Store Page
Sons Of The Forest
All Discussions Screenshots Artwork Broadcasts Videos News Guides Reviews

Sons Of The Forest

Store Page
View Stats:
Global Achievements
Betta7776 Mar 1, 2023 @ 6:52pm
Exploit allowing hacked access to friends only servers
Heads up:

People are able to somehow access and join servers that are not public.
Even if it's friends only, they appear as a copy of one of your friends accounts.
These players are able to blast audio, and make images appear on your screen.
The one we had come in blasted inappropriate wording, and advertised a "Rape" discord channel. (You just got red rocked or something?)
When we left they were flying around our server still blasting music.

They had the exact same name and permissions as the user they logged in as. So we were not able to kick them as they were listed as a "Trusted" member

Please let me know if there is anywhere else I should send this or how best to notify the devs of the issue, as I have up to now not seen anyone else discussing it.

Proof:
1:04:28 a second version of player joins the server
1:06:04 we realize there was a fifth player (second version of player)
1:13:00 you'll see the B in the background (second version of player) and then the soundboard begins. This gets worse and worse until we have to end stream due to the inappropriate nature of the sounds.

https://www.twitch.tv/videos/1753036369
Last edited by Betta7776; Mar 1, 2023 @ 6:55pm
< >
Showing 16-25 of 25 comments
Betta7776 Mar 5, 2023 @ 8:02pm 
Originally posted by A s c i i:
Someone mic spamming isn't really an issue. There was a mod in the first game that made it so your name was invisible, and you could chat using someone elses name. It sounds like that has made a return.

As for the claim of a script kid making images show up on someones screen I don't buy it. Without video proof I'd assume they probably just leaned into the drama from the situation for a laugh.
Are you saying I added the image part myself to get people more interested in this thread? That would be kinda dumb if I'm trying to help a community, it's not like there is any reason to lie on a steam forum, there isn't really anything I hope to gain at least. BUT with that being said you are right, we switched the stream off before the image appeared, so unless someone else comments on here with proof I guess I cannot prove it myself.

I would just like to say for any dev or other concerned user reading this that I am not over-hyping the situation, and did have an image appear on my screen containing a discord link and inappropriate text as I described above.
#16
Betta7776 Mar 5, 2023 @ 8:08pm 
Originally posted by alovelyhart:
Dude,
This happened to us. I have posted a link to my twitch account.

https://www.twitch.tv/videos/1754006094

Not exactly the same thing, but to the same extent of what happened to you.
Yea this definitely looks to be the same kinda thing. I didn't have any of the young voice stuff but the sound that starts at 11:10 is the exact same as the one we heard (redshield5 followed by dub-step)

So with that being said this is definitely a group or individual targeting random servers. What did you have your server name set as out of curiosity? Ours was set to the twitch channel of the server host which I assume is why we were targeted.
#17
Betta7776 Mar 5, 2023 @ 8:10pm 
Originally posted by HaywardGG:
Originally posted by KingGorillaKong:
My guess is the guy's one friend had his info hacked considering the intruding player masked as them.

How did they get the offending images to show up on the clients game?
That's the most puzzling part of this claim.

Those images would need to already be in the game assets somewhere, or there's a very serious security exploit that allows a user to A) upload files to another clients pc and B) execute remote code to display that image/file.
Would the images have to be fully client side? or could they have been added to only the hosts machine? I wonder if there is a way to see everything downloaded to my computer at that level of granularity (I doubt it but would be willing to try if anyone had any methods)
#18
Betta7776 Mar 5, 2023 @ 8:16pm 
Originally posted by KingGorillaKong:
My guess is the guy's one friend had his info hacked considering the intruding player masked as them.

Just another note: I have 2FA on my Steam and Discord accounts, and do not mod games much (Have not downloaded any mods for SOTF or the Forest, rarely download mods for other games and never ones found outside of the steam workshop). I ran a full scan on my computer after this happened as it was my account that got duped, but that found nothing.

Also with the way steam accounts work wouldn't I get notified that another computer is using my account to start a game? You cannot play an online game from two different computers at the same time using the same steam account, at least I have never seen a way to do so. In all cases that this could happen if my account info was stolen I would get notified/kicked once the other computer started any game in my library would I not?
#19
Bullied by Pigeon Mar 5, 2023 @ 8:36pm 
You need fo raise this issue everywhere possible i dont think devs even check forums,
#20
Betta7776 Mar 5, 2023 @ 9:02pm 
Originally posted by Baby Feng Min:
You need fo raise this issue everywhere possible i dont think devs even check forums,
I have posted this in the wiki discord, as well as the subredit discord. The subredit discord directed me here as they said it had a "higher chance of being seen" here. Are there any other places I should post this to get better visibility? I am open to suggestions
#21
kgkong Mar 6, 2023 @ 7:12am 
Originally posted by Betta7776:
Originally posted by Baby Feng Min:
You need fo raise this issue everywhere possible i dont think devs even check forums,
I have posted this in the wiki discord, as well as the subredit discord. The subredit discord directed me here as they said it had a "higher chance of being seen" here. Are there any other places I should post this to get better visibility? I am open to suggestions
Have you posted this on the multiplayer bug report thread on the steam forums? The devs check there for info.
#22
kgkong Mar 6, 2023 @ 7:14am 
Originally posted by Betta7776:
Originally posted by KingGorillaKong:
My guess is the guy's one friend had his info hacked considering the intruding player masked as them.

Just another note: I have 2FA on my Steam and Discord accounts, and do not mod games much (Have not downloaded any mods for SOTF or the Forest, rarely download mods for other games and never ones found outside of the steam workshop). I ran a full scan on my computer after this happened as it was my account that got duped, but that found nothing.

Also with the way steam accounts work wouldn't I get notified that another computer is using my account to start a game? You cannot play an online game from two different computers at the same time using the same steam account, at least I have never seen a way to do so. In all cases that this could happen if my account info was stolen I would get notified/kicked once the other computer started any game in my library would I not?
2FA and Steam security ins't as high tech and secure as people think. All that stuff does is add extra layers for an intrusion to have to go through before it's succeeded. All it takes is one one person to be exposed, vulnerable and infiltrated then a hacker can get access to a lot of information off the peer to peer connection that was established between you and your friends.

Considering the hacker showed up with your name in-game, you're the one most likely to have been exposed to an intrusion. Re-secure all your accounts and change passwords.
#23
Betta7776 Mar 6, 2023 @ 11:18am 
Originally posted by KingGorillaKong:
Originally posted by Betta7776:

Just another note: I have 2FA on my Steam and Discord accounts, and do not mod games much (Have not downloaded any mods for SOTF or the Forest, rarely download mods for other games and never ones found outside of the steam workshop). I ran a full scan on my computer after this happened as it was my account that got duped, but that found nothing.

Also with the way steam accounts work wouldn't I get notified that another computer is using my account to start a game? You cannot play an online game from two different computers at the same time using the same steam account, at least I have never seen a way to do so. In all cases that this could happen if my account info was stolen I would get notified/kicked once the other computer started any game in my library would I not?
2FA and Steam security ins't as high tech and secure as people think. All that stuff does is add extra layers for an intrusion to have to go through before it's succeeded. All it takes is one one person to be exposed, vulnerable and infiltrated then a hacker can get access to a lot of information off the peer to peer connection that was established between you and your friends.

Considering the hacker showed up with your name in-game, you're the one most likely to have been exposed to an intrusion. Re-secure all your accounts and change passwords.
Done and done! Do you know how they would have gotten around the notification issue? That's the one piece I can't understand yet, as even if someone else has your info they can't usually open anything, especially online, without you being notified
#24
kgkong Mar 6, 2023 @ 11:37am 
Website phishing, keyloggers, are usually how folks get the info they need to start some of their hacks. Then using usually something that metaphorically works like a VPN, they're able to connect into a network or a server masked as another PC, user and all that so it's indistinguishable from the original user.

Best is, just don't join so many Discord servers, keep your accounts secured, be careful of what websites you browse, and download files ONLY from verified websites and developers.

Realistically a user should not need anything more than Windows Defender and any major chromium based web browser. There's more than enough safety precautions baked into these two things that as long as you don't disable them and they're kept up to date, you're safe 99.999% of the harmful side of the internet.

And always setup a new wifi SSID name and pick a new password that is not easy to remember but you have stored safely somewhere (not on a phone or computer) so nobody can easily leech onto your home network and gain access to your systems that way.
Last edited by kgkong; Mar 6, 2023 @ 11:38am
#25
< >
Showing 16-25 of 25 comments
Per page: 1530 50

Sons Of The Forest > General Discussions > Topic Details
Date Posted: Mar 1, 2023 @ 6:52pm
Posts: 25

Discussions Rules and Guidelines