Forum

Page 4 of 16 FirstFirst ... 2345614 ... LastLast
Results 46 to 60 of 234
  1. #46
    Join Date
    November 2014
    Posts
    5

    PHP TeamSpeak Exploit, Advertising BOT

    Hi,

    with PHP scripts can connecting to the server without a ServerQuery login and this client can write to the other users, can create channels, etc.
    I cann't ban the client, with ServerAdmin.

    The script can more than one client and flooding/spamming the chat and create some temporary channel.

    Channel creating:
    Click image for larger version. 

Name:	web.png 
Views:	165 
Size:	9.2 KB 
ID:	13096

    Ban:
    Click image for larger version. 

Name:	web1.png 
Views:	81 
Size:	2.0 KB 
ID:	13097
    Last edited by dante696; November 2nd, 2015 at 07:47 AM. Reason: merged

  2. #47
    Join Date
    June 2008
    Posts
    18,151
    That's no exploit or bug.
    Your server just does allow the Guest query to do these things.

    http://forum.teamspeak.com/threads/9...011#post394011
    When sending me private messages: Please make sure to include reference link to your forum thread or post.

    TeamSpeak FAQ || What should i report, when i open a client thread?

  3. #48
    Join Date
    February 2016
    Posts
    1

    Poke from unknown user from unknown server ?!

    Hello , iam hosting teamspeak 3 server for some time and now from nowhere everyone on server got spam poke from some unknown user

    <00:24:21> "admin" pokes you: new ip teamspeak3 : 185.***.***.***:9992

    However , from logs and everthing user was never on server(no indentity no connect on server, nothing....cant do nothing about it) so iam not sure how could he do it.
    My friends told me they happened same for them on theirs servers with different IPs and after few minutes after that they got all DDOS attack on their server but i got strong bandwith from France so its holding up so far but iam not sure if is this some security hole in server or client or my query pw was compromised or something idk.

    Does anyone have any idea whats going on? thank you iam kinda confused
    Last edited by dante696; February 4th, 2016 at 07:48 AM. Reason: merged, update your server and set needed permissions from post #33

  4. #49
    Join Date
    July 2013
    Posts
    9

    Server Query hack

    A few days ago I received a poke from "Admin" with the message "NEW IP, CLICK HERE!" Everyone else connected to the server at that time also received the message and they alerted me about it, when I tried banning the user it said "missing required parameter" but when I checked the banlist the ban was registered as "uid=ServerQuery (Unknown from 37.187.252.194:48319)" ... I tried connecting to the ip that was sent through the poke as a message and it connected me to a European server, today the same thing happened, I stepped out for a bit, when I came back I received 3 pokes from the same ip "uid=ServerQuery (Unknown from 37.187.252.194:48319)" but when I tried connecting through the poke message It connected me to a different server not the one like before, I'm not connected to any Query programs and I have no Idea what is going on it is really affecting me and my clients.
    Last edited by dante696; February 8th, 2016 at 07:59 AM. Reason: merged

  5. #50
    Join Date
    April 2015
    Posts
    38
    I think that if you have a server group that you think anyone could have and it has enough poke power, someone could do it with the help of javascripts. I believe TS3MassMover also has mass poke feature, as long as you have enough poke power to poke most of the people, its easy to manipulate new ip. like change your nickname to admin /masspoke
    Code:
    [u rl= ts3srv://123.123.123.12 3]Click here for new ip[url]
    Or he might have done it with yatqa or similar things, that could be the reason you couldn't ban

  6. #51
    Join Date
    July 2013
    Posts
    9
    I don't know, When I try to ban it says "invalid perimeter" but when I check the banlist it shows a ban is registered as "uid=ServerQuery (game-state.com" or "gametracker" in those brackets with the ip as shown in my first reply when the ban is fresh, when i close the banlist the ip next to it disappears..

    Edit: when i edit the ban window the unique id shows the ban registered as "ServerQuery"

  7. #52
    Join Date
    June 2011
    Location
    Germany
    Posts
    4,350
    Solution is somewhere in the server changelogs. Read them.

  8. #53
    Join Date
    July 2013
    Posts
    9
    Quote Originally Posted by numma_cway View Post
    Solution is somewhere in the server changelogs. Read them.
    I went over the changelog, I see what you're referring to. But I do not know how to go about "fixing" the problem.

  9. #54
    Join Date
    April 2015
    Posts
    38
    It's probably as I thought but you need to check it yourself to be sure. Join your teamspeak with new identity, give yourself a server group which has enough permission to poke. When you have the server group on you, go to tools, serverquery login. Write serverquery1, since we consider serverquery is taken by "hacker" guy. Connect to yatqa with your server ip+port and username serverquery1 and password that it gives you after you write serverquery1. Change your nickname with yatqa, in misc part if I'm not mistaken. Then poke a yourself(but old yourself, not new id, disconnect from the server with new identity. Connect with your original one.) When you poke original yourself click on red name that shows who poked you and ban it. Check the ban list to see what it says about uid. If you see serverquery1 or the nickname you changed, bingo!

    Then copy your sqlitedb into your pc and open it with a sql browser. I'm %100 sure in somewhere there are list of created serverquery login accounts. And possibly information about who created them. I saw with my own eyes that there is a list about it in database but I'm not sure about if it includes information. I'm on mobile so can't exactly tell you were it is but it's easy to find.

  10. #55
    Join Date
    July 2013
    Posts
    9
    Server groups are protected I'm the only one who can assign/remove groups and only my group is allowed to access SQ login/acc creation. I did follow the rest of the steps you mentioned, I couldn't find SQ accounts in the sqlitedb I could be looking the wrong place maybe?

    I did make one change to my permissions for guess, I revoked the permission to poke.

  11. #56
    Join Date
    December 2004
    Location
    RF
    Posts
    3,006
    Shield your query port from external connections.

  12. #57
    Join Date
    July 2013
    Posts
    9
    Quote Originally Posted by ANR Daemon View Post
    Shield your query port from external connections.

    How do I go about doing this?

  13. #58
    Join Date
    December 2004
    Location
    RF
    Posts
    3,006
    F.e. bind query console to 127.0.0.1

  14. #59
    Join Date
    September 2012
    Posts
    6,078
    Quote Originally Posted by shawnstyle View Post
    I went over the changelog, I see what you're referring to. But I do not know how to go about "fixing" the problem.
    That was explained in the announcement for that server version as well as in post 33 of this thread.
    When sending PMs please make sure to include a reference link to the thread in question in the body of your message.

  15. #60
    Join Date
    November 2014
    Location
    Ciudad Real, Spain
    Posts
    29

    DDOS attacks + pokes from serverquery bots.

    This explains pretty much the issue:
    Click image for larger version. 

Name:	d4KVYdt.png 
Views:	316 
Size:	91.5 KB 
ID:	13605

    Some guys got a ServerQuery bot that is creating DDoS attacks and redirecting people to a new external IP.

    The address they're linking with those pokes is: ts3server://xxxxx

    So... questions:
    1. How could we block access to our server without blocking access to all serverquery bots? We got our own bot just for management.
    2. Can those guys be punished? Remove their license or anything. It's very frustrating and seems like they're attacking more servers. This is really problematic for paid servers.
    Last edited by dante696; February 29th, 2016 at 07:34 AM. Reason: merged, we have a search feature onforum....

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. How to send chat messages to Server Query
    By JamieG193 in forum Tools / Web Based
    Replies: 3
    Last Post: July 5th, 2013, 10:02 AM
  2. [Resolved] (not possible) How do I send out pokes to a defined usergroup?
    By Pluvrr in forum General Questions
    Replies: 1
    Last Post: August 28th, 2011, 03:50 PM
  3. send text messages to everyone
    By constrych9 in forum General Questions
    Replies: 5
    Last Post: February 8th, 2011, 06:01 PM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •