This is not provider specific. One person we know that got hit was NFO hosted but for example we host our own so this can happen to anyone since its Admin fault.
Someone will come into your server with a high ranking admins name and (Phone) in the name. They will ask in text for their usergroup to be assigned until someone finally does. Once you do that they have a script to yank everyones usergroup and change some permissions to max values. Change the password and delete the channels before leaving.
Thankfully for us since we host our own its a quick database swap and back in action.
[Content removed at original poster's request.]
Anyways while the one name seems to stick all of that is not important its the MO. Keep an eye out always verify your TS permission having admins by voice before reassigning them a group.
Warning about a TS3 Hijacking Scheme
-
RainMotorsports
- A semi-regular
- Posts: 21
- https://www.youtube.com/channel/UC40BgXanDqOYoVCYFDSTfHA
- Joined: Tue Apr 24, 2012 4:39 am
Re: Warning about a TS3 Hijacking Scheme
Oddly enough, I've seen several users here who have had there servers hurt my "Kobra". This seems to be an exploit in the last TS3 version.
Unfortunately no on seems to have reported this to the TS3 guys since there is nothing on there forums about it.
Unfortunately no on seems to have reported this to the TS3 guys since there is nothing on there forums about it.
@Kraze^NFo> Juski has a very valid point
@Juski> Got my new signature, thanks!
@Kraze^NFo> Out of context!
@Juski> Doesn't matter!
@Juski> You said I had a valid point! You can't take it back now! It's out there!
@Juski> Got my new signature, thanks!
@Kraze^NFo> Out of context!
@Juski> Doesn't matter!
@Juski> You said I had a valid point! You can't take it back now! It's out there!
-
RainMotorsports
- A semi-regular
- Posts: 21
- Joined: Tue Apr 24, 2012 4:39 am
Re: Warning about a TS3 Hijacking Scheme
Interesting.
We had no founders and almost no head admins on until around the time this occured. They were on the server most of the day on and off but 2 of those names were around from the time I was at work till the time I went home.
Nothing seems to happen until they get a decent amount of permissions. Our setup is a bit flawed where HA's can switch to Founder but never cared too much because there is almost no difference in our permissions. But I intend to go ahead and restructure anyways so that HA's have a bit less permissions and put a TS Admin group way ahead of it all. Won't prevent everything especially with an exploit. But should prevent some accidents.
THE MOMENT they got permissions it was only a few seconds before the bomb finished exploding. I mean it was all scripted no one can right click as fast as these commands were going through.
I just say keep the admin out of their hands so far that keeps them at bay.
We had no founders and almost no head admins on until around the time this occured. They were on the server most of the day on and off but 2 of those names were around from the time I was at work till the time I went home.
Nothing seems to happen until they get a decent amount of permissions. Our setup is a bit flawed where HA's can switch to Founder but never cared too much because there is almost no difference in our permissions. But I intend to go ahead and restructure anyways so that HA's have a bit less permissions and put a TS Admin group way ahead of it all. Won't prevent everything especially with an exploit. But should prevent some accidents.
THE MOMENT they got permissions it was only a few seconds before the bomb finished exploding. I mean it was all scripted no one can right click as fast as these commands were going through.
I just say keep the admin out of their hands so far that keeps them at bay.
-
.=QUACK=.Major.Pain
- This is my homepage
- Posts: 1573
- Joined: Sun Jun 26, 2011 8:03 am
Re: Warning about a TS3 Hijacking Scheme
At least TS folks look into these reports and investigate them so to resolve the security issues.
Ventrilo is extremely easy to hijack admin and when I posted on their site to talk to them in private about how it''s dome, they deleted the post about the security issue and banned me from posting. Even tried a new account and no go. Guess my ip was banned from posting, but could only view the forum.
Couldn't believe they would ignore such an issue.
Ventrilo is extremely easy to hijack admin and when I posted on their site to talk to them in private about how it''s dome, they deleted the post about the security issue and banned me from posting. Even tried a new account and no go. Guess my ip was banned from posting, but could only view the forum.
Couldn't believe they would ignore such an issue.
Visit gspreviews.com And Rate & Review Your Old & Current GSP's
Find Your GSP Coupons at gspreviews.com/coupons/
Find Your GSP Coupons at gspreviews.com/coupons/
Re: Warning about a TS3 Hijacking Scheme
We plan to eventually move off from ventrilo to TS3 soon..=QUACK=.Major.Pain wrote:At least TS folks look into these reports and investigate them so to resolve the security issues.
Ventrilo is extremely easy to hijack admin and when I posted on their site to talk to them in private about how it''s dome, they deleted the post about the security issue and banned me from posting. Even tried a new account and no go. Guess my ip was banned from posting, but could only view the forum.
Couldn't believe they would ignore such an issue.
