Thread: A warning to RSPS Owners

Page 1 of 2 12 LastLast
Results 1 to 10 of 20
  1. #1 A warning to RSPS Owners 
    Registered Member

    Join Date
    Nov 2013
    Posts
    175
    Thanks given
    106
    Thanks received
    1,050
    Rep Power
    164
    It's not uncommon for an owner of a RSPS to choose a Windows-based operating system for their server's VPS. For one inexperienced with Linux, it can provide a decent and user-friendly alternative. It's simple, and it works reasonably well for a RuneScape Private Server.

    When you purchase a VPS or dedicated server from a provider, quite often you'll get either VNC access, or have to use the RDP to connect. Or, even both. If connection via the Remote Desktop Protocol is set up via default, quite often you'll leave it as such, with the idea of a password being enough protection, it's not generally something that somebody really thinks about. I've also noticed, many people don't actually install the Windows Updates, specifically the ones relating the security and exploit patches.

    In almost all versions of Windows XP, the Windows Server Series (right up to the 2008 release), and even in Windows Vista and Windows 7 home systems, there exists quite a few security flaws in the remote desktop protocol. More specifically, one called MS12-020. Operating Systems that have Remote Desktop configured (which is set by default on most VPS/Dedicated Server purchases) are vulnerable to this exploit, which allows remote code execution, without having access to the server.

    I tested this exploit on quite a few RuneScape Private Servers who I found out were vulnerable, and I was able to remote cause a "blue screen of death". More specifically, one such as this:



    I was able to remotely execute code on the remote machine without having authentication. This means, if I know your server's ip (which is fairly easy on Windows, just with the netstat command), and you have RDP configured and active, and haven't gone through and downloaded the Windows Updates and security patches, I'm able to exploit your operating system. CVE-2012-0152 causes a denial of service vulnerability inside the terminal server, and CVE-2012-0002 which fixes a vulnerability in Remote Desktop Protocol.

    tl;dr
    If you don't go through and download all the latest updates and patches regularly, you're most likely vulnerable to this, and a malicious user can exploit your system for his/her personal gain, or cause data loss to your server.
    Reply With Quote  
     


  2. #2  
    Registered Member
    Zivik's Avatar
    Join Date
    Oct 2007
    Age
    28
    Posts
    4,421
    Thanks given
    891
    Thanks received
    1,527
    Rep Power
    3285
    Thanks for the information.
    Reply With Quote  
     

  3. #3  
    q.q


    Join Date
    Dec 2010
    Posts
    6,519
    Thanks given
    1,072
    Thanks received
    3,535
    Rep Power
    4752
    hackr belz reportn for dooty

    duno y anyone would pay the extra $10 / month for the convenience of not changing a run.bat though
    Reply With Quote  
     

  4. Thankful users:


  5. #4  
    Extreme Donator A warning to RSPS Owners Market Banned



    Join Date
    Dec 2010
    Age
    25
    Posts
    6,060
    Thanks given
    1,692
    Thanks received
    1,238
    Rep Power
    1765
    ...
    you killed it. I made so many monies
    Reply With Quote  
     

  6. #5  
    Registered Member
    shed's Avatar
    Join Date
    Dec 2010
    Posts
    1,835
    Thanks given
    504
    Thanks received
    576
    Rep Power
    5000
    Good to see you're informing people about this belz.

    Let's hope the majority doesn't ignore this lol.
    "We don't submit to terror. We make the terror." - #FU2016
    Reply With Quote  
     

  7. #6  
    Registered Member
    Join Date
    Mar 2013
    Posts
    364
    Thanks given
    39
    Thanks received
    78
    Rep Power
    43
    I learn something new everyday lel
    Reply With Quote  
     

  8. #7  
    ♔ ♕ ♚ ♛

    Join Date
    Jun 2013
    Posts
    300
    Thanks given
    28
    Thanks received
    50
    Rep Power
    41
    Thanks for the Info.
    Reply With Quote  
     

  9. #8  
    Registered Member

    Join Date
    Jan 2013
    Posts
    583
    Thanks given
    343
    Thanks received
    146
    Rep Power
    163
    wow

    I don't know what you heard about me
    But a pleb can't get a rep out of me
    No rep, no thanks, you can't see
    That I'm a mother****ing P - I - M - P

    Cool Cats
    Thakiller 🎺 Scu11 🎸 Tyler 🎷 Lare 🎤 ur nan
    Reply With Quote  
     

  10. #9  
    Stand guard at the door of your mind

    Proto's Avatar
    Join Date
    Jul 2011
    Age
    29
    Posts
    1,234
    Thanks given
    152
    Thanks received
    413
    Rep Power
    462
    Thanks for this, unfortunate that I was one of the test dummies :eyeroll:




    Reply With Quote  
     

  11. #10  
    Super Donator


    Join Date
    Mar 2009
    Age
    28
    Posts
    1,388
    Thanks given
    316
    Thanks received
    408
    Rep Power
    608
    If you use windows to host a server you deserve it anyway
    Reply With Quote  
     

Page 1 of 2 12 LastLast

Thread Information
Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)


User Tag List

Similar Threads

  1. Replies: 17
    Last Post: 08-03-2011, 08:22 PM
  2. Hi, I've just returned to RSPS from a 2 year break.
    By DalbyscapeOwner in forum Help
    Replies: 7
    Last Post: 01-28-2009, 03:29 AM
  3. WARNING: To private server makers/users
    By RuneJab in forum RS2 Server
    Replies: 23
    Last Post: 07-29-2008, 10:16 PM
Posting Permissions
  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •