Tribes server hacker on the loose

Status
Not open for further replies.
Plasmatic

Plasmatic

Contributor
Veteran XX
For those of you running Tribes 1 servers...
I recorded a DOS atack from 64.105.228.167 Sunday afternoon at 3:05 pm CST. In both of my servers, Annihilation Orb and Blue Sex, and another similar attack in the middle of last week. It would appear someones attempting to wipe out every Tribes server at once..

I've been running NoFix's dosfix in both of these servers to stop this type of thing, but I'm guessing the majority of other servers are not.
The dosfix is here: http://www.3dmax.org/nofix/TribesDoSFix/
If you're uncomfortable running that patch, I suggest route deleting (adding a dummy route for this ip). This will send any information received from this jerk to a dummy address.
Type "route" at the cmd prompt to get the syntax.

Running the dosfix is still the easiest and best way to go, it will record any attackers ip, and NoFix has built in lockup protection, something Infinite Spawn doesn't do.

Plasmatic
 
nofix's download links seem to be getting the 404... :(

Hackers are like flies, hitting the window numerous times until they die from exhustion.
 
I wouldn't call the kids doing the DOS attacks hackers. Its not that hard anymore.

Edit: Here is a look up on that ip.
xxxxxxxxxxxxxxxxxx
NetRange: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
City: xxx xxxx
StateProv: xx
PostalCode: xxxxxxxxxxxxxxxxxxx
Country: US
Comment: for abuse issues, please contact abuse-isp@covad.com
 
Last edited by a moderator:
After a little investigation, I realized this was the same EXACT IP and problem I had emailed covad.com about.. A MONTH AGO!!

If you're a server admin, check these times in your console.log.. Bear in mind all these times are Central Standard Time... This is an excerpt of a email I just sent...
On November 5th, from 9:45 PM, Central Standard Time to 10:20 PM, I was attacked by your customer at IP 64.105.228.167. Again.
This person also attacked November 7th, from 8:30 AM until 8:31 AM, 6:05 PM to 6:10 PM, and 8:47 PM to 9:56 PM. He also attempted again on November 9th, at 3:05 PM for one minute.
Click to expand...
If you experienced restarts at these times (search your console.log for the string "/2003"), feel free to write abuse-isp@covad.com NOC-IPServices@Covad.COM sancha@covad.com pnicoll@covad.com ip_admin@covad.com or abuse@covad.com and give them a little love...
 
hi guys. i'm the guy who was running that script at the time. i've been trying to learn php (and played tribes for 5 years now starting on demo) and after experiencing all of these dos attacks like you all i wanted to find out what it was all about.

anyway, i did manage to write a script that hits all the servers over and over by connecting to the master server, getting the current server list, then looping through the list. if you'd like to check it out, the url is:

removed by Admin

lucidsite.net is my personal domain which is hosted at the ip you mentioned above. its actually at a friends house, and he doesn't know i was using it to test this script, so it would be cool if you didn't contact covad about him, because he's kind of innocent here.

i apologize if i've caused any problems.. i was merely testing my script. you can contact me at mschweis@adelphia.net to talk further if you choose. thanks.
 
Last edited by a moderator:
newguy22 said:
hi guys. i'm the guy who was running that script at the time. i've been trying to learn php (and played tribes for 5 years now starting on demo) and after experiencing all of these dos attacks like you all i wanted to find out what it was all about.

anyway, i did manage to write a script that hits all the servers over and over by connecting to the master server, getting the current server list, then looping through the list. if you'd like to check it out, the url is:


lucidsite.net is my personal domain which is hosted at the ip you mentioned above. its actually at a friends house, and he doesn't know i was using it to test this script, so it would be cool if you didn't contact covad about him, because he's kind of innocent here.

i apologize if i've caused any problems.. i was merely testing my script. you can contact me at xxxxxxxxxxxxxxxx to talk further if you choose. thanks.
Click to expand...

umm you are a fucking idiot.
 
Last edited by a moderator:
for me it was more a practice in using some of the functions in php to trim around the ip's and so on from the list received from the master server. pretty interesting stuff. anyway, i think all this stuff is pretty much moot now that there's a fix for this udp hack.
 
Status
Not open for further replies.
Back
Top