Someone is hacking my UT99 public server. Please Help!

[BeNKi_NiNjia]

Hello everybody, i am new here. My server is being restarted continuosly by someone who just want to create me problems. Years ago i made my server in Japan and many players came immediately to play but someone jealous began attacking my server and managed to let everybody get tired and leave. It is being 3 years. Is there any way to record what he does? I need to take proper action soon. Anyone had same the problem and how could it be solved if any? Please help or i will have to leave UT because it is too distressing, we can't play anymore. Thank you for your precious help.

[UnrealGGecko]

Welcome to the forums!
I'm not exactly a server admin so I don't know how to help but for someone that can, could you give the server ip and a list of mods you use on that server? That should be a bit easier to find the problem I think.

[BeNKi_NiNjia]

Hi UnrealGecko, Thank you for answering.
This is the ip of the server: bim.bum.bam.coff:9999
There are no mods installed, just 2-3 mutators.
I was interested in making some maps. I didn't spend my time learning tricks as i am not interested in unfair things. I don't know what the guy is doing exactly and how to stop him. The server just keep restarting when he comes. Until a few months ago he also kept putting bots and insults in my server. Friend players have seen that many times.

[MEAT]

Ban him via UTCheck or Remote Admin.

[BeNKi_NiNjia]

Hi MEAT, Gameservers tried to block him and i did it too in my remote server but he uses mirrors. I will try UTCheck... Thank you! Anybody knows how to report people hacking servers and have them stopped?

[Deepu]

The server needs password. Can't join!

[BeNKi_NiNjia]

Yes, there is the password but he does it anyway.

[Wises]

post the server logs from /System/ folder here.

be easier to see what's happening through .logs

[Chamberly]

Try to ban all of his related IP address and block him completely. When you've done this, change the server password and all of that, but keep looking for IP to change. Maybe shut down for the server for awhile doing this.

Or a possibly better idea, just get another gameserver set up and add in the mod you use on that and have a different password, if it's not too much of a hassle, it could help eliminate the guy raiding your server and tell gameserver to shut that server down because you are wanting to use your new one.

[BeNKi_NiNjia]

Thanks Wises and Chamberly, i am trying with your recommendations. I will report soon! I am not an expert but there are many interesting things on server logs. Is it allowed posting players ip? I think there should be privacy rules about that stuff, please advise if anybody knows.

Edit--------------by papercoffee

Hello guys, i was watching the server logs and the server restarted just after these last events. What does this mess mean? Thank you in advance!

Code: Select all

.....NotifyAcceptingChannel Control 0 server Level DM-RingOfDeath_beta12.MyLevel: Accepted
DevNet: Level server received: HELLO REVISION=0 MINVER=432 VER=436
DevNet: Level server received: NETSPEED 20000
Log: Client netspeed is 5000
DevNet: Level server received: LOGIN RESPONSE=859538890 URL=DM-RingOfDeath_beta12?Name=BeNKi_NiNja?Class=BotPack.TMale2?team=0?skin=SoldierSkins.sldr?Face=SoldierSkins.Brock?Voice=BotPack.VoiceMaleTwo?OverrideClass=
DevNet: Client passed challenge
DevNet: Login request: DM-RingOfDeath_beta12?Name=BeNKi_NiNja?Class=BotPack.TMale2?team=0?skin=SoldierSkins.sldr?Face=SoldierSkins.Brock?Voice=BotPack.VoiceMaleTwo?OverrideClass=
DevNet: Level server received: HAVE GUID=E433342911D2CD7E10003B9DBA3C5E5A GEN=1
DevNet: Level server received: HAVE GUID=D18A7B9211D38F04100067B9F6F8975A GEN=17
DevNet: Level server received: HAVE GUID=4770B88411D38E3E100067B9F6F8975A GEN=10
DevNet: Level server received: HAVE GUID=4CA6238E11D38AAAC00080B50A1E604F GEN=1
DevNet: Level server received: HAVE GUID=1E90ACA811D1ED664544279700005453 GEN=1
DevNet: Level server received: HAVE GUID=A3B94EE411D1ED674544E58A00005453 GEN=1
DevNet: Level server received: HAVE GUID=C073770B11D2D1A4E000278383161081 GEN=1
DevNet: Level server received: HAVE GUID=93CC0A8111D3888FE0006295BE341081 GEN=1
DevNet: Level server received: HAVE GUID=E96BC96311D31D2F4F006B8CDE9A0349 GEN=1
DevNet: Level server received: HAVE GUID=B7B49CA611D38BCDE0006395BE341081 GEN=1
DevNet: Level server received: HAVE GUID=D4F6ABE111D385CAE0006295BE341081 GEN=1
DevNet: Level server received: HAVE GUID=24E5A72411D321104F006B8CDE9A0349 GEN=1
DevNet: Level server received: JOIN
DevNet: Join request: DM-RingOfDeath_beta12?Name=BeNKi_NiNja?Class=BotPack.TMale2?team=0?skin=SoldierSkins.sldr?Face=SoldierSkins.Brock?Voice=BotPack.VoiceMaleTwo?OverrideClass=
ScriptLog: Team 0
ScriptLog: Login: BeNKi_NiNja
Log: Possessed PlayerPawn: TMale2 DM-RingOfDeath_beta12.TMale0
DevNet: Join succeeded: BeNKi_NiNja
DevNet: Connection timed out after 120.000000 seconds (120.044247)
NetComeGo: Close TcpipConnection1 Mon Feb  2 08:41:18 2015
Exit: Exiting.
Uninitialized: Name subsystem shut down
Uninitialized: Allocation checking disabled
Uninitialized: Log file closed, Mon Feb  2 08:42:54 2015

Please avoid double posts.

[sektor2111]

Not enough info posted.
It would be good to know what OS are you using, which version of server are you using, what files are in server (Textures, sounds, music, Place-holders = TRASH). As I know so far, a 436 Win server can be crashed even having password. It will be better to monitor Network traffic in the moment when server goes down. If you can't see any wild IP anywhere is a problem in your configuration. So to speak I see here a custom map, I'm curious if it was played or not.

[Wises]

To filter IP Addresses from .log files do the following;

Download Notepad++

Open .log file using Notepad++

on the menu-bar select > Search

Find What: (?(DEFINE)(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d))\b(?1)(\.(?1)){3}\b
Replace With: <IP-REMOVED>

at the bottom under Search Mode select Regular Expression

on the right click > Replace All

save file as server2.log > zip and upload here.

^ archiving zipping allows for entire .log's to be posted and will not incur the 'forum text limitation' issue also retaining a complete .log for trouble-shooting.

do this when server is being compromised.. there are also ways of rotating .log's and not over-writing them..

ut99 server start batch with rotating .logs see kelly for this.. aka JackGriffin.

some more server setup tips below

Spoiler

Introduction for Running Unreal Tournament 1999 GOTY Servers

This document outlines the steps needed to configure an Unreal Tournament server from inside the game, and from the command line. It also explains how to use the WWW-based remote administration features built into Unreal Tournament 1999.
Configuring and Launching a Dedicated Server from Inside the Game
Enabling Web-based Remote UT

The Unreal Tournament 1999 server has an internal webserver which is used to remotely administer the game, but it is disabled by default. This is accessible under Options Menu, in Advanced Options. Expand the tree to find Networking | WebServer | bEnabled. Set bEnabled to True. You may also like to change the ListenPort value to something other than 80, if your server machine is already running another webserver such as IIS on port 80

Also in Advanced Options, under Networking | Web-based Remote Administration, you can find the username and password required to access the remote administration through your web browser.

WARNING: Web-based remote administration of Unreal Tournament 1999 servers running on Windows 2000 may experience problems (periods of extremely high pings) due to a problem with the Win2000 TCP/IP stack. See the section on Remote Administration below.

Launching the Server

In the Unreal Tournament 1999 menus, choose Multiplayer | Start New Internet Game. Choose the gametype and map you want to run. Press the Map List button to configure the maps which will be cycled on your server. Use drag-and-drop to add or remove a map from the map list cycle. Press the Mutators button to enable any mutators you want to run on your server. Make sure Auto Change Levels is checked, or the server will run the same map over and over again. Go to the Rules and Settings tabs to ensure the game rules and settings are configured the way you want them.

If you want Bots on your server, go to the Bots tab and set the Minimum Total Players to a number greater than 0. If you choose 6, bots will come into the server when there are less than 6 human players connected. When a human connects, a bot will leave. In team games, be sure to check the Balance Teams checkbox so that the bots change teams to keep the number of players on each team balanced.

Under the Server tab, be sure to give your server a Server Name, and to check the Advertise Server checkbox. This advertises your server to the master server, so players can find your server even if they're not on your local LAN. Check the ngWorldStats Logging checkbox to have your server participate in ngWorldStats for Unreal Tournament 1999. The Optimize for LAN checkbox should only be set if your server is intended for a LAN play only. DO NOT check this checkbox if you intend to have people on the Internet connect to you, or they might find internet play isn't as good as it could be.

Finally, press the Dedicated button to launch the dedicated server. Once your server is configured, you can later launch it from the command line - it will retain all the settings you've configured for it.

Launching a Dedicated Server from the Command Line Enabling Web-based Remote Administration

Before you launch a dedicated server from the command line for the first time, you first need to edit your C:\UnrealTournament\System\UnrealTournament.ini file to enable WWW-based remote administration. The Unreal Tournament 1999 server has an internal webserver which is used to remotely administer the game, but it is disabled by default.

Open C:\UnrealTournament\System\UnrealTournament.ini with NotePad and find the following section:

[UWeb.WebServer]
Applications[0]=UTServerAdmin.UTServerAdmin
ApplicationPaths[0]=/ServerAdmin
bEnabled=False

Change the "bEnabled=False" line to read "bEnabled=True".

Should you need to change the port number the internal Unreal Tournament 1999 webserver runs on (eg if your server is already running another webserver such as IIS on port 80), add a new entry under [UWeb.WebServer] which says "ListenPort=8888", to run the Unreal Tournament 1999 webserver on the custom port number. Note that if you run multiple servers on the same machine (and bound to the same IP address), each webserver needs to be running on its own port number. More on this shortly.

Just below the [UWeb.WebServer] section is the [UTServerAdmin.UTServerAdmin] section. You need to change the username and password required to remotely admnister your Unreal Tournament 1999 server. If you leave your username and password set at the default values of admin and admin respectively, someone is sure to take control of your server and do evil things to your players.

Launching the Server from the Command Line

The syntax for running a server from a command line is as follows:

C:\UnrealTournament\System> ucc.exe server mapname.unr?game=GameType [port=portnum] [multihome=ipaddress] [ini=inifilename] [log=logfilename]

port - the optional base port number the server uses.
ini - the name of the ini file the server uses. This defaults to unrealtournament.ini
log - the name of the logfile the server generates. The default is ucc.log
multihome - the IP address the server should bind to, where the server has multiple local IP addresses.
GameType - one of Botpack.DeathMatchPlus, Botpack.Domination, Botpack.CTFGame.

Some examples:

ucc server dm-Turbine?game=Botpack.DeathMatchPlus ini=server1.ini log=server1.log

ucc server ctf-coret?game=Botpack.CTFGame multihome=204.12.54.28 ini=server2.ini log=server2.log

ucc server dom-Sesmar?game=Botpack.Domination multihome=204.12.54.29 ini=server3.ini log=server3.log

It's a good idea to make a small batch file which restarts the server should it crash:

:top

c:

cd \unrealtournament
\system

ucc server dm-Turbine?game=Botpack.DeathMatchPlus ini=server1.ini log=server1.log

copy server1.log server1crash.log

goto top

Should you get a server crash, please mail the logfile to utbugs405@epicgames.com.

Multiple Servers Per Machine

Each copy of the Unreal Tournament 1999 dedicated server can serve one and only one level at a time.

However, you can run multiple level servers on one machine. Each copy of the server should have its own unique copy of the unrealtournament.ini file, with its own configuration. This is specified with the ini command line option. If you want to enable remote administration on multiple servers on the same machine, and you're not using multihome to specify a unique IP address to bind to, you'll need to give each webserver a unique ListenPort number.

You should give each server a unique base UDP port number. Unreal Tournament 1999's default port number is 7777. To specify a port, use the port command-line option as shown above. Be sure to space the port numbers 10 apart as each server requires a number of UDP ports. eg:

ucc server ctf-coret?game=Botpack.CTFGame ini=server1.ini log=server1.log port=7770

ucc server dom-Sesmar?game=Botpack.Domination ini=server2.ini log=server2.log port=7780

Some Windows NT servers have more than one IP address defined (under Advanced in the TCP/IP control panel). If this is the case, you can run multiple servers on the same machine without configuring different port numbers. Specify the IP address for the server to listen on using the multihome option. This batch file starts two servers, each binding to a different IP address.

start ucc server ctf-coret?game=Botpack.CTFGame multihome=204.12.54.28 ini=server1.ini log=server1.log

start ucc server dom-Sesmar?game=Botpack.Domination multihome=204.12.54.29 ini=server2.ini log=server2.log

Remote Administration

Once the server is up and running, and the remote administration is enabled, you can access your Unreal Tournament server with any Web Browser. Internet Explorer 4 or 5 is recommended, but it should work fine with Netscape 4 also. To access your Unreal Tournament 1999 server from a web browser running on the server machine, Use a URL such as the following:

http://127.0.0.1/ServerAdmin

Or if your copy of Unreal Tournament 1999's Webserver is running on a custom port number (with the ListenPort option)

http://127.0.0.1:8888/ServerAdmin

Of course, substitute 127.0.0.1 for the IP of your server to administer it from a web browser on another computer. Your web browser will then prompt you for a username and password. The remote administration is divided into two parts:

* Current - Administer the current game in progress - view the player list, kick/ban players, add bots, change the current map, access the server console and chat to players.
* Defaults - Change the map list, rules and settings for each game type, configure server-level options, and administer the IP ban list.

You'll want to change the following Defaults | Server options the first time you configure your server.

* Server Name - the name of your server
* Advertise Server - check this on to advertise your server to the master server
* ngWorldStats Logging - tcheck this on to have your server participate in ngWorldStats for Unreal Tournament 1999.

"Creeping Ping" bug with Win2000"

Some server admins have reported that after a while all of the players get increasingly
lagged out when the Unreal Tournament 1999 server is running on Windows 2000. This seems to happen only
when the remote administration webserver is running. We believe it may be related
to this Win2K issue:

http://support.microsoft.com/support/kb ... =tech&FR=0

The workaround is to only run the remote admin webserver when you actually want to administer your
server. Disable the remote administration webserver by removing the line which says

ServerActors=UWeb.Webserver

in your server's INI file. To activate the webserver, join your server as an admin and
type the following command:

admin summon uweb.webserver

When you've finished administering your server, you can disable the webserver with the command

admin killall webserver

Performance For Unreal Tournament 1999 GOTY Servers

* Make sure to match the maximum number of users for your server to the bandwidth you have available. The amount of bandwidth required for each user is determined by the MaxClientRate, which is set by default to 20000 bytes/sec. If your upstream bandwidth is limited (for example a cable modem), you should reduce this value. Make sure that the number of players your server allows (MaxPlayers) multiplied by MaxClientRate is less than your available bandwidth (in the case of cable modems or xDSL, your upstream bandwidth).

The MaxClientRate variable can be changed by editing your UnrealTournament.ini file in your UnrealTournament\System directory. MaxClientRate is in the [IpDrv.TcpNetDriver] section.

When you have your MaxPlayers or MaxClientRate set too high for your upstream bandwidth, you typically see everyone's ping get progressively higher, above 1000 and beyond. This occurs because your server is generating too much outgoing data for your internet connection to handle, and the data begins to back up.

> What should the MaxClientRate be set to, to allow good ping on an ADSL Server? And how many players would work well too?

It really depends on your ADSL provider. You need to work out what your maximum upstream bandwidth is in Bytes per second. One way to do this would be to ICQ a large file to a friend who is on DSL or cable, and look at what the transfer rate is, or if you know what it is in bits per second, divide by 8. ie 256kbps upstream bandwidth is around 32000 bytes per second.

Once you have that number, work out what maxclientrate you want to give everyone. 2600 is the bare minimum and it'll give modem-like netplay for everyone. 5000 is fine for modem and ISDN users but the play won't be quite as good as it could be for ADSL or cable users. 20000 is the largest you should ever go. The number of players you can support is the upstream bandwidth in bytes per second divided by the MaxClientRate you chose. So with 32000 bytes per second of available bandwidth, you could support:

32000 / 2600 = 12 players at modem quality play
32000 / 5000 = 6 players at ISDN quality play
32000 / 10000 = 3 players at better-than-ISDN quality play
32000 / 20000 = 1 player at LAN quality play.

I'd go for the 6 players at 5000 if all I had as 256kbps upstream bandwidth, because 5000 doesn't play too bad at all, and it's a good compromise.

* We recommend disabling local NGStats for internet servers. Processing the NGStats logs takes some time between levels, which may result in remote clients getting disconnected. You can find this setting in the options->preferences menu, under the game tab.
* Admininstrators can control downloading of packages from their server by editing the [IpDrv.TcpNetDriver] section of unrealtournament.ini:

[IpDrv.TcpNetDriver]
AllowDownloads=True
MaxDownloadSize=0

AllowDownloads disables all autodownloads.
MaxDownloadSize=0 means allow autodownload of any sized file. Otherwise the value is in BYTES. We recommend that rather than disabling all downloads, you set the MaxDownload size to an appropriate value. For example, MaxDownloadSize=100000 will allow mutators and other small packages to be downloaded, but will not allow large files such as maps to be downloaded. Turning off all downloads may make it hard for clients to get on your server if you are using a lot of custom maps, mutators or other custom packages.

^ details from here: http://www.oldunreal.com/wiki/index.php ... rver_Guide

or.. someone else may know..

[BeNKi_NiNjia]

Hello guys, thank you so much for your answers. You have been very kind. I was practicing with the things you recommended me until i went to a deep research on this matter. I really trusted it could be solved. I have been under attack from same mental for years and now that i have found who he is and that he is in the middle of all the UT diatribes like this or even worse, i think that there is nothing one can do. I do agree with those telling UT is killing itself. I loved this game, the only one of my life. I finally managed to have my first server only after my 40 years but i have never had chance to play there in peace. I don't want to die with UT. I will close it. Good luck!

THANK YOU, BeNKi

[Wises]

the person you are talking about is a member of this board
he is a well known server troll and self acclaimed authoritarian.
sorry to hear that he has closed you down as well.. another button to his costume...

and yes , people like him are the reason for the death of UT by cause they can't help themselves for being retarded its an illness..

good bye BenKi.
steer clear of muppets.

Edit------------by papercoffee

DP.. things can be done although..

you could install ACE + BAN MANAGER.
this will ban the idiot based on HWID.

there are some mickey-mouse like alternatives which block proxies connections and such.

also.. you would need to patch server with latest patches against exploits and so-forth.

Dude you can use the edit button ...do it!!

[UT99.org]

@Wises Careful with those long posts, he doesn't speak english well

Couldn't have happened to a nicer guy! @Benki. First you spam the gametracker page of a server you got banned for cheating on, instead of going to the official site. Which was a couple years ago now? What possessed you to take such an action I don't know but it gets worse...

Then you start some server which I have joined before, maps that have textures on the wall "Benki don't cheat, Benki never did cheat". I went there, noticed none of the downloads were redirected. Did you ever think this is why members of the public don't play on your server? I got the chance while there to tell you how to increase your ping to the same level as other players since this is what started your little escapade. But it sounds like you are blaming the lack of players on something or someone else. You claim you are under attack, 'mirrors' 'crashing server' 'player bots'. I believe you *can* paste IP addresses here if they're in the logs, (I've never seen anyone disciplined for it in the time I've been here.) I'd like some proof if you are trying to pin all this on me

For once I'm not taking the high road and helping someone, and I've even helped Wises since his little mental explosion. Your posts here show the same side of you that I witnessed, only now you have pissed off someone else from the sound of it.

Erm I'll help you with the obvious since nobody mentioned it, that log looks more than likely the maps you made are crashing your server to me. It does look suspicious but there's nothing to indicate it was malicious

And for your sad farewell speech Benki, it's not all over... there are hundreds of servers that will accept you so long as you don't feel the need to spam gametracker pages to protest an admin's actions and try and coerce them to use their systems. No other server network would tolerate someone going and doing something like that, especially those who are in competition with gameservers.com like multiplay. It's really sad these tracking sites even exist in the fist place but I guess it caters for trolls like you perfectly and increases the tracking site's sign-ups. I'm sure in the future as more of these sites pop up, some automatically, then the ips will become transparent enough that Epic and mods released here will block 'em