1 Topic by Neox (edited by Neox 2016-09-01 21:37:13)

  • Neox
  • Neox
  • Donor
  • Offline

Topic: What do we do against this?

Hello, I didn't really know where to post this so I'm just posting it here.

You know that a few mods have account systems.
Some dudes made fake servers (I don't actually know how it works) to get the credientials of the players.
These servers redirect to the real server but somehow they do get the players credentials.

They also add fake tee infos (I mean the infos you get while you're browsing the server list) which is a reason for their server to get banned from the masterserver list. But I'm wondering, what can we actually do against people like that? Are we allowed to report these servers (that are created/hosted only to hack people)?
Can we do something against this in version 0.7? If yes, what? (Can we even do something now against this redirection thing? To allow only normal connections)

The fake servers IP is 217.80.239.171, port is 8304.

By the way, I'm not sure if this bug exists in vanilla too, but some dude (very probably the same as the fake servers creator, as he enters in stolen accounts) are able to crash that server without even being in it. Yeah it's a moded server but it looks like this bug also exists in vanilla, but I am not sure.
I'll PM moderators that write here/PM me about this crash bug (I'd rather tell it to trusted people than publicly)

while(!Success())
    TryAgain();
Try until you succeed.

2 Reply by jxsl13 (edited by jxsl13 2016-09-01 22:11:33)

  • jxsl13
  • jxsl13
  • Member
  • Offline

Re: What do we do against this?

those seem to be proxy honeypot(?) proxy servers
Basically: client(human) -> join -> server(honeypot proxy) -> acts as client & joins -> server (original) (correct me if I'm wrong, ty)
whatever goes through the proxy can be logged, same with chat and /login user password
in regard to masterserver bans, I've read that a few were already banned.

What you can do now is to put some warnings in your MOTD that ppl only join the original server, which they should also add to their favorites or get a domain, so that they can join by simply typing example.com:8303 and join the server.
Reporting these server is also a great help, check out the #teeworlds irc channel on quakenet.org

it should be possible to block certain IPs (honeypot server IP for example) in your firewall.

I think it's unlikely to do anything against these servers in regard to coding...(don't wanna write down my thought process, contains gore)

Teeworlds [ friends ] clan
Some YouTube Stuff about Teeworlds

3 Reply by Neox

  • Neox
  • Neox
  • Donor
  • Offline

Re: What do we do against this?

Hello jxsl13, thank you for your answer
That's exactly what I thought. Well that's really... annoying.
I don't even know what to say. They're just ruining the fun of others. Meh.

while(!Success())
    TryAgain();
Try until you succeed.

4 Reply by Dune

  • Dune
  • Dune
  • Moderator
  • Offline

Re: What do we do against this?

Like jxsl13 said, blocking these servers IP on your server firewall is a workaround. Unfortunately, I can't see any solid option against honeypots.

Not Luck, Just Magic.

5 Reply by Neox

  • Neox
  • Neox
  • Donor
  • Offline

Re: What do we do against this?

Thank you for your answer Dune. I'll PM you about the crash bug.

while(!Success())
    TryAgain();
Try until you succeed.

6 Reply by jxsl13

  • jxsl13
  • jxsl13
  • Member
  • Offline

Re: What do we do against this?

Well, I have another idea, which you could check out:
If your servers do not support permanent bans or can't configure your firewall, you could ban those IPs ingame, so that ppl connected through a honeypot server can't connect to your server. In order to keep track of your banned ips, I suggest adding a line to your server config file(s), which would be 

exec permanent-bans.cfg

or

#if in a parent folder
exec ../permanent-bans.cfg

permanent-ban.cfg could have following content:

#don't use 127.0.01, it's only an example :D
ban 127.0.0.1 -1

this would be executed on every restart of your server
(again correct me if I'm wrong smile)

Teeworlds [ friends ] clan
Some YouTube Stuff about Teeworlds

7 Reply by Neox (edited by Neox 2016-09-02 02:24:03)

  • Neox
  • Neox
  • Donor
  • Offline

Re: What do we do against this?

jxsl13 wrote:

Well, I have another idea, which you could check out:
If your servers do not support permanent bans or can't configure your firewall, you could ban those IPs ingame, so that ppl connected through a honeypot server can't connect to your server. In order to keep track of your banned ips, I suggest adding a line to your server config file(s), which would be 

exec permanent-bans.cfg

or

#if in a parent folder
exec ../permanent-bans.cfg

permanent-ban.cfg could have following content:

#don't use 127.0.01, it's only an example :D
ban 127.0.0.1 -1

this would be executed on every restart of your server
(again correct me if I'm wrong smile)

Ohhh righttt, alright thank you! That's nice!
I already know how to make a custom ban file, but the first lines you wrote are right and nice! I mean the idea is nice
But can't they spoof the servers IP while sending the packets? So that the server sends the packets to their IP directly etc?

I mean let's say the users IP is 5.5.5.5, the honeypot could spoof its IP to 5.5.5.5 and send the packet to the target server... I mean, won't it work that way?
I'm a bit bad with network stuff, sorry hmm

while(!Success())
    TryAgain();
Try until you succeed.

8 Reply by Pathos

  • Pathos
  • Member
  • Offline

Re: What do we do against this?

LordFalcon made an interesting configuration for his TW client. If you use DDNet client, you might be familiar with the DDNet tab where you can just look at the DDNet servers. He was able to make another tab(?) for server lists of different regions.

Using LordFalcon's idea, perhaps there can be a trusted servers list hosted by mods.

Learn to move faster
Set up TW server on Pi  :: Vanilla/TW+ server configs :: Vanilla maps

9 Reply by Neox

  • Neox
  • Neox
  • Donor
  • Offline

Re: What do we do against this?

Pathos wrote:

LordFalcon made an interesting configuration for his TW client. If you use DDNet client, you might be familiar with the DDNet tab where you can just look at the DDNet servers. He was able to make another tab(?) for server lists of different regions.

Using LordFalcon's idea, perhaps there can be a trusted servers list hosted by mods.

The problem is that you never can make all your players use that client. If I could do this, there would be way more possibilities.

while(!Success())
    TryAgain();
Try until you succeed.

10 Reply by Pathos

  • Pathos
  • Member
  • Offline

Re: What do we do against this?

It's not a client. It's done through configs apparently.

Learn to move faster
Set up TW server on Pi  :: Vanilla/TW+ server configs :: Vanilla maps

11 Reply by Neox

  • Neox
  • Neox
  • Donor
  • Offline

Re: What do we do against this?

Ohh I see. But anyway you'll need to make this client-side where it's always hard in teeworlds. I mean even if ddnet were coding something like this, people not using ddnet could still go to such servers.

while(!Success())
    TryAgain();
Try until you succeed.