LucasForums

LucasForums (http://www.lucasforums.com/index.php)
-   Dedicated Server (http://www.lucasforums.com/forumdisplay.php?f=334)
-   -   admin password hack (http://www.lucasforums.com/showthread.php?t=180409)

quantum_rds 07-12-2007 05:36 PM

admin password hack
 
i run a jedi server and my admins are telling me that there is an exploit and througt brute force the hacker finds the admins passwords.

how do i pach my server or something like that to prevent that brute force attack?

jedi-Guard 07-14-2007 05:31 PM

which way do they hack to receive the password ?

darkecho05 07-30-2007 03:38 PM

I personally have never experienced somebody stealing my password, don't really think anybody can do that, only way for them to see your password is if you have your kt on while hosting and typing "rconpass xxxx" and just when you're about to log in your kt says something and everybody sees it.

Tx606 09-04-2007 02:25 PM

Quote:

Originally Posted by quantum_rds
i run a jedi server and my admins are telling me that there is an exploit and througt brute force the hacker finds the admins passwords.

how do i pach my server or something like that to prevent that brute force attack?

Well this IS possible.
You can't really prevent brute force attacks. But i know how they work..
They have a list of possible users and passwords, just make sure u have a VERY complicated password for your users for your server (ftp and such things..) And if you enter a pass like r2Rfz434xz_2 they will never guess it.
Remember to make a hard rconpassword too, not a simple pass like "kyle"..

Kurgan 10-07-2010 09:55 PM

Other tips are not to have "subadmins" or give out your password or post it online anywhere. Most "hacking attempts" turn out to be untrustworthy or disaffected former admins screwing around (consider they could give out that information to anyone they wished).

If you think your admin password may have been compromised... CHANGE IT immediately. Another is to use a name other than "server.cfg" for your config file.

If you botch entering your password logging in, a person could see your password attempt in the chat log too, so make sure you get it right (or enter it before you get into the game, via the save password feature in JO/JKA's in-game browers, or Qtracker, etc).

Another issue is that stuff like Killtrackers and mods may have their own vulnerabilities. Use at your own risk. If you think there's some kind of security exploit in them, contact the maker of this unofficial addon and see if they can fix it.


All times are GMT -4. The time now is 01:12 PM.

Powered by vBulletin®
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
LFNetwork, LLC ©2002-2011 - All rights reserved.