FYI A Warning to anyone new playing OA

[SooKee]

I think its getting off the real Subject here its not about "My Dads bigger than your Dad" its about people playing where they want to without being Brainwashed by Negative comments from others, ...

You mean like you falsely accusing the admins of ZimsNEW server in order to stop people from playing there? You created this whole thread to make "negative comments" about us so that people would not want to use our server.

And your tactic has worked with some people. We have even had one loony making some kind of death threat against us in our IRC channel.

Code:

<q3ker> but as someone claimed for server attacking
<q3ker> Zims you really fucking awesome 
<q3ker> die
<q3ker> soon with big pain
<q3ker> you and some people ( yes i indeed personally met´em ) are fucking awesome
<q3ker> seeming so nicely and gentle
<q3ker> but only a buch of fake desonorable persons
<q3ker> STUPIDS

Why are you doing this to us?

... the point being made was that during the Time the Server was running as soon as more players started playing there, the comments, DDos attacks etc started, along with the GeMs this, GeMs that Syndrome ...

I don't care what "circumstantial evidence" you think you have. Maybe some of the people who don't like you only start to attack your server when they think they have a viable alternative? After all its difficult to get a good game on an empty server so your server was the only option for a lot of people. Perhaps if you were not quite so rude to some the people who played on your server and treated them with a little more respect there would not be so many insta players out there who dislike you. And there are plenty of insta players out there who dislike you. That's nothing to do with us. That's on you.

Your hatred towards us is thoroughly misdirected. I have no animosity towards you. I have never done anything malicious towards you. I have not encouraged anyone to dislike you. I have even (occasionally) argued in your defence. Using this DB as a public forum to turn people against us is just not fair.

The way you have chosen to handle this is so wrong on so many levels. Instead of talking to us about it you decided to wage a war against us telling everyone we are bad people trying to hurt you. You are doing this in order to stop them from using our server. You are the aggressor here.

We have done NOTHING in return. Nothing other than try to talk to you and to explain that what you are telling people is completely untrue.

All we are doing is trying to make our server the best it can be. What we do we contribute to the OA community as a whole. So the software we write and the maps that we build are all GPL and free for anyone to use. We are hoping for a day when there are MORE instagib servers, not fewer.

[rainbow]

Hello OP and thank you for your answer. First off please try to use the modify button instead of double posting. And PLEASE use some periods. This is nearly unreadable.

omg stop making me out to be the bad Apple I'm not the one Slandering neither did I use Defamation of Character remarks about certain people, Slander is when the remarks r Untrue

, but it seems theres One Rule for One and another for Someone else, its ok for others to Slander, take someone else's Name in Vain etc just goes to show certain people r/were just looking for an excuse to attack in a Negative way

OP these rules are for everyone here on the forum. I don't know why you think they wouldn't apply to you. From an objective point of view there only seems aggressiveness from your side for whatever reasons. As the guys who you accused answered, you seem to be just trying to hurt "competition". Let me tell you that we are a scene of around not even 1000 different active people. There is no competition here. The heart of the open source community is to work together.

I think its getting off the real Subject here its not about "My Dads bigger than your Dad" its about people playing where they want to without being Brainwashed by Negative comments from others

I have been on those other servers and there was never anything bad actually. People still play wherever they want so why are you trying to stop people from playing on those of the Zimmer guy?
Talking about negative comments. Is there anything more negative than your posts on this forum? It seems more like someone is trolling here.

the point being made was that during the Time the Server was running as soon as more players started playing there, the comments, DDos attacks etc started

Don't you see a connection between many people playing on your server + many people playing on other servers may be the reason why the server load was high on a server which hosts multiple games? I mean, instead you make the connection that you get a DoS-attack. It is like the situation where someone forgets a pen at home and accuses everyone at work that they stole it. OP you should maybe calm down and be a little rationale.

what you're liike in a Game doesn't you're the same in the real world

Wrong. If you have a bad personality you won't be nice ingame or else anywhere. If you are a nice and fair person you are fair ingame or whereever, too. Simple psychology. I would say there is a low percentage of the behaviour you are talking about. Not everyone has a split personality.

don't be Naive enough to believe what u see being typed as the whole Truth, make your own minds up,

Yes OP. You are 100% right here. And in conclusion let me tell you that it looks like you are lieing.

I asked you to answer me because you said there are major vulnerabilities in the game of OpenArena. You fail to even talk about that in your answer, instead you start again with your rant.

This topic should needs to stay open as security vulnerabilities are a very important matter. Also we have the possibility to fix it.  It is said by OP that it is possible to install Trojans on clients and using them in a bot network. We need more information on this OP, not on your personal flame war.

Please answer as soon as possible to fix this issue.

edit: Just saw another topic: http://openarena.ws/board/index.php?topic=4864.25

It's about OP and it seems like it's not the first time of acting like this. Actions should be taken if the thing about the security vulnerabilities is just a lie. I don't understand why some people thing it is funny to destroy a small scene of players.

[fromhell]

Sure rainbow I'll answer your "Post" after sending u a private message on the Assumption that I thought u were actually someone else as u seem to be using their Name

...

Topic closed I think as there is no more GeM's.

Don't backseat moderate.  There will be something else that will be closed.  I don't appreciate the FUD victim act, and i'm far more familiar with Rainbow than I am with you and your antics.

[grey matter]

[..] GeMs this, GeMs that Syndrome form people who have never met me in REAL Life, what you're liike in a Game doesn't you're the same in the real world, its just a Game so Personal comments(unless you've actually met the person)concerned and know them well THEN u have the right to comments.

I've you're being an asshole on the internet I don't care whether you're actually a nice guy or girl in the real world.

so they Install RATS into downloads for the other Servers, with people being unaware they are Infected, they are used to DDos attack DCs like in the Netherlands for Instance without even knowing it.

I asked you to answer me because you said there are major vulnerabilities in the game of OpenArena. You fail to even talk about that in your answer, instead you start again with your rant.

This topic should needs to stay open as security vulnerabilities are a very important matter. Also we have the possibility to fix it.  It is said by OP that it is possible to install Trojans on clients and using them in a bot network. We need more information on this OP, not on your personal flame war.

I'm pretty certain this is just FUD. The only thing I've ever downloaded from Zimmer's or any other servers are .pk3 files via autodownload. While there are in theory possibilities that there are flaws with e.g. the jpeg/png/ogg/wav decoder, the QVM interpreter etc. I doubt that. I have not seen any such serious bug in (io)q3 in a long time and even if people would have such an exploit, why do something lowly as DDos'ing some OA server when you can have credit card data, e-mails and mine some bitcoins? If you'd like to get an OA server down via DDos then it's much easier to just rent an existing botnet instead of infecting only a small number of users of some of the other OA servers with your RAT.

For good measurement, let's try this: "ZimsNEW Instantgib" has http://openmafia.org/~zimmer/ set as sv_dlURL

• http://openmafia.org/~zimmer/baseoa/13vast.pk3 -> https://www.virustotal.com/en/url/7d1d6146eb4b43eff9254192784a45fcc94a045b0991ab5f907f937f9d6c0064/analysis/1400882397/
• http://openmafia.org/~zimmer/baseoa/17+ctf.pk3 -> https://www.virustotal.com/en/url/5d004154cd9cd1eb55cd76ef3c04ecd512346e2e652ee275f145293d4a3e0f46/analysis/1400882483/
• http://openmafia.org/~zimmer/baseoa/Nukeville.pk3 -> https://www.virustotal.com/en/url/03cd640307759021b4b2e6e501e7806178a40fc9c9c5ca2e55878c9db25037e6/analysis/1400882533/
• ..

No matches at all, surprise?

[rainbow]

I was asking him per private message about the exploit and vulnerability presented here but the only thing I got as answer was:

Basically RATS can be Installed in any program others may download, thus once said RAT inside said Program/File is Installed onto someone's Pc, will in effrect "Infect" their Pc without their Knowledge, in turn RATS can also be used to DDos attack Servers/Datacentres etc, also they can be used to "Control" via remote Desktop someone's Pc so passowrds etc can be logged and used for Identity Theft but they are very hard to detect and remove.

Just put in Google RATS trojan, read the Info available you'll understand.

I wasn't asking what a RAT is as I was even the person who posted the information what a RAT is already in this same thread.
I mean it's always possible that there are 0days somewhere in software but why would someone use it for DDoS if you already have remote command execution. It's like making a pizza and then just eating the crust of a pizza.

I don't really care for your personal war. Just use eMails or whatever private messaging systems but stop using this forum for your fear mongering and spreading insecurities to new users. I mean we don't even have many players and now you write "Warnings" to new users about people getting Trojans if they join game servers. This is not cool and not really helpful at all for the community.
I understand that the adminstration doesn't care for all the drama "ingame" but I think if people do this kind of things on the official forum there should be a point where it's enough. I mean okay we all are technical people but there might be just ONE person who get stopped using the game because of this fear mongering.

Yes, that one person matters for me.

I wish everyone a happy weekend, no matter what happened this week here.

edit: Searching for the name I actually found something interesting:

http://god-oa.de/smf/index.php?action=printpage;topic=1389.45

(...) then we started another Clan TW which stood for Trojan Warriors after different Viruses and Trojans lol Gold invented (...)

That is quite interesting in this context now

Beside getting out of that clan so fast because of an incident


edit 2: Okay everyone. That guy send me a pm with the security advisory for the remote command execution bug and I think I should post it here for everyone to secure their "openarena"

IBM Security Host Protection for Servers (Windows), RealSecure Server Sensor, IBM Security Host Protection for Desktops, Proventia Network IDS, Proventia Network MFS, Proventia-G 1.1 and earlier, IBM Security Host Protection for Servers (Unix), Proventia Server IPS for Linux technology, Proventia Network IPS, Virtual Server Protection for Vmware:
This signature detects a specially crafted EXEC_CMD request sent to HP Openview Data Protector that could allow execution of user-supplied code. HP Openview Data Protector Manager listens on TCP port 5555 by default but commonly uses other port numbers.
Data Protector Client could allow a remote attacker to execute arbitrary code on the system, caused by the improper filtering of arguments by the EXEC_CMD command. A remote attacker could exploit this vulnerability using specially-crafted input that interacts with the Perl interpreter to execute arbitrary code on the system.  These are just some Examples, if you want to learn more in order to HELP other people you need to read and Injest the Information.  This module exploits a vulnerability in the qconn component of QNX Neutrino which can be abused to allow unauthenticated users to execute arbitrary commands under the context of the 'root' user.  A well coded RAT 's can give a remote hacker total access to your computer and they are nearly undetectable/ If you ever noticed your computer start up by its self, or perform any activity that is un-prompted it may be infected.  To remove RATS u need more than Antivirus. If you think you have a RAT, run Rkill, TDSSkiller, Malwarebytes Antirootkit.

I'm getting trolled here, right?

[grey matter]

edit 2: Okay everyone. That guy send me a pm with the security advisory for the remote command execution bug and I think I should post it here for everyone to secure their "openarena"

IBM Security Host Protection for Servers (Windows), RealSecure Server Sensor, IBM Security Host Protection for Desktops, Proventia Network IDS, Proventia Network MFS, Proventia-G 1.1 and earlier, IBM Security Host Protection for Servers (Unix), Proventia Server IPS for Linux technology, Proventia Network IPS, Virtual Server Protection for Vmware:
This signature detects a specially crafted EXEC_CMD request sent to HP Openview Data Protector that could allow execution of user-supplied code. HP Openview Data Protector Manager listens on TCP port 5555 by default but commonly uses other port numbers.
Data Protector Client could allow a remote attacker to execute arbitrary code on the system, caused by the improper filtering of arguments by the EXEC_CMD command. A remote attacker could exploit this vulnerability using specially-crafted input that interacts with the Perl interpreter to execute arbitrary code on the system.  These are just some Examples, if you want to learn more in order to HELP other people you need to read and Injest the Information.  This module exploits a vulnerability in the qconn component of QNX Neutrino which can be abused to allow unauthenticated users to execute arbitrary commands under the context of the 'root' user. [..]

I'm getting trolled here, right?

I'll state the obvious; this is either some beginner level trolling or just an idiot.

The mentioned bug seems to be CVE-2011-1866 but it is in no way related to OpenArena. The rest seems to be quoted from a Metasploit module, which does not apply to OpenArena either.

So far GeM has been accusing Zimmer and others of spreading malware via downloads for OpenArena, but has not given proof or evidence. When being asked for some technical details, all we got was some bullshit which seems to be copied from random search results for "exploit".
You can still consider OpenArena/ioquake3 downloads and its in-game autodownloads to be secure unless proven otherwise.

[rainbow]

The mentioned bug seems to be CVE-2011-1866 but it is in no way related to OpenArena. The rest seems to be quoted from a Metasploit module, which does not apply to OpenArena either.

(...)

You can still consider OpenArena/ioquake3 downloads and its in-game autodownloads to be secure unless proven otherwise.

Argh sorry I got pulled into this drama as soon as I read the thing about the vulnerability. What a waste of time actually ...

At least now I know that everything is still secure. Not sure what's wrong with you OP.

Only thing left to say:

GeM over!

[Suicizer]

Is thereany kind of function on this website to ignore such drama queen topics on the forums? I'm pretty tired of things which could rather be discussed on a private IRC channel.

[SharpestTool]

Can we get a Mod/Admin to lock/delete or move this stupid thread?  Definitely a club-nub candidate. 

[GeM]

My Sentiments exactly SharpestTool, rainbow not doubt someone Incognito asked me a question and rather than posting it in the forum, as it was asked in private, was replied to in private, the answer was was C & P'd, I myself know little about this Subject, I'm not bitter and twisted enough to even attempt this action.  SooKee I have no idea who that was, but it cdertainly had nothing to do with me, as I said before I wouldn't be such a Hypocrite to bitch about someone or their Servers then go into that Server expecting to be Welcomed, however this is exactly what you yourself and even Zimmer have done so please get over it how old are you, we're not that Determined to have players in the Server, if people play here they play, its a Game, the Server is for ourselves too, we won't play elsewhere when we know whats been said.  Please carry on with your attempt at OA Domination you know who you are.   

[Gig]

Just a small note:
about the "possible security issues?" thing, just a link to a topic that may be related: http://openarena.ws/board/index.php?topic=4725.0

[rainbow]

I myself know little about this Subject

Then you shouldn't start spreading this kind of rumours and trying to give new users an insecure feeling about OA. That's sick.

however this is exactly what you yourself and even Zimmer have done so please get over it how old are you,
(...)
 Please carry on with your attempt at OA Domination you know who you are.   

I think these guys have said multiple times that you should stop accusing them of various things. And lol about the OA Domination part. Bad Sookee

How old are you OP? 14? Use some periods. It's really hard to read your bashing.

[SooKee]

My Sentiments exactly SharpestTool, rainbow not doubt someone Incognito asked me a question and rather than posting it in the forum, as it was asked in private, was replied to in private, the answer was was C & P'd, I myself know little about this Subject, I'm not bitter and twisted enough to even attempt this action.  SooKee I have no idea who that was, but it cdertainly had nothing to do with me, as I said before I wouldn't be such a Hypocrite to bitch about someone or their Servers then go into that Server expecting to be Welcomed, however this is exactly what you yourself and even Zimmer have done so please get over it how old are you, we're not that Determined to have players in the Server, if people play here they play, its a Game, the Server is for ourselves too, we won't play elsewhere when we know whats been said.  Please carry on with your attempt at OA Domination you know who you are.   

I still, honestly, have no idea what you think I have done or said against you. When have I "bitched about you" and what did I say? Are you still relying on third hand information?

[SooKee]

While we are on the subject of OA Domination and the eyes of the entire OA community are upon us. Let me take this opportunity to introduce the server we (lets call us The Zimmer Collective) are running and building on. The very server that is being disparaged in this thread.

Here it is: http://dpmaster.deathmask.net/?game=openarena&server=144.76.100.87:27960

We have a slightly modified game server that allows us to collect a whole bunch of weird and wonderful stats. To complement this we have a server-side 'bot' managing some of those stats and providing a user interface to other 'features'.

Some of the features are:

We are trying to emphasise capturing flags rather than racking up points by announcing how many flags each person has who captures a flag and by printing to the console the flag scores for each player at the end of the game.

Various user commands:
!request - players can log a request by typing !request <a new map for example> into the console.
!love map, !hate map - players can let us know how they feel about each map. We select the rotation based on that.
!stats - players get a readout of their stats for that map: FH (Frags/hour), CH (Caps/hour), AC (accuracy),  SP (average speed) SK (Skill rating)

The server also issues "push" messages to the console so you know who on your team pushed you.
We fixed the !mute command so server admins can squelch those annoying spamers while still allowing them to play.

Callvoting results are now more prominent being centre printed on everyone's screen.

Your in game stats appear here: http://77.237.250.186:81/webkatti/oa-ictf

The name that you will be listed by is the last name you connected with or the name you registered using !register.

Wing wrote a whole piece about the server here: http://live-clan.de/open-arena-news/insta-ctf-2-0-zim%27s-newopenmafia-!/msg5867

ADMINISTRATION:

We are trying to be good administrators. We even wrote ourselves a code of conduct whereby we do not act like tyrants. We are trying to always be polite when asking people to stop misbehaving. We are also trying to properly explain what they are doing wrong and why before taking action. If people are abusive to us we try to take the moral high ground and ignore them. We won't kick people just because they swore at us or said something negative about us. Sometimes people just like to vent. We want admin actions to be an absolute last resort.

And GeM, you are WELCOME to play on our server regardless of what you have said about me and others in this forum or behind our backs. As long as you behave on the server there is no reason why you can't play there. I honestly don't care what you have said about me and I am happy to forget and move on.

[N-i-k]

*YAWNS* @ Sookee