Home | Webstore
Latest News: - OOTP 15: Update #4 Released! - OOTP 15 Released! - FHM 2014: Version 1.6.19 Available! - iOOTP Baseball 2014 for iOS Available NOW! - Beyond the Sideline Football Announced! - Title Bout Championship Boxing 2.5 released!

OOTP 15 Released - Buy Now!

  

Go Back   OOTP Developments Forums > Earlier versions of Out of the Park Baseball > Earlier versions of OOTP: Online Leagues > Earlier versions of OOTP: Commissioner's Corner

Earlier versions of OOTP: Commissioner's Corner Want to run an online league? Want to learn about the 'ins' and 'outs' of being a commish? This is the place!

Reply
 
LinkBack Thread Tools
Old 12-23-2008, 10:04 PM   #21 (permalink)
Hall Of Famer
 
Killebrew's Avatar
 
Join Date: Dec 2001
Posts: 3,319
Thanks: 110
Thanked 45x in 23 posts
Sorry if I missed in on all the forum pages dedicated to this issue but can anyone here mention what happens when users click on the hacked OOTP web site pages with the embedded ****** link? I know it's been described as "a malware site" and it "usually" results in a local box scan and a possible key logger, but do we know exactly what this one does?

Also, I guess there is no action we can take using our ftp logs:/.
Killebrew is offline   Reply With Quote
Old 12-24-2008, 07:05 AM   #22 (permalink)
Hall Of Famer
 
Treches's Avatar
 
Join Date: Dec 2001
Location: Damned Hell
Posts: 2,148
Thanks: 0
Thanked 3x in 3 posts
Quote:
Originally Posted by Killebrew View Post
Sorry if I missed in on all the forum pages dedicated to this issue but can anyone here mention what happens when users click on the hacked OOTP web site pages with the embedded ****** link? I know it's been described as "a malware site" and it "usually" results in a local box scan and a possible key logger, but do we know exactly what this one does?

Also, I guess there is no action we can take using our ftp logs:/.
It's a bit complex to explain the process in detail, but I'll try to simplify it somehow. The moment you get redirected to the malware site a rogue is installed automatically in a hidden mode. Your firewall, anti-virus or anti-malware shields may not be able to block the download and installation, but some of them are capable to detect and remove the rogue afterwards. This rogue is the one you described: the one that goes scanning your PC, claiming it to be highly compromised and telling you about this great piece of software that can put you out of your misery for a few bucks. Those who bite and buy it are awarded with a free highway for trojans.

If you have good and updated security, the redirection to the malware site would be simply blocked (unless, of course, you authorize it), so that's about it. Now, if the redirection is successful you enter the universe of the server that hosts MPack (or similar), which performs in cascade. To do so first it would try to install a downloader trojan to check the system, web brownser and firewall for vulnerabilities. Then, depending on the outcome, goes another trojan, and then another, and another. Pretty much all the family, from keyloggers to spammers to backdoors to downloaders. The more outdated the security and unpatched the operational system and brownser, the more chances has MPack to be successful.

That's all in short.
__________________
The Computer Baseball League
Treches is offline   Reply With Quote
Old 12-25-2008, 02:41 AM   #23 (permalink)
Hall Of Famer
 
Killebrew's Avatar
 
Join Date: Dec 2001
Posts: 3,319
Thanks: 110
Thanked 45x in 23 posts
Thanks Treches - that was pretty helpful. I understand that means there is an additional step after clicking the bad link. My browser blocked the ****** but because these links are on our own sites, I suspect many will not have pop ups etc blocked.

Regarding the hacker... the ****** link insert is being done by a script based on the time of the file updates and the specific target files, but it does not seem likely that a script is look for encrypted OOTP online league files. That seems like a manual job by someone who is at least aware of this game (enough to know it has an online league mode to it).
Killebrew is offline   Reply With Quote
Old 05-19-2009, 11:43 AM   #24 (permalink)
Major Leagues
 
Zubes's Avatar
 
Join Date: Sep 2005
Location: Chicago, IL
Posts: 361
Thanks: 0
Thanked 0x in 0 posts
apparently this issue is back, at least for me. my sites that use the FTP info from OOTP are getting hacked on a daily basis, and its getting ridiculous.
__________________
Phil Zuber

Beyond the Ivy - Commish, Twins GM
Stars and Stripes Baseball League - Cubs GM
Bricks and Ivy - Orioles GM

Sim Coalition - co-founder

Zubes is offline   Reply With Quote
Old 05-19-2009, 12:05 PM   #25 (permalink)
Hall Of Famer
 
satchel's Avatar
 
Join Date: Apr 2002
Location: Ft Smith AR
Posts: 2,680
Thanks: 52
Thanked 48x in 26 posts
Quote:
Originally Posted by Zubes View Post
apparently this issue is back, at least for me. my sites that use the FTP info from OOTP are getting hacked on a daily basis, and its getting ridiculous.
I started having problems a week ago.
satchel is offline   Reply With Quote
Old 05-19-2009, 12:07 PM   #26 (permalink)
Major Leagues
 
Zubes's Avatar
 
Join Date: Sep 2005
Location: Chicago, IL
Posts: 361
Thanks: 0
Thanked 0x in 0 posts
Quote:
Originally Posted by satchel View Post
I started having problems a week ago.
this has definitely been going on longer than a week for me...but i thought it was a server problem and not with me. but it turns out its OOTP again, as the only sites that get affected on my server (and i have multiple sites) are the ones that share the ootp ftp info.

what can we do about this?????
__________________
Phil Zuber

Beyond the Ivy - Commish, Twins GM
Stars and Stripes Baseball League - Cubs GM
Bricks and Ivy - Orioles GM

Sim Coalition - co-founder

Zubes is offline   Reply With Quote
Old 05-19-2009, 12:21 PM   #27 (permalink)
Administrator
 
Andreas Raht's Avatar
 
Join Date: Jun 2002
Location: Hollern/Stade/Germany
Posts: 7,779
Thanks: 482
Thanked 2,990x in 1,014 posts
Quote:
Originally Posted by Zubes View Post
this has definitely been going on longer than a week for me...but i thought it was a server problem and not with me. but it turns out its OOTP again, as the only sites that get affected on my server (and i have multiple sites) are the ones that share the ootp ftp info.

what can we do about this?????
Update all the software which you run on that site, especially Joomla, SMF forum and other CMS or forum software. It's essential that you use the latest version.
On our server we got 3 sites hacked last week and it had nothing to do with OOTP online leagues at all. It's either security issues with forum software or a Trojan/Virus/Worm on your computer (or on a GM's computer) which "reads" your FTP login info from the network connection while you (or a GM) uploads or downloads the league file using OOTP.

Last edited by Andreas Raht; 05-19-2009 at 12:27 PM.
Andreas Raht is offline   Reply With Quote
Old 05-19-2009, 12:26 PM   #28 (permalink)
Major Leagues
 
Zubes's Avatar
 
Join Date: Sep 2005
Location: Chicago, IL
Posts: 361
Thanks: 0
Thanked 0x in 0 posts
we are not using any CMS software. its all hand coded html and php pages.

we are using vbulletin, and it is using the latest version.

as i mentioned earlier, i host several websites on my server. all of the ootp leagues are housed under 1 domain using subdomains. they all share the same ftp info, and the ftp info gets them into the main domain and then branches from there.

the only sites i am having a problem with are those under the main ootp domain. and the only place that ftp info is stored is in the game.
__________________
Phil Zuber

Beyond the Ivy - Commish, Twins GM
Stars and Stripes Baseball League - Cubs GM
Bricks and Ivy - Orioles GM

Sim Coalition - co-founder

Zubes is offline   Reply With Quote
Old 05-19-2009, 12:46 PM   #29 (permalink)
Hall Of Famer
 
satchel's Avatar
 
Join Date: Apr 2002
Location: Ft Smith AR
Posts: 2,680
Thanks: 52
Thanked 48x in 26 posts
Quote:
Originally Posted by Andreas Raht View Post
...a Trojan/Virus/Worm on your computer (or on a GM's computer) which "reads" your FTP login info from the network connection while you (or a GM) uploads or downloads the league file using OOTP.
A trojan can read my FTP login info from the OOTP connection to my server, on a GM's computer? Maybe that's what's happened. It's going to be tough to keep everyone in my league trojan-free, I don't know if I can manage that.
satchel is offline   Reply With Quote
Old 05-19-2009, 01:14 PM   #30 (permalink)
Major Leagues
 
Zubes's Avatar
 
Join Date: Sep 2005
Location: Chicago, IL
Posts: 361
Thanks: 0
Thanked 0x in 0 posts
to go another step further with this...a league i used to commish that i am still an active member of that is on a different server, thus obviously not sharing the same ftp info or anything like that for that matter...

has also been hacked. site also uses php and html coding.
__________________
Phil Zuber

Beyond the Ivy - Commish, Twins GM
Stars and Stripes Baseball League - Cubs GM
Bricks and Ivy - Orioles GM

Sim Coalition - co-founder

Zubes is offline   Reply With Quote
Old 05-19-2009, 01:44 PM   #31 (permalink)
Global Moderator
 
Join Date: Nov 2002
Location: Vancouver, Canada
Posts: 7,962
Thanks: 558
Thanked 490x in 275 posts
Quote:
Originally Posted by satchel View Post
A trojan can read my FTP login info from the OOTP connection to my server, on a GM's computer? Maybe that's what's happened. It's going to be tough to keep everyone in my league trojan-free, I don't know if I can manage that.
I hadn't thought of it before, but now that I do it probably is possible. They can apparently transmit website login info so why not ftp connection info.

I think the best a commish can do in such a situation is ask everyone to scan their computers for virii and other malware asap, even suggesting say some scanning programs (I use avast and superantispyware), and telling everyone that in a few days they'll be changing all the ftp info which will mean everyone will have to install a full file.

Or is there a better way?
__________________
Useful Links: Manuals | Downloads | Newsletters | Knowledge Base | New Tech Support | Updated Forum Rules

Interactive Online League Directory - find or advertise a league today!
Canadian Baseball League - uses latest OOTP, running steadily since April 2002
kq76 is offline   Reply With Quote
Old 05-22-2009, 10:19 AM   #32 (permalink)
All Star Reserve
 
jdettbarn's Avatar
 
Join Date: Mar 2002
Location: Buffalo, NY
Posts: 633
Thanks: 19
Thanked 3x in 2 posts
My league was hacked over night and a good majority of the files in my league domain's folder were deleted. I run a similar hosting setup as Zubes described and none of my other domains were touched.

This is the second hack job (the first being very minor - one page that had a malware ****** inserted), but given the constant attacks other folks are seeing, I'm not even sure it's worth doing a league any longer.

Prior to the FBL, I ran an OOTP league for 5 years (using versions 3 thru 6) and never got hacked. I started the FBL back up a few months ago and have been hacked twice that I know of... very frustrating.
__________________

NPBL Idaho Spuds GM
Former Federal Baseball League and JOBL Commish (2002 - 2011)
jdettbarn is offline   Reply With Quote
Old 05-22-2009, 06:59 PM   #33 (permalink)
Hall Of Famer
 
rasnell's Avatar
 
Join Date: Jan 2003
Posts: 3,181
Thanks: 4
Thanked 60x in 31 posts
I have now been hacked twice each in the past three weeks on two different sites. If it happens a third time, I probably will end what has been a fun online experience as commissioner with some great GMs. Very unfortunate.
__________________
Charlie Root won more games for the Cubs than any pitcher (201), yet was remembered for one pitch to Babe Ruth. Check out my book about the ace and the best Cub team of all-time. "Root for the Cubs: Charlie Root and the 1929 Chicago Cubs." See all this at www.rootforthecubs.com.

Beta tester, OOTP 2007-2014 and iOOTP 2011-2014.
rasnell is offline   Reply With Quote
Old 05-24-2009, 07:16 PM   #34 (permalink)
Hall Of Famer
 
satchel's Avatar
 
Join Date: Apr 2002
Location: Ft Smith AR
Posts: 2,680
Thanks: 52
Thanked 48x in 26 posts
Anyone have any ideas on how to stop this?

Is the problem that a trojan can pick up the FTP login info, off of any owner's machine, when he exports?
satchel is offline   Reply With Quote
Old 05-24-2009, 07:40 PM   #35 (permalink)
Moderator
 
Join Date: Mar 2002
Location: Mass.
Posts: 1,963
Thanks: 15
Thanked 136x in 94 posts
Quote:
Originally Posted by satchel View Post
Anyone have any ideas on how to stop this?

Is the problem that a trojan can pick up the FTP login info, off of any owner's machine, when he exports?
I mentioned this previously, but Since OOTP shares the ftp login for both web exports and owner exports, this puts your websites at risk. This means that all it takes is for someone to have OOTP and your league file and they can find your ftp password to upload pages to your website (and thus hack your site).


The way I get around this is a pain in the butt, however since OOTP doesn't do anything to protect against this (my suggestion to the developers was to allow a seperate ftp account in the ootp configuration for webpage uploads and a different account for owner exports), you have to do it manually.

This is what I do:

I have two ftp logon accounts on my server.

1) account is for owner exports. This is input into your OOTP online configuration in the file that you upload. It ONLY has rights to read and write to the exports folder on your ftp sever.

2) account for web reports. You do not put this into OOTP anywhere. It has the rights to the rest of the webserver file structure.

When you upload files for other owners in the league , you have account #1 configured in OOTP. When you upload webpages to your server, you do it outside of OOTP and don't use OOTP for that. An alternate is that you can still use OOTP to do so, but you have to manually change the account settings back and forth in OOTP which is a pain.

If this is confusing, I would be happy to help explain it further, just drop me a pM. Ideally I think this is something that should be fixed in OOTP, but was told that was not going to be done, so a manual work around from commishes is the only other solution.

Let me know if you have questions, I am happy to help.
__________________
- Front Office Offseason League. (Fast Paced OOTP-X and OOTP11 leagues, sims one season every week)
Alan T is offline   Reply With Quote
Old 05-24-2009, 08:43 PM   #36 (permalink)
Hall Of Famer
 
f.montoya's Avatar
 
Join Date: Nov 2004
Posts: 6,006
Thanks: 268
Thanked 257x in 123 posts
I agree with both Andreas and Alan T. Update your scripts and separate your game FTP accounts. I had some hacked websites myself two were running Mambo, from which we migrated to Joomla 1.5 as a result. But that alone will not assure security.

To go a step further, I will map out what I recommend(some of it reflects what Alan T. and Andreas have already stated above)...

1. Delete ALL infected files from the server
2. Restore a backup(ALWAYS make periodic backups of your site files and databases!!)
3. Change all of your passwords, FTP, forum and CMS logins, etc.
4. Update your scripts to the latest versions(ASB now uses Joomla 1.5.10 and phpbb 3.0.4 on all sites)
5. Create a sub-sub-directory for your reports and league file(for example yoursite.com/game/exports). You can add more security by making the name of the directory more cryptic as well. DO NOT publish a "public" link to download your league file on your website.
6. Create an FTP account that has access to /game ONLY, and use this for your in-game FTP settings. You can go a step further as Alan T. suggests if you want to separate the league file from the reports but, in my opinion, if someone hacks my /game folder, FTP info and directories need to be changed again anyway and reports and league files are easily restored.
7. Remove any 3rd party Online forms components from your website, or use forms that are being supported and updated regularly.
8. Disable site registration and manually create accounts for new league members.
9. Use a no-proxy code in any online forms you have published. At least a good % of hackers will be discouraged.
10. Use an .htaccess file for your site that keeps a large portion of the bad-guy population from even seeing your website.

For number 9 and 10, I have info in another thread. I'll see if I can find it and post it here.

Still, even with the above precautions, nothing is 100% safe. Backup your site and databases regularly to save yourself some headaches.
__________________
Fidel Montoya

Asahi2 Baseball Commissioner(Historical League Since 2004)
www.allsimbaseball.com (OOTP web hosting - Customized sites for online leagues - Sign up, Connect OOTP and Play!)
Share Your Mods - Free, unlimited and easy to upload to share your Mods instantly(free site registration required)
AllYouSports - "Because Facebook don't do baseball stats"

Last edited by f.montoya; 05-24-2009 at 08:45 PM.
f.montoya is offline   Reply With Quote
Old 05-24-2009, 09:10 PM   #37 (permalink)
Hall Of Famer
 
satchel's Avatar
 
Join Date: Apr 2002
Location: Ft Smith AR
Posts: 2,680
Thanks: 52
Thanked 48x in 26 posts
Thanks guys. In the past, I've experimented with a special limited-access ftp account for my owners' exports. I'll give it another shot.
satchel is offline   Reply With Quote
Old 05-25-2009, 04:06 AM   #38 (permalink)
Administrator
 
Andreas Raht's Avatar
 
Join Date: Jun 2002
Location: Hollern/Stade/Germany
Posts: 7,779
Thanks: 482
Thanked 2,990x in 1,014 posts
Thanks guys for your help! Let me just add one thing: Each day thousands of servers and sites get hacked without any OOTP involved at all. Just because they used old versions of message board, gguest book scripts or content management systems, which had security issues. Always update this software when there's an update available!!!
I'm sure and it's obvious that a big part of the hacked OOTP sites have been hacked just because of those outdated versions.
Anyway, a Trojan could get your FTP login info when you (or a GM!) uploads/downloads league or team files, so there's a security issue there as well, just don't forget to keep your software up-to-date and also follow the great instructions above.
Andreas Raht is offline   Reply With Quote
Old 05-25-2009, 12:16 PM   #39 (permalink)
Hall Of Famer
 
rasnell's Avatar
 
Join Date: Jan 2003
Posts: 3,181
Thanks: 4
Thanked 60x in 31 posts
What is the easiest way to continue a league without using a web site? How do you export the league file to all owners and then have them update?

Is there a way to send a file and the game updates or do you have to go through all the manual steps of zipping the league file, sending it via email to all gms and then they would have to unzip and manually overwrite in saved_games folder?

It is easy to understand how to include their team exports from the manual, but I'm not sure about the league file workaround.

Any help?
__________________
Charlie Root won more games for the Cubs than any pitcher (201), yet was remembered for one pitch to Babe Ruth. Check out my book about the ace and the best Cub team of all-time. "Root for the Cubs: Charlie Root and the 1929 Chicago Cubs." See all this at www.rootforthecubs.com.

Beta tester, OOTP 2007-2014 and iOOTP 2011-2014.
rasnell is offline   Reply With Quote
Old 05-26-2009, 12:39 AM   #40 (permalink)
Hall Of Famer
 
f.montoya's Avatar
 
Join Date: Nov 2004
Posts: 6,006
Thanks: 268
Thanked 257x in 123 posts
Just an update...

Andreas has been actively discussing with beta testers security measures that can be put in place in the game. Some good ideas are being brought up and I am very encouraged by what I've been reading so far. For those of you that I don't host at AllSimBaseball, here is pretty much what has been my website security bible: How to prevent your website from getting hacked. Repair damaged site.

I know it's a lot of reading and most may not want to be bothered, but on the odd chance that some commissioners have some interest in knowing a little more about website security, there it is.

Roger, I've sent you and your league members an email. Thanks to Randy, I found what had been eluding us all this time.
__________________
Fidel Montoya

Asahi2 Baseball Commissioner(Historical League Since 2004)
www.allsimbaseball.com (OOTP web hosting - Customized sites for online leagues - Sign up, Connect OOTP and Play!)
Share Your Mods - Free, unlimited and easy to upload to share your Mods instantly(free site registration required)
AllYouSports - "Because Facebook don't do baseball stats"
f.montoya is offline   Reply With Quote
Reply

Bookmarks

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT -4. The time now is 07:18 AM.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.
Search Engine Friendly URLs by vBSEO 3.6.1
Copyright © 2013 Out of the Park Developments