Jump to content
Mumble forums

Server crash


Recommended Posts

Someone has found an a exploit and I don't know how to block the user :S

After myusername connects the server simply crashes.

2011-01-12 23:35:54.140 1 => <115:myusername(-1)> Authenticated

2011-01-12 23:35:54.507 SQL Error [sELECT `user_id` FROM `users` WHERE `server_id` = ? AND `name` like ?]: LIKE or GLOB pattern too complex Unable to fetch row


I'm running Debian 5.0.6, Murmur 1.2.2

How can I ban IP range?

Link to comment
Share on other sites

Im hosting also popular public murmur server and it started to crash suddenly. It´s the same script kid that is crashing my mumble servers. I think i will also email to kid´s ISP abuse as this exploit is denial of service.

1 => <10:(-1)> New connection:

1 => <10:(-1)> Client version 1.2.2 (X11: Compiled Feb 9 2010 17:44:13)

1 => CELT codec switch 0 ffffffff8000000f (prefer 0)

1 => <10:myusername(-1)> Authenticated

ibprotobuf ERROR google/protobuf/wire_format.cc:1059] Encountered string containing invalid UTF-8 data while parsing protocol buffer. Strings must contain only UTF-8; use the 'bytes' type for raw bytes.

SQL Error [sELECT `user_id` FROM `users` WHERE `server_id` = ? AND `name` like ?]: LIKE or GLOB pattern too complex Unable to fetch row

The IP address listed above is from that kid. To ban single IP is useless as scriptkid has dynamic ISP. Therefore i already did RIPE query to blacklist whole ISP as i have no need to allow german users. To blacklist the kid by firewall is simple:

iptables -A INPUT -s -j REJECT

If you just want to blacklist this range to only to your mumble server, then syntax is as follows:

iptables -A INPUT -s -p tcp --dport 6650 -j REJECT

Assuming your mumble is hosted on port 6650, just replace that subnet range by single IP if you just want to ban that IP.

Hopefully murmur dev. team will fix this issue fast as firewall based block is only a temporary solution.

Link to comment
Share on other sites

  • Administrators
Some more information regarding this issue, it´s now obvious that this exploit applies only to public mumble servers as i dont see crashes for password protected servers.

Maybe the exploiter will only troll with the servers in the public server list!?

He just won’t see or find any pwed servers.

There’s a known exploit which has been fixed long ago.

You could try running RC1 or the latest snapshots of Murmur to prevent further exploiting.

(Not sure if yours is actually that exploit though.)

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Create New...