Query creates channels, send messages or pokes users

[dante696]

The reason why this is possible on your server(s) is not a bug. It's permission related.

Your server allows to send messages or pokes or create channels via ServerQuery Guest group. This is the one you get when you connect to a server via telnet without sending any login command.
You need to change the permissions once (when your server was started for the first time before version 3.0.11.2.)
Just updating the server will not solve the problem. Set permissions don't get changed during an update.


Here are the steps to restrict the Guest Query to abuse your server for spam (chat, pokes and via channel name).

1. Update your server to the latest version.
http://www.teamspeak.com/downloads

2. Login into the ServerQuery interface via telnet / putty to change the permissions in the next step.
How to use the ServerQuery
Ask your Admin or Hoster in case you don't have access to the ServeQuery and/or the serveradmin login.

3. Perform these 3 commands in telnet/putty (replace yourpasswordhere with your own password and ANY_ACTIVE_PORT with the voice port of your server (9987 is default))

Code:

login serveradmin yourpasswordhere

Code:

use port=ANY_ACTIVE_PORT

Code:

servergroupaddperm sgid=1 permsid=b_channel_join_permanent permvalue=0 permskip=1 permnegated=1|permsid=b_channel_join_semi_permanent permvalue=0 permskip=1 permnegated=1|permsid=b_channel_join_temporary permvalue=0 permskip=1 permnegated=1|permsid=b_channel_create_permanent permvalue=0 permskip=1 permnegated=1|permsid=b_channel_create_semi_permanent permvalue=0 permskip=1 permnegated=1|permsid=b_channel_create_temporary permvalue=0 permskip=1 permnegated=1|permsid=b_client_server_textmessage_send permvalue=0 permskip=1 permnegated=1|permsid=b_client_channel_textmessage_send permvalue=0 permskip=1 permnegated=1|permsid=b_client_offline_textmessage_send permvalue=0 permskip=1 permnegated=1|permsid=i_client_private_textmessage_power permvalue=-1 permskip=1 permnegated=1|permsid=i_client_poke_power permvalue=-1 permskip=1 permnegated=1

4. You did well when you read error id=0 msg=ok after each command. There is nothing more you need to do here.

(Optional Hint:
It could be that this Query still can send pokes and chats to users who own a i_client_needed_private_textmessage_power & i_client_needed_poke_power with a value lower than 0. You have to raise these values to 0 at least to avoid spam for them.)

[medcom]

Disable create temporary channels, TS3-POLISH.PL looking for people on other communicators is a very bad example of such Teamspeak should block licenses because this practice in Poland is very common. Only you can stretch to the administration about the situation and report to the person responsible for the domain.

"see in the logs the IP of the person who created the channels and insert to the black list"

pozdrawiam.

[Schlumpi]

What do you mean with "this practise in poland is very common"? What happens behind the scene? Why are people trying to hijack Teamspeak users to leave their home server and join the hijackers' server? Is it because people want users, users, and more users out of need of recognition, or are they planting malware on their servers, luring the unsuspecting users to install that?

[fardbleecker]

Schlumpi, as you said :P

When i was total novice i didnt block whisper so people came to my server and then they just whisper to everyone message like " IP SERVER CHANGE: *NEW IP* "
They can even ask you too create them a private channel (as common user) and then they rename it when admins are afk to message like above.

[Schlumpi]

But why are they are doing this? What is the reason?

[barricas]

Fix:
Client Permissions -> In Unique ID write ServerQuery -> search for "create" -> enable create temporary channels -> click in the box to remove the check -> profit

GIF: http://gyazo.com/04b84fae51cdf366469c2d228d7b2f43

[deliriumbg]

Something strange happened on my teamspeak server.
A user (supposedly) created channels using the "serveradmin", while I'm positive they don't have the password.

This is just part of the log:

Code:

2014-04-28 12:27:39.138940|INFO    |VirtualServerBase|  1| channel 'New TS3:IPxx.xx.xx.xx #820'(id:77379) created by 'serveradmin'(id:5)
2014-04-28 12:27:39.149617|INFO    |VirtualServerBase|  1| channel 'New TS3:IPxx.xx.xx.xx #819'(id:77378) deleted by 'server'(id:0)
2014-04-28 12:27:41.551846|INFO    |VirtualServerBase|  1| channel 'New TS3:IPxx.xx.xx.xx #821'(id:77380) created by 'serveradmin'(id:5)
2014-04-28 12:27:41.565922|INFO    |VirtualServerBase|  1| channel 'New TS3:IPxx.xx.xx.xx #820'(id:77379) deleted by 'server'(id:0)
2014-04-28 12:27:44.019206|INFO    |VirtualServerBase|  1| channel 'New TS3:IPxx.xx.xx.xx #822'(id:77381) created by 'serveradmin'(id:5)
2014-04-28 12:27:44.031763|INFO    |VirtualServerBase|  1| channel 'New TS3:IPxx.xx.xx.xx #821'(id:77380) deleted by 'server'(id:0)
2014-04-28 12:27:46.492726|INFO    |VirtualServerBase|  1| channel 'New TS3:IPxx.xx.xx.xx #823'(id:77382) created by 'serveradmin'(id:5)

How could I prevent this from happening?

[ANR Daemon]

Read whole log.

[Schlumpi]

The channels are created by the user with the id 5, who has apparently assigned the nickname "serveradmin" to himself. He creates temporary channels, since they are immediately deleted by the server when the user leaves the channel. In the default permission setup, even guests can create temporary channels.
If you set a global server password, he knows it. Or he is member of a group that ignores server passwords. He may also connect via server query - that part is unknown, since you only posted the channel creation log entries and nothing more.

What you can do:
- delete that user
- set or change the server password
- change the permissions so that guests are unable to create temporary channels
- ban the name "serveradmin" (not the user, but the name, so no one is able to use this as nickname - but that does not prevent users from choosing other interesting names - see http://forum.teamspeak.com/showthrea...370#post223370)
- if he logged in as the server query admin, change the server query admin password and ask yourself how he was able to acquire that password

[ANR Daemon]

Good catch. I missed the word "deleted" at a first read.

[deliriumbg]

"serveradmin" is used for ServerQuery, by bots such as Gametracker, tsviewer, etc.
This is NOT a user, and he does NOT join the server.
The provided log is the WHOLE log.

On "What can I do":
- mentioned it above
- no server password (public TS)
- since it's a public TS, everyone can create temp channels.
- as I said, no such user connects.
- I am possitive that they don't have it, but i'll change it just in case.

[deliriumbg]

Solution found:

Permissions -> Client Permissions -> Drag & Drop client here or enter client unique ID: -> Search for - ServerQuery -> b_channel_create_temporary ->
http://oi57.tinypic.com/a3ntpy.jpg

[ANR Daemon]

Better restrict serverquery use to a number of whitelisted IP's.

[deliriumbg]

Yep. That also worked
Example for anyone interested:

Code:

iptables -A INPUT -p tcp --dport 10011 -j DROP
iptables -I INPUT -p tcp -s 208.167.241.190 --dport 10011 -j ACCEPT #GT
iptables -I INPUT -p tcp -s 208.167.241.185 --dport 10011 -j ACCEPT #GT
iptables -I INPUT -p tcp -s 208.167.241.186 --dport 10011 -j ACCEPT #GT
iptables -I INPUT -p tcp -s 108.61.78.147 --dport 10011 -j ACCEPT # GT
iptables -I INPUT -p tcp -s 108.61.78.148 --dport 10011 -j ACCEPT # GT
iptables -I INPUT -p tcp -s 108.61.78.149 --dport 10011 -j ACCEPT # GT
iptables -I INPUT -p tcp -s 108.61.78.150 --dport 10011 -j ACCEPT # GT

[ANR Daemon]

If I were you, I'd create a separate chain for specifying whitelisted IP's, or use ipt_recent capabilities to mange the list.