Server Exploit (ADMNS PLEASE READ)

  • Please make sure you are familiar with the forum rules. You can find them here: https://forums.tripwireinteractive.com/index.php?threads/forum-rules.2334636/
  • Weve updated the Tripwire Privacy Notice under our Policies to be clearer about our use of customer information to come in line with the EU General Data Protection Regulation (GDPR) rules that come into force today (25th May 2018). The following are highlights of our changes:


    We've incorporated the relevant concepts from the GDPR including joining the EU and Swiss Privacy Shield framework. We've added explanations for why and how Tripwire processes customer data and the types of data that we process, as well as information about your data protection rights.



    For more information about our privacy practices, please review the new Privacy Policy found here: https://tripwireinteractive.com/#/privacy-notice
G

Guest

Guest
Hello,

I would like to inform the developers of Killing Floor that there is a server exploit that crashes servers.

We have been battling this certain hacker for a few days now, banned 4 IPs from our Dedi and have just had a crash a minute ago.

Some details:
IP: 88.147.224.115
Host: pppoe-88-147-224-115.san.ru
Country: Russia

Soon as our server crashed I checked the ucc.log file which had;
NetComeGo: Open myLevel 11/12/10 18:07:02 88.147.224.115:55752
NetComeGo: Close TcpipConnection 88.147.224.115:55752 11/12/10 18:07:12
 
Last edited:

netsky/SiE

FNG / Fresh Meat
Oct 17, 2010
148
34
0
I also represent netsky the same as Bashy, Any kind of light TWI can shed on what they're doing to fix this exploit would be greatly . . . greatly welcomed as anyone hosting a KF server is at risk from this.

Steam - iblock4fun
 
G

Guest

Guest
Here is what our firewall looks like from the connections we get.



Just got attacked again: IP 95.84.54.0 - Russia again.
 

Yoshiro

In Soviet Russia, Yoshiro is a cake
Staff member
Oct 10, 2005
12,890
3,864
113
Send any detailed information and logs to me by Email.
 
G

Guest

Guest
Thanks for replying, Sie is emailing you now.

We know which exploit he is using and we have banned the proxy he is using for now, but this can't go on.
 

drakioned

FNG / Fresh Meat
Nov 25, 2009
96
1
0
Hi

Hi

Hi,

Confirmed this is happening on my servers too.

Server restarted over 2000 times in a short period due to this exploit.
 

Yoshiro

In Soviet Russia, Yoshiro is a cake
Staff member
Oct 10, 2005
12,890
3,864
113
We've put out an update for Windows servers. Please update your server to grab a new file to fix the issue.
 

Yoshiro

In Soviet Russia, Yoshiro is a cake
Staff member
Oct 10, 2005
12,890
3,864
113
We will have an update for linux servers in patch 1015 which we hope to have out today.
 

netsky/SiE

FNG / Fresh Meat
Oct 17, 2010
148
34
0
Just wanna publicly say great job TW with the exploit fix, we were more then happy to help in pin-pointing the exploit. We are also amazed at your response speed on the matter :), such a beautiful thing when developers take care of their community, keep up the brilliant work!

SiE out;