Sgt Pepper

Let's assume you just finished installing an operating system, and for the sake of this tutorial, that OS was Ubuntu 16.04 LTS.

1: Update repository lists and install the latest packages.

sudo apt update

sudo apt upgrade

sudo apt dist-upgrade

sudo apt autoremove

sudo apt install screen vim htop watch

1½) and make sure ssh is installed

sudo apt install ssh

sudo apt install sshd

(Optional) 2: Install webmin if you want to make some tasks easier: http://webmin.com/download.html

cd ~

sudo wget http://prdownloads.sourceforge.net/webadmin/webmin_1.870_all.deb

sudo dpkg -i webmin*

sudo apt -f install

Webmin will be at:

https://yourserveriporhostname:10000

3: Create users, groups, and folders for running the server(s)

sudo groupadd jka

sudo useradd -G jka jka1

sudo mkdir /home/jka

sudo mkdir /home/jka/jka1

Set jka1 home directory:

4: Download WinSCP on your desktop and upload the game to /home/jka/jka1 as if that was the GameData directory: https://winscp.net/eng/download.php

If you're trying to login as root and it isn't working then you'll need to make an edit to the sshd config:

sudo vi /etc/ssh/sshd_config

And make sure the following is set:

./linuxjampded +set dedicated 2 +set net_port 29070 +set fs_game base +exec server.cfg

screen -dmLS jka1_start ./jka1_start.sh

screen -dmS jka1_restarter watch -n 5 /home/jka/jka1/jka1_restarter.sh

sudo vi jka1_restarter.sh

if ! screen -list | grep -q "jka1_server"; then
    screen -dmLS jka1_server ./jka1_start.sh
fi

And that last one will run whatever type of server you specified at the start of (7:) in jka1_start.sh

Edit the server.cfg in /base/ if you're running fs_game base or in /japlus/ or another mod folder if you're using one.

Just make sure you've set some master servers because you probably want to be on some lists:

seta sv_master1 "masterjk3.ravensoft.com"

screen -dmS jka_restarter watch -n 5 /absolute/path/to/jka_restarter.sh

if ! screen -list | grep -q "jka_server1"; then
    screen -dmLS jka_server1 ./jka_start.sh
fi

#./linuxjampded +set net_port 29070 +set dedicated 2 +set fs_game base +exec server.cfg
#./linuxjampded +set net_port 29070 +set dedicated 2 +set fs_game japlus +exec server.cfg
#./openjkded.i386 +set net_port 29070 +set dedicated 2 +set fs_game base +exec server.cfg
#./openjkded.i386 +set net_port 29070 +set dedicated 2 +set fs_game japlus +exec server.cfg

Hope someone finds that helpful. Have a nice day.

To modify a .bsp map on Jedi Academy like many have seen on various servers, first you copy and paste the entities section out of the near-bottom of the .bsp file you wish to mod, and you paste it into a .ent file of the same name of the .bsp you would like to recompile.

You then copy both of these files over to your GTKRadiant directory (Yes you need to install it so you have q3map2), and then you create a .bat file (mine is mapmod.bat) which you can then run. Paste this into the .bat file (made by Boba Fett the UU creator):

@[member='Echo'] off
cls
title Entity Recompiler - Wrapper made by BobaFett
echo q3map2 entity recompile wrapper
echo by BobaFett
echo.
m:
cd C:\Program Files\GtkRadiant-1.4
q3map2.exe -v -game ja -onlyents %1
echo.
echo Compiling finished, press any key to close this window
pause>nul

{
"classname" "misc_bsp"
"origin" "16145 -7700 -25800"
"bspmodel" "academy6"
}

{
"classname" "fx_runner"
"fxfile" "force/kothos_recharge.efx"
"origin" "497 1759 -72"
}

{
"classname" "target_teleporter"
"targetname" "duel01in"
"target" "duel01destin"
}
{
"classname" "misc_teleporter_dest"
"origin" "16214 -7376 -4900"
"targetname" "duel01destin"
}
{
"classname" "fx_runner"
"fxfile" "force/kothos_recharge.efx"
"origin" "17552 -7030 -4848"
}
{
"origin" "18451 -6850 -5284"
"classname" "trigger_multiple"
"model" "*7"
"spawnflags" "0"
"angles" "0 270 0"
"target" "duel01out"
"wait" "1"
}

{
"classname" "target_scriptrunner"
"targetname" "telec"
"count" "-1"
"usescript" "athrun/telecard"
"spawnflags" "1"
}

{
"classname" "target_print"
"targetname" "telecmsg"
"spawnflags" "4"
"message" "MESSAGE"
"wait" "750"
}

{
"classname" "misc_skyportal"
"origin" "2736 2416 1896"
"angle" "90"
}

{
"targetname" "shaders"
"classname" "target_relay"
"targetshadername" "models/players/jeditrainer/trainer_torso_red"
"targetshadernewname" "models/players/trandoshan/tint_trandoshan_torso"
}

{
"classname" "trigger_always"
"target" "shaders"
}

Congratulations to the winners of the tournament:

Team Name: Flower Power

Team Members: Soph and Chii

1st: Loxx

2nd: Starty

3rd: Water

4th: Masato

Brackets:

http://azumazaibatsu.challonge.com/wpt4

Thank you to everyone who participated and we hope to see you there next time, have a great week!

Hey everyone, so after the success of our first Saturday 1v1 tournament we discussed the event and have decided to make it a weekly tournament.

Event Name: Saturday Saber Showdown

Hosted by: Azuma Zaibatsu

Date: Every Saturday

Time: 5PM Central | 10PM GMT | 8AM Eastern Australia

Server: azumazaibatsu.gq:29070 or 74.91.125.33:29070

Format: 1v1 double elimination duel tournament

Rules: No holds barred

Sign ups: Please be on the server at least 15 minutes before the event begins, we will start taking names for brackets around then. If we reach our limit of participants we will be able to take no further names.

Matches will start as races to 3 (best of 5), quarter and semi finals will be a race to 5 (best of 9) and the grand finals will be a race to 10.

A player must lose two matches to be knocked out of the tournament, the first loss will put them into the losers bracket where it is still possible to come back and win the tournament if no more matches are lost.

Azuma Zaibatsu clan members are encouraged to be there and play, and since it's open to the public we hope some guests show up too, AZ members are asked to please treat all guests with respect but not to go easy on them!

The winner will be announced online regardless of who wins.

Hope to see you there!

I neither denied it nor accepted responsibility for it, I'm simply pointing out why it was your responsibility to fix the security hole, and how referencing it as illegal was technically incorrect. I don't really have any other points to make other than: suck it

I couldn't care less about the technicality, you're letting your ego get the best of you. You've all but admitted to it and for the community to see one of the people who has been around DoSing servers is enough for me.

So what I'm going to do now is lean back, have a nice chuckle, and move on with my life, because unlike some people, I am not pathetic enough to attack a game server to try to win an argument.

I've read those cases previously as well, the reason I didn't mention them is that in cases following that one it has only ever been used to hold people responsible for email flooding, no other kind of data has ever or likely will ever be prosecuted in the same manner.

I wasn't interested in legal action anyways.

I find it intriguing you have no problem with attacking other servers and would actually argue it is legal.

This is exactly what Caelum was talking about when he made his post on DDoS.

The game would be better off if you were just to disappear, you not only don't bother denying the fact you attacked our server, but you actually try to defend it. Fascinating, quite honestly.

I suggest taking the time to look around whats left of the community, and see if even a single JKA player left at this point has an opinion of you that doesn't fall in the negative.

I suggest taking the time to read computer security law before embarrassing yourself further by forwarding your claims of illegal activity to any of these servers providers.

Also, something doesn't have to be illegal to get you put on to say a server black list for the foreseeable future.

What you've done is a clear violation of almost every set of ToS that server providers use nowadays.

I wouldn't be surprised if you found your name popping up in all sorts of spam and fraud filters in the coming years, if you continue doing what you've been doing.

I see a set of IP addresses requesting status packets & your server returning normal status packets. Considering every JKA client does the same thing when connecting to or requesting information about a server on the master list I'm not sure what exactly you're claiming was done that was legally questionable?

You bring up an interesting legal point about Denial of Service attacks. Too bad it is written into The Computer Misuse Act of 1990 and upheld with the appeals court exactly what a Denial of Service attack constitutes and its legality:

In fact, this one gentleman made almost exactly the same argument you did:

Appeals court says Denial of Service is a crime

A judge made a mistake when he suggested that a teenager using a 'mail-bombing' program to attack his former employer's computer system was not breaching the Computer Misuse Act, according to an appeals court.12 May 2006

 

David Lennon, who could not be named when he was cleared last November because he was then under 18, must now decide whether to plead guilty or stand trial in the magistrates' court. If convicted, he faces a maximum possible sentence of five years in prison and a fine.

After being dismissed from Domestic & General Group, in early 2004, Lennon allegedly used a program called Avalanche that, once activated, automatically sent continuous emails to the insurer's server until the program was manually stopped. The server received over 500,000 emails, the vast majority of which purported to come from a human resources manager within the company.

 

In November, Lennon successfully argued in a Magistrates' Court that the purpose of the company's server was to receive emails, therefore the company had consented to the receipt of emails and their consequent modifications in data. District Judge Kenneth Grant concluded that sending emails is an authorised act. That there were lots of them was irrelevant. He ruled that Lennon had no case to answer, so no trial took place.

 

But in an appeal from the Director of Public Prosecutions, Lord Justice Keene and Justice Jack disagreed with Judge Grant's reasoning. Yes, the owner of a computer system would ordinarily consent to the sending of emails to his computer; but such implied consent is not without limits, he said. And the consent did not cover emails that had been sent not for the purpose of communication with the owner, but to interrupt his computer system.

 

It was successfully argued in the to the Queen's Bench Division of the High Court* that the acts described in the charge amounted to an unauthorised modification to the computer by the adding of unauthorised data. He had the requisite knowledge to commit the offence, because he knew the emails were unauthorised, it was argued.

It has been found that while yes, sending one e-mail or several e-mails is in fact completely legal, deliberately sending so many e-mails (or other forms of packets) in order to incapacitate the server's ability to respond to legitimate traffic is in fact destruction of property.

 

One common method of attack involves saturating the target machine with external communications requests, so much so that it cannot respond to legitimate traffic, or responds so slowly as to be rendered essentially unavailable. Such attacks usually lead to a server overload. In general terms, DoS attacks are implemented by either forcing the targeted computer(s) to reset, or consuming its resources so that it can no longer provide its intended service or obstructing the communication media between the intended users and the victim so that they can no longer communicate adequately.

 

Not only were your addresses sending more getstatus requests than any other client I've ever seen, they were sending them within about 20 microseconds of each other, a feat impossible to be gotten by refreshing or re-querying the server and instead only made possible by a looped object within a program. Likely either some tiny php or c++ applet, in your case I'm going to go with the latter.

There is no reason a client would be sending millions of getstatus packets within 20 microseconds of one another except as a deliberate means to incapacitate the server.

Denial-of-service attacks are considered violations of the Internet Architecture Board's Internet proper use policy, and also violate the acceptable use policies of virtually all Internet service providers. They also commonly constitute violations of the laws of individual nations.

Oh and just as a thank you for responding, I decided to upload another .pcap, more to come.

http://www.fileswap.com/dl/s9RQEIthYl/

Cheers.

To be honest, said "hacker" is probably nothing more than some kid who has nothing better to do and thinking he's "leet" by running one of probably numerous getstatus flood scripts circulating around the interwebs. If I were you, I'd send a report to his ISP (though from the information you've given, I don't see how you could know who this is) as a warning as he will probably continue attacking other servers anyway.

While I agree this is clearly not a hacker and that usually you would not know who it was based on source IP alone, 2 of the 3 IPs being registered to an individual and the third being registered to a clan where the same person has root access tends to narrow down the search a little.

 

765    0.132720    192.223.27.158    69.197.137.234    UDP    60    Source port: 57301  Destination port: 29070

 

 

Quote

Edit: Upon doing further research, it's easily discovered that this first IP is that of the Warheads server, meaning the attack had to have been done by someone who had privileged access to that server

 

http://www.warheadss...ver-information

 

Here is all the information you will have to know about the Warheads Server;

 

IP;192.223.27.158:29070

And then below:

2    0.000004    184.82.150.229    69.197.137.234    UDP    60    Source port: 46319  Destination port: 29070

 

Name: Masterful Dojo

Game: Star Wars Jedi Knight   Browse: Star Wars Jedi Knight Servers

Address: 184.82.150.229   Port: 29070   Status: Alive

Server Manager: binnyer (claim server)

Not sure why these fellas are attacking our server as we've done nothing to them, but I'll again take this opportunity to request they stop before I forward my pcap logs to their server provider.

Early this morning our server was hit with a mid level DoS attack. Using tcpdump it was easy enough to log the packets, then download the log and analyze in Wireshark. Using these basic methods you can then get a long stream of packets from the attacker in the form of:

14    0.002412    192.210.133.40    69.197.137.234    UDP    60    Source port: 43429  Destination port: 29070

Edit 8/30 8:39AM
Check bottom of page for server belonging to this IP

You can then block this by using:

iptables -A INPUT -s 192.210.133.40 -j DROP

We had a break of about 5 minutes before a second VPS hit us again, the same method to capture and analyze was used with the return:

765    0.132720    192.223.27.158    69.197.137.234    UDP    60    Source port: 57301  Destination port: 29070

 

Edit:8/30 8:01AM

Check bottom of page for server belonging to this IP

We then repeat the drop method:

iptables -A INPUT -s 192.223.27.158 -j DROP

Another break of 5 minutes ensued, before the attacker used a third server:

If you simply Google this IP Address it should pop up the Game Tracker page for Masterful Dojo as one of the first results:

2    0.000004    184.82.150.229    69.197.137.234    UDP    60    Source port: 46319  Destination port: 29070

Name: Masterful Dojo
Game: Star Wars Jedi Knight   Browse: Star Wars Jedi Knight Servers
Address: 184.82.150.229   Port: 29070   Status: Alive
Server Manager: binnyer (claim server)

He was then once again blocked using the same method:

iptables -A INPUT -s 184.82.150.229 -j DROP

My question then is, what kind of a sorry excuse for a "hacker" uses such obvious methods when committing criminal acts online?

Not one with very much patience, it would seem.
 

Should anyone question the authenticity of these samples, I would be glad to provide them with large chunks of the several gigabyte dumps that were saved on our servers.

I would like to take this opportunity to request as others have, that those in the community stop these destructive antics before it not only damages the community, but potentially gets someone into legal trouble as well.

I am hesitant as to whether or not I am going to forward my dump logs and this information to the authorities or the ISP of the attacker. Given that the situation has been diffused I likely won't, but wish to share with the community the identity of someone who has clearly been up to no good.

I would keep a watchful eye in the future my friends.

Cheers.

-------

Edit Aug 30 7:01AM

-------

By stepping into the UDP stream on Wireshark, I can then go into more detail as to the nature of the attack:

.....getstatus
......getstatus
......getstatus
......getstatus
......getstatus
......getstatus
......getstatus
......getstatus
......getstatus
......getstatus
......getstatus
......getstatus
......getstatus
......getstatus
......getstatus
......getstatus
......getstatus
......getstatus
.....statusResponse
\g_jediVmerc\0\jp_highlander\0\jp_duelAlpha\10\g_debugMelee\2\g_showDuelHealths\0\g_stepSlideFix\1\g_siegeRespawn\20\g_saberWallDamageScale\0.4\g_siegeTeamSwitch\1\g_maxGameClients\0\g_forceRegenTime\0\g_forcePowerDisable\163837\g_weaponDisable\524279\bot_minplayers\6\sv_allowDownload\0\sv_floodProtect\1\sv_maxPing\0\sv_minPing\0\sv_maxRate\25000\sv_maxclients\32\sv_hostname\........................ Kansas^5Art of Combat ^7(JA+ NF Community)\sv_privateClients\0\sv_keywords\word1 word2\g_gametype\0\g_duelWeaponDisable\524278\g_forceBasedTeams\0\duel_fraglimit\10\g_maxForceRank\7\g_saberLocking\0\g_privateDuel\1\capturelimit\0\timelimit\100\fraglimit\100\dmflags\584\version\JAmp: v1.0.1.1 linux-i386 Nov 10 2003\g_maxHolocronCarry\3\g_needpass\0\protocol\26\mapname\mp/ffa3\jp_cinfo\117763\V\2.4B7\gamename\JA+ Mod v2.4 B7
2 84 "^7.^3.^0Vlad"
3 257 "^1W^7iki^1W^7arrior"
2 0 "^1|^7TS3&JKA: 69.197.137.234^1|"
2 73 "Smackers"
31 43 "^7.^5.^7Sgt Pepper^5^ "
6 46 "^3.^0.Cri^3x^0us"
.....getstatus
......getstatus
......getstatus
......getstatus
......getstatus
......getstatus
.....statusResponse
\g_jediVmerc\0\jp_highlander\0\jp_duelAlpha\10\g_debugMelee\2\g_showDuelHealths\0\g_stepSlideFix\1\g_siegeRespawn\20\g_saberWallDamageScale\0.4\g_siegeTeamSwitch\1\g_maxGameClients\0\g_forceRegenTime\0\g_forcePowerDisable\163837\g_weaponDisable\524279\bot_minplayers\6\sv_allowDownload\0\sv_floodProtect\1\sv_maxPing\0\sv_minPing\0\sv_maxRate\25000\sv_maxclients\32\sv_hostname\........................ Kansas^5Art of Combat ^7(JA+ NF Community)\sv_privateClients\0\sv_keywords\word1 word2\g_gametype\0\g_duelWeaponDisable\524278\g_forceBasedTeams\0\duel_fraglimit\10\g_maxForceRank\7\g_saberLocking\0\g_privateDuel\1\capturelimit\0\timelimit\100\fraglimit\100\dmflags\584\version\JAmp: v1.0.1.1 linux-i386 Nov 10 2003\g_maxHolocronCarry\3\g_needpass\0\protocol\26\mapname\mp/ffa3\jp_cinfo\117763\V\2.4B7\gamename\JA+ Mod v2.4 B7
2 84 "^7.^3.^0Vlad"
3 257 "^1W^7iki^1W^7arrior"
2 0 "^1|^7TS3&JKA: 69.197.137.234^1|"
2 73 "Smackers"
31 43 "^7.^5.^7Sgt Pepper^5^ "
6 46 "^3.^0.Cri^3x^0us"

It's clear even from the first portion that it was the UDP Getstatus flood, fortunately using similar rules to what Caelum posted this was already greatly mitigated.

Next I filter out the scrap packets to get the pure stream so I can upload it here as proof of the attack.

You can do this yourself by right clicking one of the packets, "Follow UDP Stream", it will then filter down to the stream. You then go to file -> Export Specified Packets and save to a .pcap file and you can then re-open to make sure there's no scrap left.

I wasn't able to find an attach function for this post so I just threw it up on a storage site:

http://www.fileswap.com/dl/tLl3NH4B2U/

Edit:8/30 8:01AM

765    0.132720    192.223.27.158    69.197.137.234    UDP    60    Source port: 57301  Destination port: 29070

 

Upon doing further research, it's easily discovered that this first IP is that of the Warheads server, meaning the attack had to have been done by someone who had privileged access to that server

 

http://www.warheadss.enjin.com/forum/m/13172886/viewthread/6885460-server-information

 

Here is all the information you will have to know about the Warheads Server;

IP;192.223.27.158:29070

Edit 8/30 8:39AM

14    0.002412    192.210.133.40    69.197.137.234    UDP    60    Source port: 43429  Destination port: 29070

 

Upon researching this last IP I come up with:

 

Server NameBinny's Shitty JA+
Server IP 192.210.133.40:29070
Server Ping38
Server Infomp/ffa3 (3/32)
Game Typefree-for-all DM

 

I think I'm beginning to see a pattern here...

Just a couple things to point out, my clan having been repeatedly targeted by KoRn and his mates in many failed attempts...

KoRn is not a hacker, he is what is referred to as a script kiddie. He downloads scripts that other programmers have written (almost always aluigi) and uses them on vulnerable servers.

The only thing you need to be concerned about is patching up any vulnerabilities your server may have.

I suggest getting the latest version of JA+, making sure your rcon and other passwords are at a minimum 10 characters and alphanumeric (so they cannot be bruteforced if you do use the rcon unlimiter patch), and then getting Lame Patcher and updating your server file (linuxjampded or jampded.exe) with the appropriate patches to the vulnerabilities.

You should get all the q3 ones relating to JKA off of:

http://aluigi.org/patches.htm

One of KoRn's mates has bin known to rent out a botnet once or twice, if your network on the server seems to be capping out you might want to rent out hardware firewalling by the day until this subsides. They don't seem to be able to afford it for more than a day or two.

Also make sure there is at least one person on the free team so that the server cannot be looped but in your case this isn't what happened.

What happened to you was either you had sv_allowdownload 1 on and he used q3dirtrav or you had callvote on and he passed a vote changing the rcon.

KoRn is not a hacker, that is an insult to actual programmers, just be sure to patch your server and you should have no more issues.

Best of luck.

Any latecomers allowed? Usually I'm doing stuff on saturdays and sometimes don't get on until late.

We accept late entries up until the first round of preliminaries end. This can be anywhere from the first one to eight matches that take place.

There is a good chance we'd be able to fit you in if you arrived at say 30 minutes after or less, we've had several cases where we've managed to put people in after that time but it all depends on the night of.

Welcome, welcome.

:: Grins elegantly showing thyssel stained teeth ::

I'm not really sure what happened with my comment, but my question was:

Is it only for players from the US, or do you also provide an european server?

It's open to US\Euro\Aussie\Asian\other players. Anyone is welcome to come but the server is based on Houston, Texas in the United States.

I know the pings from euro would be like 100-150 and we even have a member from Singapore who pings like 250 but that's just how it is on an American server for other continents.

I can promise you a stable ping, it's a very good server that my own server company hosts but in terms of actual ping that's all gonna depend on your location.

Anywho feel free just to swing by to test it out, there's no euro server but you're more then welcome to participate anyways, it's all in good fun.