[Grobar] Crash Exploit - Solution - Server OWNERS read

**Neon** · 09-29-2015, 08:41 PM

Originally Posted by ReesesPieces

You say it's not a proper fix, but you can't use the program you use anymore can you? Get the fuck out of here Grobar..

You are really a weird guy, why do you think I helped you in the first place? To attack you?

So here a guide on how to bypass your program you got there.. [There are easiest ways too]

1) Spend 60.00$ and take 15 VPS.
2) Install Elite Proxy Switcher on all of the 15 VPS.
3) Configurate the Elite Proxy Switcher to change your IP automaticlly every 30 seconds.
4) Start the attack on all VPS.

It will take less than 30 minutes to get your ebenezer count bugged and even when all the attacks are stopped your ebenzer will most likely stuck on 0, so you will have to restart server just to take the repeated combination..

Iamcoolz don't be a jack ass, you are acting like someone want to attack you server... But nobody does, people just attack when you do something to them or when you have really big and good server.. But when you have really good and big server, you will obviously spend more for hosting.. That's why it amuses me why OSKO have this attack available..

Come one guys, fix it up.

EDIT: Not to mention, you should change the '5' to at least 10 or 20... Since there are players in cybercaffe and everyone got the same IP, there is usually like 40 computer available.

**ReesesPieces** · 09-29-2015, 09:14 PM

Yeah, what you just described won't work, and my server is up and you know the IP so feel free to test your theory. But I am almost 100% positive what you just said will not work.

**Neon** · 09-30-2015, 01:01 AM

Originally Posted by ReesesPieces

Yeah, what you just described won't work, and my server is up and you know the IP so feel free to test your theory. But I am almost 100% positive what you just said will not work.

You are double faced pathetic little rat. You are only good when you need something, but when you get it, you change your behavior. Your quoted posted is the only one you didn't use FUCK and GROBAR in the same sentence only because you need something.

But since i'm a nice guy, i'll help you out.

My friend will fully attack your server so you can test it and block it at your Official Launch, but since you are 100% sure it's fixed you will do good ha?
To help you even more, [so you can fix] my friend will publicly release every hole,exploit, dupe method or even something worse at your official launch, so you will be able to fix it.

It's not good to keep those secret right? We have to test all on 1 server, so we can fix it.. I think Surge Network is good for test purposes and security researches.
He will do all this, so you can test it and fix it.. is that good to you?

PS : I was really a bit wrong at the post above... You don't really need to use 15 VPS.

Good Luck.

**ReesesPieces** · 09-30-2015, 01:40 AM

Sounds good. See you then, I never needed you to begin with you twat, you didn't provide any kind of information for the fix at all, except "How do I fix Juraid" or "Fix Juraid or tell Bazinga too and I won't attack for first 30 minutes." I am over replying to you as a whole. I have much better things to be doing then reading your "I am a hacker" posts. Piss off.

**SwatRat** · 09-30-2015, 01:41 AM

I sir take offense when u use rats as slander. Refrain Yourself or Feel The True Power of my Rat Friends eatting ur PC wires.

**Neon** · 09-30-2015, 02:03 AM

You are a provocator IamCoolz, it's not my fault if your server is not secured is it?

**SirKaoS** · 09-30-2015, 04:09 AM

Originally Posted by Sephiroth

wasn't your server effected by this also?

Originally Posted by Neon

Hes server is still open to the attack... He didn't even get the firewall iamcoolz posted, which is not a proper fix at all tbh.

He doesn't have applied this sw fix, because his server is protected by HW firewall rules.

**Neon** · 09-30-2015, 04:31 AM

Originally Posted by SirKaoS

He doesn't have applied this sw fix, because his server is protected by HW firewall rules.

Not true lol, just now tested give a lot of DC and noone can login... Took you 10 mins to block out the ip meh..

But ok, dont worry just test.. You have good server.

Check your shoutbox, but now already stopped attack.. Maybe ebenezer bugged stuck at 0 and need restart server.. but dont worry no more attacks :P

**SirKaoS** · 09-30-2015, 04:36 AM

Originally Posted by Sephiroth

wasn't your server effected by this also?

Originally Posted by Neon

Hes server is still open to the attack... He didn't even get the firewall iamcoolz posted, which is not a proper fix at all tbh.

Originally Posted by Neon

Not true lol, just now tested give a lot of DC and noone can login... Took you 10 mins to block out the ip meh..

But ok, dont worry just test.. You have good server.

Sad it is not my server ;-) I am only helping them with FB communication.

**Neon** · 09-30-2015, 04:39 AM

Originally Posted by SirKaoS

Sad it is not my server ;-) I am only helping them with FB communication.

I know bro, just that hosting from Malaysia don't have this specific HW firewall rules... But don't worry if someone attack you pm me ill help you fix..

EDIT : I'm sorry bro, but seems you need restart server now... I didn't want to attack, but since you said got blocked i only tested ^^

**nickos3** · 09-30-2015, 06:16 AM

A correction about OP:

- The asm patch released on snoxd doesn't fix the flood issue. They can still flood and make your sockets available. It just lets you to restore the sockets and make 'em available when the attack is over by removing the fake connections. Also it's already applied on soacs files since... idk when.

And, about this:
[Grobar] Crash Exploit - Solution - Server OWNERS read
If he really said "add additional firewall rules regarding IP's that are connecting to port 15001, and you have to protect the TCP attack" then, this is indeed helpful for someone who's trying to solve this issue, to understand what's going on and why your sockets are in use.

The tool of OP seems useful, thanks for your share =p
Does it detect and block multiple connections of same IP on a port automatically or ?

**ReesesPieces** · 09-30-2015, 12:29 PM

It detects and blocks an IP from issuing 5 or more TCP connections to the server.

**Grobar** · 09-30-2015, 12:50 PM

Originally Posted by ReesesPieces

It detects and blocks an IP from issuing 5 or more TCP connections to the server.

It's not fix mate..

Once you send 5 port 15001 connections, they will stay there and won't dissapear.. So if you let the attack run and just keep clicking on the IP Change, or use the auto ip changer, your server will be stuck at 0 in like 10-30 minutes.

**nickos3** · 09-30-2015, 01:33 PM

Originally Posted by ReesesPieces

It detects and blocks an IP from issuing 5 or more TCP connections to the server.

Flash already informed me on skype.
Thanks

**Grobar** · 09-30-2015, 01:44 PM

Originally Posted by nickos3

Flash already informed me on skype.
Thanks

Flash is now using DGN hosting that Drevin announced for fix here [NEW!] Host Update & General Update! - Server Announcements - Drevin KO
So flash don't need any of this extra firewall, because he can't be attacked with the specific attack anymore.

It's using hardware firewall.