Could version 1655 be vulnerable to hacker?

07/18/2024 17:00 zukoo#1

There is one thing that made me a little worried about version 1655, two administrators reported that their VPS was hacked, something I had never heard of in the classic version.
They reported that the VPS files were encrypted... And both happened in the same period.

The servers that were hacked were thunder online and Elitedemons.

What could have happened?

07/18/2024 18:15 jeffworkszx#2

simply the files has backdoors lol

07/19/2024 11:42 DuaSelipar#3

classic version much worse

07/19/2024 17:48 zukoo#4

Why would the classic version be worse? ?

08/07/2024 19:39 revinmage#5

Welcome :kekw:

08/08/2024 00:59 12tails#6

The reason is simple:

1- The "1655" is a custom chinese server, same as the Paladin, just updated from the 2006 leaked codes;
2 - No one wants a fully working eudemons server out there, the chineses keep the things working for themselves only (also, neither of them use those custom bins, they just sell it and later steal files and shutdown the servers) actually they builds things on c# and since its a crime to run the servers on china, they try to put it on places other than there.
3 - Since the codes are too old, for the case of the classic versions, there are a lot of ways to exploit the doors, even if you change it the servers have no encryption, so its easy to force a packet through the doors and exploit some packages to shutdown the server (yeah there is a packet to do that inside the original versions).

And for the last: Yeah, believe on Windows Firewall System when it says 'this file contains a virus, similar to a backdoor' cuz it really has a backdoor ^^

08/19/2024 02:01 zukoo#7

Another hypothesis is for the simple reason that the site is hosted on the VPS itself... This also creates vulnerability... taking into account port access.

08/24/2024 15:59 12tails#8

From what i could analise by deciphering the last version server.dat of eudemons and using a proxy do access the oficial servers, (this next part is already known by the community on conquer at last), TQ uses a single account server for a certain amount of game servers, the IP address in the server.dat is only the accountserver ip, and when the connection is authenticated the accountserver repplies with the game ip using the MsgConnect, this prottects a bit the game servers... so you guys can follow some simple steps to prevent it:

1 -> AccountServer separated from the GameServer VPS (yeah, two VPs to handle things);
2 -> WebSite can be set in a shared service, so you dont need to handle the site on same machine as account or game server;
3 -> If possible, changing the cipher keys is important to prevent some well known bots.
4 -> using API to acess the database of account server (like Canyon project does) but for this one you would need to build a custom accountserver to comunicates with the binaries.

Security the host from DDOS attacks and already known tricks...

But again, nothing of it matters if the Source has a backdoor... That's the case of Chinese 1655 -non oficial binaries- servers... Unfortunatelly.

09/18/2024 09:19 a2688266#9

Yes, you need an engine plug-in to perfectly prevent bug farming, database deletion, 2 billion servers, materials, and all kinds of problems