Forum


Notice to all users

We are migrating towards a new forum system located at community.teamspeak.com, as such this forum will become read-only on January 29, 2020

Page 1 of 4 123 ... LastLast
Results 1 to 15 of 48
  1. #1
    Join Date
    July 2010
    Location
    Cologne
    Posts
    11

    Server hacked - Ban list on rootserver?

    Hey guys,

    today someone hacked my teamspeak server. He joined the server and
    gave hisself the server admin rights and removed from me. Then he banned or
    permantely from the server.

    So how can i remove all banned clients from the list and ban his ip?

    the first thing is most important.

    Thank you,
    Fighter

    PS: their names were "joey26" and "Hans Seidel"

  2. #2
    Join Date
    December 2009
    Location
    usa
    Posts
    8
    First what version of Ts3 are you running because there was a major update so if you are not running beta 25 this is why you were hacked your going to need to update the server first
    Second your going to need to telnet the server with a program like putty read the pdf file for the commands to login hopefuly you remembered to write down the "SERVERADMIN" password because if you did not it makes this alot harder

    type server list to list the servers need to use the sid of the server you are running

    once you logged in to the server query type banlist and it will give you a list then you can remove bans with ban list
    Last edited by Brian (Humfrid); July 7th, 2010 at 09:13 PM.

  3. #3
    Join Date
    July 2010
    Location
    Cologne
    Posts
    11
    it was Beta 25

    64 Bit Version, newest Updates.

    Not updated doesnt works, because clients who have updated can't connect to server if the server didn't update ts.

    i think i have destroyed the ts3server.sqlitedb cause i can't run the .exe anymore.

    but how can i protect the server for this Badword!!!!!!!server admin hack?

    i have put a password for the server now, but if the get the pass they could hack the server again -.-

    so there is a way?
    Last edited by dante696; July 7th, 2010 at 09:51 PM. Reason: Behave!

  4. #4
    Join Date
    February 2006
    Location
    Texas, USA
    Posts
    4,143
    I recommend you start over with a new server. Then double check all your permissions to verify that your security is air tight.

  5. #5
    Join Date
    December 2009
    Location
    Maryland
    Posts
    7

    Exclamation German TS Hackers

    Last Friday our teamspeak 3 was taken over by two users from Germany. It was found that default guest permissions allowed these users to edit our teamspeak and create an admin account through serverquery login. Once they were able to log in they took everyones admin permissions and injected script to where members and users logged back into our teamspeak it stated we were hacked and would exit out of the program. Here are there names and IPs

    dante696

    84.130.239.39

    <SnOOze>

    84.19.165.217

    Make sure to protect yourselves and disable default guest permissions so knuckleheads like these dont take over your teamspeak.

  6. #6
    Join Date
    January 2010
    Location
    New England USA / Marnbach, Weilheim i.OB, Germany
    Posts
    428
    You were updated to beta25, yes or no?

  7. #7
    Join Date
    December 2009
    Location
    Maryland
    Posts
    7
    yeah we were running version 25. the hackers came in as guests and by default settings were able to access server query login and edit server. they were able to create admin accounts through server query and injected a code into the banner which said we were hacked by BEER and when any user would try to log back in the banner would flash up and say that it was hacked and shut the program down. Right now i reinstalled the server and disabled all permissions for guests and banned the two users that have hacked us. little did they realize that the logs caught them.

  8. #8
    Join Date
    January 2010
    Location
    New England USA / Marnbach, Weilheim i.OB, Germany
    Posts
    428
    So you are only letting us know that your server was hacked and by whom?

    Thank you for the information!

    For clarification: They were able to do so, only because you found a flaw in your guest permissions?

  9. #9
    Join Date
    December 2009
    Location
    Maryland
    Posts
    7
    you could have had the same issue that i have posted about as well. we were using beta 25 and two german guys came in and used server query login to add an admin account and as a guest by default all permissions are allow to guests they were able to edit the server and injected code to post the hack and it would shut the program down. what you do is save all logs that way you have the names and ips of the individuals that hacked you and then setup a new server and as soon as you admin login make sure to make an admin account and delete the default admin name and pass then make sure to edit guest permissions to not allow anything but join channels and text msg.

  10. #10
    Join Date
    December 2009
    Location
    Maryland
    Posts
    7
    The server was taken over and hacked by these two as mentioned above:

    dante696

    84.130.239.39

    <SnOOze>

    84.19.165.217

    Teamspeak needs to make default guest permissions only to allow server join and chat. By default admins or the main admin account should be the only ones allowed access to server query login and to edit the server. These guys exploited that guest can use server query login to find the main admin password and then create their own admin accounts. Then deleted users and injected code into the banner graphics to pop up the logo of HACKED BY BEER and then it was coded to shut it down.

  11. #11
    Join Date
    December 2009
    Location
    Maryland
    Posts
    7
    Also once you check the logs if you can post their IPs here would be great so we can keep these hacking fools under control. The two that exploited our guest permissions and the server query login to find the admin password and created their own their names and ips are:

    dante696

    84.130.239.39

    <SnOOze>

    84.19.165.217

    Both were IP traced to Germany
    Both play COD4 and also have many PBBANs

    My advice ban them from everything you have.

  12. #12
    Join Date
    February 2006
    Location
    Texas, USA
    Posts
    4,143
    If I remember correctly the GUEST group by default has no access to server query... That would mean that you or someone else changed this permission.

  13. #13
    Join Date
    June 2008
    Posts
    18,513
    It seems, there is still a boug, when server was updated from any beta to beta25.
    Nobody reported an hack from a fresh beta25 installation :-((

    Note:
    That's not my IP shown there! I don't live in Lower Saxony.


    Update
    I merged 2 threads here.
    Last edited by dante696; July 8th, 2010 at 08:05 AM.
    When sending me private messages: Please make sure to include reference link to your forum thread or post.

    TeamSpeak FAQ || What should i report, when i open a client thread?

  14. #14
    Join Date
    February 2006
    Location
    Texas, USA
    Posts
    4,143
    Better hurry up and go on vacation Dante! lol

  15. #15
    Join Date
    December 2009
    Location
    germany
    Posts
    56
    maybe this can help:

    on my server the permisson vor guests is set that they can only make temp. channels....no right´s to create other channels.

    but one guest had create semi-temp. channels and i don´t know how he makes this. in log stand that he ist create the channel and the database said that this was a guest user and after control it is a guest user. definetly no rights also in the client rights system for the user id.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. New Server Hack ??
    By Senneca in forum Bug Reports [EN/DE]
    Replies: 5
    Last Post: August 25th, 2010, 09:18 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •