Forum


Notice to all users

We are migrating towards a new forum system located at community.teamspeak.com, as such this forum will become read-only on January 29, 2020

Results 1 to 5 of 5
  1. #1
    Join Date
    September 2007
    Location
    Australia
    Posts
    5

    Question Found random strangers in server

    Are there there any known bugs/exploits for the current version of the linux server? I don't want information how to do it, just if there are.

    I have a private server I run, server password correctly set and fairly standard permissions. Logged in earlier today and noted a bunch of randoms in their own password protected room. One of the guys had channel admin permissions, which looking at the logs there was nothing. Every other person I'd given channel admin privileges to before shows up, but not the random dude. The only thing logged was when I demoted him to guest:

    Code:
    2012-10-12 00:49:54.267830|INFO    |VirtualServer |  1| client 'Bryan'(id:obsufcated) was added to channelgroup 'Guest'(id:obsufcated) by client 'Techman'(id:obsufcated) in channel 'TSW'(id:obsufcated)
    Anywhere else I can look? Only the client port is available outside of localhost, telnet query etc are blocked by the firewall. I've banned them and blocked their IPs at the firewall.

    Admittedly they weren't doing anything wrong nor did they do anything malicious, so it's not a massive deal. I'd just prefer to keep my server private!
    Last edited by techman83; October 13th, 2012 at 03:13 AM. Reason: Marking as issue resolved.

  2. #2
    Join Date
    October 2010
    Location
    Warsaw / Poland
    Posts
    296
    Probably no, the only option to get access to TS3 itself is...
    a) bruteforce serverquery serveradmin password
    b) get access from somebody else with such power

    Probably you have some wrong permissions (like guest can give himself CA) or simply somebody used his old-pc ID (f.e. on notebook) so he had access on new IP (f.e. wireless connection one) and different nick.

  3. #3
    Join Date
    September 2012
    Posts
    6,079
    Your server's default guest group could have the permission to ignore the password
    They could've just guessed your password or been told the password.

    The client creating a channel will automatically get the channel admin group by default. You can change that is the virtual server settings.

    There are no known exploits.

  4. #4
    Join Date
    September 2007
    Location
    Australia
    Posts
    5

    Thumbs up

    Quote Originally Posted by Chris View Post
    Your server's default guest group could have the permission to ignore the password
    They could've just guessed your password or been told the password..
    I tested this and you can't get in. Only a handful of people have the password, but I guess there is a possibilty that it was given out to other people (I have my suspicians). It was quite an old ID too. I guess I'll find out if I hear through the grapevine about friends of friends not being able to use it.

    Quote Originally Posted by Chris View Post
    The client creating a channel will automatically get the channel admin group by default. You can change that is the virtual server settings.
    Ahh that would explain it. I'd like this behaviour to remain actually, sometimes half of us will be playing a different game and it's handy for them to be able to create rooms and change settings. For the most part I trust the guys that have access.

    However in this instance I had no idea who they were and they'd created a password protected room. That I'm not cool with.

    Quote Originally Posted by Chris View Post
    There are no known exploits.
    Cool. I think judging by the fact there was no malicious activity and you explained how channel admin was granted, I'd say in this case nothing was exploited.

    I changed the server password, banned the users and blocked their IPs. That should be good enough for now.

    Thanks for the quick response!

  5. #5
    Join Date
    September 2007
    Location
    Australia
    Posts
    5
    And the plot thins! Seems although when I initially set it up, it had a server password (I remember doing it, as I had to find out how as the process was different to TS2). However at somepoint it lost that, maybe during an upgrade. So essentially an open server, with guests allowed to create channels.

    Password set, all is good now. It would be better if the login failed if you put a password in and there was none though.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Random Server Crashes
    By SecretMineDE in forum Linux / FreeBSD
    Replies: 11
    Last Post: September 30th, 2015, 07:21 AM
  2. Server random crashes
    By NyxBiker in forum Server Support
    Replies: 3
    Last Post: April 22nd, 2015, 08:24 AM
  3. server 2012 Random DC
    By hMeco in forum Windows
    Replies: 0
    Last Post: August 21st, 2013, 06:55 PM
  4. Random Ban By server?
    By Ahmed in forum Server Support
    Replies: 4
    Last Post: September 24th, 2011, 09:58 PM
  5. Replies: 0
    Last Post: November 28th, 2010, 12:08 AM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •