TeamSpeak 3 Avatar Crash Client [3.0.0 - 3.0.17]

Status
Not open for further replies.

Asphyxia.Cell

Member
Aug 13, 2015
25
28
45
The issue is because I need to add a sub-domain value --- I was just going to sleep, fuck. I'll fix it now. Don't complain about the changes we go with, if you don't appreciate the forum then don't use it. Make your own?

Edit: Any changes that I make to this community, I completely stand behind with these core values in mind: security, betterment, accessibility, practicality. If you want a forum that is perfect and never sees any core changes, go ahead and launch it. Websites change, systems get updated and that is life. No need to waste time complaining and crying about things you are not going to change. I get tired of people complaining when I put in time, money (out of my own pocket and thankfully the generous VIP supporters too) to improve the website --- then being told it is not good enough because it requires an embedded chat or that the changes are not perfect. I just installed an additional security system, sure it wasn't 100% for the first couple hours. It should be good now.

There are core issues being tackled within this community, which one was Layer 7 attacks (those should be handled now), next up is getting an SMTP relay server up which does not expose the origin server IP for obvious reasons. Security and functionality come first, sure when we undergo a system change you might see a glitch --- report it, it will be fixed.
 
Last edited by a moderator:
U

User_418

The issue is because I need to add a sub-domain value --- I was just going to sleep, fuck. I'll fix it now. Don't complain about the changes we go with, if you don't appreciate the forum then don't use it. Make your own?
I just pointed on error, what's bad in that? I don't complain, I'm trying to help.
 

Asphyxia

Owner
Administrator
Apr 25, 2015
1,844
2
2,197
327
It was not directed at you Kirill, thank you for pointing out the issue --- I am thankful for that. :)
In reply to your earlier post, I made the first version of the avatar crash PoC change the user's nickname. This one simply automatically sends a channel message when you join a channel which links to our website.
 
U

User_418

It was not directed at you Kirill, thank you for pointing out the issue --- I am thankful for that. :)
In reply to your earlier post, I made the first version of the avatar crash PoC change the user's nickname. This one simply automatically sends a channel message when you join a channel which links to our website.
Oh, no problem then :)
That message seems to be invisible or something similar, as I haven't noticed it when I was testing it.
 

Asphyxia

Owner
Administrator
Apr 25, 2015
1,844
2
2,197
327
If you got the VIP version, it does not do that. If you have this free version (enabled), look at the channel chat as you switch channels. :p
 

Bluscream

Retired Staff
Contributor
May 8, 2015
967
934
211
I was not complaining. Im just confused of all the changes that our board went through made many posts/links teamspeak unusable.

For example
  • Forum was moved to Xenforo
  • Domain changed from r4p3.net/forum to forum.r4p3.net
  • Forum switched from Incapsula to Cloudflare
  • Forum was announced dead
  • Forum was back alive
  • Domain changed from forum.r4p3.net to r4p3.net
  • Forum switched from Cloudflare to another anti-ddos protection

Also its ABSOLUTELY impossible to say which one is the real r4p3 teamspeak right now. (i have FOUR different r4p3.net teamspeak bookmarks)
 

Asphyxia

Owner
Administrator
Apr 25, 2015
1,844
2
2,197
327
Yeah, we're not quite Jesus here. If you are unhappy with our adaptability and our drive to try newer and better hosting solutions, feel free to start your own forum Bluscream. We will link to it. Thread derailed, locking.
 

Asphyxia

Owner
Administrator
Apr 25, 2015
1,844
2
2,197
327
I am coming back to this thread after having taken some time to think about what Bluscream posted. I did not want explain the changes under such emotional stress and being sleep deprived for obvious reasons. I will cover the concerns in order --- matching his list above.
  • The forum was not simply moved to XenForo, the entire system was upgraded from a freeware open-source software (SMF) to a commercial software (XenForo) for obvious security concerns and this system runs smoother. Simply moving over the SMF forum database was not an option, the database conversion was not optimal.
  • The domain change was part of keeping the SMF (archive) forum online and SEPARATE (organization) while launching XenForo on the sub-domain (forum.r4p3.net). It should be noted that "r4p3.net/forum" is not a domain. This was to keep our SEO well with Google, instead of suddenly having loads of 404 error pages from the crawler bots without any new content to be crawled.
  • We have chosen to switch our forum from Incapsula to CloudFlare to take advantage of the free CloudFlare SSL/TLS. This is how we are able to offer secured connections to our website. I think CloudFlare and Incapsula are definitely competitive. I like both of these CDN services, but for right now CloudFlare just makes sense. In order to use SSL with Incapsula (HTTPS), one must pay $59.00 monthly for their certificate and $299 monthly for a custom certificate. CloudFlare offers FULL SSL for free, read here: https://www.cloudflare.com/ssl and again, this was a security improvement action while balancing practical budget, anyone want to pay $299 monthly for me of the other bills? Throw some in the bucket or just simply enjoy the website.
  • The forum was announced dead because I suffer from depression and I was unhappy with the inactivity on the forum for a prolonged period. The statistics in the forum were not lying, the forum was on its way down --- into the ground. It was after I was staring into the graph, watching our community on a steep decline that I decided why not just end it? What difference would it make, I figured --- much like someone contemplating suicide and just pulling the trigger, I abruptly decided to pull the plug on the community and I am sorry that I did that for the time that I did. Thankfully the small number of people that actually were coming to the forum, browsing and posting sometimes was (is) a very strong bunch of people, individuals passionate about security, programming and overall development in general. Many people even began offering to host the community for free and Supervisor did (thanks Supervisor, I love you man). This was a long one, I know --- in summary: the forum was dying, we were being attacked and had legal threats coming in that were attempting to silence our security research efforts on the TeamSpeak project. I decided to just give up, so I did. Will I do that again? Well --- I will not shutdown the forum again willingly, but one day I might kill myself... we will see.
  • The forum relaunched after I seen an outpouring of support on behalf of the stray community members that landed on Supervisor's forum. The YouTube comments were nice to read too. In a way, I think this has proven of R4P3 to be resilient. Even in times of depression, where we have entirely crashed down --- we have built back up. This is a natural form of security, resilience --- humans are resilient creatures I do believe, we are a pack type of animal and even when we all get separated, we will reunite to stand strong --- together.
  • The use of the domain (r4p3.net) rather than the sub-domain (forum.r4p3.net) has to do with standards. It is a principal to keep things clean --- to make it look nice. Do we have a landing page? No, the community needs no introduction. Glancing at the front page of our forum should shed some light on what R4P3 is. With no landing page and no plans for having a landing page, considering that R4P3 consists of a forum with a VoIP server --- why not just make everything R4P3.NET --- that is us. We are not FORUM.R4P3.NET --- we are R4P3.NET and there is no further explanation required. All links should automatically forward from the sub-domain, from an accessibility standpoint all should be in working order now.
  • We are still using CloudFlare, we have simply applied an additional layer of protection. Sucuri provides a protective WAF (Web Application Firewall) and greater DDoS protection than CloudFlare alone. In sight of recent attacks, it only makes sense to have our website accessible via CDN services with DDoS protection and premium firewalls between the client and our server. If you can come up with a responsible and sound decision to remove layers of security, then I will stop changing things around here. Until then, you might see a few more changes from time to time.
The "real" R4P3 TeamSpeak 3 server will always be found under "Links" in the menu at the top of every page. Our reasoning for switching to various TeamSpeak 3 servers is simple. The TeamSpeak 3 server had a DoS vulnerability, without customized firewall settings to safeguard the TeamSpeak 3 service, any server below version 3.0.11.4 is at a disadvantage to a DoS UDP flood attack. For practical pricing to avoid spending $80+ monthly on an advanced DDoS protected VPS server, we have chosen to rent a server with a reputable hosting service. In my time being hosted with https://www.verygames.net/en/ I have not been let down --- when the server goes offline that is really the fault of TeamSpeak 3 developers as the server suffers from a UDP DoS weakness. While we were under attack, I communicated with a server technician --- he ran custom shell commands to extract a TCPDUMP. This is when I realized that the attack did not seem to be very heavy, it was just obviously exploiting a DoS in the TeamSpeak 3 server. While the server is not updated to the latest version right now, I suspect that if requested to do so --- they would. We have experimented with hosting our own server in the past with various VPS providers. The reality is that decent (commercial/professional) DDoS protected VPS hosting companies charge at least $50+ monthly. I am not paying $50 or more monthly for TeamSpeak 3 hosting. It is not practical from a financial standpoint for the sustainability of R4P3. If you have a better idea as to how we should handle TeamSpeak 3 hosting, feel free to chime in via a private message.

I do not feel like there is more needed to be publicly addressed in regards to this matter, so this thread will remain locked.
 
Last edited:
Status
Not open for further replies.
Top