Jump to content

GForce Servers - 20% off


Recommended Posts

Dont know what you mean with bypassed security panel with editing mtaserver.conf? Security means that customer data cant be leaked.

To put it simple it means that even if I edit things in mtaserver.conf like ports and slots it should be overriden/ignored by usage of command line arguments. Your report system might work now when youre small but imagine when lots of people tries to edit those settings at the same time, servers won't start due to blocked ports and you can't just terminate lot's of people at the same time without informing them as some people just don't know that they cannot change those settings or what consequences it leads too.

You can just check http://www.bgpanel.net/ its your provider panel free with lot of bugs and it can be hacked easy and you can get all customer data.

I know very well about the bugs in bgpanel, hard to miss as it's open source although my old host patched them all very well. You should consider repairing your assuming paid panel before barging over competitors.

I can delete all files and clients from panel. I just need to order server and recive info for it than can get any data ftp passwords,vps root password,client name email...

If you're so sure, prove it to me then, try to find my email and remaining account credit for instance and send it to me over PM. I've been trying to break that panel too but it simply doesn't work because it's modified and properly secured.

You cant compare dedicated server with vps.That are two different worlds. Maybe your provider dont oversell the resources but cpu is still shared like disk and network.

I never did that either, and fact remains resources are always shared at some level. In your dedicated server I share performance with many other customers in a insecure environment while on a VPS I share with only a few, that means better security thanks to sand boxing technology and less risk of someone else breaking into my space.

Our FTP server is secured. But vsftpd and proftpd have bugs where you can enter as root and delete all files.So that mean If I buy a server with your provider I can delete all servers on that machine including yours.But we fixed that on our server.

I don't know about proftpd but vsftpd had that bug in v 2.3.4 back in 2011, that has been patched since long ago. You can read more about it here: https://pentestlab.wordpress.com/2012/11/08/vsftpd-exploitation/. If you still don't believe me than prove this security hole to me, upload a text file to my resources folder saying something like "haha I was right".

Security is pretty much the only thing that can make me change my mind so feel free to hack me and I shall consider a change.

Link to comment

Hello,

We didnt had any problem from 2014 with our panel and security.Our panel have more options than free one.

Server will not start on other port because panel doesnt allow it you have your port. For slots we disabled auto suspend because client maybe uploaded mod and forgot to change slots and he starts the server and it auto suspend it. So if support is not online he must wait.So we get email that slots are changed if client dont change it we suspend it manually.

I sure wont order a server with your provider and give money to proof you something.

Pretty sure that you dont know what is security because you think you are a some type of hacker if you changed slots in mtaconf or saw bugged number of invoice in billing and you told here that you bypassed security...Sorry but this all is so funny for us because we didnt saw this type of "hacker" that can change slots in mtaconf.When we will test some new security on our servers we will contact you for that to bypass it. Security is when client data cant be leaked and also server files. So what you mean that providers that pay for panel are stupid they could use free panels...

If you didnt configured good both can be insecure but want to say your vm is sharing resources on dedicated server with other vms and also you are sharing that resources with other clients on that vm.

This all is going offtopic.

Will not more answer here because it ruined the thread with offtopic posts.

If you have question send me pm dont spam more here

Link to comment

Yeah things starts to go off topic, you're right about that, and if $0 for 7 days free trial is to much for you or if you as well as I know how bad it would look if you tried to hack your competitors just drop me a pm and describe these vulnerabilities more specifically and I'll test them for you. Don't throw stones when you're in a glass house, you should have focused on your own service and why I should choose that instead of raging over competitors.

Just imagine if there was a big McDonalds ad with just a long text braging over how terrible burger king is, would you still buy their (McDonalds) burgers or would you consider them as childish and pathetic just like I do about you right now.

Link to comment

Hello,

I wont describe you because many hosts have that problem so I dont want that that goes to public can make so much damage for companys.Best solution for that is host every gameserver on own vm.

Im foucusing on my services and adding more things for gameservers.

I would buy there where service is good.

If you have more questions pm me.

Link to comment

Either you're afraid that you're service is affected too or you simply don't know. Let me do the dirty job for you then and list a few vulnerabilities I know about regarding default fork of bgp.

  • A few missing mysql escape in some locations allowing SQL injections
  • Usage of mysql rather than mysqli or pdo which is considered more secure as mysql is deprecated.
  • If the screen for some reason fails you'll end up in the terminal with full SSH access to whatever account is logged in, if it's root then the panel owner is screwed literally.
  • If using a non properly configured nginx installation as web server the private ssh key becomes public
  • No webftp meaning that the panel owner has to install their own ftp solution, if they don't know how to do that properly you get yet another way into the system.
  • Lack of port and slots arguments by default, if badly configured I can do the same thing as I did on your panel, (changing port and amount of slots)
  • No validation of the game server on boot, I can upload any application I want and name it the same as the game server and let it execute as the user currently logged into FTP, if root then I have a application with root access that could do a lot of damage obviously.
  • No builtin billing system, same as for ftp if the developer is an idiot this part becomes insecure as well.

Now that was the most critical issues, and no matter what panel a host chooses (paid or free) these vulnerabilities should be carefully patched and tested before taking into production. As you said, only a idiot would take a system with such issues straight into production. My last advice, do not boast. Doing so may result in someone actually tries these tricks on your solution as a result of bad karma. :wink:

Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...