Super Web Admin

[ShaiHulud]

I've just been looking at the Console Log for our server, and I noticed that there was a "SWA: Connection from" entry from an IP address that shouldn't be there. Does anyone know whether this means that the person was able to successfully connect to the server including supplying a working password, or just that a TCP connection was established, and that they may have been rejected if the submitted password was incorrect?

It's a worry. For one thing the listen port is completely non-standard. Perhaps this is easy to enumerate with the right tools though.

Thanks in advance.

[TheDane]

Try here: http://www.unrealadmin.org/forums/showthread.php?t=8046

Maybe the answer is in the topic somewhere?

Or you can try to ask the same there?

[ShaiHulud]

Thanks I'll head over and check that thread out. Looking more closely, I see there are now dozens - maybe hundreds of such entries in the past couple of months. Mostly IPs from China and India. I suppose they're probably just scanning for vulnerable web servers, but I'd like to know for sure.

[UT99.org]

I'm not sure this mod was ever secured. It posed some security risks on earlier versions. Maybe I'm wrong but you don't hear much about it... so maybe I'm right

[noccer]

Those will be most likely background noise. As you said the IPs are from china, i think russia is also well shown.

You can ignore this, but if you got a firewall you can simply setup a rule to ban those countries. I did this some time ago, since that day i had no more spam in my blog etc..

[ShaiHulud]

Thanks guys; it's a GameServers box so I don't think I have any say in the firewalling administration. The SWA thread on UnrealAdmin didn't mention the connection messages, but since nothing untoward has happened to the server, I've come to the same conclusion - that these are random scans and not a specific attempt to gain access to the server via SWA.

[TheDane]

Yes, I can confirm on my forums and servers the bots from Russia and Ukraine are very busy right now and have been for almost a month now. They hit many times a day and I also saw a "record" user post somewhere on these forums that 212 users was online at the same time here recently, this can only be bots ... no offence, but not even ut99,org would be able to attract 212 players at one day. So ..... yes, my guess would be that you don't have to fear that what you see is aimed specificly at your gameserver, but it's most like just random bots hitting everything with a pulse.....

[papercoffee]

no offence, but not even ut99,org would be able to attract 212 players at one day.

This makes sense
Poor Shade.

But I noticed recently that our forum is having issues ...some "server not responding" thing.
A 50x error message (don't remeber the last number)

[UnrealGGecko]

A 50x error message (don't remeber the last number)

Got it too... Error #500 I believe

[Hook]

I've noticed a slow down also on my sites - and here also a bit - hmmmm

[papercoffee]

A 50x error message (don't remeber the last number)

Got it too... Error #500 I believe

I've noticed a slow down also on my sites - and here also a bit - hmmmm

Those damn hacker apes ...A server admin told me once he set up a honeypot for hackers. it was a low secured part of the server filled with corrupted files and malware labeled as important stuff, only accessible from outside when you hack the server.
The hacking attempts decreased sharply afterwards.

[TheDane]

There is a great difference between hacking and these spambots?!?!?!

[papercoffee]

There is a great difference between hacking and these spambots?!?!?!

You can also use them for a DDos attack ...but I mean bots not explicit spambots.