This is a read-only archive of the Mumble forums.

This website archives and makes accessible historical state. It receives no updates or corrections. It is provided only to keep the information accessible as-is, under their old address.

For up-to-date information please refer to the Mumble website and its linked documentation and other resources. For support please refer to one of our other community/support channels.

Jump to content

Server crash


sv3nx
 Share

Recommended Posts

Someone has found an a exploit and I don't know how to block the user :S

After myusername connects the server simply crashes.

2011-01-12 23:35:54.140 1 => <115:myusername(-1)> Authenticated

2011-01-12 23:35:54.507 SQL Error [sELECT `user_id` FROM `users` WHERE `server_id` = ? AND `name` like ?]: LIKE or GLOB pattern too complex Unable to fetch row

 

I'm running Debian 5.0.6, Murmur 1.2.2


How can I ban IP range?

Link to comment
Share on other sites

Im hosting also popular public murmur server and it started to crash suddenly. It´s the same script kid that is crashing my mumble servers. I think i will also email to kid´s ISP abuse as this exploit is denial of service.


1 => <10:(-1)> New connection: 88.153.226.76:37131

1 => <10:(-1)> Client version 1.2.2 (X11: Compiled Feb 9 2010 17:44:13)

1 => CELT codec switch 0 ffffffff8000000f (prefer 0)

1 => <10:myusername(-1)> Authenticated

ibprotobuf ERROR google/protobuf/wire_format.cc:1059] Encountered string containing invalid UTF-8 data while parsing protocol buffer. Strings must contain only UTF-8; use the 'bytes' type for raw bytes.

SQL Error [sELECT `user_id` FROM `users` WHERE `server_id` = ? AND `name` like ?]: LIKE or GLOB pattern too complex Unable to fetch row


The IP address listed above is from that kid. To ban single IP is useless as scriptkid has dynamic ISP. Therefore i already did RIPE query to blacklist whole ISP as i have no need to allow german users. To blacklist the kid by firewall is simple:


iptables -A INPUT -s 88.152.0.0/15 -j REJECT


If you just want to blacklist this range to only to your mumble server, then syntax is as follows:


iptables -A INPUT -s 88.152.0.0/15 -p tcp --dport 6650 -j REJECT


Assuming your mumble is hosted on port 6650, just replace that subnet range by single IP if you just want to ban that IP.


Hopefully murmur dev. team will fix this issue fast as firewall based block is only a temporary solution.

Link to comment
Share on other sites

  • Administrators
Some more information regarding this issue, it´s now obvious that this exploit applies only to public mumble servers as i dont see crashes for password protected servers.

Maybe the exploiter will only troll with the servers in the public server list!?

He just won’t see or find any pwed servers.


There’s a known exploit which has been fixed long ago.

You could try running RC1 or the latest snapshots of Murmur to prevent further exploiting.


(Not sure if yours is actually that exploit though.)

Link to comment
Share on other sites

 Share

×
×
  • Create New...