Jump to content

Archived

This topic is now archived and is closed to further replies.

  • 0
ImportBot

My Server Being Hacked?

Question

Originally Posted by SmackDown*:

 

Hello,

 

I need help in a situation that I have never encountered before. Yesterday, I started to notice in my Procon log that my server was being his by some type of population hack. The logs shows multiple players with similar names entering the server, but never actually entering the server. I am not able to ban these players in adkats since there is no record of the player since they never actually enter the server. Below is a sample of my logs to show what I mean:

 

[06:22:42] Nigerian152 has joined the server..

[06:22:47] Nigerian122 has joined the server..

[06:22:51] Nigerian124 has joined the server..

[06:22:56] Nigerian125 has joined the server..

[06:23:02] Nigerian126 has joined the server..

[06:23:04] Nigerian127 has joined the server..

[06:23:09] Nigerian128 has joined the server..

[06:23:13] Nigerian129 has joined the server..

[06:23:18] Nigerian130 has joined the server..

[06:23:22] Nigerian131 has joined the server..

[06:23:27] Nigerian133 has joined the server..

[06:23:31] Nigerian132 has joined the server..

[06:23:36] Nigerian134 has joined the server..

[06:23:40] Nigerian135 has joined the server..

[06:23:45] Nigerian136 has joined the server..

[06:23:50] Nigerian137 has joined the server..

[06:23:53] Nigerian138 has joined the server..

[06:23:57] GeirskoguI has joined the server..

[06:23:58] Nigerian139 has joined the server..

[06:24:03] Nigerian140 has joined the server..

[06:24:07] Nigerian141 has joined the server..

[06:24:11] Nigerians142 has joined the server..

[06:24:16] Nigerian143 has joined the server..

[06:24:20] Nigerian146 has joined the server..

[06:24:27] Nigerian147 has joined the server..

[06:24:29] Nigerian148 has joined the server..

 

It is showing my that my server is full in Battlelog, but there may only be 20 players in the server out of a 32 slot server.

 

Any Ideas how to stop this?

 

Thank you in advance for whatever information or help you can provide.


* Restored post. It could be that the author is no longer active.

Share this post


Link to post
Share on other sites

9 answers to this question

Recommended Posts

Originally Posted by ColColonCleaner*:

 

Procon cannot see who is connecting to the server. The server sends an RCON event essentially named 'player connected' along with the player's name as a payload. That's how procon 'knows a player is connecting', no more information is available on our end.

 

If you're talking about a server control panel that might have more information than what procon has, but I don't believe that is allowed for consumers, only the server hosts.


* Restored post. It could be that the author is no longer active.

Share this post


Link to post
Share on other sites

Originally Posted by Haagse*:

 

Hello Smackdown,

 

I have same issue on my server, http://battlelog.battlefield.com/bf4...uts-get-Sluts/

 

I contacted EA Help and they cant do anything and I should contact the game server provider. The game server provider said its an EA issue.

 

So I guess we just have to wait untill this is being fixed...


* Restored post. It could be that the author is no longer active.

Share this post


Link to post
Share on other sites

Originally Posted by ColColonCleaner*:

 

This isn't a hack, it's a seeding tool being used against you. Sometimes admins use seeder tools to make their servers appear more full than normal, but if the seeder is set up with too many seed accounts it can saturate the join queue and no real players can join.


* Restored post. It could be that the author is no longer active.

Share this post


Link to post
Share on other sites

Originally Posted by SmackDown*:

 

This isn't a hack, it's a seeding tool being used against you. Sometimes admins use seeder tools to make their servers appear more full than normal, but if the seeder is set up with too many seed accounts it can saturate the join queue and no real players can join.

Is this something that I can control? I didn't install this or active this! How do I stop it? And how could someone access the server to do it?

* Restored post. It could be that the author is no longer active.

Share this post


Link to post
Share on other sites

Originally Posted by ColColonCleaner*:

 

Is this something that I can control? I didn't install this or active this! How do I stop it? And how could someone access the server to do it?

They don't need to access the server. It's just a script that has real player accounts joining/leaving the server in quick succession, clogging up the join queue. As far as I know there is nothing that can be done about it at this time since they don't stay in the server long enough for a kick/ban to be enforced. They are basically using server seeding tools developed for admins against admins. The irony is not lost on me.

* Restored post. It could be that the author is no longer active.

Share this post


Link to post
Share on other sites

Originally Posted by SmackDown*:

 

They don't need to access the server. It's just a script that has real player accounts joining/leaving the server in quick succession, clogging up the join queue. As far as I know there is nothing that can be done about it at this time since they don't stay in the server long enough for a kick/ban to be enforced. They are basically using server seeding tools developed for admins against admins. The irony is not lost on me.

Thank for the info CCC

* Restored post. It could be that the author is no longer active.

Share this post


Link to post
Share on other sites

Originally Posted by IRussao*:

 

A good question would be: Why procon doesn't allow us to see the ip of those who are trying to connect to the server? I mean if it's trying to connect, then the server must know the ip, why procon doesn't allow us to see the ip?


* Restored post. It could be that the author is no longer active.

Share this post


Link to post
Share on other sites

Originally Posted by ColColonCleaner*:

 

Because the player isn't connecting to procon, they are connecting to the battlefield server. Not a problem on procon's side. The only way to see a player's IP from the procon side is by querying punkbuster once the player is fully loaded into the server.

 

You could see if the server providers could wireshark the server and see where repeated connects/disconnects are coming from and firewall them out, but there is nothing to be done on the procon side.


* Restored post. It could be that the author is no longer active.

Share this post


Link to post
Share on other sites

Originally Posted by IRussao*:

 

Yes, I know that the player is not connecting to procon, but procon can see who is trying to connect to the server, that means procon can read the information of who is connecting, I would think that it should be able to read the ip as well, makes no sense to be able to read just the Player's name and not be able to read the full info of the client that is trying to connect. The battlefield server does know the IP of those who are trying to connect to the server, so it's a matter to know if the server allow this info to be read or if procon coders did not think about that. It's not really a critic, I was just wondering why this is not possible, if it's a server "problem" or procon limitation.

 

 

I mean in the control panel of the server, it's even possible to see the ping of those players who are connecting, makes 0 sense not be able to see the IP.


* Restored post. It could be that the author is no longer active.

Share this post


Link to post
Share on other sites



  • Our picks

    • Hi All,

      So I've been thinking about doing something like this for a while but I always talked myself out of it. I want to get some feedback on this idea and how many would think about using it if it was offered.

      In the past I know how hard it was for some users to get a MySQL database going and running the BFACP (since it's a bit requirement heavy in some cases). What I would be doing is offering to manage both of these for you.

      If enough interest was shown in something like this I would definitely think about doing it. Of course, I also know the risks I would be taking in something like this, but to list what I would be offering I guess is this.

      MySQL Hosting


      Daily backups of the database to a remote site & option to download it yourself.


      No limit on how big your database can be (within reason).




      BFACP Hosting (If running AdKats on your layers)


      This would run the newest version (v3.0)


      Will still be available to run on your own hardware


      Will have extra features that are not available for an open source setup (still need to think of good things )


      Able to use your own domain name with the proper DNS setup.




      Both Above



      Please let me know what you think of this idea and vote in the poll. Again not confirming anything like this will happen but if I get enough interest from the community for something like this then please let me know.

      Disclaimer: This will NOT be something affiliated with MyRCON but will be ran through it in terms of a payment processor.
      • 10 replies
×
×
  • Create New...

Important Information

Please review our Terms of Use and Privacy Policy. We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.