Preview
----------------------------------»» ADDZ ««----------------------------------
... aNOTHER oNE cOMING fROM tHE fASTEST aROUND ...
-( zENITH wHQ (aMIGA) - rAZOR 1911 cHQ (pC) )-
/\______:_ _:___________ __________
/ | _______ | /________/ _____/
_/ | |/ \| \ / _____\_____ \
\______ | | \\ \/ ___/___| | \\
| || \_ \\_ / | \
_|__________| _|______/_______/_________l__________/
: /_______|
: /\_____ __
________:_/ _____
<- Z E N ! T H - W H Q -> / |/ ___/ tHE mASTERS aRE!
// | | |
! 7 nODES rINGDOWN ! _/ | || rOTOR, pOLARIS, rAIDER
\___________| |
! oN iNVITATION oNLY ! /_________|_ vFAST, mARK & gRIMLOCK
:
__________ /\______: ______________
_______ / _____/ / | ______\_________ \____________
/ \ \_____ \_/ | |/ \_______/ /________ \
/ | \\| | \\______ | | \\ \ _/_ _____/ //
/ \_ \ || \_ \ \ |/ / /
/ _|______/_________/_________| _|______/___|\\ | /____/
<-/_______|-----------------------/_______|------------\____|____\rtx!/aRt->
: : :
aMIGA 4ooo/o4o - 2 gIGA - aLL nODES aRE 16.8 dS hST - aMIGA & pC wAREZ
cRACKERS / tRAINERMAKERS cONFERENCE wITH tHE bEST dUDES aROUND!
aLL zENITH rELEASES aRE aLWAYS fREE dOWNLOADS
----------------------------------»» ADDZ ««----------------------------------
__________________________________________________________________________
A Guide to
Protecting Your
Ami-Express (/X) HOST BBS Enviroment from Hacking
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Written & Researched
By
2-Cool/LSd!
(An Unoffical LSd Release.)
Revision : $1.00
Release : $1.00
Date : Dec`93
___________________________________________________________________________
ABOUT THIS DOCUMENT
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Purpose
¯¯¯¯¯¯¯
In recent times the security of BBS`s and stories of them being hacked
or infiltrated are becoming increasingly more common. Attempts to forbid
illegal access to boards running Ami-Express BBS is the theme of this
article.
This text explains the techniques that some people have been using to
infiltrate the system security and steal confidential "user.data" and
other restricted files. While explaining these techniques the methods
to safeguard against them are described.
Product
¯¯¯¯¯¯¯
The information contained within this document is specifically aimed
for use with "Ami-Express BBS" software which was written and developed
by LightSpeed Technologies Inc.
Intended Readers
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
It is assumed that the reader is already familar with the way Ami-Express
bulletin board system operates and jargon like "doors" and so on which is
used. This text will be of particular use to sysops and co-sysops wishing
to add some much needed extra security.
Why they do it
¯¯¯¯¯¯¯¯¯¯¯¯¯¯
These ~pseudo-hackers~ have been trying to download or change the
"user.data" user-settings in order to get 255 access level accounts or
damage the bbs software itself. With 255 access level accounts they have
many sysop level commands available at their disposal. Account editing,
file deletion, unlimited time, ratio`s, credits etc. On Some systems they
have the ability to open a remote shell. This opens up the possiblities of
destroying the entire contents of the bbs`s hard-drives. Perhaps they have
a vendetta against you or are a rival service.
Some of the really malicious types have been 'low-level formatting' systems
for "FUN" through some very sneaky methods. Doing this causes much
disruption and often many megabytes of uploads and messages are lost
in the process. Their methods and techneques are revealed below...
Ami-Express, The "BBS:Express" Program
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
The methods these people are using varey depend upon the version of
Ami-Express your BBS is running under. Eariler versions of /X2.xx had
some problems with the MCI text command language. This caused problems
because potentially dangerous doors could be activated via the message
base (the likes of a remote-shell, account editing and so on). These
problems have since been rectified with the latest OFFICIAL versions so
make sure you are running a version with a safe MCI enviroment.
If you are using the latest OFFICIAL REGISTERED version 3.20 or above
of Express directly from LightSpeed Technologies then your actual bbs
program will be safe and free from possible hacking infiltration. If you
are running a pirated copy of express then one can never be completely sure
over the origin of it. It could well have had backdoors written into it.
Do not fall into the trap of assuming its safe simply because you know it
is the same size as the official version. Remember many of these rogue
backdoors can be written into less than 1k of code! Now if they really
want to be cunning they could add a backdoor into express, lightly
compress the file and then append another hunk onto it to make it back
upto the original size. This would therefore make the "Official" and the
"Fake" versions identical in length! Do not use any hacked around copies
of Ami-Express like the ones which have been floating around as of late.
They are ofcourse illegal and far too risky!
Unofficial Rogue Versions of Ami-Express bbs software are very easy to
make since the Lattice-C 'source-code' to AmiX v2.34, v3.0 beta was not
so long ago released directly into the public domain. This has presented
problems in that it is now very very difficult to tell a fake from a real
one. It is therefore advisible that if you want to be 100% sure your not
running a fake REGISTER to Ami-Express or use some other PD BBS package
where you can get the files directly from the authors.
This is the first step in make sure that your bbs itself does not contain
any backdoors. Registering to express will guarentee that your system
"BBS:Express" is not directly the cause of the breach of security.
Ami-Express, External DOORS
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Doors have in the past been one of the most used methods of infiltrating
bbs security. The rogue doors are very very difficult to tell from the
legitimate ones. The most safe doors to install are ones which are supplied
with the 'source-code' in the archive. With these you can rebuild them
yourself with the appropriate compiler or assemblers. If possible get
a programmer to look over and re-compile the code before you install it.
If the door is a rexx-door then insist on having the 'arexx-script'. Be
particually wary if it is arexx-complied code without the arexx-script
being supplied. If you wish to compile the arexx then do it yourself.
Be vary careful with pre-compiled arexx doors!
Many of the authors of Ami-Express external doors do not distribute the
source-code to their creations with the doors themselves. Usually this is
so that fake versions cannot be so easily created or their doors code
stolen. This can be a problem if you are trying to determine whether the
door is safe. Try to contact the authors and get the doors directly from
them. Also If possible once again get a knowlegeble programmer to go
through the door in detail checking for possible backdoors. A program
called "Resource" is particually effective at checking a doors integrity.
This can be quite time consuming but so can re-installing your whole bbs
after its been formatted!
Ami-Express, External Programs
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
External programs in the form of uploads from a bbs`s user base are
often forgotten about as a direct means of security infiltration. When a
user on your system uploads a piece of software they could be sending you a
potential backdoor, bbs-virus or auto-fast formattter. It is therefore VITAL
that you take measures to ensure that your are not the target of a BBS-VIRUS!
BBS-Viruses/seekers can come in all types of software from utilities to
games. Remember its not just Ami-Express doors you have got to be warey of.
Its EVERYTHING, Intros, Demos, Games, Utilities, you name it! A sneaky
method of setting up fake accounts or destruction of all your software can
come from any of these sources if you test uploads on your host bbs machine!
Hidden deep in the core of tightly packed assembly language demo`s
or utilities can be code to search for the "DH0:" path or even "BBS:" or
any other assignments that you may have for that matter. One such rogue
demo I have heard about searched for the "BBS:user.data" file. Once it
found this file, it added another dummy 255 account to it and copied the
"bbs:user.data" into the "New Users" conferences renamed as ".info" ready
for downloading by any new user. It also changed the BBS`s configuration so
that no New user password was required to setup a new account! Hows that for
a SECURITY BREACH!! All without the sysop knowing anything had ever
occured. This can happen simply because you test a piece of software to
see if it is a fake with the hard-drives and BBS disabled.
The very safest ways to ensure that this does not happen to your system
is to either test software on another machine (best method), get co-sysops
to test the files for you (2nd best method) or unarchive the software to
disk and disable your hard-drives with the boot-options. Using these
methods there should be no possibility of software infiltration. Also take
particular caution when reviewing new *UPDATES* of software... you never
know it could cause you no end of greif if your not careful!
Remember to BACK-UP your complete BBS and the 'user.data' regularly. And by
backing up I mean to a device NOT connected to the HOST BBS machine. eg;
disks, tapes, etc. A Video backup system is particually useful for this
purpose as a fully backup of a bbs can consume considerable amounts of
disks!
Ami-Express, Configuration Safeguards
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
When you configurate your BBS make sure that you have disabled the users
option to EDIT THEIR NAME. This option is 'ACS.EDIT_USERNAME'.
If you leave users with this ability 'tricks' can be played on your
system which could cause you and other users to think the system security
has been breached. For instance the sysops username could be "Bytemaster".
Now if a user changes his username to "Bytemaster " (<- notice the space)
the user could send mail to other users and they would think it was sent
by the sysop!
Allowing this to occurer could cause many a potential headache! Also this
name changing could be used on multinode boards with chat facilities to
pretend to be another user - again problems can occur!
Ami-Express, Additional Safeguards
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
The methods described below are only for the very last resort and remember
they are only a method to stop the downloading or changing of your
'bbs:user.data'. These ideas are only useful once you security HAS already
been breached! Even with these methods your hard-drives can still be
formatted. It only makes the downloading of restricted files like your
user.data more difficult. Note that the methods already described should
eliminate the need to use the techiniques below. This information here
is just given for completeness.
If you want to use these methods below then I advise that you get help from
a knowlegeble programmer. He/she should be able to supply you with a hex
editor and the information to make the neccesary changes. Also make sure
that you are not violating your Ami-Express licencing agreement by modifying
the Ami-Express object code - I`m unusure if this is part of your agreement!
The extra safeguard that can be added to improve your systems security is
to modify the "BBS:Express" program code itself. Search for the string
"%suser.data" with a binary file HEX editor. Once located you can edit this
string to something completely different, more unotraceble and obscure ,ie;
"s:virusz.pref". The "%s" is usually replaced with "BBS:" but if you remove
it completly you are free to put in a different path to load from like "S:"
Also changing the path assignments of "BBS:" to something more obscure can
be benificial. Changing the names of ACP, EXPRESS, (don`t forget if you do
this you need to change the ICON tooltype names and the ACP as well!!)
End.
___________________________________________________________________________
|>-<>-><-<·>-<>-><-<·>-<>-><-=-<>-><-<·>-<>-><-<·>-<>-><>-><-<·>-<>-><>-><|
|<|¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯|<|
|·| Îf ¥øµ ÂRÊ CøøL, ¥øµ'RÊ ÂLRÊÂÐ¥ HÊRÊ! ØR ¥øµ KNøW SøMÊøNÊ WHø ÎS! |>|
|·| |>|
|·| /\__|\__ _|\_ ___/\_ /\_|\___|\_ ___/\___/\___/\______/\/\_ _ |>|
|||°¬/ \ (/ \ Y _/ /¤/ /| \ V _/ __/ __/ ______ \ V \¯¬°|||
|<|::\ .\_/. /. | |. /:/. /:|. ° /. | |. /\/. /\/. _/:|. ° / | .\::|·|
|>|:/V \\|| \ \| | /¯¯\ /¯¯\| ° \| | / \ / \ \/\|| \ \__ //::|<|
|/|:\ __/| _|\_/___ |__ /__ / ___/___ |__ /__ / ___/| _|\_/ ___/Mat|>|
|·|°¬\/°¤*|/¬¯¬°¤*¤°\|¬°\/¤°¬\/|/*¤°¬¯¬°\|¤°\/¬°¤\/\/¯¬°¤|/°¬¯¬\/*¤°¬¯¬°|||
||| |·|
|||+×+-+×+-[] [Ø] by MEMbER ReFErral - ONLY! - [Ø] []-+×+-+×+|·|
|||+×+-+×+-[] 3* µSR HST 16.8øø DS RÎÑGÐøWN - 2* µSR HST 14.4ø[]-+×+-+×+|·|
||| |·|
||| L·S·Ð WØRLÐ HÊÂÐQµÂRTÊRS __________________ L·S·Ð WØRLÐ HÊÂÐQµÂRTÊRS|·|
|<|_________________________/-><-<·>-<>-><>-><-\________________________|<|
|>-<>-><-<·>-<>-><-<·>-<>->< "ThE BrOtHeRhOoD!" >-<>-><-<·>-<>-><-<·>-<>kø|
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯\-><>-><-<·>-<>-><>/¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
----------------------------------»» ADDZ ««----------------------------------
.-------------------------------.
| aNOTHER fILE cOMING fROM |
¦ ¦
: oNE oF tHE fASTEST aROUND: :
_ _ ____ _ ____________________________________________________ __ ___ _ _
\_\\\\_______ /______ \ __ /___ / _________//_///
/ _/___/_/ ___ \ \ / \ /_____ \
\ \ | \ \ \__/ / / / \
\___. |\________/_____\\_________/__________/
`-----' ·
_ _ ___ __ _________________________ :
\\\_\\_______ \_____ / ¦
· / / \ /______/ |
: \ / / ____/ ¦
: \________/_____|D! :
. .
_ ___ _ __________________________________________________________
\_\\\\_______ \ _______________ /_______ \______ /___ \
/ ___ \_____ \/ _/___/_/ ___ \ _/ __/ / \
/ \ \ / \ \ | \ \ \ \ / \
\_________/________/___. |\_________/___\ \_________/
· `-----' · \____/
: zENITH wHQ - rAZOR 1911 cHQ :
¦ ¦
`----( cLOSED eLITE sYSTEM )----'
----------------------------------»» ADDZ ««----------------------------------
____________________________________________
/\ \ °\___\____ °\____ °\ ___\____ °\ AMiGA 3000/25Mhz
\ \ \ ¬\ \ \ \ \ _\_\ ¬\ \ 240 Mb QuANTUM
\ \ \ \ \ \ \ \ \ ¬\ \ \ SNeS/Gb / AMiGA 0 DAyZ!
\ \___\___\___\_______\_______\_______\___\ \1500+ /X UTYLiTY
\/___/___/___/_______/_______/_______/___/\ /ONLiNE SiNCe 1988'
\ \/
NiGHTFALL HQ - SuPPLEX DiST.SiTE \/ CaLL ++39[40]350660
____________________ ___________________
NuP : SNaPPeR /\______°\BeNjO °\ \ \ °\ ___\______°\
\/\ ¬___\ \ \ \_\ \ _\_\ ¬___\
SySoPs: \ \ \__/\ \ \ \¬\ \ ¬\ \ ¬\
\ \___\ \ \_______\________/\______\___\___\
X/\D'n'ThE RiPPER \/___/ \/_______/_______/\/______/___/___/
GreetZ To: RiP,-PaN-,LoVeRMaN,DiABOLiK,FReeDY KrUgEr,ArAgoRn,CaLyPsO
PaCkRaT,BiGFooT,ThE WhItE KnIgHt,ARMiN,L7,GoRDON,ZooL,
Mr.IrQ.....and many other................................
20-Dec-93 <----U/l Date & Time----> 16:45:20