Jump to content

ALERT! Beware of KoRn


Recommended Posts

Posted (edited)

Greetings one and all. -[KoTp]- has recently become the repeated victims of a hacker named KoRn. He has hacked our server TWICE now and he has begun posing as a -[KoTp]- council member in other servers and making racist remarks. I would like to assure you that he is NOT one of ours. We wished to alert you to this threat so that all clans will be prepared. He is trying to take over clans and servers. To prove his existence, here is the console log from a few minutes ago.

 

Beware: Foul language is involved.

 

 

11:14:57 AM - Padawan connected

11:15:21 AM - Padawan entered the game

11:15:48 AM - -[KoTp]-Ankh{HC}: (UU): Greetings, Padawan.. please change your name.

11:15:54 AM - Padawan renamed to Dadawan

11:16:55 AM - Dadawan: is the whole clan american or is this a new clan

11:17:08 AM - -[KoTp]-Ankh{HC}: (UU): We have members around the globe

11:17:18 AM - Dadawan: even african 1s?

11:17:22 AM - -[KoTp]-Ankh{HC}: (UU): yes

11:17:34 AM - -[KoTp]-Ankh{HC}: (UU): We don't descriminate, so you don't have to worry about that

11:17:49 AM - Dadawan: its ok im not a black guy im not worried about that

11:18:15 AM - Dadawan: wut exactly this clan do

11:18:19 AM - Dadawan: and why it so dead

11:18:34 AM - -[KoTp]-Ankh{HC}: (UU): We are currently reviving our clan

11:18:41 AM - -[KoTp]-Ankh{HC}: (UU): if you would like to know more

11:18:42 AM - Dadawan: how long ago dis died

11:18:47 AM - Rainbow Dash connected

11:18:49 AM - -[KoTp]-Ankh{HC}: (UU): not that long ago

11:18:59 AM - -[KoTp]-Ankh{HC}: (UU): we had a member go rogue and turn on us

11:19:04 AM - -[KoTp]-Ankh{HC}: (UU): and others just became so busy

11:19:08 AM - -[KoTp]-Ankh{HC}: (UU): we used to be JK2 clan

11:19:22 AM - Dadawan: i have a question about 1 of ur members

11:19:26 AM - -[KoTp]-NightWish entered the game

11:19:26 AM - -[KoTp]-Ankh{HC}: (UU): if you want to know more you can visit our site.. www.kotphq.org

11:19:38 AM - -[KoTp]-NightWish: !playsearch bass

11:19:38 AM - Dadawan: is odus in ur council

11:19:40 AM - Dadawan: or w/e

11:19:47 AM - -[KoTp]-Ankh{HC}: (UU): We do not have an ODUS in our clan

11:19:54 AM - -[KoTp]-NightWish: uhh it isnt playing ankh

11:19:56 AM - Dadawan: cause he was spam recruiting loads of us off a base server

11:20:03 AM - Dadawan: and gave like 10 people council

11:20:34 AM - -[KoTp]-Ankh{HC}: (UU): Or server was recently hacked... so if someone is posing as a KoTp and recruiting people he is not one o

11:20:44 AM - Dadawan: yeah one of ur other members is rly racist

11:20:45 AM - -[KoTp]-Ankh{HC}: (UU): and we were not aware of this until now

11:20:48 AM - -[KoTp]-Ankh{HC}: (UU): Okay

11:20:50 AM - -[KoTp]-NightWish: Ok ankh how do i log in to UU

11:20:52 AM - Dadawan: a guy called korn

11:20:55 AM - Dadawan: was like being racist as hell

11:20:55 AM - -[KoTp]-NightWish: Yea korn

11:20:57 AM - Dadawan: and he banned me

11:21:01 AM - -[KoTp]-NightWish: hes who hacked us

11:21:04 AM - -[KoTp]-Ankh{HC}: (UU): Yes he hacked our server

11:21:09 AM - -[KoTp]-Ankh{HC}: (UU): he is NOT one of us

11:21:14 AM - -[KoTp]-NightWish: he is a FRAUD

11:21:15 AM - Admin Council : -[KoTp]-Ankh{HC}

11:21:35 AM - Dadawan: so hes not in?

11:21:51 AM - Dadawan: and he said this clan is now called {{R}} or something

11:21:56 AM - -[KoTp]-NightWish: check our website for a full list of members to see if theyre posing or if theyre real. kotphq.com

11:22:03 AM - -[KoTp]-Ankh{HC}: (UU): No he is not in our roster

11:22:06 AM - -[KoTp]-Ankh{HC}: (UU): kotphq.org

11:22:07 AM - -[KoTp]-NightWish: i know

11:22:10 AM - -[KoTp]-NightWish: just in case

11:22:22 AM - -[KoTp]-NightWish: dad sees another one of us he can check

11:22:28 AM - -[KoTp]-NightWish renamed to CockLicker

11:22:32 AM - CockLicker: WTF

11:22:35 AM - CockLicker: REALLY

11:22:40 AM - -[KoTp]-Ankh{HC}: (UU): Who did that?

11:22:41 AM - CockLicker: wow.

11:22:43 AM - -[KoTp]-Ankh{HC} renamed to korns.slave

11:22:48 AM - CockLicker: Oh jesus

11:22:53 AM - CockLicker: OH DAMNIT

11:22:57 AM - Dadawan renamed to queer

11:22:57 AM - korns.slave: (UU): server is being shut down

11:23:17 AM - CockLicker: fuck

11:23:24 AM - CockLicker: OH NOOOOO

11:23:25 AM - Server: WHAT DO U HAVE TO OFFER 2 ME

 

 

Thank you for your time.

Edited by Caelum
Added spoiler tags for you. =P
Posted (edited)

KoRn is just a script kid - one of many on JKA. He is in no way a threat, unless you fail to properly secure your server, in which case, he's just as much a threat as any other script kid. I'll be posting a guide to properly securing servers in the tutorials area tonight or so.

 

I guess it's good to know he's not a KoTp member, but there's a lot of people pretending to be other people on JKA. I can't help but be amused by the perpetual streams of people running around claiming they're me, for instance.

 

Tl;dr KoRn is not dangerous, and no more a threat to your clan, group, or server, than the next script kid. Rather than taking measures against KoRn, it'd be a good idea to take steps to secure your server.

 

SiLink of JAWA has helped us secure our server, he has still hacked it. SO he is either stepping up his game, or his scripts destroys our measures against them.

 

EDIT: He has put at least ONE trojan in our server.. there may be others.

Edited by -{KoTp}-Ankh{HC}
Posted

I agree with you Ankh. since i was the KoTp member who discovered KoRn in our server at 9:00 AM est. he made bots with names such as your server equals raped, KoTp equals ****ed and so forth. ironskull had to fix the server, and if he did, a new problem would arise. For example. Iron fixed it but KoRn changed the name. to KoRnserver.

Posted

to be honest... even though i was insanely ticked off when ankh showed me that chat log.... i also couldnt help but laugh when i read the end of it XD

 

I just want to thank both SiLink of JAWA and Caelum for all they have done for us. We are truly grateful. :D

Posted

Although not agreeing to what KoRn ever did and still does and probably still will in the future, I have to admit he breakes boredom and brings in some fun xD

Caelum likes this
Posted

We dealt with KoRn in our server aswell, but oddly enough he has wannabes in a clan called ups and stygian, so basicly both those clans are known to do crashes on servers and hacks. So KoRn is annoying, but also his wannabes in those clans ;P

 

(We dealt with multiple crashes, to finally get rid of him and his wannabes. We switched to NF, and they simply vanished [Though some ''do appear''])

Posted

Good that he's not touching MB2. Or maybe it was HIM that destroyed that goddamn AOD for months? If it was him, thank you.

Guest Ory'Hara
Posted

Disinformation on UPS and stygian, Stygian and UPS are their own 2 sets of unique agitators.

 

Stygian is older then korn i think, and their primary tactic is raiding other FF clans, and relayin their victories to their clanmates.

and out agitating what they view as a moashi dog or clan :)

 

UPS primarily fights FF clans in force races, to 5 or 10 kills. they often fight the galactic imperial army as they are often targeted for battlescripting.

Posted

I've always been curious. While KoRn poses no threat to the server itself (if the security is tight), what threat does he pose for ordinary players? Can he cause any harm to say... Player Jeff connects, player KoRn decides to harm Jeff's computer, or anything similar. Is that possible, or am I just a complete noob at JKA and overly paranoid when it comes to these freaks?

Posted

I see no real danger from JKA servers. The worst you can do is create a virtual botnet of JKA players (this happened very recently in MB2 if I'm not mistaken). As for viruses and keyloggers and things of that nature, you don't really have anything to fear by simply connecting to a server (unless you have like..say Kotf on your computer, or another trashware mod such as that that compromises your system)

Posted

Having another persons IP doesnt mean he can cause you harm.. As long as you have just windows firewall on or somethin you cant get any harm.. Your ip is shown everywhere.. whenever you connect to a server on JKA, the CL/HOST sees your IP. Whenever you send a email on yahoo they get your ip [the one you send to]

Caelum knows all your IPS lol..

 

Stygian and UPS are relatively harmless.. FF is a dieing breed and sooner or later they should get it in there head that there attitude and "agitating" is what has made FF decline.. People would be more inclined to play FF and learn it if they werent trolled/spam killed constantly until they quit. FF has no rules which has made ja + NF Popular.. There are rules and its enforced, so newer players can learn the game in a good environment. which leads them to staying.

 

But yeah, Korn is no problem. Hes harmless and gets mad really easily lol.

Same with the Stygian and UPS people

Posted

Scenario:

Using known exploits a user takes over a server, and manages to make it run malicious code.

This code is in turn designed to make it so it exploits known vulnerabilities in the clients, making THEM run malicious code.

 

To my current knowledge the above scenario is possible, though I don't exactly remember what the client vulnerability is. So a hacker could pose a threat to people connecting to a server.

But this is extremely unlikely to happen, and the exploits would most likely not be able to affect all clients. Maybe just a few that are using XP SP2 or something specific like that. Shellcode isn't always easy to get running.

 

What I've just described has never happened in JKA. At least I haven't heard of it happening. So it's unlikely to happen at all.

...Unless I decide to test it. But that's unlikely too.

 

Tl;dr FEAR ME

Posted

Just a couple things to point out, my clan having been repeatedly targeted by KoRn and his mates in many failed attempts...

 

KoRn is not a hacker, he is what is referred to as a script kiddie. He downloads scripts that other programmers have written (almost always aluigi) and uses them on vulnerable servers.

 

The only thing you need to be concerned about is patching up any vulnerabilities your server may have.

 

I suggest getting the latest version of JA+, making sure your rcon and other passwords are at a minimum 10 characters and alphanumeric (so they cannot be bruteforced if you do use the rcon unlimiter patch), and then getting Lame Patcher and updating your server file (linuxjampded or jampded.exe) with the appropriate patches to the vulnerabilities.

 

You should get all the q3 ones relating to JKA off of:

http://aluigi.org/patches.htm

 

One of KoRn's mates has bin known to rent out a botnet once or twice, if your network on the server seems to be capping out you might want to rent out hardware firewalling by the day until this subsides. They don't seem to be able to afford it for more than a day or two.

 

Also make sure there is at least one person on the free team so that the server cannot be looped but in your case this isn't what happened.

 

What happened to you was either you had sv_allowdownload 1 on and he used q3dirtrav or you had callvote on and he passed a vote changing the rcon.

 

KoRn is not a hacker, that is an insult to actual programmers, just be sure to patch your server and you should have no more issues.

 

Best of luck.

Posted

with every form of online, there will be cases like this... god I wish it was a simplier time, 4 player split screen on N64 again :P

 

Another thing is, I rarely play the game, I more less beta test things online with others, but not much else

Cloud Senatu likes this

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...