Jump to content

[News] Alive and Kicking

Blokker_1999

By Blokker_1999
in News

Recommended Posts

  • Replies 82
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Guest

Guest

Posted
Posted

Keep it real man! :drinking: heh.. good work do you guys do puplic beta now? and then give us updates =) but anyway I did think u guys are slowly fatass when every else multiplayer get finished but u stucked alpha now i know i were wrong... RESPECT for you!!!! 8)

Link to comment
lil Toady Shooter

lil Toady

Posted
Posted
not to talk about ileagal activity or anything but i suggest you should remove the telnet option just to easy for people to hack...

:shock: to make it easyer for people to hack? what for are all the anit-cheat systems then? maybe i understood something wrong? :?

Link to comment
  • MTA Team
Blokker_1999 Shooter

Blokker_1999

Posted
  • Author
  • MTA Team
Posted

So you don't know what telnet is or how it works.

As you can see here, we release our admin protocol. So anyone can make his own admin client. The point of the telnet interface is to create an easy to use text system to remotly control the server. So instead of writing a special rcon client that accepts text input and where we would have to basicly convert all text in/output before sending it we decided to do it in the server itself and have it accept telnet conncetions.

Link to comment
Guest

Guest

Posted
Posted

lol still put it this way if they know the ip and telnet runs on port 23 there are plenty of cracking programs etc out there to crack the pass once they do that they basicly telnet to it and have admin powers... or are u saying u have your own built in telnet client that u can change the port it runs on and has extra security...?

Link to comment
  • MTA Team
Blokker_1999 Shooter

Blokker_1999

Posted
  • Author
  • MTA Team
Posted

If someone is smart enough to write a program that can crack the password that way, then they can do the same with the released admin protocol, in the end it does not matter.

But mind you that cracking passwords (well basicly trying every single one cause you would need to brute force it) is something that will take a verry long time. Especially since you would have to wait for the result. Brute forcing something on a local machine goes with (on my system) 5 million attempts per minute and from the moment you have a password of 6or more letters it already takes years to finish it. Now imagine it over the internet where one single attempt takes at least 30ms (ping of 15 which is extremely low) cause you would need to send the information and wait for the return to see if it is correct. That would mean less then 100 attempts per minute. compare that to 5 million on a local machine.

And off course you could always build in some protection like 5 failed attempts == ban

Link to comment
Harry Mack

Harry

Posted
Posted
lol still put it this way if they know the ip and telnet runs on port 23 there are plenty of cracking programs etc out there to crack the pass once they do that they basicly telnet to it and have admin powers... or are u saying u have your own built in telnet client that u can change the port it runs on and has extra security...?

Authentication should (and i guess is) encrypted anyways. Telnet just sends plaintext commands over a connection, but that does not matter. Encrypting that commands will not secure the connection any more as using a plaintext connection. The authentication of the admin service is the only problem that matters at thi point.

Link to comment
Oli Jacker

Oli

Posted
Posted

The way I wrote the telnet stuff was that u connect to the admin port using your telnet client. Then the server waits for either your username to be input OR you to tell the server you are an "admin client". If you are using telnet then you need to put in your username, then you use the "login" command to login to admin and start using admin commands for the level for that user. This would be almost impossible to crack as A) you need both the right username AND password for that username. and B) the server will ban you after 5 incorrect attempts. I'd be very impressed if someone found a username and password combination that was in that servers specific users config file with a decent admin level in 5 atempts.

Link to comment
Guest

Guest

Posted
Posted

yes but the fact that its been on alpahs for such a long time, will mean it probly be quite long on betas aswell, or is beta going to be short in this case...

Link to comment
orappa Hawg

orappa

Posted
Posted
yes but the fact that its been on alpahs for such a long time, will mean it probly be quite long on betas aswell, or is beta going to be short in this case...

Beta will be a lot shorter because we're testing features as they're adding them to the alphas, and a lot of bugs have been fixed already.

Link to comment
Guest
This topic is now closed to further replies.
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...