At 22.08.03 01:24, you wrote:
>Greetings,
>
>In my logs, all of the people who sign in using the palace client,
>their logins look like this:
>
>08/20/2003 21:55:12 {ABNGGGG} {ZFBNNFBEOF} SignOn
>67.20.104.179 "350211" "32Bit Windows" "Blinky"
>
>See the "350211"?
>
>There is one person who has been threatening to hack my palace, and
>his logins look like this:
>
>08/20/2003 20:55:51 {FDDBNGG} {ZIOEFCDOH} SignOn 64.91.122.66 "820
>0" "32Bit Windows" "CLØÙÐ §trif£®"
>
>See the "820 0"?
>
>This person's logons are the only ones out of hundreds of them that
>show "820 0" instead of "350211".
>
>Anyone have any idea of what that might mean?
This is hacked Palace client Software. Unfortunately the blockall plugin
does not block these kind of Hacks. As you can see in you 'list command
output, the author changed the version String to "820 0" which is different
from any kind of legal palace client. You can see by this string that
without any doubt it is no original legal Palace client.
But until now, I do not know what version strings Phalanx clients send.
Mit freundlichen Grüßen
Regards
amo
--
pgm amoris - Das interaktive Erlebnis im Internet
_________________________________________________
http://ws.pgm.amoris.org
Having problems with message search?
Fill out this form to ensure your group is one of the first to be migrated to the new message search system.
Offline 
Send Email