Auto Refresh Bot Hack -VICTIM OF- Help Wanted

Get help with just about anything and everything NOT Warcraft related. Computers, consoles, phones, whatever!
Pointsharp
Newcomer
Posts: 12
Joined: December 25th, 2007, 7:01 pm

Auto Refresh Bot Hack -VICTIM OF- Help Wanted

Post by Pointsharp »

Can someone explain to me how this is exactly done with an automated switch that goes off, when someone is manually kicked from the game?

This is my experience:

The only Windows program I use, because Battle.net is so fucking stupid, I have to make an executable file and reconvert it with binaries... so I can program my own Auto Refresher. I use Mono Frame working tools and X11 to execute commands, and not through Boot Camp or Virtual PC to perform my Mac OS X or Linux OS. I use the Auto Refresh program I made in binaries.

Anyway, I was hosting this game. Usual shit... spoofs think they can join my game.

I ask this guy, he calls himself THEBURNINATOR with his spoof, what his real profile is. If it checks out, I let them stay. Basically I do have a ban list, so I'm making sure it's not one of those people.

Well, he says: "If you kick me you will die," or whatever. Usual idle threats.

I don't have a screen shot of everything, but I managed to tag another one of his also known as. He's got a Diablo account I think, too.

Anyway, long story short: When I kick him, AS SOON AS I KICK HIM, my auto refresh is fucking up. Stops working. I quit it, quit terminal and X11, and reboot my auto refresher. STILL not working. So I force quit it. Not working again. Then I exit the game, and decide to remake. See if that works... I look at my map folder and every single map is "unavailable." I forget the actual message, but it was somewhere along the lines of "cannot locate file in map directory." And I was like, shit... fucking weird. So I reboot Warcraft 3, and I try to create again. THIS TIME My refresher is going fucking nuts: Every single man and his dog is joining my game and leaving like my refresher. Then my refresher comes up with:

BORZ-DA-GANGSTA has joined the game.
BORZ-DA-GANGSTA has left the game.

For all the slots. This guy, whoever he is, hacked my map directory for custom lobby, then fucks up my auto refresher... and not only that, when I quit the second game I make, I lost my connection to Battle.net, and somehow I cannot access any of the American Servers.

Look, I'm no idiot when it comes to security and protection. But it was the damn speed of the hacking that was damn impressive: it was automatic. There's got to be some permissions that are being exploited somewhere through script: this was no brute force.

Should I attempt to get help from Blizzard? I don't have any real information to give to point to the culprit, because everything was spoofed, and even my anti-spoof wasn't working.
Last edited by Pointsharp on May 1st, 2009, 6:59 am, edited 1 time in total.
User avatar
Hillo
Forum Staff
Posts: 615
Joined: June 9th, 2008, 9:51 am
Location: Finland

Re: Auto Refresh Bot Hack

Post by Hillo »

GG-pwnt by Warden.
Image
Pointsharp
Newcomer
Posts: 12
Joined: December 25th, 2007, 7:01 pm

Re: Auto Refresh Bot Hack

Post by Pointsharp »

Hillo wrote:GG-pwnt by Warden.
This has nothing to do with Warden. Not exactly a helpful comment...
Pointsharp
Newcomer
Posts: 12
Joined: December 25th, 2007, 7:01 pm

Re: Auto Refresh Bot Hack

Post by Pointsharp »

Update: it seems even when I shut down Mono Frameworks, Terminal and X11, it still does the hack.

I managed to close slots and try a game for play with the hack, and every 3 seconds, the game showed everyone in the game lagging, with the "Waiting for players..." box.

As soon as I quit the game got another lost connection, and cannot access the server I was using.

There were all sorts of different user names, but I recognized a few the second time around, from the first time. So it seems that either it's a bunch of bots, or it's one bot that's spoofing the names. It's in overdrive anyway, because as soon as they connect, they disconnect. It's essentially a variation of a DDoS attack.

What's interesting is that I don't really think there is a way to prevent a Denial of Service attack... unless I contact blizzard about it.

Has anyone got any tips how to trace whoever is doing it? All I've got to go on are spoofed names.

Oh, and it has to be Mac OS X compatible, please.
User avatar
Bartimaeus
Tyrannical Drama Queen
Posts: 4430
Joined: November 19th, 2007, 5:05 am
Been thanked: 2 times

Re: Auto Refresh Bot Hack -VICTIM OF- Help Wanted

Post by Bartimaeus »

I would suggest PMing Dekar, as I think he'd be the only one with experience in this sort of thing.

And Hillo...did you read what he said at all?
User avatar
Senethior459
Forum Staff
Posts: 2618
Joined: June 2nd, 2007, 6:53 pm
Title: I Just Lost the Game

Re: Auto Refresh Bot Hack -VICTIM OF- Help Wanted

Post by Senethior459 »

Try running a program to log all your connections, so you can see where they're coming from. If you get an IP, you can probably report them to Blizzard; they're using their game as a means of attacking people.
My Warcraft III Tool Collection
If you want to chat/game with me:
Blizzard: Senethior459#1962
Discord: Kyle#7409
Steam: Spacekidkyle
Pointsharp
Newcomer
Posts: 12
Joined: December 25th, 2007, 7:01 pm

Re: Auto Refresh Bot Hack -VICTIM OF- Help Wanted

Post by Pointsharp »

Sorry for the double posts, guys. But I had to show an update to the situation by updating the last post sent, so I could bump the topic to get replies.
Bartimaeus wrote:I would suggest PMing Dekar, as I think he'd be the only one with experience in this sort of thing.

And Hillo...did you read what he said at all?
OK, I will PM him.
Senethior459 wrote:Try running a program to log all your connections, so you can see where they're coming from. If you get an IP, you can probably report them to Blizzard; they're using their game as a means of attacking people.
Can you give an example? I haven't had to do this on Mac OS X before.
User avatar
Dekar
Forum Drunk
Posts: 2899
Joined: January 17th, 2007, 4:22 pm
Has thanked: 1 time
Been thanked: 1 time

Re: Auto Refresh Bot Hack -VICTIM OF- Help Wanted

Post by Dekar »

Ohh right, WC3 uses udp which allows IP spoofing and might could do nasty stuff... But corrupting your map folder? In a way it works again later? Sounds more like a bug with wc3 or the refresher. But it really could be a ddos attack and since the game traffic is afaik udp only you can't trace him. Not even Blizzard could, I read an article about tracing ip-spoofed traffic about a year ago and it said you'd have no chance if you're a normal guy. Hows X11 on mac? I always read it'd be the hell XD Have you tried changing your IP (If you have dynamic IP) or log in with a different bnet account using a different port? If you have a static IP and this stuff goes on you should get a Linux machine with applied tarpit patches, that could surely stop him. But as a first measure you should change the port! good luck ;)
Don't pm me with Warcraft questions, this is a forum so just make a post!
In the world of thinking we are all immigrants. -Robert Nozick
Pointsharp
Newcomer
Posts: 12
Joined: December 25th, 2007, 7:01 pm

Re: Auto Refresh Bot Hack -VICTIM OF- Help Wanted

Post by Pointsharp »

Dekar wrote:Ohh right, WC3 uses udp which allows IP spoofing and might could do nasty stuff... But corrupting your map folder? In a way it works again later? Sounds more like a bug with wc3 or the refresher. But it really could be a ddos attack and since the game traffic is afaik udp only you can't trace him. Not even Blizzard could, I read an article about tracing ip-spoofed traffic about a year ago and it said you'd have no chance if you're a normal guy. Hows X11 on mac? I always read it'd be the hell XD Have you tried changing your IP (If you have dynamic IP) or log in with a different bnet account using a different port? If you have a static IP and this stuff goes on you should get a Linux machine with applied tarpit patches, that could surely stop him. But as a first measure you should change the port! good luck ;)
The point is, it doesn't even matter if you change ports, cancel the refresher, or force quit every single program: allowing Mono Frameworks to have a .exe file work with the
system is at the moment, allowing the hack on the refresher to never stop, even if you manually quit tasks (processes) in the Mac OS X equivalent of task manager, Activity Monitor.

The corruption on the map folder is file specific: any files in the directory are corrupted. I simply removed the corrupted files, and inputted copies of them back into the correct folders.

X11 is a damn pain... I usually manually boot the refresher through terminal when it starts to constantly crash. I had a static for the connection I had, no dynamic here.

Yeah, sure I could play Warcraft 3 on Linux and use Tarpit... but I want the damn status quo, and no one is going to change my personal preferences to how I play the game and what system I run it on. I am not compromising my system while I play the game to this... anti-social time-waster.

I have a port range, so if one is blocked, it goes on the other. 6112-6119. All are blocked during this process, because it's Warden that's doing the CD key or IP banning, not this guy. He's manipulating Warden using a DDoS attack. Warden reacts to the threat, and kills it. Unfortunately I'm the target, due to the laser pointer being homed in on me, due to this hacker.

I can spoof my own IP (I also have many different computers I can use, and I'm in many locations), and I have many CD keys... I'm no slouch on Battle.net.

Are there any Mac Experts on here? Maybe I could scrap the auto refresh I made, and find a more secure project for Mac OS X that's being worked on? I understand there's some Dutch project in the works, but Java script is failing to work for Mac OS X for the program: something about the drivers.

Again, the problem isn't accessing Battle.net. The problem is, this fucker finds me and hacks me, so I get banned, no matter what I do, so it's either an infection, or he's tracking me somehow.

So basically in a summary, the guy is forcing me to be unable to host without getting banned. I tried deleting all my auto refresh files the other day... I even re-installed and removed X11 and Mono Frameworks as well at alt.binaries (and any other tools I used to make it), etc. And the thing STILL was infiltrating my hosts.

Shall I run a motion capture of the hack? See if you can watch it, then whatever information you get, do something about it?
Kugrox
Member
Posts: 55
Joined: March 9th, 2008, 8:13 pm
Title: Demonoid Hacker
Location: Ask me personally.

Re: Auto Refresh Bot Hack -VICTIM OF- Help Wanted

Post by Kugrox »

I know I'm no expert but a lot of times the answer is so simple that professionals dont even notice it. Something as simple as a typo in some cases. So why not treat this like any other infection? If you havn't already tried hijacker and or some anti viruses and also if hes using Warden then log the Ip, ps blizzard will help you.