Jump to content
  • 0

My Server Being Hacked?


ImportBot

Question

Originally Posted by SmackDown*:

 

Hello,

 

I need help in a situation that I have never encountered before. Yesterday, I started to notice in my Procon log that my server was being his by some type of population hack. The logs shows multiple players with similar names entering the server, but never actually entering the server. I am not able to ban these players in adkats since there is no record of the player since they never actually enter the server. Below is a sample of my logs to show what I mean:

 

[06:22:42] Nigerian152 has joined the server..

[06:22:47] Nigerian122 has joined the server..

[06:22:51] Nigerian124 has joined the server..

[06:22:56] Nigerian125 has joined the server..

[06:23:02] Nigerian126 has joined the server..

[06:23:04] Nigerian127 has joined the server..

[06:23:09] Nigerian128 has joined the server..

[06:23:13] Nigerian129 has joined the server..

[06:23:18] Nigerian130 has joined the server..

[06:23:22] Nigerian131 has joined the server..

[06:23:27] Nigerian133 has joined the server..

[06:23:31] Nigerian132 has joined the server..

[06:23:36] Nigerian134 has joined the server..

[06:23:40] Nigerian135 has joined the server..

[06:23:45] Nigerian136 has joined the server..

[06:23:50] Nigerian137 has joined the server..

[06:23:53] Nigerian138 has joined the server..

[06:23:57] GeirskoguI has joined the server..

[06:23:58] Nigerian139 has joined the server..

[06:24:03] Nigerian140 has joined the server..

[06:24:07] Nigerian141 has joined the server..

[06:24:11] Nigerians142 has joined the server..

[06:24:16] Nigerian143 has joined the server..

[06:24:20] Nigerian146 has joined the server..

[06:24:27] Nigerian147 has joined the server..

[06:24:29] Nigerian148 has joined the server..

 

It is showing my that my server is full in Battlelog, but there may only be 20 players in the server out of a 32 slot server.

 

Any Ideas how to stop this?

 

Thank you in advance for whatever information or help you can provide.

* Restored post. It could be that the author is no longer active.
Link to comment
Share on other sites

9 answers to this question

Recommended Posts

Originally Posted by ColColonCleaner*:

 

This isn't a hack, it's a seeding tool being used against you. Sometimes admins use seeder tools to make their servers appear more full than normal, but if the seeder is set up with too many seed accounts it can saturate the join queue and no real players can join.

* Restored post. It could be that the author is no longer active.
Link to comment
Share on other sites

Originally Posted by SmackDown*:

 

This isn't a hack, it's a seeding tool being used against you. Sometimes admins use seeder tools to make their servers appear more full than normal, but if the seeder is set up with too many seed accounts it can saturate the join queue and no real players can join.

Is this something that I can control? I didn't install this or active this! How do I stop it? And how could someone access the server to do it?
* Restored post. It could be that the author is no longer active.
Link to comment
Share on other sites

Originally Posted by ColColonCleaner*:

 

Is this something that I can control? I didn't install this or active this! How do I stop it? And how could someone access the server to do it?

They don't need to access the server. It's just a script that has real player accounts joining/leaving the server in quick succession, clogging up the join queue. As far as I know there is nothing that can be done about it at this time since they don't stay in the server long enough for a kick/ban to be enforced. They are basically using server seeding tools developed for admins against admins. The irony is not lost on me.
* Restored post. It could be that the author is no longer active.
Link to comment
Share on other sites

Originally Posted by SmackDown*:

 

They don't need to access the server. It's just a script that has real player accounts joining/leaving the server in quick succession, clogging up the join queue. As far as I know there is nothing that can be done about it at this time since they don't stay in the server long enough for a kick/ban to be enforced. They are basically using server seeding tools developed for admins against admins. The irony is not lost on me.

Thank for the info CCC
* Restored post. It could be that the author is no longer active.
Link to comment
Share on other sites

Originally Posted by IRussao*:

 

A good question would be: Why procon doesn't allow us to see the ip of those who are trying to connect to the server? I mean if it's trying to connect, then the server must know the ip, why procon doesn't allow us to see the ip?

* Restored post. It could be that the author is no longer active.
Link to comment
Share on other sites

Originally Posted by ColColonCleaner*:

 

Because the player isn't connecting to procon, they are connecting to the battlefield server. Not a problem on procon's side. The only way to see a player's IP from the procon side is by querying punkbuster once the player is fully loaded into the server.

 

You could see if the server providers could wireshark the server and see where repeated connects/disconnects are coming from and firewall them out, but there is nothing to be done on the procon side.

* Restored post. It could be that the author is no longer active.
Link to comment
Share on other sites

Originally Posted by IRussao*:

 

Yes, I know that the player is not connecting to procon, but procon can see who is trying to connect to the server, that means procon can read the information of who is connecting, I would think that it should be able to read the ip as well, makes no sense to be able to read just the Player's name and not be able to read the full info of the client that is trying to connect. The battlefield server does know the IP of those who are trying to connect to the server, so it's a matter to know if the server allow this info to be read or if procon coders did not think about that. It's not really a critic, I was just wondering why this is not possible, if it's a server "problem" or procon limitation.

 

 

I mean in the control panel of the server, it's even possible to see the ping of those players who are connecting, makes 0 sense not be able to see the IP.

* Restored post. It could be that the author is no longer active.
Link to comment
Share on other sites

Originally Posted by ColColonCleaner*:

 

Procon cannot see who is connecting to the server. The server sends an RCON event essentially named 'player connected' along with the player's name as a payload. That's how procon 'knows a player is connecting', no more information is available on our end.

 

If you're talking about a server control panel that might have more information than what procon has, but I don't believe that is allowed for consumers, only the server hosts.

* Restored post. It could be that the author is no longer active.
Link to comment
Share on other sites

Originally Posted by Haagse*:

 

Hello Smackdown,

 

I have same issue on my server, http://battlelog.battlefield.com/bf4...uts-get-Sluts/

 

I contacted EA Help and they cant do anything and I should contact the game server provider. The game server provider said its an EA issue.

 

So I guess we just have to wait untill this is being fixed...

* Restored post. It could be that the author is no longer active.
Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.



  • Our picks

    • Game Server Hosting:

      We're happy to announce that EZRCON will branch out into the game server provider scene. This is a big step for us so please having patience if something doesn't go right in this area. Now, what makes us different compared to other providers? Well, we're going with the idea of having a scaleable server hosting and providing more control in how you set up your server. For example, in Minecraft, you have the ability to control how many CPU cores you wish your server to have access to, how much RAM you want to use, how much disk space you want to use. This type of control can't be offered in a single service package so you're able to configure a custom package the way you want it.

      You can see all the available games here. Currently, we have the following games available.

      Valheim (From $1.50 USD)


      Rust (From $3.20 USD)


      Minecraft (Basic) (From $4.00 USD)


      Call of Duty 4X (From $7.00 USD)


      OpenTTD (From $4.00 USD)


      Squad (From $9.00 USD)


      Insurgency: Sandstorm (From $6.40 USD)


      Changes to US-East:

      Starting in January 2022, we will be moving to a different provider that has better support, better infrastructure, and better connectivity. We've noticed that the connection/routes to this location are not ideal and it's been hard getting support to correct this. Our contract for our two servers ends in March/April respectively. If you currently have servers in this location you will be migrated over to the new provider. We'll have more details when the time comes closer to January. The new location for this change will be based out of Atlanta, GA. If you have any questions/concerns please open a ticket and we'll do our best to answer them.
      • 5 replies
    • Hello All,

      I wanted to give an update to how EZRCON is doing. As of today we have 56 active customers using the services offered. I'm glad its doing so well and it hasn't been 1 year yet. To those that have services with EZRCON, I hope the service is doing well and if not please let us know so that we can improve it where possible. We've done quite a few changes behind the scenes to improve the performance hopefully. 

      We'll be launching a new location for hosting procon layers in either Los Angeles, USA or Chicago, IL. Still being decided on where the placement should be but these two locations are not set in stone yet. We would like to get feedback on where we should have a new location for hosting the Procon Layers, which you can do by replying to this topic. A poll will be created where people can vote on which location they would like to see.

      We're also looking for some suggestions on what else you would like to see for hosting provider options. So please let us know your thoughts on this matter.
      • 4 replies
    • Added ability to disable the new API check for player country info


      Updated GeoIP database file


      Removed usage sending stats


      Added EZRCON ad banner



      If you are upgrading then you may need to add these two lines to your existing installation in the file procon.cfg. To enable these options just change False to True.

      procon.private.options.UseGeoIpFileOnly False
      procon.private.options.BlockRssFeedNews False



       
      • 2 replies
    • I wanted I let you know that I am starting to build out the foundation for the hosting services that I talked about here. The pricing model I was originally going for wasn't going to be suitable for how I want to build it. So instead I decided to offer each service as it's own product instead of a package deal. In the future, hopefully, I will be able to do this and offer discounts to those that choose it.

      Here is how the pricing is laid out for each service as well as information about each. This is as of 7/12/2020.

      Single MySQL database (up to 30 GB) is $10 USD per month.



      If you go over the 30 GB usage for the database then each additional gigabyte is charged at $0.10 USD each billing cycle. If you're under 30GB you don't need to worry about this.


      Databases are replicated across 3 zones (regions) for redundancy. One (1) on the east coast of the USA, One (1) in Frankfurt, and One (1) in Singapore. Depending on the demand, this would grow to more regions.


      Databases will also be backed up daily and retained for 7 days.




      Procon Layer will be $2 USD per month.


      Each layer will only allow one (1) game server connection. The reason behind this is for performance.


      Each layer will also come with all available plugins installed by default. This is to help facilitate faster deployments and get you up and running quickly.


      Each layer will automatically restart if Procon crashes. 


      Each layer will also automatically restart daily at midnight to make sure it stays in tip-top shape.


      Custom plugins can be installed by submitting a support ticket.




      Battlefield Admin Control Panel (BFACP) will be $5 USD per month


      As I am still working on building version 3 of the software, I will be installing the last version I did. Once I complete version 3 it will automatically be upgraded for you.





      All these services will be managed by me so you don't have to worry about the technical side of things to get up and going.

      If you would like to see how much it would cost for the services, I made a calculator that you can use. It can be found here https://ezrcon.com/calculator.html

       
      • 11 replies
    • I have pushed out a new minor release which updates the geodata pull (flags in the playerlisting). This should be way more accurate now. As always, please let me know if any problems show up.

       
      • 9 replies
×
×
  • Create New...

Important Information

Please review our Terms of Use and Privacy Policy. We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.