #10
    Join Date
    March 2013
    Posts
    39
    3.0.10.3 is not outdated, it's the most current stable.
    http://www.teamspeak.com/?page=downloads

    Guest Query group only works when using a the recent server version.
    It is the most recent version, please don't tell lies.

    And even then, having no permission that might actually be enough to PM certain people. But not sure about that.
    There is no permission that allows them to PM, thats the point.
    Last edited by bbqeater; August 25th, 2014 at 09:59 PM.

  11. #11
    Join Date
    June 2011
    Location
    Germany
    Posts
    4,365
    Guest Server Query does not work in 3.0.10.3.

  12. #12
    Join Date
    March 2013
    Posts
    39
    LOL
    Then how are the TSViewer.com, Game-State.eu and GameTracker Crawlers retreiving their data?
    Also, how is anyone able to spam through something that doesn't work?
    Last edited by bbqeater; August 26th, 2014 at 06:49 AM.

  13. #13
    Join Date
    June 2011
    Location
    Germany
    Posts
    4,365
    Because the Guest standard server group takes place.

  14. #14
    Join Date
    December 2004
    Location
    RF
    Posts
    3,006
    Quote Originally Posted by bbqeater View Post
    LOL
    Then how are the TSViewer.com, Game-State.eu and GameTracker Crawlers retreiving their data?
    Also, how is anyone able to spam through something that doesn't work?
    Before starting an argument, try to do some research. you might find that your argument is void before start.

    Also, stop using useless decorations in your posts, if you want people to read them.

  15. #15
    Join Date
    March 2013
    Posts
    39
    Maybe you're right, thank you for that information.
    But where is the problem in telling that in the first place, without creating misunderstandings?
    Telling me to do research instead of just providing the info in the first place?
    Otherwise I have the feeling that you're trying to create arguing and not find solutions.
    Especially as this is not the regular all-day thing to know about this specific problem/bug.
    Okay, let's just forget about it.

    However: The exploits seems to exist anyways.
    It's not possible to ban the IP/UID because both are not logged by TS (the IP probably will be in the serverlog, if you activate ServerQuery logging - but they're using very frequent names like "GameTracker" etc. as stated before).
    Last edited by bbqeater; August 26th, 2014 at 07:08 AM.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •