HACKER SIGHTING

A Hacker somehow got a 22,000++ block ship on my server tonight with a pixelated image of GOATSE, I am using the Essentials plugin and restrict the number of blocks to 3500, this is on and enforced, somehow they bypassed it.

https://s30.postimg.org/npa45hd7l/4_Bmv7b_O_Copy.jpg

I know Transcend ran into hacker issues a month ago: https://steamcommunity.com/groups/TRSES/discussions/0/610574394228907171/

======== Has anyone else experienced Hackers? =========

Also, last night, we also got a report of a big Ramming ship with a Heavy Armor Troll face on it, I read the same report on another server Kobos by the server owner: "Kothe Apr 4 @ 6:44pm
The server was just attacked by an exploiter of some variety. The asteroid my personal base was ensconced in suddenly disappeared, then the station itself was instantly rammed by a giant troll face and destroyed. I shut down the server to avoid any further damages to anyone."

https://dl.dropboxusercontent.com/u/3421907/2015-04-04-20-13-17-448_FinalScreen.png

 

Knew you were still spying on me.

Yes, that happened. Unfortunately, didn't catch the perpetrator's identity. I have a few ideas though.

 

Are these actually single CubeGrids?
Can you export one of the offending ships and dropbox it or something so I can have a look at it? If there's something in them that people are able to defeat block enforcement with, I'd like to find out.
I, too, am curious how people got them in, in the first place.
Is copy/paste on?

 

Dude you might want to be careful not to get yourself banned for failure to read the blacklist policy.
You are not permitted to name anyone no matter what.
My question is how do you know anyone was ''actually'' hacking, how do you know it wasn't just a server error ?
Theres a lot of bugs in SE, expecting a filter [3rd party ] to work 100% of the time seems unrealistic to me.
Posting HACKER in bold caps on the forums is sure to get the attention of a moderator soon enough, good luck with that.

Why don't you paste the log file in here for people to look at.

''I hope my ship doesn't RAM the asteroid like my body is about to'''
hahaha laughed when I saw that on your screenshot I think we can all relate to that !

 

I was the admin on duty when the Goatse ship brought the Prometheus Rising server to a crawl. It's 25,000 blocks. It had a huge thruster cluster that is hidden by the censoring togo applied to the screenshot I took. I blueprinted the ship before deleting it and banning the user. We have backups of the server with the ship still in. Copy/Paste was definitely off.

 

Where do you see someone being named?

 

@Dox
https://www.filedropper.com/platform2138

@piddle
The goal of this was to bring attention to the developers that hacking/exploiting is in fact happening.
The second goal was to start a discussion with other server owners, to see if they have had any experiences with potential hackers/exploiters.

 

Played named Typo91 pointed me to this: https://www.reddit.com/r/spaceengineers/comments/30pm13/cheating_in_se_or_just_griefed_by_admins/
Looks like another report of the Troll Face on a 3rd server.

 

Pro-tip:

Steam groups.

 

My apologies , I miss read it where it says Kothe.

 

This just happened to my server! They did the same thing, huge wall of armor blocks "flung" into other players / Roids and then something new this time. The map is corrupted somehow where a 7 mb world download took 10 min to do 10% of the download. I finally gave up and re-rolled a new map. You can see my bug report in the bug report forums where one of my users took a screenshot of the massive wall of death.

Togoshige, please PM me so we can compare notes and logs, I saved all my logs and I want to get this narrowed down. IF we can figure out the SteamID, I want to PM that to Keen Dev's so that they can do something about it.

 

See my bug report thread for details. I captured a copy of the ship. It's got more than 72 THOUSAND uranium ingots in it.

 

72K uranium isn't too difficult. You can import ingots through a refinery projection.

As for building the structure, is it possible they built smaller parts and merged them?

Map slow down could be done with bad programming block code. If you still have to world, see if he left anything behind in terms of Programming blocks or tools like welders.

 

Mods are there to enforce rules on the forums, don't worry ...

 

Negative, this was two parts, one part was the giant wall of armor blocks (with the picture on it), and the 2nd part was the thruster/gryo/reactor part to move the thing (hence the two merge blocks).

The other thing that happened is described in the linked thread above, where they were able to place medbays' at will. So EVEN IF they projected a cheaty blueprint and welded it, how the heck did they place medbay's at will?

I also highly doubt that someone who was Never seen on the server before that day was able to spawn in an object as massive as this in such a short amount of time. Even welding a bluprint would take some amount of time for mining the iron ore and making it into steel plates. Not Join and start causing havoc in 10 min.

Finally I tried to check for timer blocks, program blocks etc. whatever it is they did to my map, it wasn't via use of these, at least not in an obvious way.

 

BTW We've isolated the SteamID for the person responsible.

So far no one from Keen has asked for the info

 

I think I know how they did it? Theres a shipyard mod that uses 4 beacons that can either remove blueprinted ships from a server to transport them or build a ship from blueprint but it cost 3-4 times the resources that welding it normally would cost? I've seen youtube of this but for the life of me I cant remember who the youtuber is?

 

OP: That's pretty bad, but I gotta say, I'm laughing my ass off. Troll level: epic. A massive Borg cube with goatse on the side. "You will be ASSimilated."

 

Well we already know there is a blueprint exploit out there (unlimited inventory) , I suppose it could be possible that they used the blueprint system in some way, but the logs indicate that my offender was only on the server for a matter of minutes before causing trouble. I would think you would need at least the base cost materials to weld this thing (steel plates alone should have taken a couple of hours of mining, refining, and assembling).

I think the answer is more likely they are using some kind of defect to get an entire SBC file to load somehow. I think it's fair to say they used SEToolbox to convert the images to armor blocks, then used some kind of exploit to "poof" in the thruster ship and then the armor wall, merged them in-server and took off to cause havoc.

What's more, they also found people on a server that was set to 500km map size in under a few minutes, (and NO allow client to save was NOT on!) , I'm remembering the days when people would save the map, open in SEToolbox, then greif away.

 

oh? sorry I couldn't be of more help? hope you findout how so it doesn't happen to anyone else?

 

Either the same person with a different SteamID got on my server and did this again, or this exploit is now "in the wild" with multiple people knowing how to do it.

I have no other choice but to go whitelist

 

I can totally relate. So far white listing hasn't hurt me in numbers. And I sleep soundly, knowing my baby is safer. Lol

 

I've been lucky to not need to whitelist yet. Here's to hoping improvements will come out soon to help!

 

These have been "in the wild" for months now, people are just doing the rounds on servers they aren't banned on. I had a brief stint with a few of them. My servers are slightly different in that users do not have access to the entire world, so finding users using any typical cheats is not possible. What they could do (at the time) was flip on "creative mode" in a survival server. This caused a lot of problems obviously. I have since added protection against the things they were doing. (including public shaming when it occurs, so everyone online knows who it is). These were brought up with keen and they know of the issue, and will get to addressing it eventually.

 

Wait. They can flip on creative mode?

 

It would explain the vanishing asteroids... the easiest explanation is that someone control-x'd them.

 

for awareness... They seem to have found a way to get the client into debug mode, and use that to send the server anything they want.

The really bad part - Whatever it is they are doing, they end up "corrupting" the savegame files in a strange way. The server will still load the world and players can play, but if you try and use any tools like SEMU or SEToolbox, they will fail (SEMU throws an error, and Toolbox can't read the blocks from any ships (even legit ones).

I pray that Keen is introducing a fix in today's patch, otherwise I see no real point in my paying a hosting provider every month.

 

I'd love to see the xml of a corrupted file. Do you have one?

I just banned a jimmies guy

I just banned a jimmies guy. He also has a skeletor too.

 

Multiple reports from players on my server that varying blocks: reactors, connectors, etc were disappearing in front of them or are now gone.
Also found two giant Heman ships, that I cant see with SE Toolbox or Extender Entities tab. (https://s1.postimg.org/l0m5ounov/2015_04_21_00003.jpg)

Probably now going to go whitelist with application process.

 

I had to go whitelist, could not physically click BAN fast enough.