Can someone explain to me how this is exactly done with an automated switch that goes off, when someone is manually kicked from the game?
This is my experience:
The only Windows program I use, because Battle.net is so fucking stupid, I have to make an executable file and reconvert it with binaries... so I can program my own Auto Refresher. I use Mono Frame working tools and X11 to execute commands, and not through Boot Camp or Virtual PC to perform my Mac OS X or Linux OS. I use the Auto Refresh program I made in binaries.
Anyway, I was hosting this game. Usual shit... spoofs think they can join my game.
I ask this guy, he calls himself THEBURNINATOR with his spoof, what his real profile is. If it checks out, I let them stay. Basically I do have a ban list, so I'm making sure it's not one of those people.
Well, he says: "If you kick me you will die," or whatever. Usual idle threats.
I don't have a screen shot of everything, but I managed to tag another one of his also known as. He's got a Diablo account I think, too.
Anyway, long story short: When I kick him, AS SOON AS I KICK HIM, my auto refresh is fucking up. Stops working. I quit it, quit terminal and X11, and reboot my auto refresher. STILL not working. So I force quit it. Not working again. Then I exit the game, and decide to remake. See if that works... I look at my map folder and every single map is "unavailable." I forget the actual message, but it was somewhere along the lines of "cannot locate file in map directory." And I was like, shit... fucking weird. So I reboot Warcraft 3, and I try to create again. THIS TIME My refresher is going fucking nuts: Every single man and his dog is joining my game and leaving like my refresher. Then my refresher comes up with:
BORZ-DA-GANGSTA has joined the game.
BORZ-DA-GANGSTA has left the game.
For all the slots. This guy, whoever he is, hacked my map directory for custom lobby, then fucks up my auto refresher... and not only that, when I quit the second game I make, I lost my connection to Battle.net, and somehow I cannot access any of the American Servers.
Look, I'm no idiot when it comes to security and protection. But it was the damn speed of the hacking that was damn impressive: it was automatic. There's got to be some permissions that are being exploited somewhere through script: this was no brute force.
Should I attempt to get help from Blizzard? I don't have any real information to give to point to the culprit, because everything was spoofed, and even my anti-spoof wasn't working.
Auto Refresh Bot Hack -VICTIM OF- Help Wanted
-
- Newcomer
- Posts: 12
- Joined: December 25th, 2007, 7:01 pm
Auto Refresh Bot Hack -VICTIM OF- Help Wanted
Last edited by Pointsharp on May 1st, 2009, 6:59 am, edited 1 time in total.
-
- Forum Staff
- Posts: 615
- Joined: June 9th, 2008, 9:51 am
- Location: Finland
-
- Newcomer
- Posts: 12
- Joined: December 25th, 2007, 7:01 pm
Re: Auto Refresh Bot Hack
This has nothing to do with Warden. Not exactly a helpful comment...Hillo wrote:GG-pwnt by Warden.
-
- Newcomer
- Posts: 12
- Joined: December 25th, 2007, 7:01 pm
Re: Auto Refresh Bot Hack
Update: it seems even when I shut down Mono Frameworks, Terminal and X11, it still does the hack.
I managed to close slots and try a game for play with the hack, and every 3 seconds, the game showed everyone in the game lagging, with the "Waiting for players..." box.
As soon as I quit the game got another lost connection, and cannot access the server I was using.
There were all sorts of different user names, but I recognized a few the second time around, from the first time. So it seems that either it's a bunch of bots, or it's one bot that's spoofing the names. It's in overdrive anyway, because as soon as they connect, they disconnect. It's essentially a variation of a DDoS attack.
What's interesting is that I don't really think there is a way to prevent a Denial of Service attack... unless I contact blizzard about it.
Has anyone got any tips how to trace whoever is doing it? All I've got to go on are spoofed names.
Oh, and it has to be Mac OS X compatible, please.
I managed to close slots and try a game for play with the hack, and every 3 seconds, the game showed everyone in the game lagging, with the "Waiting for players..." box.
As soon as I quit the game got another lost connection, and cannot access the server I was using.
There were all sorts of different user names, but I recognized a few the second time around, from the first time. So it seems that either it's a bunch of bots, or it's one bot that's spoofing the names. It's in overdrive anyway, because as soon as they connect, they disconnect. It's essentially a variation of a DDoS attack.
What's interesting is that I don't really think there is a way to prevent a Denial of Service attack... unless I contact blizzard about it.
Has anyone got any tips how to trace whoever is doing it? All I've got to go on are spoofed names.
Oh, and it has to be Mac OS X compatible, please.
-
- Tyrannical Drama Queen
- Posts: 4430
- Joined: November 19th, 2007, 5:05 am
- Been thanked: 2 times
Re: Auto Refresh Bot Hack -VICTIM OF- Help Wanted
I would suggest PMing Dekar, as I think he'd be the only one with experience in this sort of thing.
And Hillo...did you read what he said at all?
And Hillo...did you read what he said at all?
-
- Forum Staff
- Posts: 2618
- Joined: June 2nd, 2007, 6:53 pm
- Title: I Just Lost the Game
Re: Auto Refresh Bot Hack -VICTIM OF- Help Wanted
Try running a program to log all your connections, so you can see where they're coming from. If you get an IP, you can probably report them to Blizzard; they're using their game as a means of attacking people.
My Warcraft III Tool Collection
If you want to chat/game with me:
Blizzard: Senethior459#1962
Discord: Kyle#7409
Steam: Spacekidkyle
If you want to chat/game with me:
Blizzard: Senethior459#1962
Discord: Kyle#7409
Steam: Spacekidkyle
-
- Newcomer
- Posts: 12
- Joined: December 25th, 2007, 7:01 pm
Re: Auto Refresh Bot Hack -VICTIM OF- Help Wanted
Sorry for the double posts, guys. But I had to show an update to the situation by updating the last post sent, so I could bump the topic to get replies.
OK, I will PM him.Bartimaeus wrote:I would suggest PMing Dekar, as I think he'd be the only one with experience in this sort of thing.
And Hillo...did you read what he said at all?
Can you give an example? I haven't had to do this on Mac OS X before.Senethior459 wrote:Try running a program to log all your connections, so you can see where they're coming from. If you get an IP, you can probably report them to Blizzard; they're using their game as a means of attacking people.
-
- Forum Drunk
- Posts: 2899
- Joined: January 17th, 2007, 4:22 pm
- Has thanked: 1 time
- Been thanked: 1 time
Re: Auto Refresh Bot Hack -VICTIM OF- Help Wanted
Ohh right, WC3 uses udp which allows IP spoofing and might could do nasty stuff... But corrupting your map folder? In a way it works again later? Sounds more like a bug with wc3 or the refresher. But it really could be a ddos attack and since the game traffic is afaik udp only you can't trace him. Not even Blizzard could, I read an article about tracing ip-spoofed traffic about a year ago and it said you'd have no chance if you're a normal guy. Hows X11 on mac? I always read it'd be the hell XD Have you tried changing your IP (If you have dynamic IP) or log in with a different bnet account using a different port? If you have a static IP and this stuff goes on you should get a Linux machine with applied tarpit patches, that could surely stop him. But as a first measure you should change the port! good luck
Don't pm me with Warcraft questions, this is a forum so just make a post!
In the world of thinking we are all immigrants. -Robert Nozick
-
- Newcomer
- Posts: 12
- Joined: December 25th, 2007, 7:01 pm
Re: Auto Refresh Bot Hack -VICTIM OF- Help Wanted
The point is, it doesn't even matter if you change ports, cancel the refresher, or force quit every single program: allowing Mono Frameworks to have a .exe file work with theDekar wrote:Ohh right, WC3 uses udp which allows IP spoofing and might could do nasty stuff... But corrupting your map folder? In a way it works again later? Sounds more like a bug with wc3 or the refresher. But it really could be a ddos attack and since the game traffic is afaik udp only you can't trace him. Not even Blizzard could, I read an article about tracing ip-spoofed traffic about a year ago and it said you'd have no chance if you're a normal guy. Hows X11 on mac? I always read it'd be the hell XD Have you tried changing your IP (If you have dynamic IP) or log in with a different bnet account using a different port? If you have a static IP and this stuff goes on you should get a Linux machine with applied tarpit patches, that could surely stop him. But as a first measure you should change the port! good luck
system is at the moment, allowing the hack on the refresher to never stop, even if you manually quit tasks (processes) in the Mac OS X equivalent of task manager, Activity Monitor.
The corruption on the map folder is file specific: any files in the directory are corrupted. I simply removed the corrupted files, and inputted copies of them back into the correct folders.
X11 is a damn pain... I usually manually boot the refresher through terminal when it starts to constantly crash. I had a static for the connection I had, no dynamic here.
Yeah, sure I could play Warcraft 3 on Linux and use Tarpit... but I want the damn status quo, and no one is going to change my personal preferences to how I play the game and what system I run it on. I am not compromising my system while I play the game to this... anti-social time-waster.
I have a port range, so if one is blocked, it goes on the other. 6112-6119. All are blocked during this process, because it's Warden that's doing the CD key or IP banning, not this guy. He's manipulating Warden using a DDoS attack. Warden reacts to the threat, and kills it. Unfortunately I'm the target, due to the laser pointer being homed in on me, due to this hacker.
I can spoof my own IP (I also have many different computers I can use, and I'm in many locations), and I have many CD keys... I'm no slouch on Battle.net.
Are there any Mac Experts on here? Maybe I could scrap the auto refresh I made, and find a more secure project for Mac OS X that's being worked on? I understand there's some Dutch project in the works, but Java script is failing to work for Mac OS X for the program: something about the drivers.
Again, the problem isn't accessing Battle.net. The problem is, this fucker finds me and hacks me, so I get banned, no matter what I do, so it's either an infection, or he's tracking me somehow.
So basically in a summary, the guy is forcing me to be unable to host without getting banned. I tried deleting all my auto refresh files the other day... I even re-installed and removed X11 and Mono Frameworks as well at alt.binaries (and any other tools I used to make it), etc. And the thing STILL was infiltrating my hosts.
Shall I run a motion capture of the hack? See if you can watch it, then whatever information you get, do something about it?
-
- Member
- Posts: 55
- Joined: March 9th, 2008, 8:13 pm
- Title: Demonoid Hacker
- Location: Ask me personally.
Re: Auto Refresh Bot Hack -VICTIM OF- Help Wanted
I know I'm no expert but a lot of times the answer is so simple that professionals dont even notice it. Something as simple as a typo in some cases. So why not treat this like any other infection? If you havn't already tried hijacker and or some anti viruses and also if hes using Warden then log the Ip, ps blizzard will help you.