Security Breach -Biggest in Trem History?

[Rawr]

As of Feb. 14, 2007 i've been informed that a Server Operator by the name of Pol (the one who controls the S11 Info server) has been !setleveling certain players with GUID's to gain access to their servers using their own GUID's. Because I was setleveled on his server, my GUID has been compromised and i've had no choice but to !setlevel myself to 0 for the time being. Servers across Tremulous have been attacked due to compromised GUID's of admins and operators. If you've been setleveled on his server then let me know immediately. I'll come back with more details soon to follow.

Pol has been stealing GUID's from who ever goes onto his server. My suggestion to you, Change your RCON, get a new GUID.

Note: The Dev's have been informed of this.

[Smokey]

As of Feb. 14, 2007 i've been informed that a Server Operator by the name of Pol (the one who controls the S11 Info server) has been !setleveling certain players with GUID's to gain access to their servers using their own GUID's. Because I was setleveled on his server, my GUID has been compromised and i've had no choice but to !setlevel myself to 0 for the time being. Servers across Tremulous have been attacked due to compromised GUID's of admins and operators. If you've been setleveled on his server then let me know immediately. I'll come back with more details soon to follow.

Pol has been stealing GUID's from who ever goes onto his server. My suggestion to you, Change your RCON, get a new GUID.

Note: The Dev's have been informed of this.

He can't get your rcon password just by knowing your guid, and this is not at all new. Popupman has been known to do it for a while.

[vcxzet]

lol
and I thought I was evil

[-:GoDz:-Devil]

LOL he setlevel me, but I change my GUID ID daily, so I have np with it, and also, I am working on something that will change my guid I everytime I start trem and keep logs of all the guid's I use. I will keep you updated.

[Smokey]

LOL he setlevel me, but I change my GUID ID daily, so I have np with it, and also, I am working on something that will change my guid I everytime I start trem and keep logs of all the guid's I use. I will keep you updated.

Well, isn't that just pointless.

[vcxzet]

LOL he setlevel me, but I change my GUID ID daily, so I have np with it, and also, I am working on something that will change my guid I everytime I start trem and keep logs of all the guid's I use. I will keep you updated.

Well, isn't that just pointless.

pointless as hell
looks like he is not admin anywhere

yesterday was one of my better days
ip spoofing and guid take over

you should be thankful to polly This guid thing was known before but tjw didnt care till polly exploited it like crazy. then tjw fixed it . ie guid per server solution. and tjw also released the new binaries for using this

ip spoofing was something I was using( and I thought it did not work ). Untill polly told me it is actually working. Then he reported to r1ch -> tjw fixed

actually he is useful to community. highly flamable though

[David]

Was he using his server S11 to get the GUIDs?
If so it should be permanently de-listed.
Just ban is IP from the master server. That'll teach him.

[-:GoDz:-Devil]

LOL he setlevel me, but I change my GUID ID daily, so I have np with it, and also, I am working on something that will change my guid I everytime I start trem and keep logs of all the guid's I use. I will keep you updated.

Well, isn't that just pointless.

Na its not pointless, if you understood what I was doing you would get it.

[David]

LOL he setlevel me, but I change my GUID ID daily, so I have np with it, and also, I am working on something that will change my guid I everytime I start trem and keep logs of all the guid's I use. I will keep you updated.

I was going to do that, but then TJW fixed it, so problem solved!

[FooBar]

Just out of curiosity, why does the website for Pol's server (s11.info) redirect to (or at least display a copy of) tremulous.tjw.org?  That seems a little odd.

[vcxzet]

Just out of curiosity, why does the website for Pol's server (s11.info) redirect to (or at least display a copy of) tremulous.tjw.org?  That seems a little odd.

he is using tjw's stats php

[DieFamilyGuy]

As of Feb. 14, 2007 i've been informed that a Server Operator by the name of Pol (the one who controls the S11 Info server) has been !setleveling certain players with GUID's to gain access to their servers using their own GUID's. Because I was setleveled on his server, my GUID has been compromised and i've had no choice but to !setlevel myself to 0 for the time being. Servers across Tremulous have been attacked due to compromised GUID's of admins and operators. If you've been setleveled on his server then let me know immediately. I'll come back with more details soon to follow.

Pol has been stealing GUID's from who ever goes onto his server. My suggestion to you, Change your RCON, get a new GUID.

Note: The Dev's have been informed of this.

pol....hmm i recognize that name....yeah he used to come on beer garden, knew something was fishy about him

[Stof]

Don't worry about RCON, they cannot be directly compromised like that. No need to be (more) paranoïd than required.

Although the RCON password might be compromised if you gave it away to a hacker you though was a friend because he was using your friend GUID.

[TinMan]

For those of you who need a new GUID, go into your tremulous/base/ and delete your QKEY file, the next time you play tremulous a new one will be generated and you will then have a new GUID.

[Caveman]

If Pol(ly) knew his stuff then he also has the passwords for priv-slots if the player did not unset it when they did not need it ...

[Caveman]

ok

[pollywannacrkr]

stop that

o dam caveman ur hired.

[Caveman]

Allways cite the source

[FooBar]

Not that I have any affection for Pol at all, but I want to be the first to suggest that the moderators take down this information.  This kind of harassment is not acceptable.

[Stof]

Oh, was that harassement? It looked like spam so I kinda deleted it on sight :p

Don't go posting other users personal info here!

[Caveman]

Information, freely available on Google, can't be harassment .) but if it's not wanted.... ok

[FooBar]

Well, maybe not harassment, but perhaps it's incitement to harassment.  

[vcxzet]

Oh, was that harassement? It looked like spam so I kinda deleted it on sight :p

Don't go posting other users personal info here!

we should all stay as Unfunny Anonymous Cowards
as stated in Interwebs rule number 2

[Stof]

Oh, was that harassement? It looked like spam so I kinda deleted it on sight :p

Don't go posting other users personal info here!

we should all stay as Unfunny Anonymous Cowards
as stated in Interwebs rule number 2

Do you mean that you are "pollywannacrkr"?

Btw, that account is posting from http://hidemyass.com/ and I sure bet it has been created specialy for those posts.

[khalsa]

While I am opposed to the posting of polly's personal info here, I dont think ANYONE is going to feel sorry for you at this point.

Screw around with a tight-knit community - what do you think is going to happen? Especially when you have your whole life on google.

Pol: if your reading this i'd strongly suggest you stop whatever it is you're doing and apologize to those you've hurt. You may not realize, but people on the internet are crazy, and may do something "unfixable" to you.

A simple disagreement or misunderstanding (or ban for spamming) should not be grounds to permanently hurt someone.

Now basically everyone has your e-mail(s) so i'd simply suggest that if you have a problem wih you, to e-mail you or contact you otherwise to discuss these matters.

Lastly: I Strongly suggest that NO ONE go to the S11 server until everything is resolved, if even that.

Khalsa

[CU|CUdyin]

IMO, every person who is farming full GUIDs is even worse than every deconner, so he/she/it should get banned from the master-server, if the whole thing can be proved.

Nevertheless, I've been once on S11, so I already changed my GUID (at least temporary).

[Pol]

Noob Thread -Biggest in Trem History?

NOPE! GUESS WHAT, I AM!

[gareth]

Noob Thread -Biggest in Trem History?

It is now.

[FooBar]

Hey, Pol-- wondering when or whether you'd drop in here.

I'm curious, I'd like to know your side of the story.  I've seen a good amount of evidence from the other side suggesting that you basically took over another server by means of a stolen GUID.  I'm just wondering if you have another side to present: was it not you?  Was it someone totally different and you're the scapegoat?  Was it someone else with your IP or your computer?  Or have your actions been misrepresented?

Or did you do exactly what you were accused of, but for a legitimate reason?  I can't imagine a legitimate reason, but if you think you've got one I'd love to hear it.

Rather than throwing around bootless insults, why don't you enlighten us with your side of the story?

[Pol]

My side of the story?

Basically, it's fully expressed in my last post.

If you want more than that:

My side of the story is that it wouldn't really matter if I say it was me, not me, you, raWr, or anybody else.  Who would ever know with 100% certainty ?

I'm the S11.Info operator.  I maintain this server for the entertainment of myself, and the individuals who choose to play there.

I am not rapt in acting maliciously against any of my server's guests, or those of another server, or other server admins.

Tremulous's current GUID / ip userinfo system is obviously flawed.  Even tjw's latest 'new guid per server' hack is hardly worthy of the effort.  It needs a complete re haul, so I'd suggest to however's pissy at me for whatever reason would best to redirect their angst at someone like tjw, timbo, or careless server operators/admins.

By the way, pumpkin seeds are apparently good for the prostate.

[Plague Bringer]

notice how he (almost) completely avoided the topic and attempted to redirect all of the blame?

[vcxzet]

:evil:  

[benmachine]

Guys, I have a terrible confession to make...

...it was me who told Polly how to fake GUIDs. I didn't do it maliciously, it was mostly out of curiousity, and I needed someone to test it. Now, of course, if what you're saying is true, it seems pretty stupid that I trusted them, and for that I'm sorry.
Personally I haven't used the knowledge since that night for testing, I've been using my qkey GUID (which Polly knows, btw). Also of note: I discovered how after someone with an anomalous GUID connected to Polly's server and he/she came to #tremulous to ask about it. It is therefore possible that neither I nor Polly were the first people to discover this method, and you might thank Polly for publicizing it and allowing it to be fixed.
To be fair, the bugzilla report on it does credit Polly for bringing the bug to the attention of the reporter, so if it were not for your accusations, I'd still be assuming good faith.

edit: I just got the IRC logs: #tremulous and PM with polly (edit: removed for discussion of hax)
The #tremulous log contains everything I said to polly that night, so you might want to skip to the double line breaks I inserted if you don't care much about what we discussed initially (and tbh don't know why you would).
edit two: it seems there are some erroneous characters in those logs, something to do with character encoding I'd guess. I cba to fix it though, it's still readable. Suffice to say they weren't in the original.

[vcxzet]

Also of note: I discovered how after someone with an anomalous GUID connected to Polly's server and he/she came to #tremulous to ask about it. It is therefore possible that neither I nor Polly were the first people to discover this method, and you might thank Polly for publicizing it and allowing it to be fixed.

DOH it was probably me with the anomalous guid. But I've never stolen anyone's guid (probably I would but I have no server)

[Pol]

Nope, it wasn't you.

And S11.Info doesn't steal GUIDs.

[Rawr]

Lies.

[tuple]

My side of the story?My side of the story is that it wouldn't really matter if I say it was me, not me, you, raWr, or anybody else.  Who would ever know with 100% certainty ?

While it is true that we could in no way determine conclusively who was sitting behind the offending IP, the evidence that the source of the malicious behavior was in fact the IP that you use is pretty conclusive.  The likelihood that there was someone else using your computer, using your computer as a proxy or spoofing your IP is extremely small.  If that is in fact what has happened, you would have the proof that would clear your name.

I am not rapt in acting maliciously against any of my server's guests, or those of another server, or other server admins.

We have no way of knowing this and it is irrelevant to the discussion.

Tremulous's current GUID / ip userinfo system is obviously flawed.  Even tjw's latest 'new guid per server' hack is hardly worthy of the effort.

This is irrelevant.  If I leave my door unlocked, that does not give anyone permission to rob my house.  That many, many people knew of this vulnerability is common knowledge among many in the tremulous community.  That someone personally decided to take advantage of the vulnerability to act maliciously is in no way related.  Someone made a decision to act maliciously, the identity of that individual is the question here.

[Mario]

The following screenshots are from the S11 Info Server. As you can see in the following image, the user with blank GUID's & player 4 with a default GUID are him:




Pol also denied being there at the time the event took place on Dretch Storm. All admins were set to level 0 and random players were given level 5 due to a compromised GUID. But the server operator of D*S (GhostShell) tells me that the following people had level 5 at the time from the thread http://dretchstorm.com/node/93:

Mr. Gumby   66.63.211.173
[COL]Jose   201.220.86.99
The Me [banana]   70.174.101.101
FireHazard@ubuntu   69.37.19.142
Newbie#27   65.110.228.135 <--- 1st person using !setlevel

Match the last ip of Newbie#27 to the blank GUID in the !namelog and tell me who you see...[/url]

[Ace1]

lol thats kinda true

[tuple]

Ace1, quit posting stupid shit everywhere just to get you post count up, or at least get rid of that annoyingly large signature.

[David]

Ace1, quit posting stupid shit everywhere just to get you post count up, or at least get rid of that annoyingly large signature.

preferably do both.

[Plague Bringer]

Ace1, quit posting stupid shit everywhere just to get you post count up, or at least get rid of that annoyingly large signature.

preferably do both.

yeah, lol , who made that thing anyway? Deisel?

[Ace1]

hey stfu and stop slabberin i am only tryin to help but use obusily dont like the compition

[Caveman]

hey stfu and stop slabberin i am only tryin to help but use obusily dont like the compition

Anyone up to translate this into a readable form?

[AKAnotu]

hey stfu and stop slabberin i am only tryin to help but use obusily dont like the compition

Anyone up to translate this into a readable form?

stfu and stop slobbering i am only trying to help but you obviously don't like the competition

[Ace1]

lol guys i am just a bit ticked off that i cant get m pot forwarding problem fixed so guys plz help me i am in need of any helkp to get my server up and runnin

[FooBar]

Ace, I'd be happy to help you with port forwarding in any spare time I have (not right now), but could you try to do a couple of things?  First, learn to spell and form complete sentences, and also, use punctuation.  Please!  Second, only post on a thread when you have a real point to make; don't just post to say "i agree" or something like that.

You're a nice guy and very earnest, and I guarantee that if you do those two things everyone around here will love you, or at least like you a lot more.

Thank you!

[benmachine]

The following screenshots are from the S11 Info Server. As you can see in the following image, the user with blank GUID's & player 4 with a default GUID are him:

Sorry, please elaborate: as I can see? How can I see?
It could be anyone who knows the trick, unless I'm missing something...

[Caveman]

The trick is that that statement is wrong.
All we can see is 2 clients connected from the same IP, one with a none legit guid...

[Ace1]

Ace, I'd be happy to help you with port forwarding in any spare time I have (not right now), but could you try to do a couple of things?  First, learn to spell and form complete sentences, and also, use punctuation.  Please!  Second, only post on a thread when you have a real point to make; don't just post to say "i agree" or something like that.

You're a nice guy and very earnest, and I guarantee that if you do those two things everyone around here will love you, or at least like you a lot more.

Thank you!

Yes FooBar I will try and complete these requests you have made, and yes i should get on with everyone around here as i am very approchable as you have learnt and many others have as well if they have played with me. So sry everyone if i was a bit cheky.

[Pol]

/s/approchable/approachable
/s/learnt/learned
/s/sry/sorry
/s/cheky/(cheeky|cheesy)
/s/Ace1/illiterate

BTW, Who the fuck is the moderator here?

...editing the content of my messages without my consent?

"NOPE! GUESS WHAT, I AM!"

...

Wtf is that shit?

Obviously this entire board is fucking moronic, being run by morons, and moderated by morons.

AND both the IRC channels on quakenet have the same exact problem.

The Tremulous community at large has to get it's fucking act together.

The game has potential, but you've certainly done your part in discouraging an intellectual contributor from wanting to even discuss it.

Take care, fuckers

[Smokey]

/s/approchable/approachable
/s/learnt/learned
/s/sry/sorry
/s/cheky/(cheeky|cheesy)
/s/Ace1/illiterate

BTW, Who the fuck is the moderator here?

...editing the content of my messages without my consent?

"NOPE! GUESS WHAT, I AM!"

...

Wtf is that shit?

Obviously this entire board is fucking moronic, being run by morons, and moderated by morons.

AND both the IRC channels on quakenet have the same exact problem.

The Tremulous community at large has to get it's fucking act together.

The game has potential, but you've certainly done your part in discouraging an intellectual contributor from wanting to even discuss it.

Take care, fuckers

lol, anyone else remember that post with all his info? lewl.

[Caveman]

... intellectual contributor ...

If that was supposed to mean you, you phail. You can not even refrain from using fecal expressions and try to look down upon those that tried to help you.

Go outside and play with the rattlesnakes / cars in the traffic.

[Stof]

Now, would you PLEASE stop that :evil:

[vcxzet]

[Rawr]

[TinMan]

BAN HIM!

[Ace1]

lol tin. ban him incase he does it again.

[Rawr]

Pol is now stealing }MG{'s Bandwidth OH KNOZ!

[khalsa]

ZOMG! Not my Bandwidths!

Somebody should do something!

Note: The }MG{ Map mirror is open to all for public use, feel free to set your auto-downloads cvars of your server to http://www.mercenariesguild.net and for individuals looking for maps see: http://www.mercenariesguild.net/base/


Khalsa

[n00b pl0x]

lol in screen2 |DoA|Atcs is my server xD and how are your pings so low across the board like that?? your ping to my server is half the lowest ping i have on any server that i havent home hosted.