GOPOSTAL just contacted me directly...

Post all House of Hermskii {HOH} Website and Forum related content here!
Post Reply
User avatar
Hermskii
Site Admin
Posts: 8500
Joined: Sun Jul 10, 2005 9:56 pm
What is the middle number? (one, TWO, three): 2
ExtraAntiSpam: Blue
extraextraantispam: Yes
NoMoreSpam: Silver
Location: Houston, Texas
Contact:

GOPOSTAL just contacted me directly...

Post by Hermskii » Fri Aug 26, 2011 11:57 pm

Yes, Gopostal sent me an email recently and warned of a member here who may be unknowingly sending emails to members here that may become infected if they open certain links within the email. I do not feel that GOPOSTAL would have warned me and thus each of you had the threat not been real.

I plan to contact this particular member and help the member get everything in order again hopefully. Until then, I'll ask that you only communicate with each other here via the Private Message system and please avoid opening all Internet links whether posted here or in a email from any member here or in any P.M. from any member here until I give the all clear. I expect to resolve this issue with the next couple of days.

As I said to GOPOSTAL in my reply to him; I appreciated him going above the semi-recent disagreements he and I have had and was grateful to him for giving me and the members of this forum a fair warning. I hope and expect that I too will be as big as he just was to get above the (sometimes ugly) politics of UT and warn him or anyone else and their followers of unseen risks.
~Peace~

Hermskii

User avatar
ZippityDooDa
Posts: 555
Joined: Sat Jul 17, 2010 8:53 am
What is the middle number? (one, TWO, three): 2
ExtraAntiSpam: Blue
Contact:

Re: GOPOSTAL just contacted me directly...

Post by ZippityDooDa » Sat Aug 27, 2011 6:38 am

He sent me an email to my yahoo saying that I was sending him links or that my email was spamming him, months ago. Not sure what the deal is but my password has been changed and no one said anything about my address sending out spam emails.
11100000.11111111.11111111.00000000 /24

User avatar
Hermskii
Site Admin
Posts: 8500
Joined: Sun Jul 10, 2005 9:56 pm
What is the middle number? (one, TWO, three): 2
ExtraAntiSpam: Blue
extraextraantispam: Yes
NoMoreSpam: Silver
Location: Houston, Texas
Contact:

Re: GOPOSTAL just contacted me directly...

Post by Hermskii » Sat Aug 27, 2011 8:33 am

His warning was not about you. Them member it was about has already contacted me and is getting busy with getting it all worked out. Thanks all!
~Peace~

Hermskii

User avatar
Nelsona
Posts: 998
Joined: Sun Mar 06, 2011 11:45 am
What is the middle number? (one, TWO, three): 2
ExtraAntiSpam: Blue
extraextraantispam: Yes
Location: Still at Keyboard
Contact:

Re: GOPOSTAL just contacted me directly...

Post by Nelsona » Sat Aug 27, 2011 9:44 am

Stop susupecting anyone.

The problem-guy is just me, in fact not me, more accurate is about some delayed Yahoo services.

What is about ?

I worked a bit in private with Gopo at some small fixes for MH, sharing my observations. I told him in forums "I sent you an e-mail with..." containing a link to a non-standard WebPage. He answered something "I didn't received any e-mail, something is not OK".

Due to a bunch of invasions pointed in my host by search engines and observing lags in server, (I have only a normal cable connection I cannot host a million of connections) I restricted acces from Internet Bots to my host. They couldn't do a check in that e-mail and later (much later) informed the destination about a possible unsecured e-mail. Is a crap indeed, my first ideea that come in my head was to stop WebHosting. I have aprox. 10 GB files, MH maps, sounds, textures, musics, some mods, programs used by me for server, but I think I'll turn off this because I cannot host an invasion.

I'll do a walk on Internet to check some options for settings for a Web-Server because seems to be a problem with my host, exactly http://sektornelsona.no-ip.org:9000/
If I let them dig in my house, I'll notice again lags and slow acces, large amounth of data downloaded by Bots.

For any intruder fan of stunts i have a small information (I checked some logs), I don't have any important file into the shared folder, all engines, scripts, configuration files are placed in a different place on other drive.

Now tell me how to block this madness or I'll give up hosting files.

User avatar
Hook
Posts: 3444
Joined: Fri Feb 16, 2007 9:41 am
What is the middle number? (one, TWO, three): 3
extraextraantispam: No
NoMoreSpam: Silver
Location: Minnesota USA (Just West of MPLS - by a pond beneath a tree - Dead & Buried)
Contact:

Re: GOPOSTAL just contacted me directly...

Post by Hook » Sun Aug 28, 2011 2:29 pm

Yeah, I got an email from him also about when my email at msn was hacked.
It wasn't so much a warning, but more a razz, and that he was thinking it is so FUNNY and laughing his a off about it.
I noticed they had a big laugh about it on there forum, cutting me and my email down too. :roll:
Kids! :|

I am glad he finally matured a bit and didn't do the same thing to you. :wink:
He should realize that it is no laughing matter. :?
=Hook= of Hook's UT Place - Hopelessly Addicted to UT99!
Forum: https://hooksutplace.freeforums.net
CROSSBONES Missile Madness {CMM} (GT Top 50)
PRO-Redeemer | PRO-SNIPER-Redeemer | SEEKER-Redeemer
Birth Place of ALL Seeker/Scoped Deemers!
IP: NEW IP to come!
CROSSBONES Monster Hunt {CMH} (Special Edition MH by mars007)
IP: 108.61.238.93:7777

User avatar
Sir Mandrake
Posts: 334
Joined: Thu Sep 27, 2007 12:05 pm
What is the middle number? (one, TWO, three): 3
extraextraantispam: No
NoMoreSpam: Silver
Location: Central, IL USA

Re: GOPOSTAL just contacted me directly...

Post by Sir Mandrake » Sun Aug 28, 2011 3:41 pm

Nelsona -

I looked at your link and indeed you have many files available for open download.
There are many bots (as you are aware) constantly look for open FTP servers that allow open upload and download. These bots index all the files on your server for searching. I could probably search for a Monsterhunt map and your server could show up in the results. Since this is a private server you really should put some kind of security on your downloads... so only people you allow will have access to it.

I have an FTP server set up at a recording studio and after a month, i was shocked to see the log full of random access attempts to the FTP server. These were bots trying every concievable security loophole out there to gain access. Bots find these FTP servers by scanning millions of IP address for response on port 21... port 21 is the default port for FTP servers.

I have files as well at my domain but directory browsing is off for my redirect and only the server has its direct address for access. If I want people to access files or be able to upload.. I provide an FTP account for them.

You can begin to secure your server by trying a PHP script that has better security or one that uses captcha to ward off the leeching bots.
--- END OF LINE ---

Image
Image

User avatar
Nelsona
Posts: 998
Joined: Sun Mar 06, 2011 11:45 am
What is the middle number? (one, TWO, three): 2
ExtraAntiSpam: Blue
extraextraantispam: Yes
Location: Still at Keyboard
Contact:

Re: GOPOSTAL just contacted me directly...

Post by Nelsona » Sun Aug 28, 2011 4:08 pm

Thanks you for informations. I have now a kind of PHP script, indeed is out of my skills in configuring such things. I noticed that if I turn on anti-leeching, links posted in forums will be somehow altered. Turning off anti-leeching was also a bad ideea, a bunch of Bots downloaded files for hours creating lags (was enough nasty). Such a link sent in an e-mail was checked after a while, yes someone read our e-mails directly from service (security problem ?). The Bot handling this job was banned, now they are based on assuming bullshits because they cannot dig there. After a few weeks even months they decided finally to send something at destination as warning for these unchecked links in fact heavy to check the links.

I'm agree to try other PHP in order to keep automatic visits away from me. I'm thinking now a bit at something less usefull: to turn off downloads until I'll find a solution. I admit, I didn't pay too much attention at downloads, last time I was really busy to check ScriptedPawn code and to put up a code to tweak a bit the monsters. Since I saw that is a hard job to fix Bot support, I switched attention to other side, I decided to work at Monster support. Until now I saw a few improvements (imagine how many hours I studied what I did, including to avoid accesed nones).

Indeed if you want to help me with an improved PHP script, I'm agree to see it. Maybe I need to give you some control to server, if you know to configure it as should be.

User avatar
Nelsona
Posts: 998
Joined: Sun Mar 06, 2011 11:45 am
What is the middle number? (one, TWO, three): 2
ExtraAntiSpam: Blue
extraextraantispam: Yes
Location: Still at Keyboard
Contact:

Re: GOPOSTAL just contacted me directly...

Post by Nelsona » Sun Aug 28, 2011 4:19 pm

I forgot other thing to tell you. With redirect I didn't have any trouble because the adress for redirection was never writed somewhere. Of course there are different options, an enhanced UT user - player with a bit of knowledge can post it somewhere and later ... hang on.

Anyway if accidentally someone is accesing redirect Via any explorer will see the message according to 403 Error Forbidden area with a link to HomePage. If the redirect can be lagged by unauthorized acceses I can switch to other port and BYE problems.

User avatar
EvilGrins
Posts: 2653
Joined: Thu Jun 30, 2011 8:50 pm
What is the middle number? (one, TWO, three): 2
ExtraAntiSpam: Blue
extraextraantispam: Yes
NoMoreSpam: Silver
Location: Palo Alto, CA
Contact:

Re: GOPOSTAL just contacted me directly...

Post by EvilGrins » Sun Aug 28, 2011 7:05 pm

Gopostal never writes me anything.

*pouties*

User avatar
ZippityDooDa
Posts: 555
Joined: Sat Jul 17, 2010 8:53 am
What is the middle number? (one, TWO, three): 2
ExtraAntiSpam: Blue
Contact:

Re: GOPOSTAL just contacted me directly...

Post by ZippityDooDa » Sun Aug 28, 2011 7:12 pm

EvilGrins wrote:Gopostal never writes me anything.

*pouties*
This Sir, is a good thing....
11100000.11111111.11111111.00000000 /24

User avatar
Hermskii
Site Admin
Posts: 8500
Joined: Sun Jul 10, 2005 9:56 pm
What is the middle number? (one, TWO, three): 2
ExtraAntiSpam: Blue
extraextraantispam: Yes
NoMoreSpam: Silver
Location: Houston, Texas
Contact:

Re: GOPOSTAL just contacted me directly...

Post by Hermskii » Sun Aug 28, 2011 11:55 pm

As I mentioned in the first post of this topic, GOPO stepped up and did the right thing to pass on a real issue warnng. I appreciate it and once again give him credit for it since it is due. He earned it. I think he may be getting soft in his old age. Who knows. It doesn't matter. What does matter is that he continues this behavior because I too would do the same thing because it is and was the right thing to do.

EvilGrins should be smacked for talking smack too. LOL. GOPO has tried way too hard to assist you in your most recent issue I.E. monster won't attack you or your bots depending on which of your multiple UT installs you use when playing Monster Hunt. You EvilGrins have access to the one of the greatest MH coder minds alive and it seems to me like you are trying on purpose to piss him off or ignore his answers or both.

Just because GOPO and I have a beef with each other doesn't mean I want you or anyone else not to gain from his offerings. If you want to hate him, do it. If you want his help, get it. But don't ask for help and then mess around with the person who is trying to help you. That is wrong period.

Don't get all pissy with me either in regards to what all I just said. You know what I'm saying here so please try to help people who are trying to help you. If you can't help them help you, then don't ask for help at all.
~Peace~

Hermskii

User avatar
Sir Mandrake
Posts: 334
Joined: Thu Sep 27, 2007 12:05 pm
What is the middle number? (one, TWO, three): 3
extraextraantispam: No
NoMoreSpam: Silver
Location: Central, IL USA

Re: GOPOSTAL just contacted me directly...

Post by Sir Mandrake » Mon Aug 29, 2011 9:21 am

No, Gopo is a good guy...whatever beef he has with others is none of my business. He is, like Hermskii says, brilliant when it comes to all things UT.. not just MH. MH was his main project for a long while but its Flaws from the get go and constant demands from a lot of MH admins burned him out on it. He will still bend over backwards to help anyone with a problem if needed or if he sees a real problem.. like the reason he contacted Herm.

So lets thank GoPo for the heads up and start checking your computer and free email accounts for infections or hacks. Nelsona is currently trying to address his security issues with his file hosting.

Thanks GoPo! Image
Last edited by Sir Mandrake on Mon Aug 29, 2011 2:48 pm, edited 2 times in total.
--- END OF LINE ---

Image
Image

User avatar
Nelsona
Posts: 998
Joined: Sun Mar 06, 2011 11:45 am
What is the middle number? (one, TWO, three): 2
ExtraAntiSpam: Blue
extraextraantispam: Yes
Location: Still at Keyboard
Contact:

Re: GOPOSTAL just contacted me directly...

Post by Nelsona » Mon Aug 29, 2011 2:46 pm

No, Gopo is a good guy...whatever beef he has with others is none of my business. He is, like Hermskii says, brilliant when it comes to all things UT.. not just MH. MH was his main project for a long while but its Flaws from the get go and constant demands from a lot of MH admins burned him out on it. He will still bend over backwards to help anyone with a problem if needed or if he sees a real problem.. like the reason he contacted Herm.
Of course, I admit Gopo is ok, I'm not really interested in different discutions between Sir Hermskii, Gopo, Hook, GameTracker, etc. I worked a bit with Gopo, our first e-mails were a bit with argue character but later ok, until this crap with hosting, and extra delayed delivered e-mails by a company which already created some e-mail troubles for a work camarade porting an e-mail from OVI to Yahoo was a bit nasty, (reason - ID already existed and answer was something: Create other account !- how about data stored there ?) Finally problem was resolved like in magic. This is other subject anyway I don't spam forum with this.
Maybe Gopo will still receive delayed e-mails. I can stop hosting, bots will try to find adresses and will report again craps, I don't have any doubts about this, in fact those daemons involved in this e-mail party are based on presumptions but I didn't see what kind of infection is there or a behavior like X or Y, just simple presumptions without more logic.
Imagine that immediatelly I started scanning in each computer from my house and I found 0 infections. In fact I didn't see any kind of problem or malfunction, even I noticed a good working condition, no errors, nothing special to notice. Very late I realised where are from these troubles, indeed maybe I was angry a bit, when someone is downloading a file from my server I can hear a small beep. Well, suddenly server began a beep series pissing me off. Once entered in game I had 20% packets loss, so I accesed the ban-list and I banned all CRAWL series via Copy Paste from logs.

User avatar
Sir Mandrake
Posts: 334
Joined: Thu Sep 27, 2007 12:05 pm
What is the middle number? (one, TWO, three): 3
extraextraantispam: No
NoMoreSpam: Silver
Location: Central, IL USA

Re: GOPOSTAL just contacted me directly...

Post by Sir Mandrake » Mon Aug 29, 2011 2:59 pm

Nelsona,

Im not very savvy in PHP coding so i cant really write or modify code to meet security needs or fix security holes. Just look for updates to the script you are using now or find a better one with better security options.

Just make sure you have no open uploads which is a recipe for disaster in regards to botnet bots and malware replicating itself across the net. Open download is fine but its your bandwidth being chewed up.

As for your computers... Use COMBOFIX from bleepingcomputer.com , I can't stress enough how important this tool is for rootkit detection & removals.

I wish I had one of the original emails GoPo is talking about coming from you Nelsona. The one with the Link.... Some more investigation is needed on the link itself and the email headers to help figure where its coming from.
--- END OF LINE ---

Image
Image

User avatar
Nelsona
Posts: 998
Joined: Sun Mar 06, 2011 11:45 am
What is the middle number? (one, TWO, three): 2
ExtraAntiSpam: Blue
extraextraantispam: Yes
Location: Still at Keyboard
Contact:

Re: GOPOSTAL just contacted me directly...

Post by Nelsona » Tue Aug 30, 2011 12:07 am

Thank you, Sir !

Combofix installed, restore points created, scanning result - 0 problems.

Post Reply