Forum


Notice to all users

We are migrating towards a new forum system located at community.teamspeak.com, as such this forum will become read-only on January 29, 2020

Page 1 of 2 12 LastLast
Results 1 to 15 of 21
  1. #1
    Join Date
    December 2007
    Location
    France
    Posts
    115

    Solved Accident with Server 3.0.0-beta31-pre [Build: 13545]

    Tonight from 19:20 two people came to my TeamSpeak server as a group "Guest ", he added that the groups are "staff" or it may have rights and kick and put passwords everywhere.
    They failed to put in ServerAdmin.

    The first installation of my server was in BETA 30 on Linux. Since I am in BETA 31-pre for test.
    I have checked my group "guest"and there is no error, the members can not put this in a group alone.

    Exemple:

    02/02/2011 19:24:59 VirtualServer Info client connected 'dsdsdadsadsadsadadadsadsa'(id:184) from 201.27.164.54:1545
    02/02/2011 19:25:06 VirtualServer Info client (id:184) was added to servergroup 'SFF'(id:9) by client 'dsdsdadsadsadsadadadsadsa'(id:184)
    02/02/2011 19:25:07 VirtualServer Info client (id:184) was added to servergroup 'STAFF'(id:11) by client 'dsdsdadsadsadsadadadsadsa'(id:184)
    02/02/2011 19:25:07 VirtualServer Info client (id:184) was added to servergroup 'SILENCE'(id:13) by client 'dsdsdadsadsadsadadadsadsa'(id:184)
    02/02/2011 19:25:08 VirtualServer Info client (id:184) was added to servergroup 'STAFF FEMININ'(id:14) by client 'dsdsdadsadsadsadadadsadsa'(id:184)
    02/02/2011 19:25:37 VirtualServer Info channel 'Le bar'(id:2) edited by 'dsdsdadsadsadsadadadsadsa'(id:184)
    02/02/2011 19:25:41 VirtualServer Info channel 'FFA'(id:9) edited by 'dsdsdadsadsadsadadadsadsa'(id:184)
    02/02/2011 19:25:44 VirtualServer Info channel 'Zombies'(id:35) edited by 'dsdsdadsadsadsadadadsadsa'(id:184)
    02/02/2011 19:25:47 VirtualServer Info channel 'War & Gather'(id:36) edited by 'dsdsdadsadsadsadadadsadsa'(id:184)

    02/02/2011 19:30:10 VirtualServer Info client connected 'meninor0x^'(id:185) from 189.103.71.224:4062
    02/02/2011 19:30:14 VirtualServer Info client (id:185) was added to servergroup 'SFF'(id:9) by client 'meninor0x^'(id:185)
    02/02/2011 19:30:16 VirtualServer Info client (id:185) was added to servergroup 'STAFF'(id:11) by client 'meninor0x^'(id:185)
    02/02/2011 19:30:16 VirtualServer Info client (id:185) was added to servergroup 'SILENCE'(id:13) by client 'meninor0x^'(id:185)
    02/02/2011 19:30:17 VirtualServer Info client (id:185) was added to servergroup 'STAFF FEMININ'(id:14) by client 'meninor0x^'(id:185)
    02/02/2011 19:30:57 VirtualServer Info client connected 'liltom72:'(id:146) from 90.59.190.247:65161
    02/02/2011 19:31:04 VirtualServer Info client disconnected 'SFF. Frizi'(id:17) reason 'invokerid=11 invokername=dsdsdadsadsadsadadadsadsa invokeruid=lC4a3XXWBP/1z8qs7CS1HrCyq8A= reasonmsg'
    02/02/2011 19:31:09 VirtualServer Info client disconnected 'liltom72:'(id:146) reason 'invokerid=18 invokername=meninor0x^ invokeruid=8u3u4Lb0CmHCGN8XsXZBslKVCY0= reasonmsg'
    02/02/2011 19:31:14 VirtualServer Info client connected 'SFF. Frizi'(id:17) from 89.84.115.98:59890
    02/02/2011 19:31:17 VirtualServer Info client disconnected 'SFF. Frizi'(id:17) reason 'invokerid=18 invokername=meninor0x^ invokeruid=8u3u4Lb0CmHCGN8XsXZBslKVCY0= reasonmsg'
    02/02/2011 19:31:17 VirtualServer Info client disconnected 'ironhide'(id:144) reason 'invokerid=11 invokername=dsdsdadsadsadsadadadsadsa invokeruid=lC4a3XXWBP/1z8qs7CS1HrCyq8A= reasonmsg'
    02/02/2011 19:31:19 VirtualServer Info client disconnected 'SFF.Strawberry @ ESL'(id:138) reason 'invokerid=18 invokername=meninor0x^ invokeruid=8u3u4Lb0CmHCGN8XsXZBslKVCY0= reasonmsg'
    02/02/2011 19:31:22 VirtualServer Info client connected 'SFF. Frizi'(id:17) from 89.84.115.98:59890
    02/02/2011 19:31:25 VirtualServer Info client connected 'SFF.Strawberry @ ESL'(id:138) from 92.134.209.47:53800
    02/02/2011 19:31:25 VirtualServer Info client disconnected 'SFF. Frizi'(id:17) reason 'invokerid=18 invokername=meninor0x^ invokeruid=8u3u4Lb0CmHCGN8XsXZBslKVCY0= reasonmsg'
    02/02/2011 19:31:29 VirtualServer Info client disconnected 'SFF.Strawberry @ ESL'(id:138) reason 'invokerid=11 invokername=dsdsdadsadsadsadadadsadsa invokeruid=lC4a3XXWBP/1z8qs7CS1HrCyq8A= reasonmsg'**

    ----------------------------------

    Hackers only can Kick and put password.
    Last edited by Hawk19; February 2nd, 2011 at 11:52 PM.

  2. #2
    Join Date
    February 2006
    Location
    Texas, USA
    Posts
    4,143
    What are the values for the following permissions in the GUEST group and the group(s) these clients promoted themselves to?

    i_group_member_add_power
    i_group_needed_member_add_power
    i_group_modify_power
    i_group_needed_modify_power

    Most of the time these problems are usually a faulty permission setting. Of course it is always possible this wasn't that

  3. #3
    Join Date
    December 2007
    Location
    France
    Posts
    115
    Thank you for help.

    I work for over a year in TS3, I know well enough permissions, I translated all the software in French, so I know him to know and as I say, there is no permission for guests, I did a test with a guest, it may not add to a group alone.

    It's Hack !

  4. #4
    Join Date
    February 2006
    Location
    Texas, USA
    Posts
    4,143
    This is definitely interesting then... I am curious why they didn't add themselves to your admin group. It looks like they did add themselves to a few groups.

  5. #5
    Join Date
    September 2010
    Location
    USA
    Posts
    39
    Seeing how those are custom groups, maybe the permissions on those groups are set incorrectly?

  6. #6
    Join Date
    December 2007
    Location
    France
    Posts
    115
    You do it on purpose? I just say that my groups are very well adjusted and a visitor can not get into another group alone.
    When you talk to a beginner ok, it's not my case, but "poisonpanik" has already asked to check.

    Otherwise thank you all for your help and I too would like to know what is wrong. Namely that the vulnerability can only be added alone in groups of up to level 50. Groups admins (level 75 and 100) are not affected.
    Last edited by Hawk19; February 3rd, 2011 at 05:17 PM.

  7. #7
    Join Date
    June 2008
    Posts
    18,513
    Hawk19 can you send me your database file? A co worker want's to have a look at it.
    Have you changed anything after this event? Ineed to know this, maybe you closed your "security hole".

  8. #8
    Join Date
    December 2007
    Location
    France
    Posts
    115
    I does little change after... (Delete hackers on "STAFF", "SFF" and "STAFF FEMININ" GROUPS) I've backup, I send you my database before and after event.

    I've a video with server BETA 31 exploit, I send you link.
    Last edited by Hawk19; February 3rd, 2011 at 12:35 PM.

  9. #9
    Join Date
    January 2011
    Location
    US
    Posts
    260
    Emm... I did test it for you and permissions seems to be correct. If you want, I can test it more, and I can promise I won't damage anything.

  10. #10
    Join Date
    December 2007
    Location
    France
    Posts
    115
    Thank you.

    You can test if you want, but I do not think set incorrectly my permissions, especially those that can be added to a group.

  11. #11
    Join Date
    June 2008
    Posts
    18,513
    Quote Originally Posted by Hawk19 View Post
    Thank you.
    You can test if you want, but I do not think set incorrectly my permissions, especially those that can be added to a group.
    The whole think is no Hack!

    This databse is a perfect example, that permissions are not set as they should :-/
    In your groups SFF; STAFF; SILENCE; STAFF FEMINIM is no i_group_needed_member_add_power set!

    Your database before this accident shows, that every guest can add himself into that groups.

    Your database after this accident has this permission set in the mentioned groups.

    I think its a cheek to say that someone hacked your server. You know that these permissions are not set. We saw, that you added them after that accident.

    This is a mistake you or other admin made before.

    I repeat. This is no Hack or Bug!

  12. #12
    Join Date
    December 2007
    Location
    France
    Posts
    115
    When you right click on you, you can not get added, I have not thought in the window of the permissions were managed separately.

    Also, I always thought, if permission is disabled, you did not use it.

    Thank you for help....

  13. #13
    Join Date
    January 2011
    Location
    US
    Posts
    260
    I've checked the permission throughly and it looks good now.

  14. #14
    Join Date
    December 2007
    Location
    France
    Posts
    115
    The problem is that for this permission (i_group_needed_member_add_power) when she is disabled, not truly disabled, She has value to "0" (Disable = 0), that is why the person had the rights.

    Normally, when it's disabled, you should have no permission, so thank you to a default value to prevent this trouble and avoid problems or to ensure that when it is turned off, there is no right and not value "0". It is this confusion that I could talk to a developer.

  15. #15
    Join Date
    January 2011
    Location
    US
    Posts
    260
    IIRC, if it's disabled, it is DISABLED, it's NOT 0.

    It goes like this:
    permission ID check:
    Check in server group --> Disabled --> Check in client permission --> Disabled --> Check in channel permission --> Disabled --> Check in channel client permission --> Disabled. Since they're all disabled, this gives a value of 0.

    Disabled is not the same as "0" in that the following 2 scenarios differ (powers applied on same i_******* permission):
    Servergroup permission power 70, not set to skip.
    Client permission power 0.
    Result: 0

    Servergroup permission power 70, not set to skip.
    Client permission is disabled.
    Channel permission disabled.
    Channel-client permission disabled.
    Result: 70

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Server accident
    By SFR-GTA in forum Server Support
    Replies: 1
    Last Post: July 29th, 2012, 09:24 AM
  2. Server accident
    By SFR-GTA in forum Client Support
    Replies: 1
    Last Post: July 29th, 2012, 09:24 AM
  3. Replies: 1
    Last Post: February 14th, 2011, 09:15 AM
  4. TeamSpeak 3 Server 3.0.0-beta31-pre available
    By R. Ludwig in forum Archive
    Replies: 27
    Last Post: January 31st, 2011, 07:43 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •