Recent Malicious Activity

Status
Not open for further replies.
Thanks for the advice.

Hacks are common even with big corporations, take Yahoo as an example
 
If you’re a server owner, you have a responsibility to keep your systems secure. You’re operating in a scene where people will jump onto any exploit they can and the onus is absolutely on you to keep these exploits to a minimum.
Click to expand...

So if the onus is on them, are they gonna be held accountable for hyping up and launching an unsecured server putting their entire playerbase (not to mention our community they advertise on) at risk? I wouldn't trust these people launching a server here ever again lol.
 
  • Like
Reactions: jet kai
7.1 Malicious Conduct
Malicious conduct may lead to severe account action. The malicious conduct can vary from denial of service attacks, group/mass spamming, registering an account with intent to cause trouble, and malicious software. This also includes providing software to engage in such acts.
Click to expand...

:aware: uwu

i would assume events like this have happened many times throughout rune-servers history (dunno for sure tho) i'd be interested to know how it was handled in the past, as consistency is important here
 
  • Like
Reactions: jet kai
Thakiller said:
So if the onus is on them, are they gonna be held accountable for hyping up and launching an unsecured server putting their entire playerbase (not to mention our community they advertise on) at risk? I wouldn't trust these people launching a server here ever again lol.
Click to expand...

Mistakes happen, companies get hacked all the time. In this case, it was a bit of human error, but nothing too egregious. They disclosed the fact that they had been compromised and they were relatively timely about it. I don't think there is any point in punishing them.

I don't want to start the precedent, really. It'll get messy quick if we start banning people for 0-day exploits in IPB and stuff like that.
 
Omar said:
Mistakes happen, companies get hacked all the time. In this case, it was a bit of human error, but nothing too egregious. They disclosed the fact that they had been compromised and they were relatively timely about it. I don't think there is any point in punishing them.

I don't want to start the precedent, really. It'll get messy quick if we start banning people for 0-day exploits in IPB and stuff like that.
Click to expand...

Well, the bigger issue that Scu mentioned yesterday is that it's actually 5 servers that are affected, I figured it was just the 3 posted in the OP of this thread. If it was still in the 1-3 servers affected range, they absolutely should be disallowed from advertising any RSPS here in the future. That's what having responsibilities means, it means you face consequences if you don't carry them out. This situation is more unique than that though it seems.

But with the number at 5 servers and possibly more we just don't know of, it speaks to there being a larger issue that the RSPS owners were in much less control of than originally thought (IPB exploit they couldn't do anything about or w.e). Makes it harder to ensure the "onus" *really is* on the RSPS owners in a situation like this.
 
Wow, actually had XLSTART on my computer. Didn't download any of the servers listed though, so even if you didn't log in to these 3 servers you might still wanna check.
 
Thakiller said:
Well, the bigger issue that Scu mentioned yesterday is that it's actually 5 servers that are affected, I figured it was just the 3 posted in the OP of this thread. If it was still in the 1-3 servers affected range, they absolutely should be disallowed from advertising any RSPS here in the future. That's what having responsibilities means, it means you face consequences if you don't carry them out. This situation is more unique than that though it seems.

But with the number at 5 servers and possibly more we just don't know of, it speaks to there being a larger issue that the RSPS owners were in much less control of than originally thought (IPB exploit they couldn't do anything about or w.e). Makes it harder to ensure the "onus" *really is* on the RSPS owners in a situation like this.
Click to expand...

Can't really ban people for 0 day IPB exploits like Omar said, this has been happening for years and the individual that does this is still allowed to own and advertise his server. That is the issue here really. Instead of blaming people the onus should be on the community to spread good security information and yeah still on owners of course but still... When I get time I will make a thread regarding this, but for now people can just view what I posted on the first page unless someone else beats me to making a thread.

2Wavy said:
Wow, actually had XLSTART on my computer. Didn't download any of the servers listed though, so even if you didn't log in to these 3 servers you might still wanna check.
Click to expand...

OS-Scape is now fully secure and this won't happen again, the hacker is a 1 trick pony so if you're not using IPB or he doesn't manage to hack an account from previous data leaks or bruteforce attempts the servers are fine.
 
Last edited:
Maybe this could be helpful for people who are new to security. Just plain basic tutorials how to secure your linux server. Because changing permissions of folders and files won't really do much if you haven't properly secured your server.


You can easily follow these step-by-step!

https://www.thefanclub.co.za/how-to/how-secure-ubuntu-1604-lts-server-part-1-basics

https://www.informaticar.net/security-hardening-ubuntu-20-04/

EDIT:

Also in this tutorial it shows you how to accept more incoming/outgoing IP's, ports, services... If you need it.

https://www.digitalocean.com/community/tutorials/how-to-set-up-a-firewall-with-ufw-on-ubuntu-18-04
 
Last edited:
MrClassic said:
Maybe this could be helpful for people who are new to security. Just plain basic tutorials how to secure your linux server. Because changing permissions of folders and files won't really do much if you haven't properly secured your server.


You can easily follow these step-by-step!

https://www.thefanclub.co.za/how-to/how-secure-ubuntu-1604-lts-server-part-1-basics

https://www.informaticar.net/security-hardening-ubuntu-20-04/

EDIT:

Also in this tutorial it shows you how to accept more incoming/outgoing IP's, ports, services... If you need it.

https://www.digitalocean.com/community/tutorials/how-to-set-up-a-firewall-with-ufw-on-ubuntu-18-04
Click to expand...

You'd think the top servers would be better at the basics!!!
 
  • Like
Reactions: MrClassic
Status
Not open for further replies.

Similar threads

LinkedOasis
VeliaPS A new World!
Replies
6
Views
316
Projects
Settings
Settings
Songoty
HobbyRS
Replies
10
Views
367
Projects
Songoty
Songoty
Before
Hit with UDRP or a Letter of Claim? Read this
Replies
1
Views
481
RS2 Server
Before
Before
B
WordPress VPS Hosting | Best VPS hosting for WordPress, NVMe SSD, LiteSpeed Server
Replies
0
Views
223
Hosting
bobola
B
.css
718 Infinity RSPS - Infinite Possibilities
Replies
7
Views
662
Projects
Seth Rogen
Seth Rogen

Users who are viewing this thread (total: 1, members: 0, guests: 1)

Who read this thread (total members: 6)

Top Bottom