• Please make sure you are familiar with the forum rules. You can find them here: https://forums.tripwireinteractive.com/index.php?threads/forum-rules.2334636/
  • Weve updated the Tripwire Privacy Notice under our Policies to be clearer about our use of customer information to come in line with the EU General Data Protection Regulation (GDPR) rules that come into force today (25th May 2018). The following are highlights of our changes:


    We've incorporated the relevant concepts from the GDPR including joining the EU and Swiss Privacy Shield framework. We've added explanations for why and how Tripwire processes customer data and the types of data that we process, as well as information about your data protection rights.



    For more information about our privacy practices, please review the new Privacy Policy found here: https://tripwireinteractive.com/#/privacy-notice

Someone hacked into my dedicated server

MiltonFernandes7775

FNG / Fresh Meat
Oct 5, 2019
2
1
3
I was playing with a friend of mine Tonight, when someone entered my password protected server and logged in as admin. Thankfully, he "Just wanted to play", but It was Very uncomfortable and awkward. I'm afraid If he'll be able to hack into my server again, ir worse, If he'll hack into my computer. I've changed my webadmin password, The server password, reported his Steam account, deactivated DMZ and open ports, but I'm still afraid. Am I safe? What do I do? Please, I'd be Very Grateful for any information.
 
  • Haha
Reactions: ®omano

Yoshiro

In Soviet Russia, Yoshiro is a cake
Staff member
Oct 10, 2005
12,395
3,505
113
Are you sure your server wasn't in a server takeover state? In theory if it was password protected it shouldn't be. At this time we are unaware of any vulnerabilities that would allow for something like what you describe without the person already having your admin account info.
 

®omano

Grizzled Veteran
May 14, 2009
4,062
187
63
France
www.hellsoldiers.tk
What about brute forcing from console commad in game? seems like easy to do with a script. I didn't try, I know web admin bans you pretty quickly for that but does it from in game? If not here is your vulnerability.

Having weak password is also a problem, some kept the "123" password :ROFLMAO: or use very common ones like qwerty/azerty
 

MiltonFernandes7775

FNG / Fresh Meat
Oct 5, 2019
2
1
3
Thanks for The answers guys. Yeah, It so happens that my Web admin password was 123. LOL. Not anymore. Isn't there a chance that he made some durable changes in any configuration, or made any damage to my server? Is this likely to happen again, since he's done It once?
 

®omano

Grizzled Veteran
May 14, 2009
4,062
187
63
France
www.hellsoldiers.tk
:eek: OMG :ROFLMAO:

No risk at all, just change the password for a good one, make sure it is properly set in command line and/or config files whatever your preference is (command line supersede the config file I think) and you're good, verify/change settings back to whatever you want. If you had the multi admin enabled check if there is unknown accounts created, but if you didn't enable it manually in the files you're good for this. He can't damage your server (machine) with your game server web admin access, unless you also use weak password to access the whole machine too.... LOL don't tell me, your machine password is "qwerty", right?


It can happen when you have a bad password, people just try common/random passwords and sometimes it matches, you probably encountered a random lucky guy.