Forum

Results 1 to 10 of 10
  1. #1
    Join Date
    January 2013
    Posts
    1

    Solved [User Error] Individual causing trouble - able to kick & move people

    To whom it may concern,

    Recently our Teamspeak III Server has been visited by a person who is causing a lot of trouble. It seems this person is able to move people from room to room and is also able to kick people.

    Our senior admin has conducted checks to confirm server permissions and the offending persons name does not feature in permissions.

    Is there anyway our server can be hacked by a person with the ability to kick and move people? who does not show up in our list of admins who do have these permissions.

    The offender goes by the name Morgan Freeman
    Looks like he moves from server to server.

    Kind regards

    Venatore
    Last edited by Chris; January 24th, 2013 at 10:27 AM. Reason: removed ads

  2. #2
    Join Date
    September 2012
    Posts
    6,080
    It might be that someone assigned him admin permissions in the first place, which he then used to give himself client permissions, or he got client permissions directly by some admin.
    It might also be that users can set client permissions on your server by default which is obviously a security hole you should fix.

  3. #3
    Join Date
    January 2013
    Posts
    3
    Chris

    Thanks for your reply. I am the admin that Venatore refers to above. I am from the UK but currently on holiday in Thailand from where I have registered to respond. I advise of this for IP address tracking purposes by you just in case you think this is a bogus reply. Now to you answers:

    1. We have never ever given the person concerned admin rights. There are only 6 of with a admin rights and we are a very tightly knit group. So your suggestion (scenario) ends at this point. I double checked to see if the name (Morgan Freeman and also MorganFreeman) was in the list and it is not. Just in case the list has been hacked. Moreover, it appears that the same person has carried out the disruptive exercise using another name called NIGGA NIGGA . These users appear to have a UK flag and has been carrying out the same behaviour on other servers.

    2. Are you telling me that by default Team Speak III has been released with the users having the ability to set their own permissions? Surely not? If the team have done this, then the loophole needs closing in a patch.

    3. I think your code has been cracked/hacked.

    We look forward to a rapid response.

    Kind regards RAF238thGunRunner
    Last edited by Chris; January 24th, 2013 at 03:25 PM.

  4. #4
    Join Date
    January 2010
    Location
    Secret Base in Arctic Region
    Posts
    1,671
    What Chris meant was, you should look into the Client-Permission-Tab of that user and see if he has any permissions set there (if yes, remove them).
    Another question (and forum search should have net answers) is, do your groups have needed_powers set?
    i. e. "i_client_needed_move_power", "i_client_needed_ban_power", "i_client_needed_kick_from_server_power", "i_client_needed_kick_from_channel_power".

    Quote Originally Posted by permissiondoc
    Power and needed Power Permissions
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    These permissions are a special case of Integer Permissions. They always come
    in pairs, one power permission and one needed power permission. You can only
    successfully issue the action the permission controls if your power is equal or
    greater than the associated needed power.

    Example:

    i_client_kick_power
    i_client_needed_kick_power

    When you want to kick a client the permission system will compare your "kick
    power" with the "needed kick power" of the target of your kick. If you have
    equal or greater power, you will be able to kick this client. If your power is
    less than the needed kick power of your target, you will not be able to go
    through.

  5. #5
    Join Date
    September 2012
    Posts
    6,080
    Of course by default this is not possible, what I meant was that maybe someone changed the permissions on the server so that it is possible to gain permissions that way. Trust me it happened more often than you'd want to know.

    Congratulations, I could've just banned every user on your server if I were someone with bad intentions. I removed all references to your server from the posts to protect some bad guy from taking advantage of this.
    Everyone on your server can grant everyone else (or themselves) a server group that allows them to ban everyone on the server permanently and also kick or move them around...

    As I said earlier, every single case of this kind of report I know of was tracked down to being a user error. This is yet another case where this is true.

  6. #6
    Join Date
    January 2013
    Posts
    3
    Chris

    As you may have guessed we are not Super Users of TS3. We use it purely as a tool to fly the game and I cannot work out without spending hours on this (and I am on holiday),where these permissions are to be found.

    Could you please send me a screen dump of what you are talking about. As far as I am concerned on our system, no guest has the ability to do what you said.

    Edited.

    Well, it looks like I tightened things up too much (screwed up would be a better word), because when I now go into Permissions > Server Groups>, I cannot see the contents of:

    Server Admin
    Normal
    Guest
    Channel Admin

    Help!
    Last edited by Broadmarsh; January 25th, 2013 at 04:01 AM.

  7. #7
    Join Date
    January 2010
    Location
    Secret Base in Arctic Region
    Posts
    1,671
    You probably removed one ore more of following permissions from your group:
    Code:
    b_virtualserver_servergroup_permission_list
    b_virtualserver_channelgroup_permission_list
    b_virtualserver_client_permission_list
    b_virtualserver_channel_permission_list
    b_virtualserver_channelclient_permission_list
    If you host yourself you can restore them using ServerQuery, else you need to contact your hoster.

    What Chris also meant is, you should look that all your groups have the following set and its > 0
    Code:
    i_group_needed_modify_power
    i_group_needed_member_add_power
    i_group_needed_member_remove_power

  8. #8
    Join Date
    September 2012
    Posts
    6,080
    To be more precise on your server there is a server group called "channel admin" which can be assigned by everyone. This group has all sorts of powers including banning and kicking.

    To fix it either delete the group or add the permissions mentioned by Alcazar at the bottom of the post to that group with a value of 75.

  9. #9
    Join Date
    January 2013
    Posts
    3
    Quote Originally Posted by Chris View Post
    To be more precise on your server there is a server group called "channel admin" which can be assigned by everyone. This group has all sorts of powers including banning and kicking.

    To fix it either delete the group or add the permissions mentioned by Alcazar at the bottom of the post to that group with a value of 75.
    errrrrr.....

    Quote Originally Posted by Broadmarsh View Post
    Chris



    Edited.

    Well, it looks like I tightened things up too much (screwed up would be a better word), because when I now go into Permissions > Server Groups>, I cannot see the contents of:

    Server Admin
    Normal
    Guest
    Channel Admin

    Help!
    We host the server on our hardware!

    As you can see there is little I can do.

    Perhaps it is all best left alone. After all it is only a comms tool to allow us to talk whilst flying. We do not need a F1 car to do the shopping.

  10. #10
    Join Date
    January 2010
    Location
    Secret Base in Arctic Region
    Posts
    1,671
    Code:
    login serveradmin <password>
    use sid=<server_ID>
    servergroupaddperm sgid=<Admin_server_group_ID> permid=16785 permvalue=1 permnegated=0 permskip=0
    servergroupaddperm sgid=<Admin_server_group_ID> permid=16788 permvalue=1 permnegated=0 permskip=0
    servergroupaddperm sgid=<Admin_server_group_ID> permid=16790 permvalue=1 permnegated=0 permskip=0
    servergroupaddperm sgid=<Admin_server_group_ID> permid=16791 permvalue=1 permnegated=0 permskip=0
    servergroupaddperm sgid=<Admin_server_group_ID> permid=16792 permvalue=1 permnegated=0 permskip=0
    logout
    Do this using telnet or putty or something.
    Then you can do what Chris wants.

    PS: Thanks to Jordi for "borrowing" the code

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Kick from individual channels?
    By MrSumOne in forum Permission System
    Replies: 1
    Last Post: April 20th, 2015, 11:14 PM
  2. How do I stop an individual from moving people?
    By mykil in forum Permission System
    Replies: 2
    Last Post: June 19th, 2013, 12:03 AM
  3. [Resolved] Error when trying to remove people from a user group.
    By Kazed in forum Client Support
    Replies: 5
    Last Post: October 7th, 2011, 02:09 PM
  4. CA kick and move
    By constrych9 in forum Windows
    Replies: 15
    Last Post: April 13th, 2010, 01:17 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •