Besides the Game Server sockets flood that's going on for the last couple of months and it's daily noticed on ProfessionalKO, there's also a MS-SQL Server attack taking place that started 1 month ago.
The attacker is using more than one VPS (or, there are more than one attacker) with proxy services and the machine is using Linux OS.
They use NMAP to retreive the server information and then they start attacking through MSSQL_Login with a simple file they have, which is a full list of generated names/passwords (Brute-force attack).
Our block list already counts more than 1000+ blocked IPs, that means, everything they do is automatic, including the IP changes.
Why am I creating this topic on G4L ? Because there's no development forum in english anymore to post in there AND because they managed to find our MS-SQL Admin name/password two weeks ago. The bad news; they placed a PHP Backdoor Shell on our Web-Server. The good news; they couldn't harm us as every sql user including admin are having restricted power on our Game Database and the malware was detected and deleted right away from our Anti-Virus that's active 24/7.
I should create this topic two weeks ago, when this happened, but I felt this could be unnecessary because there aren't many known and old servers to be taken down or hacked anyways. But, since they're still trying to brute-force our passwords 30 days after they started, I feel that now it's necessary for others to know.
There's a suspect who's -luckily to us- detected (either a proxy IP change 'bug' or his own-manual mistake) but since we're attacked from more than one VPS at the same time and since there's no proof that could be used publicly, I can't name people.
To the point of this topic:
1. Use multiple SQL and Windows users with restricted power, for everything you're running (Web-Server, SQL Server, Game Files).
2. Install a premium Anti-Virus.
3. Keep changing your information, often.
4. Keep monitoring your web, sql, windows and game logs at least once in a day.
Pretty much, whatever allows you to change/restrict it, do it. And not to think "I'll leave this as it is, who's going to harm me ? and why me?" even if your game is low-populated. If you don't know how to ? Google & Firewalls, folks.
Bookmarks