| Big (hacker?) problem with JA mod 1.4 - 1.5 | |
|
CroW - Student  |
Ok... Looks like some ppl have found a way to log in as an admin without passwords. Here I give you link in to our clans forums where's also screenshots. This is big problem in german servers, because these ppl log in as an admin, ampower themselves and start laming. I think these ppl have dynamic ip, so banning wont help. Now I'm asking you all to give me some advices if you got any, and of corse I'm interested if someone has seen these kind of things before. You can contact me via e-mail to CroW@bjs-clan.com and ICQ nr.245969384. I know that these attacks are made so far in 2 - 3 clanservers, which are running JA mods. Plz read this thread and if you got any solutions, tell it. All help we get is good now... CroW _______________ People once believed that when someone dies the CroW carries their soul to the land of the dead... |
| Login and add your comment! |
| Comments |
|
<Ca>DuckLord - Ex-Student 
|
hehe well after my opponiun the JAMOD 1.4 is still the best.... big bug in JAMOD 1.5 and 1.6 is that if you make color in the seta mesages for tele and empower and so on, they easy get to long and you can't see all of it... also sometimes if a guy got boxes in hes name all the name wont show up... but if you got to big problems with the hackers go download the JAMOD 1.6 here http://jk2files.com/file.info?ID=23947 _______________ DuckLord... the duck above all duck's... |
|
_cmad_ - Ex-Student 
|
JAMod 1.5? I thought JAMod 1.4 was the last one  Omg I need to get up2date   _______________ Your friends of today, are your enemies of tomorrow. |
|
D@RtHM@UL - Student 
|
JA Mod 1.6? I thought JA Mod 1.5 was the latest one |
|
Kyp Nadon - Student 
|
he knows what he is talking about im with him in a clan, and he fixed all our mod problems... _______________ dont't think im a newbie! and if you dont believe me check this one out |
|
<Ca>DuckLord - Ex-Student
|
Just for mention it.. The hack works on JAMOD 1.2-1.3-1.4-1.5-1.6 maybe also some others, thoese are just the mods i have been testing on. The best way to get hang of the hackers is to change mod to 1.6 because the most hacks dont work there, but still some do. I'm working together with a guy called WabbitWabid (the maker of the TG (Temple Guardian)) so i know what im talking about. You can never get hang of all hacker, im really sure about this, when the jamod 1.6 got out noone could hack on it, after i have testede the mod in like 20 minutes i already found a new one. But also even tho you got the JAMOD 1.6 (as meny ppl think are totaly sure) use the temple guardian to. You still can't get hang of the fastes exploiters but you can get the most. Just a little advise from THE duck  _______________ DuckLord... the duck above all duck's... This comment was edited by <Ca>DuckLord on Feb 28 2004 10:27am. |
|
Orion - Retired 
|
Ok guys get in contact with me i fixed it _______________ When a Man lies he murder's some part of the world. These are the pale deaths which men misscall there lives. All this I cannot bear to witness any longer. Cannot the kingdom of salvation take me home? -Cliff Burton Owner of Smily's 1900th comment | <Lady_Catherine> i love your sexy white socks! | (Lady_Catherine) i adore u! | (Lady_Catherine) onion (Lady_Catherine) i lub u |
|
itsme - Student |
"Not a mod per se but a fix for the ^^^ exploits in Chosen One's Jedi Academy, Temple Guardian is a small program that constantly monitors a game server using RCON via UDP. It has a list of partial name matches that if it finds it can auto-kick or auto-ban with custom messages. You could use it to kick offensive names or keep a particular clan tag banned too if desired. Its main use is to auto-ban visitors using particular names that exploit a security flaw in JA Mod to gain admin rights." http://newtempleofthejedi.com/forum/forum_posts.asp?TID=2069&PN=1 This comment was edited by itsme on Feb 19 2004 08:23pm. |
|
-{DEA}-A_Fire_Inside*SI* - Ex-Student |
If you guys have found a way to fix this exploit please share the knowledge!....aim- shutithooker This comment was edited by -{DEA}-A_Fire_Inside*SI* on Feb 12 2004 08:56pm. |
|
_cmad_ - Ex-Student 
|
Orion & c1 pwnz0r!!! w00t w00t _______________ Your friends of today, are your enemies of tomorrow. |
|
Squibit - Student 
|
Wow, I only just found this thread reading it throgu h from begining to end was cool, almost a adventure story in itself, Impresive work all, _______________ Quote: fiZZe: its SIR Fizzy Fluffy :p Quote: FiZZ[JAK]: that was what I call a counter Ah, things you only ever expect to hear once
|
|
CroW - Student 
|
Great! Thx guys. I'll contact you in next week, because I'm heading to Lithuania for working trip. I'll be back 19.2.2004. I was yesturday in CODA-clanserver which runs jamod 1.3 and there was also tis kind of scripter. I had thought that this could have something to do with longer name, because I havent seen thins kind of thing in servers running older ja versions 1.1 and 1.2. I checked stats from 1.3 and I noticed that it gives possibility to have name longer than 32 letters. This was just a thought that crossed to my mind .I dont know much about scripting so it's great to know ppl like you  Thx again guys! This is great news _______________ People once believed that when someone dies the CroW carries their soul to the land of the dead... This comment was edited by CroW on Feb 11 2004 12:18pm. |
|
Orion - Retired
|
hey Crow get in contact with me i think i fixed it I will give you the new compiled file, oh and An0maly its G_ClientCleanName() _______________ When a Man lies he murder's some part of the world. These are the pale deaths which men misscall there lives. All this I cannot bear to witness any longer. Cannot the kingdom of salvation take me home? -Cliff Burton Owner of Smily's 1900th comment | <Lady_Catherine> i love your sexy white socks! | (Lady_Catherine) i adore u! | (Lady_Catherine) onion (Lady_Catherine) i lub u |
|
cHoSeN oNe - Retired 
|
Someone brought this to my attention like 2 weeks ago. It is the way the namestrings were being stripped from colors/etc in order to determine who is who when command time came. It could probably be fixed by editing the "G_CleanName()" command or something like that, cant remember off hand. Orion will check it out, wont ya buddy? _______________ Get busy living, or get busy dying. |
|
(Jedi)Obi-JK - Student 
|
Sup, One offer them something for thier tricks, money, special treatment, something, if there is any way you can get them to tell you how they are doing this, the problem will be 2000% easier to fix. Since that probably isnt going to happen, why do you try using /ambanrange, if you ban a few ranges, it wont take long for thier isp to run out. Get ppl on this, see how they might be doing it, try everything. You changed back to 1.2, what about 1.3, 1.3SE (dont remeber if there were significant changes or not) I really cant see C1 doing this, but he could have hard coded a pw, for himself in the source and some1 got lucky and set it to thier clan password, somehow found out it always works, etc. This is a huge strech, mainly cause I really cant see C1 doing this, but anything IS possible. Have orion check all the changes, hopefully c1, could help him. _______________ Silent Bob (Kevin Smith): You know, there's a million fine looking women in the world, dude. But they don't all bring you lasagna at work. Most of 'em just cheat on you. -Steve (Obi) |
|
Orion - Retired 
|
umm i really dont know, unless i can see the steps involved, and plus i just recieved the mods, and havent had time to learn them inside and out, ive posted the reasons already. with the name thing, its probably not the mod, but the basejk _______________ When a Man lies he murder's some part of the world. These are the pale deaths which men misscall there lives. All this I cannot bear to witness any longer. Cannot the kingdom of salvation take me home? -Cliff Burton Owner of Smily's 1900th comment | <Lady_Catherine> i love your sexy white socks! | (Lady_Catherine) i adore u! | (Lady_Catherine) onion (Lady_Catherine) i lub u This comment was edited by Orion on Feb 10 2004 06:01pm. |
|
Bail Hope of Belouve - Student 
|
then tell Orion ASAP(=As Soon As Possible) since he's the new modder  _______________ Visit the Belouve Family Website! Quote: I try to have fun with my friends and try to make a difference as best I can. What does making a difference mean? Well, it can be as simple as saying hello, answering a question that seems obvious or heck, just talking. -- Vladarion
Want to know Vladarion? Read the Article about his life here. |
|
CroW - Student
|
We have changed our JKA mod back to version 1.2 and attacks has stopped. They hunt servers with jamod versions 1.4 and 1.5. Best wat to see these scripters is that they have lots of ^^ behind their name, like CroW^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ That messes something up in the mod. I've tried that and theres something weird happening. Your name is shown all the time above your character and your server time goes closer to -25000... Although I havent still figured out how these guys log in as an admin, but name has something to do with it. _______________ People once believed that when someone dies the CroW carries their soul to the land of the dead... This comment was edited by CroW on Feb 10 2004 09:45am. |
|
Ren - Ex-Student 
|
No this is a serious HACK, it enables the person to see /amsay conversations and use any AM or JK admin cmd. One guy has already kicked/ban 3 of my clan members from the server. And the guys doing it have dynamic IP's. With the retirement of C1, which by the way shook me to the core, I feel that the admin mods migt not be able to hold up against these kinds of attacks. _______________ Consultant, Colossal Entertainment ~Jedi Outcast and Jedi Academy Maps~ |
|
Achilles - Student 
|
hahah Bail! _______________ Padawan to the great Katan JA Brother to D@RTHM@ULR.I.P. Vladarion, may he find peace in the afterlife. |
|
Bail Hope of Belouve - Student
|
not YET... you never know for all we know, Orion could be an imposter and he'll empower himself... and lame us all nah perhaps someday some guy will appear and Orion and the modding crew will wipe the floor with those guys _______________ Visit the Belouve Family Website! Quote: I try to have fun with my friends and try to make a difference as best I can. What does making a difference mean? Well, it can be as simple as saying hello, answering a question that seems obvious or heck, just talking. -- Vladarion
Want to know Vladarion? Read the Article about his life here. |
|
D@RtHM@UL - Student
|
Yup, but I don't think anyone here would try to hack the mod |
|
Bail Hope of Belouve - Student
|
damn would this be able to undermine the academy? oh well, as long as we got talented people here, I'm sure we'll figure something out _______________ Visit the Belouve Family Website! Quote: I try to have fun with my friends and try to make a difference as best I can. What does making a difference mean? Well, it can be as simple as saying hello, answering a question that seems obvious or heck, just talking. -- Vladarion
Want to know Vladarion? Read the Article about his life here. |
|
CroW - Student
|
Password is changed 3 times in short period. I'ver seen these guys now on 5 different clanservers, so I'm 100%sure that it's not password leak. _______________ People once believed that when someone dies the CroW carries their soul to the land of the dead... This comment was edited by CroW on Feb 09 2004 12:12pm. |
|
Wolfwood - Student 
|
Maybe your passwords leaked? Have you tried simply changing it? _______________ ~ Honor is a fool's prize. Glory is of no use to the dead ~ |
|
crazy_hacker - Ex-Student 
|
ive seen a guy join as empowered, butim not sure if he was admin too... i managed to kickbangun him in jamod1.4 and he didnt come back again, so i assume that would do it.... hope that helps _______________ if at first you dont succeed, try and try again. if you still dont succeed, youve just wasted a whole lot of time trying something you just cant do
|
| Login and add your comment! |