Jump to content

JA Script Kiddies


Recommended Posts

Hello,

 

I am on the Council for the Angels of Fire clan and lately we've seen a disturbing amount of players using hacks. When we try to ban them they just change their IP. Now the latter isn't very surprising because I've seen that one going on for a while. What I don't understand is this rise in people suddenly being able to do things like teleport, and even disable other people's force powers. Has any other server been experiencing a rise in people like this? I mean, they're not great at what they do (one guy keeps trying to flood our server manually, it's adorable), but they are a nuisance.

 

Any information that anyone has on this would be greatly appreciated. Just throw out what you know, who knows, maybe we can find out what started all this nonsense.

Link to comment

Hello, Apollo here from AoF; also a part of the Council.

 

Which mod are you running? Never heard of people changing others' force powers.

Tried range banning?

 

We're running JA+ 2.4 Build 7.

 

We're trying to get in contact with our RCON holders, but things have been busy with work schedules, thanksgiving/holiday seasons, and such. I hoping a ranged ban will work, but we can't know until it's done with.

 

We've got a top secretish coding forum with all known exploits. I don't know any involving teleporting or disabling other people's force powers. Could be somebody figured out your admin pass?

 

You might also find this guide interesting: http://jkhub.org/tut...erver-security/

 

We don't think they've taken any of our admin passes as we have not seen them log into anything. Thanks for the guide, Caelum. I'll pass it along to Irish. He may find it useful. :D

 

Sounds more like your rcon pass got hacked. Most likely autodownload.

 

We don't think this is the case. If they have had rcon, they would have caused more damage then what they are doing now after all of the empty threats they have made.

 

Additionally, the type of stunts they've been pulling off don't seem to be the sort of thing that is executed with the typical admin commands -- the way it's executed seems to sketchy. Typically with teleports, you see a beam or something, but none of that is seen here; it's quite lag-like almost. Some of them seem to use it in a 'YOLO' fashion when admins are around, and others seem to only use it when they're about to lose a duel -- their version of the teleport severs the duel for whatever reason.

 

One person in particular somehow turned off everyone's force abilities and tried to engage in FF duels with them, but no one accepted his challenge request because he was being a jerk! :lol:

 

I've also seen false obituaries in the upper left corner and the ability to have one's in-name written vertically over the scoreboard.

 

It's also been reported that they can read clan chat. They may even be able to read admin chat but I do not know.

 

When they try to, what I am assuming is DDoS attacks, they only manage to flood 4 slots.

 

All of these players seem to be of the FF variety. I figure they meet up in little cliques to exchange scripts that they can use to exploit on servers or something.

 

We're fairly sure our servers' security is fine. We haven't had anything like this happen in sometime. But we're more concerned about their attitudes towards guests and clan members. We just want to get rid of them and be done with it.

Link to comment

I'm aware of the force changing bug, I believe I mentioned it to Raz about 4-5 months ago.

 

I believe the changing of force powers occurs at the scoreboard when the time limit/frag limit is hit, something is done and the next game has the applied force powers.

 

I'll dig through our logs over the year and find the explanation that was given to me. Will edit/post when found.

Link to comment

Is a very significant red flag afaik. They guessed/acquired your clan pass, so you might want to change that. Admin passes being compromised too atleast seems feasible, but then again, I might be wrong.

 

We do need to consider that they may have somehow aquired our clanpass or admin passes. However, on the occasions that I have done an /clanwhois or /amwhois when they were on the server, I did not see any of them logged into it. Perhaps I missed their window of log-in time, I do not know, but we'll keep our eyes peeled. I'm more inclined to think that they figured out a way to read it without being able to log in, but I can't be too sure.

 

I have no idea about. "False' obituaries in what way? JKA obituaries have been known to be rather dodgy by themselves.

 

'False' in the sense that it will say "apollo was sabered by so and so" when in fact nothing of the sort happened and the guy was on the other side of the map. I assume they do it to increase their in-game score -- that's the only real reason I can think of.

 

Sounds like it either is lag, or packet manipulation. @ knows a lot about packet manipulation, but I doubt random script kids will.

 

Perhaps in a few situations it was lag and/or packet manipulation. However, there were a couple of times when the people involved teleported to respawn points that were too distant to otherwise reach.

 

----------

 

Addendum: oh, one final detail that should be included is that they change their names at a very frequent rate and many of the names are intended to be mean spirited. Sometimes the person will arrive on the server as a Padawan name and then change their name while they are present. As they are about to leave, their name changes back to Padawan. They do this to avoid IP detection from the mod. This is a common practice that I see among many FFers in general.

Link to comment

Went through all the logs, uhh I found it but I don't think it applies to this problem specifically.. the bug I heard about allows a player to keep force powers on a map change that disables force. Sorry :P

 

Thanks for trying! Good luck with solving this problem. :)

Link to comment

You can teleport a fair bit by dropping FPS drastically and then back up but I don't know how distant you were talking about - maybe from FFA3 courtyard to the ship - I've seen people shoot all the way up from FFA5's main platform right to the roof...

 

If they're using Q3fill, Luigi has a thing (sorry can't put it any better) where it allows max number of connections per 15(?) seconds. That one is going to require a bit of modification on your own 'cause as far as I remember the default is 3 connections. I would have thought JA+ already fixed the max number of connections? About the Luigi one, it has downsides. Can't connect more than once under the set seconds or you won't get in for about a minute.

 

Hope you get this solved.

 

@@Caelum maybe you could put up Luigi's fix for botting in the server security tutorial.

Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...