TeamSpeak Security Breach

Gator

TAC Moderator
Joined
Mar 8, 2003
Location
Atlanta, GA
An unknown user came into the server and spoofed the "Server Admin" where he/she sent out messages telling users that the server had moved, and for them to go to IP "89.40.104.163". I tried that IP and it goes to some weird Euro server. I submitted a support ticket to see about getting things locked down a little better to prevent this from happening again in the future.

For information, we have no plans now or in the future to move to a different server/provider.
 

Gator

TAC Moderator
Joined
Mar 8, 2003
Location
Atlanta, GA
They told me to change the master password and password protect the server.

For now, I have removed the TeamSpeak status for guests to view, so users must log in to see it.
I will be changing the master password soon, but it will not affect anyone else but me.
If this becomes a recurring issue, and as a last resort, I would password protect the server
 

RogueSteward

TAC Member
Joined
Dec 18, 2006
Location
GJ Colorado
"89.40.104.163"
That is a Bucharest, Romanian IP. I did not find any active malicious entries per HSIN. They are running a PureFTP server on that IP.

Larry, do you happen to have the IP address of the user that came in?
 
Top Bottom