<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<META content="MSHTML 6.00.6001.18226" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<DIV><FONT face=Arial size=2>This is the first thing I would
do.</FONT></DIV><FONT face=Arial size=2>
<DIV><BR>Then replace those files back. Then try every way possible to try and
overwrite them.</DIV>
<DIV> </DIV>
<DIV>They must be overwriting then somehow, and remember these people aren't the
kind that would just do it over FTP. They can be quite sneaky, and that involves
hacking round your setup to get what they want.</DIV>
<DIV></FONT> </DIV>
<DIV>Oliver Warburton,<BR>Managing Director<BR>INX-Network LTD</DIV>
<DIV> </DIV>
<DIV>INX-Gaming<BR> | <BR><A
href="http://www.inx-gaming.com">www.inx-gaming.com</A></DIV>
<BLOCKQUOTE
style="PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV style="FONT: 10pt arial">----- Original Message ----- </DIV>
<DIV
style="BACKGROUND: #e4e4e4; FONT: 10pt arial; font-color: black"><B>From:</B>
<A title=einar.cod@norsk-esport.no
href="mailto:einar.cod@norsk-esport.no">Einar S. Idsų</A> </DIV>
<DIV style="FONT: 10pt arial"><B>To:</B> <A title=cod@icculus.org
href="mailto:cod@icculus.org">Call of Duty server admin list.</A> </DIV>
<DIV style="FONT: 10pt arial"><B>Sent:</B> Friday, May 29, 2009 10:24 AM</DIV>
<DIV style="FONT: 10pt arial"><B>Subject:</B> Re: [cod] Beware...</DIV>
<DIV><BR></DIV>Have you checked the binaries of the alleged hacked servers and
compared them with binaries from the non-hacked ones? You could run an md5sum
on the specific file(s) only, or a diff -r --brief /path/to/nonhackedserver
/path/to/hackedserver to look for differences.<BR><BR>Cheers,<BR>Einar<BR><BR>
<DIV class=gmail_quote>On Fri, May 29, 2009 at 11:10 AM, Matt | Pointy BestGN
<SPAN dir=ltr><<A
href="mailto:matt@bestgn.net.au">matt@bestgn.net.au</A>></SPAN> wrote:<BR>
<BLOCKQUOTE class=gmail_quote
style="PADDING-LEFT: 1ex; MARGIN: 0pt 0pt 0pt 0.8ex; BORDER-LEFT: rgb(204,204,204) 1px solid">
<DIV lang=EN-US vlink="purple" link="blue">
<DIV>
<P><SPAN style="FONT-SIZE: 11pt; COLOR: rgb(31,73,125)">No.</SPAN></P>
<P><SPAN style="FONT-SIZE: 11pt; COLOR: rgb(31,73,125)"></SPAN> </P>
<P><SPAN style="FONT-SIZE: 11pt; COLOR: rgb(31,73,125)">Up until a couple of
weeks ago, the only ppl to have access to the cod4 directories were myself
and 1 other person that runs the network with me.<BR><BR>We have never
allowed box access to anyone.</SPAN></P>
<P><SPAN style="FONT-SIZE: 11pt; COLOR: rgb(31,73,125)"></SPAN> </P>
<P><SPAN style="FONT-SIZE: 11pt; COLOR: rgb(31,73,125)"></SPAN> </P>
<P><SPAN style="FONT-SIZE: 11pt; COLOR: rgb(31,73,125)"></SPAN> </P>
<DIV
style="BORDER-RIGHT: medium none; PADDING-RIGHT: 0in; BORDER-TOP: rgb(181,196,223) 1pt solid; PADDING-LEFT: 0in; PADDING-BOTTOM: 0in; BORDER-LEFT: medium none; PADDING-TOP: 3pt; BORDER-BOTTOM: medium none">
<P><B><SPAN style="FONT-SIZE: 10pt">From:</SPAN></B><SPAN
style="FONT-SIZE: 10pt"> Clanwarz [mailto:<A
href="mailto:clanwarz@gmail.com" target=_blank>clanwarz@gmail.com</A>]
<BR><B>Sent:</B> Friday, May 29, 2009 7:02 PM
<DIV>
<DIV></DIV>
<DIV class=h5><BR><B>To:</B> Call of Duty server admin
list.<BR><B>Subject:</B> Re: [cod] Beware...</DIV></DIV></SPAN>
<P></P></DIV>
<DIV>
<DIV></DIV>
<DIV class=h5>
<P> </P>
<P style="MARGIN-BOTTOM: 12pt">Can your clients remove the bin or exe and
replace it?<BR><BR><BR>--jay</P>
<DIV>
<P>On Fri, May 29, 2009 at 3:40 AM, Matt | Pointy BestGN <<A
href="mailto:matt@bestgn.net.au" target=_blank>matt@bestgn.net.au</A>>
wrote:</P>
<P>Hey peeps..<BR><BR>I'm having a problem identifying why some of my COD4
servers are displaying<BR>as 'cracked' servers.<BR>Over the many months of
hosting COD4, both public servers and sponsored clan<BR>servers, I have
always used the same set of installed (updated) files from a<BR>core
install.<BR>At one stage I had 6 public and 3 sponsored servers running - 2
showing as<BR>cracked (allset up and installed from the same core
files)<BR><BR><BR>I uploaded the game files when I purchased the game on
release- so the game<BR>files are 100% legit<BR>If I wanted a new COD4
server up, I add a user (or new dir under the cod4<BR>user), cp the core
files to the user dir, edit the server config and away
we<BR>go...<BR><BR>All my update patches have always been downloaded via
links from this<BR>mailing list and linux bins are always downloaded from
links on FPSAdmin...<BR><BR>Anyone got any ideas why they are showing as
being cracked?<BR><BR><BR><BR>-----Original Message-----<BR>From: MaydaX
[mailto:<A href="mailto:maydaxone@gmail.com"
target=_blank>maydaxone@gmail.com</A>]<BR>Sent: Friday, May 29, 2009 8:46
AM<BR>To: Call of Duty server admin list.<BR>Subject: Re: [cod]
Beware...<BR><BR>MD5 checks would do the trick. Also you can check the value
of<BR>authservername to be sure it's correct as an added check.<BR><BR>The
main issue is legit players are populating cracked servers. The
client<BR>could check the master server to see if the server they are
connecting to is<BR>listed. If it's not then kick them with an error like
cod waw does. Ofc it<BR>would have to check if the server is running in LAN
etc.<BR><BR>Before PBBans redirected <A
href="http://cod4master.activhsion.com"
target=_blank>cod4master.activhsion.com</A> to the real master server<BR>we
logged all IP's that connected to us. So far we have logged<BR>783 server
ip's (Which I attached). PunkBuster has the ability to ban a<BR>server ip
but I don't hear much on them anymore. From what I understand<BR>Activision
has to send the IP's to EB for banning.<BR><BR>Any player can check the
authservername value by using "/pb_cvarval<BR>authservername" in the
console.<BR><BR>MaydaX<BR>Developer<BR><A href="http://www.pbbans.com"
target=_blank>http://www.pbbans.com</A><BR><BR>Joker{eXtreme+} wrote:
<file:///F:/Users/Seven/Desktop/cracked_list.zip><BR>> Mods are
given freely, not paid for, so if the md5 doesn't check out,<BR>> the mod
will crash, not the server or game. Just means you can't run<BR>>
the mod without legit copy of the game ;)<BR>><BR>> That should skip
all the newer laws just fine, but I will double check<BR>> with an
attorney no problems (got a few in the family)<BR>><BR>>
~Joker<BR>> eXtreme+ mod<BR>> <A href="http://www.mycallofduty.com"
target=_blank>http://www.mycallofduty.com</A><BR><BR><BR>No virus found in
this incoming message.<BR>Checked by AVG - <A href="http://www.avg.com"
target=_blank>www.avg.com</A><BR>Version: 8.5.339 / Virus Database:
270.12.44/2140 - Release Date:
05/28/09<BR>18:09:00<BR><BR>_______________________________________________<BR>cod
mailing list<BR><A href="mailto:cod@icculus.org"
target=_blank>cod@icculus.org</A><BR><A
href="http://icculus.org/mailman/listinfo/cod"
target=_blank>http://icculus.org/mailman/listinfo/cod</A></P></DIV>
<P> </P>
<P><SPAN style="FONT-SIZE: 10pt">No virus found in this incoming
message.<BR>Checked by AVG - <A href="http://www.avg.com"
target=_blank>www.avg.com</A><BR>Version: 8.5.339 / Virus Database:
270.12.44/2140 - Release Date: 05/28/09
18:09:00</SPAN></P></DIV></DIV></DIV></DIV><BR>_______________________________________________<BR>cod
mailing list<BR><A href="mailto:cod@icculus.org">cod@icculus.org</A><BR><A
href="http://icculus.org/mailman/listinfo/cod"
target=_blank>http://icculus.org/mailman/listinfo/cod</A><BR><BR></BLOCKQUOTE></DIV><BR>
<P>
<HR>
<P></P>_______________________________________________<BR>cod mailing
list<BR>cod@icculus.org<BR>http://icculus.org/mailman/listinfo/cod<BR><BR><BR><BR>__________
Information from ESET Smart Security, version of virus signature database 3877
(20090222) __________<BR><BR>The message was checked by ESET Smart
Security.<BR><BR>http://www.eset.com<BR><BR></BLOCKQUOTE></BODY></HTML>