Jump to content

Welcome to Omni-bot Forums
Register now to gain access to all of our features. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more. If you already have an account, login here - otherwise create an account for free today!
Photo

server hacked to use for traffic.!??

- - - - -

  • Please log in to reply
3 replies to this topic

#1
wolfplayer

wolfplayer

    Newbie

  • Members
  • Pip
  • 4 posts

Hi Omni-Bot HQ

 

i got a message from my server provider

that my ET Omnibot server is connecting to locations in Saudi Arabia or Australia and causing heavy data traffic like 4TB last 4 days

 

they thing the "etded.so" file must be infacted by maleware

but the server was running 2018 without any issiuse it just startet in january 2019

 

any guesses here whats goning on there.!!??

 

looks like its a typical DDoS-Attack (Distributed Denial of Service)



#2
palota

palota

    Senior Member

  • Administrators
  • 561 posts

What version of ET do you have ? Why don't you install the latest ET:Legacy ?



#3
wolfplayer

wolfplayer

    Newbie

  • Members
  • Pip
  • 4 posts

its 2.61b linux with omnibot 0.86

i haven'T tried Legacy yet :unsure:

 

any idea what they did to get into the server to use it for data sharing or something else :mad:



#4
hellreturn

hellreturn

    Senior Member

  • Members
  • 155 posts

its 2.61b linux with omnibot 0.86

i haven'T tried Legacy yet :unsure:

 

any idea what they did to get into the server to use it for data sharing or something else :mad:

 

Use this ip table rule - 

iptables -A INPUT -p UDP --dport 27000:29990 -m length --length 41:45 -m recent --set --name getstatus_cod
iptables -A INPUT -p UDP --dport 27000:29990 -m string --algo bm --string "getstatus" -m recent --update --seconds 2 --hitcount 8 --name getstatus_cod -j DROP


referral-0104343001382132136.gif lback-banner_mygamingtalk.jpg

logo.png





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users