JKA Script Kiddies

[Kane]

I'm sure most of you have encountered these script kiddies in the last few months, that buy shell-booters or use old exploits that still work because of the old game engine to crash servers. What's a recommended response? Server protection doesn't do too much as it's easier to crash a server than protect it, considering how effective udp packet spoofing is. there are also exploits to dodge flood protection on a server.

 

Does JKHub have any ideas how to counter these kids, maybe through taking legal action or logging their IP's and getting their information? Taking down their servers is illegal, and that's not really recommended, but it's quite annoying to deal with skiddies who crash servers and then talk big. 

 

Wish ravensoft would make jk4 and just move from q3 already :/

[Bacon]

Ignore them is all I can say.
They seem to only strike at those who give a damn to them...Mostly like a troll, the more you feed them the more they continue. First started my clan I had a whole group of these so called "kiddies" claiming to be the masters of the world and do it for the lulz. {{R}}
One thing I do notice is they only go for small servers like myself and never large populated places. Who knows why.  They join, cause issues, disobey the server rules and threaten to crash it if they dont get there way. Only way to keep them off 80% of the time is to PW the server.

 

[Xycaleth]

If you have system access to your server, and assuming your server runs on Linux, then using iptable rules can be quite effective at preventing small DoS attacks. For server exploits which are due to problems in the server program itself, you can try running your mods with the OpenJK dedicated server instead. If the exploits exist in the mod, then you should try to contact the mod author and ask them to patch the problem. This last option isn't always a possibility though, so if players are exploiting the mod itself, then the only thing you can do then is to change to an actively developed mod like JA++.

[Bacon]

But isn't OpenJK just as bad seeing it isn't fully complete and most mods wont work with it without doing something to it. And Ja++ maybe actively developed but still needs work like every other mod out there.

[Xycaleth]

It should be fully compatible with all mods. If there's problem with a mod then let one of the OpenJK devs know

 

Yes it's incomplete but at least the problems you find in it will get patched, unlike the regular JKA dedicated server

[eezstreet]

I think actually the only mod that doesn't support OpenJK is MB2, and they've said in the past that they wont touch OpenJK with a 50 foot barge pole.

[Kane]

Yeah I agree with ignoring them, which is what the server owner I talked to was doing, however they are launching ddos attacks with spoofed getstatus packets, which is very hard to block, even if you rename getstatus packets, the sheer bandwith used for the ddos + if they switch to other packets will still lag/crash the server. I am collecting information on them as I see them (logging ips/usernames/addresses/names) but it's hard to take action as they're all from europe, oh well though. I'll install openJK in the meantime

[Futuza]

You can always try and report them to the ISP's they're hailing from, Internet Service Providers, very rarely appreciate their customers using their services to perform illegal and harmful actions such as DDOSing.

[eezstreet]

unless they're using a proxy/vps, in which case good luck

[Warlock]

Had a curious event tonight on our server beyond the standard junk. We were running an SP map (which that might have something to do with it) and someone managed to hack our config somehow. We ended up flooded with bots and our tag protection password changed. We're running OpenJK and I believe JASS as well. Anyone else ever see this? Do we need to just stay off the SP maps?

[eezstreet]

JASS doesn't work with OpenJK, to my knowledge..

[Oobah]

People seeking attention will always do stupid things.  They plagued JK2 as well.  And such people are part of, not the complete reason, why people lose interest in things.  People like happy upbeat places to socialize and hang out, not negativity.  World has enough of that crap as it is.

 

You notice, they always come to you.

[Raz0r]

Had a curious event tonight on our server beyond the standard junk. We were running an SP map (which that might have something to do with it) and someone managed to hack our config somehow. We ended up flooded with bots and our tag protection password changed. We're running OpenJK and I believe JASS as well. Anyone else ever see this? Do we need to just stay off the SP maps?

What mod were you running, and were downloads enabled?

Did you have a very secure RCON password?

 

EDIT:

We ended up flooded with bots and our tag protection password changed

I'm aware of a gamecode bug (memory corruption) when NPCs are around (i.e. SP maps) which will overwrite certain values, generally resulting in bots endlessly coming in. It's possible the clantag also got corrupted.

Are you running JA+?

 

The bug is fixed in OpenJK gamecode and JA++

[Warlock]

Ah, that makes sense. Yeah we're running JA+ but we're also running OpenJKded. We may consider moving to JA++ though simply since it'll be more updated. Also had OpenJKded and JASS both working fine with JA+ after some headaches on a couple other servers, but idk if we're still doing that with this one or just OpenJK. Also, no, autodownload is off and our RCON is highly secure. I imagine it was the NPC bug.

[ensiform]

Had a curious event tonight on our server beyond the standard junk. We were running an SP map (which that might have something to do with it) and someone managed to hack our config somehow. We ended up flooded with bots and our tag protection password changed. We're running OpenJK and I believe JASS as well. Anyone else ever see this? Do we need to just stay off the SP maps?

If you have vote enabled on your server in JA+ or any other mod thats older (not based on improvements from mod_base or OpenJK/JA++), then you should probably be using sv_filterCommands 1 with OpenJK.  You lose out on ability to have ; in your chat, but it protects against an exploit in callvote which allows them to change settings on your server.  It's off by default due to the fact that it blocks ; usage and that its fixed in modern gamecode.

[Warlock]

Did not have callvote enabled, but good to know.

[Kane]

Check if they have a server on the same host as you. It's an old bug but with an old version of makermod and some directory bugs you can view all the files/folders on the host machine, and I assume if they put sv_allowdownload 1 they could just download them off the host, unless your host doesn't allow downloads regardless of server cvars