----------------------------------»» ADDZ ««---------------------------------- ... aNOTHER oNE cOMING fROM tHE fASTEST aROUND ... -( zENITH wHQ (aMIGA) - rAZOR 1911 cHQ (pC) )- /\______:_ _:___________ __________ / | _______ | /________/ _____/ _/ | |/ \| \ / _____\_____ \ \______ | | \\ \/ ___/___| | \\ | || \_ \\_ / | \ _|__________| _|______/_______/_________l__________/ : /_______| : /\_____ __ ________:_/ _____ <- Z E N ! T H - W H Q -> / |/ ___/ tHE mASTERS aRE! // | | | ! 7 nODES rINGDOWN ! _/ | || rOTOR, pOLARIS, rAIDER \___________| | ! oN iNVITATION oNLY ! /_________|_ vFAST, mARK & gRIMLOCK : __________ /\______: ______________ _______ / _____/ / | ______\_________ \____________ / \ \_____ \_/ | |/ \_______/ /________ \ / | \\| | \\______ | | \\ \ _/_ _____/ // / \_ \ || \_ \ \ |/ / / / _|______/_________/_________| _|______/___|\\ | /____/ <-/_______|-----------------------/_______|------------\____|____\rtx!/aRt-> : : : aMIGA 4ooo/o4o - 2 gIGA - aLL nODES aRE 16.8 dS hST - aMIGA & pC wAREZ cRACKERS / tRAINERMAKERS cONFERENCE wITH tHE bEST dUDES aROUND! aLL zENITH rELEASES aRE aLWAYS fREE dOWNLOADS ----------------------------------»» ADDZ ««---------------------------------- __________________________________________________________________________ A Guide to Protecting Your Ami-Express (/X) HOST BBS Enviroment from Hacking ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯ Written & Researched By 2-Cool/LSd! (An Unoffical LSd Release.) Revision : $1.00 Release : $1.00 Date : Dec`93 ___________________________________________________________________________ ABOUT THIS DOCUMENT ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯ Purpose ¯¯¯¯¯¯¯ In recent times the security of BBS`s and stories of them being hacked or infiltrated are becoming increasingly more common. Attempts to forbid illegal access to boards running Ami-Express BBS is the theme of this article. This text explains the techniques that some people have been using to infiltrate the system security and steal confidential "user.data" and other restricted files. While explaining these techniques the methods to safeguard against them are described. Product ¯¯¯¯¯¯¯ The information contained within this document is specifically aimed for use with "Ami-Express BBS" software which was written and developed by LightSpeed Technologies Inc. Intended Readers ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯ It is assumed that the reader is already familar with the way Ami-Express bulletin board system operates and jargon like "doors" and so on which is used. This text will be of particular use to sysops and co-sysops wishing to add some much needed extra security. Why they do it ¯¯¯¯¯¯¯¯¯¯¯¯¯¯ These ~pseudo-hackers~ have been trying to download or change the "user.data" user-settings in order to get 255 access level accounts or damage the bbs software itself. With 255 access level accounts they have many sysop level commands available at their disposal. Account editing, file deletion, unlimited time, ratio`s, credits etc. On Some systems they have the ability to open a remote shell. This opens up the possiblities of destroying the entire contents of the bbs`s hard-drives. Perhaps they have a vendetta against you or are a rival service. Some of the really malicious types have been 'low-level formatting' systems for "FUN" through some very sneaky methods. Doing this causes much disruption and often many megabytes of uploads and messages are lost in the process. Their methods and techneques are revealed below... Ami-Express, The "BBS:Express" Program ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯ The methods these people are using varey depend upon the version of Ami-Express your BBS is running under. Eariler versions of /X2.xx had some problems with the MCI text command language. This caused problems because potentially dangerous doors could be activated via the message base (the likes of a remote-shell, account editing and so on). These problems have since been rectified with the latest OFFICIAL versions so make sure you are running a version with a safe MCI enviroment. If you are using the latest OFFICIAL REGISTERED version 3.20 or above of Express directly from LightSpeed Technologies then your actual bbs program will be safe and free from possible hacking infiltration. If you are running a pirated copy of express then one can never be completely sure over the origin of it. It could well have had backdoors written into it. Do not fall into the trap of assuming its safe simply because you know it is the same size as the official version. Remember many of these rogue backdoors can be written into less than 1k of code! Now if they really want to be cunning they could add a backdoor into express, lightly compress the file and then append another hunk onto it to make it back upto the original size. This would therefore make the "Official" and the "Fake" versions identical in length! Do not use any hacked around copies of Ami-Express like the ones which have been floating around as of late. They are ofcourse illegal and far too risky! Unofficial Rogue Versions of Ami-Express bbs software are very easy to make since the Lattice-C 'source-code' to AmiX v2.34, v3.0 beta was not so long ago released directly into the public domain. This has presented problems in that it is now very very difficult to tell a fake from a real one. It is therefore advisible that if you want to be 100% sure your not running a fake REGISTER to Ami-Express or use some other PD BBS package where you can get the files directly from the authors. This is the first step in make sure that your bbs itself does not contain any backdoors. Registering to express will guarentee that your system "BBS:Express" is not directly the cause of the breach of security. Ami-Express, External DOORS ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯ Doors have in the past been one of the most used methods of infiltrating bbs security. The rogue doors are very very difficult to tell from the legitimate ones. The most safe doors to install are ones which are supplied with the 'source-code' in the archive. With these you can rebuild them yourself with the appropriate compiler or assemblers. If possible get a programmer to look over and re-compile the code before you install it. If the door is a rexx-door then insist on having the 'arexx-script'. Be particually wary if it is arexx-complied code without the arexx-script being supplied. If you wish to compile the arexx then do it yourself. Be vary careful with pre-compiled arexx doors! Many of the authors of Ami-Express external doors do not distribute the source-code to their creations with the doors themselves. Usually this is so that fake versions cannot be so easily created or their doors code stolen. This can be a problem if you are trying to determine whether the door is safe. Try to contact the authors and get the doors directly from them. Also If possible once again get a knowlegeble programmer to go through the door in detail checking for possible backdoors. A program called "Resource" is particually effective at checking a doors integrity. This can be quite time consuming but so can re-installing your whole bbs after its been formatted! Ami-Express, External Programs ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯ External programs in the form of uploads from a bbs`s user base are often forgotten about as a direct means of security infiltration. When a user on your system uploads a piece of software they could be sending you a potential backdoor, bbs-virus or auto-fast formattter. It is therefore VITAL that you take measures to ensure that your are not the target of a BBS-VIRUS! BBS-Viruses/seekers can come in all types of software from utilities to games. Remember its not just Ami-Express doors you have got to be warey of. Its EVERYTHING, Intros, Demos, Games, Utilities, you name it! A sneaky method of setting up fake accounts or destruction of all your software can come from any of these sources if you test uploads on your host bbs machine! Hidden deep in the core of tightly packed assembly language demo`s or utilities can be code to search for the "DH0:" path or even "BBS:" or any other assignments that you may have for that matter. One such rogue demo I have heard about searched for the "BBS:user.data" file. Once it found this file, it added another dummy 255 account to it and copied the "bbs:user.data" into the "New Users" conferences renamed as ".info" ready for downloading by any new user. It also changed the BBS`s configuration so that no New user password was required to setup a new account! Hows that for a SECURITY BREACH!! All without the sysop knowing anything had ever occured. This can happen simply because you test a piece of software to see if it is a fake with the hard-drives and BBS disabled. The very safest ways to ensure that this does not happen to your system is to either test software on another machine (best method), get co-sysops to test the files for you (2nd best method) or unarchive the software to disk and disable your hard-drives with the boot-options. Using these methods there should be no possibility of software infiltration. Also take particular caution when reviewing new *UPDATES* of software... you never know it could cause you no end of greif if your not careful! Remember to BACK-UP your complete BBS and the 'user.data' regularly. And by backing up I mean to a device NOT connected to the HOST BBS machine. eg; disks, tapes, etc. A Video backup system is particually useful for this purpose as a fully backup of a bbs can consume considerable amounts of disks! Ami-Express, Configuration Safeguards ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯ When you configurate your BBS make sure that you have disabled the users option to EDIT THEIR NAME. This option is 'ACS.EDIT_USERNAME'. If you leave users with this ability 'tricks' can be played on your system which could cause you and other users to think the system security has been breached. For instance the sysops username could be "Bytemaster". Now if a user changes his username to "Bytemaster " (<- notice the space) the user could send mail to other users and they would think it was sent by the sysop! Allowing this to occurer could cause many a potential headache! Also this name changing could be used on multinode boards with chat facilities to pretend to be another user - again problems can occur! Ami-Express, Additional Safeguards ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯ The methods described below are only for the very last resort and remember they are only a method to stop the downloading or changing of your 'bbs:user.data'. These ideas are only useful once you security HAS already been breached! Even with these methods your hard-drives can still be formatted. It only makes the downloading of restricted files like your user.data more difficult. Note that the methods already described should eliminate the need to use the techiniques below. This information here is just given for completeness. If you want to use these methods below then I advise that you get help from a knowlegeble programmer. He/she should be able to supply you with a hex editor and the information to make the neccesary changes. Also make sure that you are not violating your Ami-Express licencing agreement by modifying the Ami-Express object code - I`m unusure if this is part of your agreement! The extra safeguard that can be added to improve your systems security is to modify the "BBS:Express" program code itself. Search for the string "%suser.data" with a binary file HEX editor. Once located you can edit this string to something completely different, more unotraceble and obscure ,ie; "s:virusz.pref". The "%s" is usually replaced with "BBS:" but if you remove it completly you are free to put in a different path to load from like "S:" Also changing the path assignments of "BBS:" to something more obscure can be benificial. Changing the names of ACP, EXPRESS, (don`t forget if you do this you need to change the ICON tooltype names and the ACP as well!!) End. ___________________________________________________________________________ |>-<>-><-<·>-<>-><-<·>-<>-><-=-<>-><-<·>-<>-><-<·>-<>-><>-><-<·>-<>-><>-><| |<|¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯|<| |·| Îf ¥øµ ÂRÊ CøøL, ¥øµ'RÊ ÂLRÊÂÐ¥ HÊRÊ! ØR ¥øµ KNøW SøMÊøNÊ WHø ÎS! |>| |·| |>| |·| /\__|\__ _|\_ ___/\_ /\_|\___|\_ ___/\___/\___/\______/\/\_ _ |>| |||°¬/ \ (/ \ Y _/ /¤/ /| \ V _/ __/ __/ ______ \ V \¯¬°||| |<|::\ .\_/. /. | |. /:/. /:|. ° /. | |. /\/. /\/. _/:|. ° / | .\::|·| |>|:/V \\|| \ \| | /¯¯\ /¯¯\| ° \| | / \ / \ \/\|| \ \__ //::|<| |/|:\ __/| _|\_/___ |__ /__ / ___/___ |__ /__ / ___/| _|\_/ ___/Mat|>| |·|°¬\/°¤*|/¬¯¬°¤*¤°\|¬°\/¤°¬\/|/*¤°¬¯¬°\|¤°\/¬°¤\/\/¯¬°¤|/°¬¯¬\/*¤°¬¯¬°||| ||| |·| |||+×+-+×+-[] [Ø] by MEMbER ReFErral - ONLY! - [Ø] []-+×+-+×+|·| |||+×+-+×+-[] 3* µSR HST 16.8øø DS RÎÑGÐøWN - 2* µSR HST 14.4ø[]-+×+-+×+|·| ||| |·| ||| L·S·Ð WØRLÐ HÊÂÐQµÂRTÊRS __________________ L·S·Ð WØRLÐ HÊÂÐQµÂRTÊRS|·| |<|_________________________/-><-<·>-<>-><>-><-\________________________|<| |>-<>-><-<·>-<>-><-<·>-<>->< "ThE BrOtHeRhOoD!" >-<>-><-<·>-<>-><-<·>-<>kø| ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯\-><>-><-<·>-<>-><>/¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯ ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯ ----------------------------------»» ADDZ ««---------------------------------- .-------------------------------. | aNOTHER fILE cOMING fROM | ¦ ¦ : oNE oF tHE fASTEST aROUND: : _ _ ____ _ ____________________________________________________ __ ___ _ _ \_\\\\_______ /______ \ __ /___ / _________//_/// / _/___/_/ ___ \ \ / \ /_____ \ \ \ | \ \ \__/ / / / \ \___. |\________/_____\\_________/__________/ `-----' · _ _ ___ __ _________________________ : \\\_\\_______ \_____ / ¦ · / / \ /______/ | : \ / / ____/ ¦ : \________/_____|D! : . . _ ___ _ __________________________________________________________ \_\\\\_______ \ _______________ /_______ \______ /___ \ / ___ \_____ \/ _/___/_/ ___ \ _/ __/ / \ / \ \ / \ \ | \ \ \ \ / \ \_________/________/___. |\_________/___\ \_________/ · `-----' · \____/ : zENITH wHQ - rAZOR 1911 cHQ : ¦ ¦ `----( cLOSED eLITE sYSTEM )----' ----------------------------------»» ADDZ ««---------------------------------- ____________________________________________ /\ \ °\___\____ °\____ °\ ___\____ °\ AMiGA 3000/25Mhz \ \ \ ¬\ \ \ \ \ _\_\ ¬\ \ 240 Mb QuANTUM \ \ \ \ \ \ \ \ \ ¬\ \ \ SNeS/Gb / AMiGA 0 DAyZ! \ \___\___\___\_______\_______\_______\___\ \1500+ /X UTYLiTY \/___/___/___/_______/_______/_______/___/\ /ONLiNE SiNCe 1988' \ \/ NiGHTFALL HQ - SuPPLEX DiST.SiTE \/ CaLL ++39[40]350660 ____________________ ___________________ NuP : SNaPPeR /\______°\BeNjO °\ \ \ °\ ___\______°\ \/\ ¬___\ \ \ \_\ \ _\_\ ¬___\ SySoPs: \ \ \__/\ \ \ \¬\ \ ¬\ \ ¬\ \ \___\ \ \_______\________/\______\___\___\ X/\D'n'ThE RiPPER \/___/ \/_______/_______/\/______/___/___/ GreetZ To: RiP,-PaN-,LoVeRMaN,DiABOLiK,FReeDY KrUgEr,ArAgoRn,CaLyPsO PaCkRaT,BiGFooT,ThE WhItE KnIgHt,ARMiN,L7,GoRDON,ZooL, Mr.IrQ.....and many other................................ 20-Dec-93 <----U/l Date & Time----> 16:45:20