Hacking Outbreak

Equinox · #1 07-11-2012, 08:14 PM

On a server I'm developing for there has been a recent hack outbreak in the last 2 days. Apparently hackers are "injecting" themselves with staff boots and other items. It's all client based so its impossible to deal with them besides a ban. The program they use is called "Graal Relay".

This is probably in the wrong place, forgive me.

ffcmike · #2 07-11-2012, 08:28 PM

A lot of the time this occurs (aka some newbie who doesn't know what they're doing), they are using the default command which is quite easy to detect, and can also be used to show you what weapons they are trying to inject, which can in turn be checked for by script (such as when the player.weapons array is altered) incase they or someone else has switched to a different command.

Starfire2001 · #3 07-11-2012, 08:35 PM

Might be able to help you out here, send a you a forum pm.

Fatel · #4 07-11-2012, 09:29 PM

try this.

PHP Code:


			
//#CLIENTSIDE

function onPlayerChats() {

  if (player.chat == "/iw System_Staffboots") {

    serverwarp(servername);

  }

}

ffcmike · #5 07-11-2012, 09:39 PM

Quote:

Originally Posted by Fatel

try this.

PHP Code:


			
//#CLIENTSIDE
function onPlayerChats() {
  if (player.chat == "/iw System_Staffboots") {
    serverwarp(servername);
  }
}

The reason why myself or Starfire_2001 haven't been specific is that if potential culprits see it publicly they'll know to alter the command rather than keep using the default one.

Regardless this solution would only detect that specific weapon name which can also be avoided easily, it's better to check player.chat.starts("/iw") (and preferably within the ChatBar.onAction event).

It's also a good idea to trigger the name of what they're trying to inject to serverside and log it, any common occurrences (such as the one you mentioned, and actually got caught trying on Classic using a guest account) can then be checked for existing.

Fatel · #6 07-11-2012, 09:55 PM

i was about to edit my post to fix my error then just decided to let someone else do it

Fatel · #7 07-14-2012, 04:34 AM

PHP Code:


			
//#CLIENTSIDE

function onPlayerChats() {

  if(player.chat.starts("/iw")) {

    serverwarp(servername);

  }

}

Emera · #8 07-14-2012, 12:09 PM

I believe Nalin coded the relay system, and it was used so he could get onto an iPhone server via the PC client. It's also used so iPhone systems can get onto PC servers (like yours). You can get around it by detecting their OS and kicking them off.

ff7chocoboknight · #9 07-17-2012, 07:31 PM

No, the program was created as a debug tool. Someone passed it around as a hacking tool.

CrypticMyst · #10 07-19-2012, 01:09 PM

Quote:

Originally Posted by ff7chocoboknight

No, the program was created as a debug tool. Someone passed it around as a hacking tool.

This statement is true.

Pandar · #11 07-19-2012, 02:11 PM

Quote:

Originally Posted by Equinox

On a server I'm developing for there has been a recent hack outbreak in the last 2 days. Apparently hackers are "injecting" themselves with staff boots and other items. It's all client based so its impossible to deal with them besides a ban. The program they use is called "Graal Relay".

This is probably in the wrong place, forgive me.

You should really have a staff list somewhere on your server, whether it's in a Database NPC or whatever. That way you could have some easy preventive measures for any staff npcs. Just have your Boots run a check every time you turn them on, that refers to this staff list; if they're not on it, don't let it work, or even serverwarp their asses like the people above suggested.

Hezzy002 · #12 07-19-2012, 02:33 PM

Quote:

Originally Posted by Pandar

You should really have a staff list somewhere on your server, whether it's in a Database NPC or whatever. That way you could have some easy preventive measures for any staff npcs. Just have your Boots run a check every time you turn them on, that refers to this staff list; if they're not on it, don't let it work, or even serverwarp their asses like the people above suggested.

That's not how it works. It injects clientside bytecode, doesn't add the NPCs on the server to them.