Halo 1 & 2 for PC
This topic has moved here: Subject: Open Letter to Bungie/Gearbox - My Clan's Halo PC Servers Are U...
  • Subject: Open Letter to Bungie/Gearbox - My Clan's Halo PC Servers Are U...
  • Pages:
  • 1
  • 2
  • of 2
Subject: Open Letter to Bungie/Gearbox - My Clan's Halo PC Servers Are U...
  • gamertag:
  • user homepage:
  • last post: 01.01.0001 12:00 AM PDT

Good morning,

My name is Jeremy, aka }GHS{Chewie. I am an avid PC gamer and a regular MS/Bungie/Gearbox product consumer. I am also an Admin for a number of large Halo PC gaming clans, primarily among a strong community of Christian gamers within the United States, Canada, and Europe. I also run a large umbrella organization for a multitude of Christian-based gaming clans. For my part, I've been part of a Christian gaming clan for the last two years, most of that time with the tags }GHS{.

Having said all of that, I merely am attempting to point out the fact that I am not some ten year old newbie and I do have some grasp of the things which I am about to speak about. You can rest assured that the plea for help therein contained is genuine and, we feel, needs to be dignified with some kind of response from the good folks at Bungie and Gearbox. So far the best service we have gotten has been from “offshore” support staff that obviously has little to no experience with the products they are attempting to support, let alone any vested interest in them. For what it is worth, I have also actively been game/usability testing Microsoft products at the Redmond, WA campus for at least the past ten years. I know what it means to be vested and you can rest assured I want to your products succeed as much as we want our clan to be free of the terrible headaches we have been having to deal with. But I digress.

Over the past several weeks our servers have been hacked by someone using a program called "Rcon Stealer". It was supposedly made by someone who is close to or knows a person who goes by the name "Pepsi" or some version of that name. They have hacked our servers run on gameservers.net and our Teamspeak server. They have been able to kick, ban, and return at will. They have also been able to ban us from our TS server and kick and ban at will there also. The program is supposedly created using C++, but we can’t be completely sure of that and frankly it doesn’t really matter.

We have been able to get screenshots of incidences and possible IP addresses. We need some type of defense or fix for this program. We are not the first that this has happened to and looks like it is starting to spread to several of our brother/sister clans. You will be hearing from several of my clan-mates with the screenshots I mentioned. Also, they have been able to upload modified “modded” maps and randomly alter our map cycle. As of now we have changed all passwords pertaining to our servers, FTP, TS, etc. We will continue to do this but we ask that you expeditiously look into this and make some kind of an attempt to assist us in our endeavor to continue in our enjoyment of your products. On behalf of and as a leading figure within the Christian Halo PC gaming community, my associates and I look forward to your reply.

Respectfully submitted,

-Jeremy, aka }GHS{Chewie

Clan Admin and Council Member at }GHS{ and }CoG{ Halo PC Clans
Founder and Webmaster for TeamCGA.org, homepage of The Christian Gaming Alliance

P.S. It might be worth mentioning that I am also a Microsoft shareholder. My decision to remain as such will have a lot to do with the outcome of this issue. Thanks again.

[Edited on 1/1/2007]

  • 01.01.2007 8:44 AM PDT
  • gamertag:
  • user homepage:
  • last post: 01.01.0001 12:00 AM PDT

Interesting letter. As much as I do support your efforts, I'm not exactly sure if they'll actually take any action. Our game is pretty much dead to them.

I haven't exactly heard of this kind of hack, tbh...it doesn't seem to be too widespread of a problem, while serious in nature. Running a clan myself, I know what it feels like to have your server or TS taken over.

Oh, and I hope this isn't the only place you've posted this letter...the most attention you'll get around here is a B.net moderator, who is essentially a fan just like you or me and wields no real power over Bungie.

[Edited on 1/1/2007]

  • 01.01.2007 8:48 AM PDT
  • gamertag:
  • user homepage:
  • last post: 01.01.0001 12:00 AM PDT

Where else can we post this and other letters from our clan members? I'm totally open to any and all suggestions.

Somebody I work with mentioned Gearbox? Do they have their own product support-based forums?

Please shoot us any links you might have handy.

Thanks much and Happy New Year.

-Chewie

  • 01.01.2007 8:53 AM PDT
  • gamertag:
  • user homepage:
  • last post: 01.01.0001 12:00 AM PDT

Because of time constraints, I can't pull up the links for you, but you should be sending your letters to Microsoft Game Studios, Bungie and Gearbox. There is a "Contact Us" button at the bottom of the screen on the B.net static bar, right underneath the "Inside Bungie" and "Bungie Store" buttons.

Gearbox has forums the producers actually respond to, but mostly, the three companies who made the game have been pointing fingers at each other and not getting much of anything done.

One quick way to get their attention is to make a call to them and see how they respond. Not certain, but the same number that gets people with broken discs new copies might get you some help on this matter as well.

Good luck...

  • 01.01.2007 8:57 AM PDT

So, even if you ban him, hes using the "RS" program then unbans himself, then bans everyone who's good and even you guys, correct? If Bungie cant help you, there isnt much that you can do. Good luck though.

  • 01.01.2007 9:01 AM PDT
  • gamertag:
  • user homepage:
  • last post: 01.01.0001 12:00 AM PDT

Posted by: SuperSnorky
So, even if you ban him, hes using the "RS" program then unbans himself, then bans everyone who's good and even you guys, correct? If Bungie cant help you, there isnt much that you can do. Good luck though.


But hopefully, they realize they can ease HaloPC's slow death with a final dedicated update, a v1.08 patch. This should prevent aimbots, Rcon Stealers, etc. Nothing else, they can keep the lag and physics as it is, we have a more serious plague upon our lands. And if it is eventually going to die out (HaloPC), it will be very nice of Bungie to let Halo have a painless death with a final patch update.

  • 01.01.2007 9:31 AM PDT
  • gamertag:
  • user homepage:
  • last post: 01.01.0001 12:00 AM PDT

I highly doubt they are hacking your rcon in game, unless someone gave it to them or your members tyoped it in chat, instead of the console. The only other way is if they are getting the rcon PW's even if its changed, I suggest changing your FTP logn and password thing that you run with your server provider.

  • 01.01.2007 11:05 AM PDT
Subject: Open Letter to Bungie/Gearbox - My Clan's Halo PC Serverss Are ...
  • gamertag:
  • user homepage:
  • last post: 01.01.0001 12:00 AM PDT

I am an admin of the CoG gaming clan -- sister clan to GHS, and HOA.

Thus far, we have not had any major problems with these "hackers", and we'd like to keep it that way.

Since Dec. 24th, several of our allied clans have had continuing trouble with these people.

Whether or not these are the same people, or just a steady stream of trouble-makers ... I don't know.

It's just getting very frustrating. Your help would be greatly appreciated.

Thank-you for reading this....

And thank-you in advanced, whatever your decision may be.

-Wolf

  • 01.01.2007 11:20 AM PDT
Subject: Open Letter to Bungie/Gearbox - My Clan's Halo PC Servers Are U...
  •  | 
  • Exalted Legendary Member

Download Halo Custom Edition for user created maps!
Link
http://hce.halomaps.org/index.cfm?pg=3&fid=410
The few, the proud, the leet.

If you're not using version 1.07, that's your problem. If you are, then someone is simply giving him the passwords. You need to talk to your providers about this.

  • 01.01.2007 11:28 AM PDT
  • gamertag:
  • user homepage:
  • last post: 01.01.0001 12:00 AM PDT

Not using version 1.07 is not the issue. And you are wrong about any one of our admins giving out the password to these guys. They are using a program they call "Rcon Stealer" as previously stated above. That fact has already been confirmed.

Appreciate the feedback though.

-Chewie

  • 01.01.2007 1:07 PM PDT
  • gamertag:
  • user homepage:
  • last post: 01.01.0001 12:00 AM PDT

i suggest you inspect your Allies any people who are close to the clan and play on your servers

  • 01.01.2007 1:31 PM PDT
  • gamertag:
  • user homepage:
  • last post: 01.01.0001 12:00 AM PDT

And yes, all the clans about which Chewie is talking use v1.07. Bungie, we need your help, please don't let these people destroy Halo PC.

  • 01.01.2007 1:35 PM PDT
  •  | 
  • Exalted Legendary Member

Download Halo Custom Edition for user created maps!
Link
http://hce.halomaps.org/index.cfm?pg=3&fid=410
The few, the proud, the leet.

Posted by: GHS Chewie
Not using version 1.07 is not the issue. And you are wrong about any one of our admins giving out the password to these guys. They are using a program they call "Rcon Stealer" as previously stated above. That fact has already been confirmed.

Appreciate the feedback though.

-Chewie


versions prior to 1.07 allowed things such as this to happen. Assuming your administrators are indeed trustworthy, 'They' are either brute forcing your password or listening to all calls made to the server, which I'm not even sure is possible, and using that information to make another call suited to themselves. I'll talk to rec0 next time I see him. He's gone pretty far into dedicated servers, making his own more secure and multi-permission-level friendly dedicated server.

  • 01.01.2007 2:06 PM PDT
  • gamertag:
  • user homepage:
  • last post: 01.01.0001 12:00 AM PDT

I don't want to start sounding like a broken record, but I wish to simply agree with the others who have posted here. This is a very historical game, and our clan has been based solely on this game for all of it's two+ years of existence. I'd thank Bungie very much for whatever help it can give us.

And you too Zeph, thank you for your assistance as well.

God Bless,
}CoG{Neon - Clan Admin

[Edited on 1/1/2007]

  • 01.01.2007 2:07 PM PDT
  • gamertag:
  • user homepage:
  • last post: 01.01.0001 12:00 AM PDT

OK well I looked online for any examples of this "Rcon Stealer" program. No dice. Are you sure that this is a legitimate hack and not a breech is your clan's security? Tally up how many people have rcon and also TS admin access. You and your sister clans are very large so I expect some pretty high numbers. I think that instead of someone hacking, you have a mole in your midst. I would change all passwords and give the new one out to only those people you would trust to lend money to, because thats basically what your doing when you own a dedi and decide to hand out the rcon password. Then after changing ALL passwords, you need to implement tighter security rules with the people you let be admins on any of your servers. I have a feeling that after doing all this, you will no longer see people that have a "Rcon Stealer".

  • 01.01.2007 3:04 PM PDT
  • gamertag:
  • user homepage:
  • last post: 01.01.0001 12:00 AM PDT

nice letter, and you acually didn't use bad grammar

ya, i play on christan servers regularly also (like twice a month) and ive havent been on recently but that sounds like the hacker(s) is a biatch

  • 01.01.2007 3:29 PM PDT

Don't follow in my footsteps; I walk into walls
my 360s blog

This is why I'm glad everything is going to be run by MS on H2V

  • 01.01.2007 3:30 PM PDT
  •  | 
  • Exalted Legendary Member

Download Halo Custom Edition for user created maps!
Link
http://hce.halomaps.org/index.cfm?pg=3&fid=410
The few, the proud, the leet.

Yeah, it's apparently legitimate. I've been talking to a few CE devs and there was a rumor of it awhile ago just for fun to gauge reactions. I talked to a coder and he's going to see if he can do it. Assuming he does get it done, I'll see if he can find a way to protect against it.

:\, I dont think there'll be a way to protect against this sort of attack without changing how the server communicates with clients or if you base user permissions off unique player ID info similar to rec0's dedicated server used by HIV clan.

  • 01.01.2007 3:32 PM PDT
  •  | 
  • Exalted Legendary Member

Download Halo Custom Edition for user created maps!
Link
http://hce.halomaps.org/index.cfm?pg=3&fid=410
The few, the proud, the leet.

Posted by: Mat Parker 116
This is why I'm glad everything is going to be run by MS on H2V


You definately know how contract work is done.

  • 01.01.2007 3:33 PM PDT
  • gamertag:
  • user homepage:
  • last post: 01.01.0001 12:00 AM PDT

Microsoft should really help us on this. But then again, I doubt there's such thing as an Rcon Stealer, but just to be on the safe side...Bungie and/or Gearbox needs to release a final update patch.

And to Zeph, Recon plays HaloPC? He even has his own dedicated server? Sweet! =D

[Edited on 1/1/2007]

  • 01.01.2007 4:17 PM PDT
  • gamertag:
  • user homepage:
  • last post: 01.01.0001 12:00 AM PDT

Posted by: Mat Parker 116
This is why I'm glad everything is going to be run by MS on H2V


Heh...heh...Bwahahahaha

Sorry, man, it's nothing personal, but...

[Edited on 1/1/2007]

  • 01.01.2007 4:22 PM PDT
  •  | 
  • Exalted Legendary Member

Download Halo Custom Edition for user created maps!
Link
http://hce.halomaps.org/index.cfm?pg=3&fid=410
The few, the proud, the leet.

Posted by: lpjuunin
And to Zeph, Recon plays HaloPC? He even has his own dedicated server? Sweet! =D


not Recon, Rec0. You'd know him if you did much in CE.


One of the people I've been talking to about this didn't have any luck doing the same thing as the alleged program does in a quick search, but he did find that if you have any scripts compiled into your cache file that require rcon access, then that can be used the same way. Seeing how no one wants to do anything with them in PC, I doubt it'd be a problem for any of you. It's taught me to be more careful with my scripting though :\.

  • 01.01.2007 5:17 PM PDT

They could be brute-force hacking your password, as stated above. If you're playing on a local dedicated server, you might want to disable the Rcon feature.

[Edited on 1/1/2007]

  • 01.01.2007 6:36 PM PDT
  • gamertag:
  • user homepage:
  • last post: 01.01.0001 12:00 AM PDT

I am the founder of }CoG{, }GHS{, [HOA], and now run the GCW clan, But I still help out and support this clans as much as possiable.

This is what I have been seeing, They make a decated server that is just like your so when a rcon holder see the bad names and see cussing or something that should not be taken place in the fake server [not knowing it is the fake server] They try to use rcon to stop it thinking they are in one of there own servers,
The fake servers logs the rcon password some how and that all she wrote, they now have your rcon password to you other servers.

I hope bungie can do something about this soon.

  • 01.01.2007 8:13 PM PDT
  • gamertag:
  • user homepage:
  • last post: 01.01.0001 12:00 AM PDT

man if its just happening to Christian servers that sucks
I myself am an atheist, but I respect you guys' right to have these servers centered around beliefs. unfortunately, some people that take being anti-christian too seriously are probably behind it if it is just happening to your servers.

  • 01.01.2007 9:05 PM PDT

  • Pages:
  • 1
  • 2
  • of 2