We were recently attacked

Hello, Multi Theft Auto community, we were recently attacked and are still currently defending against a server hacking attempt and we recommend you to ban and watch these users:

iNu9aiF logged in as 'nu9aif' (IP: 109.161.194.173 Serial: 9A461B36D284577F18C8148B874AB252)

#ff1000|S.s|SoRa<3SaRa logged in as 'sora' (IP: 94.96.5.117 Serial: F0441377B8B78A749549A1C84DBAA3B2)

We will give you more information whilst we defend against this attack.

109.161.194.173 is from bahrain.

For the second one we don't know still, ban those serials in your servers.

They literally CRACKED our Password from first and stealed all of the resources via Resedit.

IF YOU SEE ONE OF THESE NICKNAMES BELOW, BAN THAT USER NO MATTER WHAT.

[راعÙ? اÙ?سÙ?رÙ?ر] iNu9aiF

[عضÙ?] iProoooof^zxD

Then why did you leave resedit unprotected? You can make resedir only allow certain accounts for access.

Then why did you leave resedit unprotected? You can make resedir only allow certain accounts for access.

RESEDIT was manually added by them.

I don't get whats going on, maybe you should explain. For everyone.

This is more of a louzy protection other then hack attempt, i mean just protect every resource that has the rights to mess with resources, its common sense to protect something like that!

The hackers gained admin rights on that server and messed with the ACL, from what I've heard.

This may be related to a security vulnerability in MTA or just poor scripting/ACL.

My money is on the latter.

This may be related to a security vulnerability in MTA or just poor scripting/ACL.

ACL is the default one for now.

This may be related to a security vulnerability in MTA or just poor scripting/ACL.

ACL is the default one for now.

Or a hoster's fault.

Hell.

If this guy could upload RESEDIT on your server then it is a host related problem, but if he had access to your files why didn't he steal them directly without using a resource?! I mean he also cracked your server password + admin rights, so he changed something in ACL, this shows that he had total control over your host.

He didn't have "total-control" at all.

Hello once more.

We found the hackers which Hacked NPG.

iNu9aiF is an owner of GTA - AR, also known as GTA - ARAB ( http://www.gta-arab.com/gt/ ) server or

[GTA-AR]!Hajwalah and Drift Ksa Saudi http://www.Gta-Arab.com~~~

and the |S.s|SoRa is an Moderator of GTA - AR.

We recommend to BAN their serials.

Oh, and also:

http://www.gta-arab.com/gt/showthread.php?t=33644

and the Owner:

http://www.gta-arab.com/gt/showthread.php?t=20827

Also, we recommend not to play on their servers due your own security,

Regards,

The NPG Team

Were you able to find out how they did it, so that they can't do it again?

Were you able to find out how they did it, so that they can't do it again?

Hoster's fault. I had an attack, seems that they attacked FTPd service.

Damn arabic children.

This is exactly what happened:

ACL admin was given to 'resource.*' and also admin was given to two users.

They managed to be able to access the runcode resource to execute commands from outside the server, even when all [web] resources were removed and the server was restarted. We removed the resource.* rights and figured that they were using getServerPassword to retrieve the server password, enter the server and give themselves administrator rights.

Thank fully they did not acquire anything but the 'pride' in hacking out server, so they didn't get any resources.

We hosted by No1Servers and we think / we were told that it was because of 'malformed packets.

Currently I am trying to analyze what was going on, but it wasn't a malformed packet for sure.

Looking through the "runcode" resource I managed to find stuff that explains a LOT.

Currently I am trying to analyze what was going on, but it wasn't a malformed packet for sure.

Looking through the "runcode" resource I managed to find stuff that explains a LOT.

They somehow got the password. And here it can be hoster's fault.

Actually its the server admin's fault.

Putting all resources on admin is a very, very bad idea.

I guess i got fans , since this SoRa guy started use mta like 6 months ago and i've been using it for like 1.5 years. Don't get confused with me and this 13 year old named |SA|SoRa.

Hello once more.

We found the hackers which Hacked NPG.

iNu9aiF is an owner of GTA - AR, also known as GTA - ARAB ( http://www.gta-arab.com/gt/ ) server or

[HD]kSA~S3D~~[Hajwalah^7rb~falah]~S3D~KSA[HD]/999~b7~GTA AR~~al3grb...

They are using other server's tags, like you see, because they are used to be such kids.

Second one, Sora+ is an Moderator of GTA - AR.

We recommend to BAN their serials.

Oh, and also:

memberlist.php?mode=viewprofile&u=55665

is equal to:

http://www.gta-arab.com/gt/showthread.php?t=33644

and the Owner:

http://www.gta-arab.com/gt/showthread.php?t=20827

Also, we recommend not to play on their servers due your own security,

Regards,

The NPG Team

Dude you're making false statements for f*cks sake , i'm not that SoRa guy who is 13 years old , i make DM maps. Think before you post something here , now you are blaming me for your poorly scripted server? Secondly , i'm american , not arabic..

Here is something i wrote for you , incase you didn't read it you will read it here.

And also , i host a Mapping server for mapping / script testing needs. I don't own any SA clan or something.

Sorry for the offtopic, but "sora+", do you use or did used the nickname below ?

|S.s|SoRa<3SaRa

That guy uses the nick as me , he's been using it for 5 months as i can remember. I've been playing mta for a whole year now so i'm pretty much original , even though i got so many DM / DD maps.

Don't get confused with me and that 13 year old , thanks ^^

-Edit-

Then i found one dumbf* :

viewtopic.php?f=5&t=39055&p=399058#p399058

#ff1000|S.s|SoRa<3SaRa logged in as 'sora' (IP: 94.96.5.117 Serial: F0441377B8B78A749549A1C84DBAA3B2)

Don't help to this :~.

I'm not even the "hacker" you're thinking of , don't believe me? Checkout my DM maps made for ffs , that hacker can't map.

To be more specific , i made 19 maps yet for DM.

Here are some , incase you don't believe me..

Oblivion:

Passion: https://www.youtube.com/watch?v=_EWFi16mlGE

Electro city: https://www.youtube.com/watch?v=0CxSOCZjZx8

Listen to your heart: https://www.youtube.com/watch?v=Ay2X9Fz4 ... re=related

It's a new generation: https://www.youtube.com/watch?v=O4-02sZE ... re=related

Epicity: https://www.youtube.com/watch?v=F_egVG5y6yc

Train system: https://www.youtube.com/watch?v=wKncL20V ... re=related

Not afraid: https://www.youtube.com/watch?v=fpkuhkG3 ... re=related

Eternal Universe:

Revolutionary Civilization(latestmap):

i can't believe people get confused with "sora+"..

I know this guy, sora+ is not known as SoRa. I can remember this sora+, I did join FFS server, I got his message "joinquit" it says sora+ from US.

That guy uses the nick as me , he's been using it for 5 months as i can remember. I've been playing mta for a whole year now so i'm pretty much original , even though i got so many DM / DD maps.

Don't get confused with me and that 13 year old , thanks ^^

Thanks for your feedback, post fixed.