Forum


Notice to all users

We are migrating towards a new forum system located at community.teamspeak.com, as such this forum will become read-only on January 29, 2020

Page 1 of 2 12 LastLast
Results 1 to 15 of 28
  1. #1
    Join Date
    December 2009
    Location
    Utah
    Posts
    119

    Server beta27 Hacked [just perm problem]

    My beta 27 server got hacked today. A few guests came in and gave themselves SA Access. I'm not sure how, maybe its a permission problem or a exploit they found. Any ideas?

  2. #2
    Join Date
    December 2009
    Location
    Utah
    Posts
    119
    You can move this if it isn't in the correct location. I put it in the bug section cause I think they exploited a bug in the server to gain permissions like what happened back in beta 25.

  3. #3
    Join Date
    April 2009
    Location
    Germany
    Posts
    242

    Question

    I am sure its a flaw somewhere in your permission settings. Did you check every important permission on your server ? Channels, Server Groups etc. ?

  4. #4
    Join Date
    December 2009
    Location
    Utah
    Posts
    119
    Well, I checked all my permissions and I don't see anywhere in there they can gain that high of access.

    Privilege Keys are Off.
    all Major groups have needed add and modify power to 100.

    They logged in, got the or red S, twice on their name. I only have 1 group that uses the blue S and its the server admin template. I don't know of any server group that uses the Red S. So I'm not quite sure what that's about.

    Maybe I can have a admin go through my permissions to see if I messed up somewhere, or someone found a new exploit that needs to be addressed.

  5. #5
    Join Date
    May 2010
    Posts
    6,310
    Hello

    Can you make an serversnapshot ?
    Code:
    login serveradmin <password>
    use <server ID> or use port=<server port>
    serversnapshotcreate
    Select the line just after "begin_permissions" and copy paste in txt file and post here.
    We can check if in your permissions you have problem.

    To check all permissions in your server you can use this :
    http://forum.teamspeak.com/showthread.php?t=57794

  6. #6
    Join Date
    June 2008
    Posts
    18,494
    Server beta25 had no exploit. There is no known exploit for the newer versions.
    All hacks and token generators are fake and spyware!

  7. #7
    Join Date
    December 2009
    Location
    Utah
    Posts
    119
    Hmm, for some reason I'm getting this error on serversnapshotcreate


    error id=2568 msg=insufficient\sclient\spermissions failed_permid=8748 (55 ms)

  8. #8
    Join Date
    June 2008
    Posts
    18,494
    You need the permission b_virtualserver_snapshot_create to create snapshots of your server.

    Make sure, that your are logged in as QueryAdmin or assign b_virtualserver_snapshot_create toyour Server Admin group an assign that permission.

  9. #9
    Join Date
    December 2009
    Location
    Utah
    Posts
    119
    Ok, here's the text document. Let me know if it has something that shouldn't be displayed in public. I had to zip it since it was a .rtf

    Thanks for your help.

  10. #10
    Join Date
    May 2010
    Posts
    6,310
    Indeed I saw some permissions errors. Nothing serious but potentially problematic.

    Can you give us your default group on your server (server, channel and channel admin) ?
    What is the Database ID of the malisious user ?

    Have check the other permissions (channel, client, and channel to client) ?

  11. #11
    Join Date
    December 2009
    Location
    Utah
    Posts
    119
    Default server group is Guest. (ID:8)
    Default channel group is Guest (ID:8)
    Channel admin group is FeC Leader (ID: 6) -- This group has 2 members.

    I also have minor admin groups "Event Leader (ID:17), Section Leader (ID:10), Co-Leader (ID: 13).
    Although, he gained access as a guest. Not sure what he did or how.

    I don't have any Database Id's but I do have the users Unique ID, but I know those can be made again easily. I also have his last used name.

    I've checked all channel permissions. All channels only have needed modify 100 and needed file stuff 100.

  12. #12
    Join Date
    April 2009
    Location
    Germany
    Posts
    242

    Wink

    Quote Originally Posted by xcalibur View Post
    Although, he gained access as a guest.
    Remove the permission for Guests to be able to use Tokens to gain privileges. Rather give the people you want in your Server the token's yourself in form of invite links. That way you avoid that by any chance somehow a "hacked" token or whatever is used to gain privileges.

    At least that would be one thing to do.

    As alternative you can add people, if they are not supposed to get a fix account, to a certain Channel group. That way they can have special permissions for channels but you still dont have to add them permanentely as users.

  13. #13
    Join Date
    December 2009
    Location
    Utah
    Posts
    119
    That's already been removed, maybe you seen it in the template group (Guest)?
    b_virtualserver_token_use is grayed out in ID:8 Guest Group

  14. #14
    Join Date
    May 2010
    Posts
    6,310
    Channel admin group is FeC Leader (ID: 6) -- This group has 2 members.
    -In your permission snapshot the group ID 6 is a server group.
    It's not normal that you have a server group (Fec Leader) in the "Channel admin default group. Are make a change directly by the database ?

    - Your channel group must be have i_group_auto_update_type

    - I see several permissions with an power greater than 100. You have modify your database. Is not good to change the biggest power.

    Other verifications :
    In your database check in the "clients" table, if you have only one user (serveradmin) or know users with an query login and password.

  15. #15
    Join Date
    December 2009
    Location
    Utah
    Posts
    119
    Sorry I typed that wrong. FeC Leaders is a server group, not a channel group.

    Yes I have only 1 serveradmin. I checked in my database under clients.

    The only permissions higher then 100 are the needed file view power.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Ts3 got maybe hacked [just perm problem]
    By Realdarky in forum Permission System
    Replies: 3
    Last Post: May 21st, 2011, 01:04 AM
  2. Replies: 3
    Last Post: November 28th, 2010, 09:44 AM
  3. [Solved] Sever Hacked...[Just perm problem]
    By DeVil.DeMonde in forum Server Support
    Replies: 15
    Last Post: September 21st, 2010, 08:22 PM
  4. Server beta27 Hacked [just perm problem]
    By xcalibur in forum Bug Reports [EN/DE]
    Replies: 5
    Last Post: September 3rd, 2010, 09:41 AM
  5. Server Hacked [just perm problem]
    By Ebay01 in forum Permission System
    Replies: 5
    Last Post: March 15th, 2010, 08:32 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •