Page 1 of 2 12 LastLast
Results 1 to 15 of 21

Infected KO Servers - BOTNET ZOMBIE

This is a discussion on Infected KO Servers - BOTNET ZOMBIE within the Private Servers forums, part of the Knight Online (ko4life.com) category; Help us expose these noobs! I've just discovered some pretty interesting news, I strongly encourage everyone to spread this link ...
Page: 1


  1. #1
    Banned Member
    Join Date
    Mar 2013
    Posts
    126

    Default Infected KO Servers - BOTNET ZOMBIE

    Help us expose these noobs!

    I've just discovered some pretty interesting news, I strongly encourage everyone to spread this link on every related forum you can find as this is a very serious and important issue. It appears another server out there is infecting their own players with a virus that turns their computer into a "botnet zombie", allowing the server owner to use his own player's connection to attack other servers!

    Here is a small list of the IP's from the attack that took place a few hours ago, I will be posting the full list (very large) in a few hours time. Please check this small list + the bug list when it is posted for your IP, if your IP is on the list it is very likely that you were infected by one of the servers you were playing, so please reply back with a list of servers that you play on.

    Code:
    Direction IN
    Internal 144.76.63.20
    Threshold FlowsDiff 40 flows/s, Diff: 50 flows/s
    Sum 16.007 flows/300s (53 flows/s), 16.073.000 packets/300s (53.576 packets/s), 12,711 GByte/300s (74 MBit/s)
    External 136.169.13.64, 11 flows/300s (0 flows/s), 11.000 packets/300s (36 packets/s), 11,000 GByte/300s (0 MBit/s)
    External 91.90.156.131, 7 flows/300s (0 flows/s), 7.000 packets/300s (23 packets/s), 0,008 GByte/300s (0 MBit/s)
    External 78.141.119.234, 7 flows/300s (0 flows/s), 7.000 packets/300s (23 packets/s), 0,007 GByte/300s (0 MBit/s)
    External 81.90.244.106, 6 flows/300s (0 flows/s), 6.000 packets/300s (20 packets/s), 0,005 GByte/300s (0 MBit/s)
    External 134.0.113.33, 5 flows/300s (0 flows/s), 5.000 packets/300s (16 packets/s), 9,004 GByte/300s (0 MBit/s)
    External 91.90.254.53, 5 flows/300s (0 flows/s), 5.000 packets/300s (16 packets/s), 0,006 GByte/300s (0 MBit/s)
    External 46.48.122.90, 5 flows/300s (0 flows/s), 5.000 packets/300s (16 packets/s), 0,006 GByte/300s (0 MBit/s)
    External 195.178.60.162, 5 flows/300s (0 flows/s), 5.000 packets/300s (16 packets/s), 0,004 GByte/300s (0 MBit/s)
    External 80.237.159.69, 5 flows/300s (0 flows/s), 5.000 packets/300s (16 packets/s), 0,007 GByte/300s (0 MBit/s)
    External 134.0.117.197, 5 flows/300s (0 flows/s), 5.000 packets/300s (16 packets/s), 0,004 GByte/300s (0 MBit/s)
    External 69.93.0.120, 5 flows/300s (0 flows/s), 5.000 packets/300s (16 packets/s), 0,004 GByte/300s (0 MBit/s)
    External 31.31.203.130, 5 flows/300s (0 flows/s), 5.000 packets/300s (16 packets/s), 0,007 GByte/300s (0 MBit/s)
    External 217.172.172.185, 5 flows/300s (0 flows/s), 5.000 packets/300s (16 packets/s), 0,004 GByte/300s (0 MBit/s)
    External 67.15.69.126, 5 flows/300s (0 flows/s), 5.000 packets/300s (16 packets/s), 7,004 GByte/300s (0 MBit/s)
    External 213.139.136.210, 4 flows/300s (0 flows/s), 4.000 packets/300s (13 packets/s), 0,006 GByte/300s (0 MBit/s)
    External 209.62.5.115, 4 flows/300s (0 flows/s), 4.000 packets/300s (13 packets/s), 0,003 GByte/300s (0 MBit/s)
    External 194.28.84.97, 4 flows/300s (0 flows/s), 4.000 packets/300s (13 packets/s), 0,003 GByte/300s (0 MBit/s)
    External 203.229.177.60, 4 flows/300s (0 flows/s), 4.000 packets/300s (13 packets/s), 0,003 GByte/300s (0 MBit/s)
    External 178.208.82.49, 4 flows/300s (0 flows/s), 4.000 packets/300s (13 packets/s), 0,006 GByte/300s (0 MBit/s)
    External 188.229.31.243, 4 flows/300s (0 flows/s), 4.000 packets/300s (13 packets/s), 0,006 GByte/300s (0 MBit/s)
    External 62.76.160.102, 4 flows/300s (0 flows/s), 4.000 packets/300s (13 packets/s), 0,004 GByte/300s (0 MBit/s)
    External 193.203.198.115, 4 flows/300s (0 flows/s), 4.000 packets/300s (13 packets/s), 0,006 GByte/300s (0 MBit/s)
    External 151.1.158.108, 4 flows/300s (0 flows/s), 4.000 packets/300s (13 packets/s), 0,006 GByte/300s (0 MBit/s)
    External 174.132.238.208, 4 flows/300s (0 flows/s), 4.000 packets/300s (13 packets/s), 0,005 GByte/300s (0 MBit/s)
    External 80.237.174.204, 4 flows/300s (0 flows/s), 4.000 packets/300s (13 packets/s), 0,003 GByte/300s (0 MBit/s)
    External 74.52.61.184, 4 flows/300s (0 flows/s), 4.000 packets/300s (13 packets/s), 0,002 GByte/300s (0 MBit/s)
    External 70.85.68.140, 4 flows/300s (0 flows/s), 4.000 packets/300s (13 packets/s), 0,005 GByte/300s (0 MBit/s)
    External 85.214.65.81, 4 flows/300s (0 flows/s), 4.000 packets/300s (13 packets/s), 0,004 GByte/300s (0 MBit/s)
    External 74.117.60.77, 4 flows/300s (0 flows/s), 4.000 packets/300s (13 packets/s), 0,004 GByte/300s (0 MBit/s)
    External 70.84.196.66, 4 flows/300s (0 flows/s), 4.000 packets/300s (13 packets/s), 0,003 GByte/300s (0 MBit/s)
    External 31.31.194.130, 4 flows/300s (0 flows/s), 4.000 packets/300s (13 packets/s), 0,006 GByte/300s (0 MBit/s)
    External 195.202.51.131, 4 flows/300s (0 flows/s), 4.000 packets/300s (13 packets/s), 0,003 GByte/300s (0 MBit/s)
    External 205.209.189.35, 4 flows/300s (0 flows/s), 4.000 packets/300s (13 packets/s), 0,005 GByte/300s (0 MBit/s)
    External 80.169.23.45, 4 flows/300s (0 flows/s), 4.000 packets/300s (13 packets/s), 0,004 GByte/300s (0 MBit/s)
    External 85.232.233.62, 4 flows/300s (0 flows/s), 4.000 packets/300s (13 packets/s), 0,004 GByte/300s (0 MBit/s)
    External 74.53.40.219, 4 flows/300s (0 flows/s), 4.000 packets/300s (13 packets/s), 0,005 GByte/300s (0 MBit/s)
    External 87.230.85.225, 4 flows/300s (0 flows/s), 4.000 packets/300s (13 packets/s), 0,003 GByte/300s (0 MBit/s)
    External 207.44.142.135, 4 flows/300s (0 flows/s), 4.000 packets/300s (13 packets/s), 0,003 GByte/300s (0 MBit/s)
    External 74.200.71.92, 4 flows/300s (0 flows/s), 4.000 packets/300s (13 packets/s), 0,006 GByte/300s (0 MBit/s)
    External 74.208.113.230, 4 flows/300s (0 flows/s), 4.000 packets/300s (13 packets/s), 0,004 GByte/300s (0 MBit/s)
    External 174.37.134.242, 4 flows/300s (0 flows/s), 4.000 packets/300s (13 packets/s), 0,003 GByte/300s (0 MBit/s)
    External 74.54.185.52, 4 flows/300s (0 flows/s), 4.000 packets/300s (13 packets/s), 0,006 GByte/300s (0 MBit/s)
    External 174.37.134.27, 4 flows/300s (0 flows/s), 4.000 packets/300s (13 packets/s), 0,003 GByte/300s (0 MBit/s)
    External 192.162.70.198, 4 flows/300s (0 flows/s), 4.000 packets/300s (13 packets/s), 0,003 GByte/300s (0 MBit/s)
    External 207.218.209.210, 4 flows/300s (0 flows/s), 4.000 packets/300s (13 packets/s), 0,005 GByte/300s (0 MBit/s)
    External 205.234.104.118, 4 flows/300s (0 flows/s), 4.000 packets/300s (13 packets/s), 0,006 GByte/300s (0 MBit/s)
    External 222.122.63.27, 4 flows/300s (0 flows/s), 4.000 packets/300s (13 packets/s), 0,002 GByte/300s (0 MBit/s)
    External 78.28.234.130, 4 flows/300s (0 flows/s), 4.000 packets/300s (13 packets/s), 0,004 GByte/300s (0 MBit/s)
    External 173.192.196.29, 4 flows/300s (0 flows/s), 4.000 packets/300s (13 packets/s), 0,003 GByte/300s (0 MBit/s)
    External 194.157.72.126, 4 flows/300s (0 flows/s), 4.000 packets/300s (13 packets/s), 0,003 GByte/300s (0 MBit/s)
    Thanks,
    Outkast
    Help us expose these noobs! - News - LegacyKO | Knight Online Private Server

  2. #2
    Banned
    Join Date
    May 2013
    Posts
    1

    Default

    Its not neccesery that its using a stolen ip identity,it may be just a large datacenter that attacks the servers like yours. Everyone is a victim of attacks,and so are you...
    Dont expect to have 500+ users without having a DDOS attack... There is alot of those, and we cant do anything about them,unless you buy a nice firewall to protect those botnets 'floods'...
    You want to expose them? What you gonna do after than? Rumours said Avici anticheat was stealing the ips,but thats probably just a rumour from the opposite anticheat providors...
    We found them,and do what? NOTHING

  3. #3
    Banned Senior Member
    Join Date
    Aug 2012
    Posts
    1,097

    Default

    This is really.. sad that this is what the community has came too to gain users..

  4. #4
    SEXIEST NOSE ON EARTH Senior Member SheldonCooper's Avatar
    Join Date
    Jan 2010
    Posts
    1,374

    Default

    Unbeliavable in all honesty

  5. #5
    Senior Member Jamm1n's Avatar
    Join Date
    Nov 2012
    Posts
    456

    Default

    Quote Originally Posted by The1337 View Post
    Its not neccesery that its using a stolen ip identity,it may be just a large datacenter that attacks the servers like yours. Everyone is a victim of attacks,and so are you...
    Dont expect to have 500+ users without having a DDOS attack... There is alot of those, and we cant do anything about them,unless you buy a nice firewall to protect those botnets 'floods'...
    You want to expose them? What you gonna do after than? Rumours said Avici anticheat was stealing the ips,but thats probably just a rumour from the opposite anticheat providors...
    We found them,and do what? NOTHING
    I would like to know if my IP is been used. I didnt know this was possible. If I am being used id like to know so I can take any measurements possible to stop it from happening.

    This doesnt look like a "help me, my server is being attacked" topic but more of a "take a look, you might be used to harm others".

    Awesome stuff Kast.

  6. #6
    SlickPrick Senior Member jewboy's Avatar
    Join Date
    Dec 2007
    Location
    ME NO SPEAK INGLYS
    Posts
    227

    Default

    Its not neccesery that its using a stolen ip identity,it may be just a large datacenter that attacks the servers like yours. Everyone is a victim of attacks,and so are you...
    Dont expect to have 500+ users without having a DDOS attack... There is alot of those, and we cant do anything about them,unless you buy a nice firewall to protect those botnets 'floods'...
    You want to expose them? What you gonna do after than? Rumours said Avici anticheat was stealing the ips,but thats probably just a rumour from the opposite anticheat providors...
    We found them,and do what? NOTHING
    This guy doesnt know how to read.. PressKO isnt saying what he thinks it is. He discovered what was going on. Through hard work and dedication to his server. Hes not making up random stuff here. Hes been working around the clock to find out whats going on. He is posting proof of his claims as u can see. Apparently you just dont pay attention to the things you read. Go away.

  7. #7
    Senior Member Undeadkilla's Avatar
    Join Date
    Mar 2010
    Location
    auSTRAYA
    Posts
    275

    Default

    this is just fkn low whoever is doin it... honestly go do something better in life ._.

  8. #8
    Banned Senior Member
    Join Date
    Jan 2010
    Posts
    733

    Default

    About the dumbest shit iv'e ever heard, what kind of claim is that? How would you know?
    Every KO server technically steals users IPs seeing how they are logged in the DB, It would be virtually impossible to make such a claim, unless you were part of the spreading.

    You would know if your IP was being used, seeing how everytime they launched a attack via the botnet your apart of, your network would completely go to shit for that period of time.

  9. #9
    Senior Member Jamm1n's Avatar
    Join Date
    Nov 2012
    Posts
    456

    Default

    Quote Originally Posted by Rocket View Post
    About the dumbest shit iv'e ever heard, what kind of claim is that? How would you know?
    Every KO server technically steals users IPs seeing how they are logged in the DB, It would be virtually impossible to make such a claim, unless you were part of the spreading.

    You would know if your IP was being used, seeing how everytime they launched a attack via the botnet your apart of, your network would completely go to shit for that period of time.
    Did you not read the "it appears" part ? Once he posts the full list, people can check for their IPs. If none finds their own then it means that its not happening. If many do, well then it might just be true. Dont you think ?

    Perhaps you are able to recognize if your IP is being used. Me ? No clue. If my shit starts to lag too much I just close the laptop and try later.

  10. #10
    Senior Member
    Join Date
    Dec 2009
    Posts
    1,714

    Default

    Quote Originally Posted by Rocket View Post
    About the dumbest shit iv'e ever heard, what kind of claim is that? How would you know?
    Every KO server technically steals users IPs seeing how they are logged in the DB, It would be virtually impossible to make such a claim, unless you were part of the spreading.

    You would know if your IP was being used, seeing how everytime they launched a attack via the botnet your apart of, your network would completely go to shit for that period of time.
    Wow, you might try reading the thread again.

    Nobody's talking about "stealing IP addresses", that's absurd. He's saying the PCs behind those IPs have been infected (by certain servers that were played on), and are being remotely controlled as part of a botnet to attack other servers.

    Just knowing an IP address isn't enough to compromise it and have it do your bidding...

    Quote Originally Posted by Rocket View Post
    About the dumbest shit iv'e ever heard, what kind of claim is that? How would you know?
    With that in mind, if your players started to flood your network, it's a pretty strong hint. Of course, you wouldn't know for sure that they weren't deliberately attacking you unless you could prove their innocence, but still -- it's a pretty strong hint.

  11. #11
    Devil's Advocate Senior Member Zealous's Avatar
    Join Date
    Dec 2007
    Location
    New Zealand
    Posts
    1,223

    Default

    Quote Originally Posted by twostars View Post
    Just knowing an IP address isn't enough to compromise it and have it do your bidding...
    Not directly. But eh, tell that to Jake Davis!

  12. #12
    Banned Senior Member
    Join Date
    Jan 2010
    Posts
    733

    Default

    Quote Originally Posted by twostars View Post
    Wow, you might try reading the thread again.

    Nobody's talking about "stealing IP addresses",
    Was something someone else said, not the main post.

  13. #13
    Senior Member
    Join Date
    Dec 2009
    Posts
    1,714

    Default

    Quote Originally Posted by Rocket View Post
    Was something someone else said, not the main post.
    ... this really doesn't change the fact that what you said makes no sense.

    Quote Originally Posted by Zealous View Post
    Not directly. But eh, tell that to Jake Davis!
    Yeah, not directly. You still need to compromise the machine somehow. Whether it's through the user themselves (most common), or some flaw in exposed software... you need to get your malicious app on the machine somehow. Mostly, just having an IP address in front of you is really quite useless.

  14. #14
    Banned Senior Member
    Join Date
    Feb 2013
    Posts
    182

    Default

    yourko > koguard > botnet

  15. #15
    www.professionalko.com Senior Member nickos3's Avatar
    Join Date
    Sep 2010
    Posts
    2,134

    Default

    Quote Originally Posted by MyKOpvp View Post
    yourko > koguard > botnet
    Sup with your server? even 3 months haven't passed since the launch and you have already shut it down ?

Page 1 of 2 12 LastLast

Similar Threads

  1. Server Status
    By necro_ in forum General Chat
    Replies: 16
    Last Post: 03-20-2008, 08:02 AM
  2. Inter Server War, what are your predictions :)
    By anonym1ty in forum General Chat
    Replies: 40
    Last Post: 12-26-2007, 09:48 PM
  3. [clan Infected]ronark Clan New Server Sign Up
    By Plazma in forum Recruitment and In-game requests
    Replies: 12
    Last Post: 03-02-2007, 06:21 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •