Rodan Posted December 2, 2022 Report Posted December 2, 2022 I setup my server a little bit ago and now i keep getting ip attacked so I just had to shut down what seems like a fun game. i had big plans of a big world but now afraid to set the game server back up the attacks have stopped now that i have taken down the server and will not be recommending this game until they can protect the people on it . so sorry and so disappointed. to all that play please keep a eye on your connection hopefully they can find the person responsible
l33tmaan Posted December 2, 2022 Report Posted December 2, 2022 You got any more information to back this up?
Rodan Posted December 2, 2022 Author Report Posted December 2, 2022 yeah my isp is the one that informed me and have a list of ip that tried to log into my server 1
dakko Posted December 2, 2022 Report Posted December 2, 2022 Oh no! I don't know how much Tyron reads this area of the forum. If you post your problem over in Vintarian Support, you may have a better chance of getting the help that you need. Best wishes! I hope they get you up and running safely very soon.
Rodan Posted December 3, 2022 Author Report Posted December 3, 2022 Working with isp to resolve the issue hopefully I can get it back online would love to start moding and building my server
Rodan Posted December 3, 2022 Author Report Posted December 3, 2022 Nothing happened isp caught it in time just wish it didn’t show your ip to people when they try to log into your server that is how they got my server ip
dakko Posted December 3, 2022 Report Posted December 3, 2022 Considering how many people are playing VS this cannot be the first time this has happened to someone. I'm willing to bet that @Tyron has some solution or recommendation so that you can play without being attacked.
BenLi Posted December 3, 2022 Report Posted December 3, 2022 Just to make sure I understand the problem... Your ISP is reporting you that malicious hosts in Internet are trying to access your server. Right? All because your server is exposed to the Internet - so that other, non-malicious, users can access your server. Right? And as you expose the server by its alphanumeric address like server.vintagestory.at - the malicious users access it by getting its numeric IP address like 10.20.30.40 from DNS. Right? All described above is perfectly normal in Internet: once you expose your server for normal users to access - also malicious users access it, trying to breach the SW and run malicious code on your own server and/or steal info from the server. This is nature of open Internet network. The only complain is when hackers breach the SW and make malicious things. Numeric IP address is accessible via DNS mechanism which translates alphanumeric address you expose to your players, to numeric IP. Otherwise none can access your server as they don't know any address. This is how Internet works. You publish the server name like server.vintagestory.at, users connect to it while their SW which only understands the numbers - translate it with the DNS. Now the questions for detailing the problem to @Tyron: Did they succeed to breach VS Server SW? Did they run their malicious code on the server itself to gain control over the server? Did they get any internal information like users list, passwords etc? One deeper technical question: Does the VS Server code runs in user space? If so - even breaching the VS SW will not make any harm as it is user space and not administrator space compromising the VM that runs the VS server... I would recommend you to: 1) set a password for accessing the server 2) make whitelist for users that may play on your server 3) define customized TCP port number that is exposed only to the guys in the whitelist PS My company' site is scanned by hackers in average of 300 tries in a minute. I.e. accessed like in the report of your ISP. This is not bad by itself. It is much worse if the server has a breach so that this scanning will cause run THEIR code on YOUR server. Until then - port scanning is harmless. 4
Tyron Posted December 4, 2022 Report Posted December 4, 2022 What @BenLi wrote Any service you make available to the broader internet is vulnerable to attack attempts. What matters more is whether they were successful or not. You can also run your VS server in a very confined space (e.g. docker) to confine any break-ins. But as a broad word of advice - you can disable server advertising, change the default port to another one and enable whitelisting. Also I am not aware of any opened vulnerabilities on our game server.
Rodan Posted December 5, 2022 Author Report Posted December 5, 2022 No problem. They never got in to the system. I have hosted games before and never had any trouble in doing so or being attacked. just not going to put it on a server list as soon as I figure out how to invite friends without the server being listed going to give it a try when I get more time . Thanks to all that have posted and the community here seems awesome I will continue to enjoy the game just not going to list it. Hopefully not listening it will stop the ip scanning and thanks to the community 2
Recommended Posts