[solved] Possible Hack, programmed Problem

Post Reply
User avatar
Festus1965
Member
Posts: 4181
Joined: Sun Jan 03, 2016 11:58
GitHub: Festus1965
In-game: Festus1965 Thomas Thailand Explorer
Location: Thailand ChiangMai
Contact:

[solved] Possible Hack, programmed Problem

by Festus1965 » Post

what happens:
in regular repeating (time-loop),
my avatar gets lifted up (similar to dig on protected with pickeaxe, and turned around) about 5 nodes
with text "This Area is Owned by (3 names seen yet)
based on my nick / gamename (no others hit, not admin !)
source:
unknown

mod used for this :
unknown
what mods can do this, I false them to check

bad guys:
I have there IPs from USA, Texas ... 2 of them sure, wanted all free, get items ... and was angry ... and fater happened,
after restart no problem for 2 days,
just now after crash as of Voltage jumping here local (200 until 258 Volt) server fail hardware

how he/she activate is so far clear now:
must log in ...

have found this IP Blocks used: several !!! accounts, but I use firewall, /euban . and some have new password, never know

[1] = "144.48.134",
[2] = "116.71.4",
[3] = "67.176.190",
[4] = "103.216.212",
[5] = "5.126.177",
[6] = "74.58.190",
[7] = "202.190.119",
[8] = "37.201.185",
[9] = "112.206.244",
[10] = "103.125.151",
[11] = "116.68.104",
[12] = "101.84.58",


solution now:
* SSCSM off - as I saw one user, this time India (3 accounts) just made this request
* basic_robot = false
* lua_controller = false
Last edited by Festus1965 on Fri Feb 24, 2023 08:03, edited 2 times in total.
Human has no future (climate change)
If urgend, you find me in Roblox (as CNXThomas)

User avatar
rubenwardy
Moderator
Posts: 6972
Joined: Tue Jun 12, 2012 18:11
GitHub: rubenwardy
IRC: rubenwardy
In-game: rubenwardy
Location: Bristol, United Kingdom
Contact:

Re: Possible Hack, programmed Problem

by rubenwardy » Post

This is a feature of protection redo by tenplus1
Renewed Tab (my browser add-on) | Donate | Mods | Minetest Modding Book

Hello profile reader

User avatar
Festus1965
Member
Posts: 4181
Joined: Sun Jan 03, 2016 11:58
GitHub: Festus1965
In-game: Festus1965 Thomas Thailand Explorer
Location: Thailand ChiangMai
Contact:

Re: Possible Hack, programmed Problem

by Festus1965 » Post

rubenwardy wrote:
Sun Sep 19, 2021 14:50
This is a feature of protection redo by tenplus1
quite helpful:
* to what refers "This" ?

I have actual, will just update:
* [Mod] protector (e618c6d/06.03.2020) from https://github.com/mt-mods/protector
* there is now 3a3b225 / 09.02.2021 - 3.1 !
against your direction
* https://notabug.org/TenPlus1/protector - with 493f74d63f about 30.08.2021 - 3.3 !

parallel offering same mod with two different versions ?
from the reading and last update I should take from notabug instead from github


so far since yesterday after:
* add found 13 IP blocks to firewall
* also ban or change password of belonging gamer
* false of basic_robot
* and true mod border = no new gamer

this issues didn't happen to my account yet since this changes

and now, as of see the difference in versions of protector and not really see a difference need to think why to separate mod locations with different update,
I should go for 10+1 and see then, when I activate one of the false set option one by one again, where hack comes back in
Human has no future (climate change)
If urgend, you find me in Roblox (as CNXThomas)

User avatar
Festus1965
Member
Posts: 4181
Joined: Sun Jan 03, 2016 11:58
GitHub: Festus1965
In-game: Festus1965 Thomas Thailand Explorer
Location: Thailand ChiangMai
Contact:

Possible Hack, programmed Problem

by Festus1965 » Post

Update:
* the hack even worked just again as gamer nicole2013 just short logged in and out, and I started jumping
* the mod vps_blocker was active now, but didn't help here

after restart:
* new last updated mod protector from TenPlus1 is active
* basic_robots is back true

I blocked that found IP on router, and also found 6 accounts for this IP = changed the passwords
Human has no future (climate change)
If urgend, you find me in Roblox (as CNXThomas)

User avatar
Festus1965
Member
Posts: 4181
Joined: Sun Jan 03, 2016 11:58
GitHub: Festus1965
In-game: Festus1965 Thomas Thailand Explorer
Location: Thailand ChiangMai
Contact:

Possible Hack, programmed Problem

by Festus1965 » Post

beside I think following may be cheat against 'pay for advertise me'

I see now after ban about 30 gamer,
that a lot of them ... no specific name issues
have up to 8 different IP Blocks from most even each another country inside (mod EUban)

so it looks for me, that one or more App are switching the IP,
as I see a lot of gamer very oft short logout, log in (as Block World 3D)
and getting another 'view' to their costumers = money.


added:
very useful is here EUban, as show the short(3) IPs, and some have up to [8]
now I also have mod names_per_ip active and see if that makes it easier

and even I am open again for new users, I didn't get 'hit and leveled' yet.
I made a small change in mod protector, preventing the I am ... punished


added:
they still fight me, if it is
* a bad sad guy angry for not getting creative, or
* one banned as of really bad language or
* maybe some similar maker of like often logout/in (user don't realize during ads) client
** Block Craft 3D (where I have answer)
... the longer I let now EUban and names_per_ip run, the easier to block a LOT of there IPs and also force the gamer to use original Minetest or Multicraft

this IP changers are easy to see when you just keep a bit there, the longer they are on your server, the more of this out/in you see and know then after check the logged IPs of that gamer: all different countries, haha
Human has no future (climate change)
If urgend, you find me in Roblox (as CNXThomas)

User avatar
Festus1965
Member
Posts: 4181
Joined: Sun Jan 03, 2016 11:58
GitHub: Festus1965
In-game: Festus1965 Thomas Thailand Explorer
Location: Thailand ChiangMai
Contact:

Possible Hack, programmed Problem

by Festus1965 » Post

more facts about whats happening:
(I wrote in protector, get only messages now)

* a random gamer, that is NOT same as the protection block used
* can activate this 'happening'
* with a random interval in repeat and digs
* maybe from even another location then the used ? protection block
* even the owner of protection block is not online, or even removed by admin
* and even I am not standing near that block (wherever I am it happen)
until as most restart / crash server - then this person have to join again to activate
Human has no future (climate change)
If urgend, you find me in Roblox (as CNXThomas)

User avatar
DrFrankenstone
Member
Posts: 231
Joined: Tue May 24, 2016 05:36
GitHub: treer
Location: Australia
Contact:

Re: Possible Hack, programmed Problem

by DrFrankenstone » Post

It sounds like whatever or whoever is causing the problem may have overridden minetest.is_protected

Your server's protection mod(s) should be the only thing overriding that, so you could try scanning the server's entire mods directory and game directory for places where minetest.is_protected is being overridden. It would look like function minetest.is_protected , or minetest.is_protected = and the space character in those strings could be any combo of whitespaces so consider a regex search.

Ignore code that merely invokes minetest.is_protected() - that's a legitimate thing for mods to do.

Once you have a list of everything that overrides it, ask "does this mod have any business doing that?", "is this an immature or rarely used mod that might have bugs or sloppy exploitable code?", "is this a very old version?", "did I get this mod from the author's repo?" etc.

I don't know if this will help, but it's something to explore. I'm not sure if is_protected gets called when you're not doing anything, so if it happens when you aren't doing anything then the bug or exploit might be elsewhere

User avatar
Festus1965
Member
Posts: 4181
Joined: Sun Jan 03, 2016 11:58
GitHub: Festus1965
In-game: Festus1965 Thomas Thailand Explorer
Location: Thailand ChiangMai
Contact:

Re: Possible Hack, programmed Problem

by Festus1965 » Post

DrFrankenstone wrote:
Mon Sep 20, 2021 12:35
It sounds like whatever or whoever is causing the problem may have overridden minetest.is_protected

* minetest.is_protected is being overridden.
function minetest.is_protected , or
minetest.is_protected =
search for only 'minetest.is_protected so much results ... I don't start

search for 'function minetest.is_protected'
* protector/init.lua
* xp_redo/protector.lua
* xp_redo/areas.lua
* areas/interact.lua
* not active / false : techage/power/protection.lua

but I can't follow this hints now, too tired ...
btw I found two easier options to handle it, and faster even stop it without restart, but today one time he/she/it/they did it.
Human has no future (climate change)
If urgend, you find me in Roblox (as CNXThomas)

User avatar
DrFrankenstone
Member
Posts: 231
Joined: Tue May 24, 2016 05:36
GitHub: treer
Location: Australia
Contact:

Re: Possible Hack, programmed Problem

by DrFrankenstone » Post

Festus1965 wrote:
Mon Sep 20, 2021 13:01
I can't follow this hints now, too tired ...
No worries, but one clarrification, don't search for ''minetest.is_protected' it will have too many hits (like you said), search for 'minetest.is_protected ='

i.e. something assigning a new value to minetest.is_protected

User avatar
Linuxdirk
Member
Posts: 3217
Joined: Wed Sep 17, 2014 11:21
In-game: Linuxdirk
Location: Germany
Contact:

Re: Possible Hack, programmed Problem

by Linuxdirk » Post

DrFrankenstone wrote:
Mon Sep 20, 2021 13:05
No worries, but one clarrification, don't search for ''minetest.is_protected' it will have too many hits (like you said), search for 'minetest.is_protected ='
It would be even better to search just for is_protected and manually check the results. the protection override could be done in several ways not matched by minetest.is_protected =.

User avatar
Festus1965
Member
Posts: 4181
Joined: Sun Jan 03, 2016 11:58
GitHub: Festus1965
In-game: Festus1965 Thomas Thailand Explorer
Location: Thailand ChiangMai
Contact:

permanent IP-Change destroy idea, basic of ban !

by Festus1965 » Post

just another point of this App

the basic of protect a server from violating gamer, and ban them via IP(-block) is also gone with this App

even with EUban it works, BUT at the end you ban also about 50 other gamer also using this App and the used 'proxy'

So, how can this App even been 'blocked' ?
* beowulf ?
* names_per_ip
* vps_blocker
what system, mod might be better for it ?
Human has no future (climate change)
If urgend, you find me in Roblox (as CNXThomas)

User avatar
Festus1965
Member
Posts: 4181
Joined: Sun Jan 03, 2016 11:58
GitHub: Festus1965
In-game: Festus1965 Thomas Thailand Explorer
Location: Thailand ChiangMai
Contact:

Possible Hack, programmed Problem

by Festus1965 » Post

beside I will do the search again,


could have SSCSM been a reason / a gate in ? (no wasn't - happened just before after restart without again)
It was still enabled, even I hardcoded false before the last cmake / make

I just started server new now deleting the buildin/SSCSM folder
as also comment out the call do ... in init.lua

So NOW the message SSCSM is enabled is gone at first lines after start.
Last edited by Festus1965 on Mon Sep 20, 2021 23:19, edited 1 time in total.
Human has no future (climate change)
If urgend, you find me in Roblox (as CNXThomas)

User avatar
Festus1965
Member
Posts: 4181
Joined: Sun Jan 03, 2016 11:58
GitHub: Festus1965
In-game: Festus1965 Thomas Thailand Explorer
Location: Thailand ChiangMai
Contact:

Re: Possible Hack, programmed Problem

by Festus1965 » Post

Linuxdirk wrote:
Mon Sep 20, 2021 13:57
DrFrankenstone wrote:
Mon Sep 20, 2021 13:05
No worries, but one clarrification, don't search for ''minetest.is_protected' it will have too many hits (like you said), search for 'minetest.is_protected ='
It would be even better to search just for is_protected and manually check the results. the protection override could be done in several ways not matched by minetest.is_protected =.
Guys, any kind of how this code might look , vars, values that have to be there - different from the found one in well known mods ?
Human has no future (climate change)
If urgend, you find me in Roblox (as CNXThomas)

User avatar
Festus1965
Member
Posts: 4181
Joined: Sun Jan 03, 2016 11:58
GitHub: Festus1965
In-game: Festus1965 Thomas Thailand Explorer
Location: Thailand ChiangMai
Contact:

Is a IP changing ads App fair ?

by Festus1965 » Post

* how is it for gamer,
standing for a view seconds without be able to defend against monster,
for the server owner, have open chests, as gamer had been taken during access

* how is this doing according to the rules of Google Play ?

* how will the want to let show advertisement think, when in my opinion it is cheating ?
as the gamer itself never change the IP, but App can generate much more different IPs for ads



(as some parts don't work, I opened the firewall as normal, and let everyone have 15 name same IP = so I get much more evidence about the network, the proxy ? IPs ... just that 1234 already collected 9)

so later add them all together, might be a nice sum:
1234 wrote:[1] = "37.153.52",
[2] = "212.50.119",
[3] = "202.126.88",
[4] = "117.18.228",
[5] = "157.42.240",
[6] = "204.57.68",
[7] = "192.82.67",
[8] = "212.126.118",
[9] = "150.129.141",
gamer: "1"
Spoiler
[1] = "183.213.146",
[2] = "105.109.12",
[3] = "105.108.42",
[4] = "219.134.95",
[5] = "14.155.222",
[6] = "91.46.154",
[7] = "46.219.118",
[8] = "141.226.14",
[9] = "113.154.132",
[10] = "188.247.74",
[11] = "31.206.192",
[12] = "62.212.46",
[13] = "188.225.122",
[14] = "176.74.94",
[15] = "27.34.18",
[16] = "185.70.54",
[17] = "2.178.249",
[18] = "167.57.168",
Human has no future (climate change)
If urgend, you find me in Roblox (as CNXThomas)

User avatar
TenPlus1
Member
Posts: 3715
Joined: Mon Jul 29, 2013 13:38
In-game: TenPlus1
Contact:

Re: Possible Hack, programmed Problem

by TenPlus1 » Post

If someone is overriding minetest.is_protected() and managing to harm players then the simplest method may be to change the 'protector_hurt' setting to 0 so that it disables hurt.

Failing that I'd recommend changing the 'csm_restriction_flags' setting in minetest itself to (1) so that the server no longer allows loading of csm mods, that will stop interference and players abusing the game.

User avatar
Festus1965
Member
Posts: 4181
Joined: Sun Jan 03, 2016 11:58
GitHub: Festus1965
In-game: Festus1965 Thomas Thailand Explorer
Location: Thailand ChiangMai
Contact:

Re: Possible Hack, programmed Problem

by Festus1965 » Post

TenPlus1 wrote:
Tue Sep 21, 2021 06:54
change the 'protector_hurt' setting to 0 so that it disables hurt.

'csm_restriction_flags' setting in minetest itself to (1)
first was done to 1, as so many player there are newbies,
the attack is only against me as Thomas (as I was the one euban someone ... )
scm-flag is now set to 1 (was 62, guess had to be 61 for all close ?) so far I understood this long time ago

but as I got server privs I just see the message, but no harm, no flip - other way was about to put me into mod code as sort hurt out.

thanks for this constructive and short hints

today only one attack yet. was blocked after 30 se with overtaking that used (no existing gamer ?) protection block by me.
Human has no future (climate change)
If urgend, you find me in Roblox (as CNXThomas)

User avatar
Miniontoby
Member
Posts: 616
Joined: Fri Mar 01, 2019 19:25
GitHub: Miniontoby
IRC: Miniontoby
In-game: Miniontoby
Location: The Netherlands

Re: Possible Hack, programmed Problem

by Miniontoby » Post

Festus1965 wrote:
Mon Sep 20, 2021 22:13
beside I will do the search again,


could have SSCSM been a reason / a gate in ? (no wasn't - happened just before after restart without again)
It was still enabled, even I hardcoded false before the last cmake / make

I just started server new now deleting the buildin/SSCSM folder
as also comment out the call do ... in init.lua

So NOW the message SSCSM is enabled is gone at first lines after start.
SSCSM looks like to me that it is standing for some kind of s... s... client side modding

I think it might allow more client side stuff to be executed. But yeah you never know.
Working on mtctl ---- Check my mod "Doorbell" -- Stay safe

User avatar
Festus1965
Member
Posts: 4181
Joined: Sun Jan 03, 2016 11:58
GitHub: Festus1965
In-game: Festus1965 Thomas Thailand Explorer
Location: Thailand ChiangMai
Contact:

Re: Possible Hack, programmed Problem

by Festus1965 » Post

TenPlus1 wrote:
Tue Sep 21, 2021 06:54
Failing that I'd recommend changing the 'csm_restriction_flags' setting in minetest itself to (1) so that the server no longer allows loading of csm mods, that will stop interference and players abusing the game.
mhh I set in in minetest.conf
and since I didn't realize any attack on me (mean see that warning area protected by ...)
so that was so far I think the important hint.

But changing in minetest itself ... src ,,, yes, your right, never know if this settings in conf, is now ignored under multicraft2 ,,, I search for location.
Human has no future (climate change)
If urgend, you find me in Roblox (as CNXThomas)

Post Reply

Who is online

Users browsing this forum: No registered users and 6 guests