ATTENTION: You might want to ban these two server adminright hackers from your server
 

Hello,

here i pin two steam IDs of two people who came to my server and hacked the admin rights. I was there but i just watched them to see what they do. They gave themselves noclip, godmode, etc. and ruined the game for others of course. But as they started to ban people from the other team i made an end to their pathethic fun and banned them.

the main server hacker:
obviously his little sidekick server hacker:
You better keep them away from your server !!

Re: ATTENTION: You might want to ban these two server adminright hackers from your se
 

eh?

Re: ATTENTION: You might want to ban these two server adminright hackers from your se
 

i dont think its possible to "hack" amxmodx...i would just say they are one of the kids from your server provider company..some server providers tend to add admins to every server...check your admin config files and see if their steam ids are there or not.

Re: ATTENTION: You might want to ban these two server adminright hackers from your se
 

ey roach (or any mod here) its very urgent!

the UAIO that you say is secure is not secure at all!

Ist has a backdoor! (Yes, still!)

I even checked my uaio_admin.amxx via your scan of your website and it said it was ok.

Re: ATTENTION: You might want to ban these two server adminright hackers from your se
 

PM me a link to download it.

Re: ATTENTION: You might want to ban these two server adminright hackers from your se
 

i have a longer copy from the chat of the two. I was angry but good that i did not kick or ban them. Now i learned something!

ps:

my uaio_admin.amxx is giving an error since they abused it.

Look how my uaio_admins.ini looks like now!:

Code:

---

;------------------------------------------------------------------------------------------
;  uaio_admins.ini                    Version 1.50                      Date: DEC/20/2005
;
;  RS UAIO (Ultimate All-In-One) Admin Menu
;  File: UAIO Admins File
;
;  Created By:    Rob Secord, B.Sc.
;  Alias: xeroblood (aka; Achilles; sufferer)
;  Email: [email protected]
;
;  Updated By:    Dan Weeks
;  Alias: $uicid3
;  Email: [email protected]
;
;------------------------------------------------------------------------------------------

;---------------------------------------------------------------------------------------
;      SteamID      Group(s)
;---------------------------------------------------------------------------------------

;---------------------------------------------------------------------------------------
; Default Access (For non-admin players) -- Only Change Groups (If Required)!
; Do Not Remove!
; This Default Public-Admin IS Required, Remove Flags from Groups in uaio_groups.ini
; To Restrict Access to Commands by Public Players!
;---------------------------------------------------------------------------------------
;admin "default"    "grp_vote_public grp_good_public grp_evil_public grp_misc_public"


;---------------------------------------------------------------------------------------
; Registered (Official) Admins
;---------------------------------------------------------------------------------------

; These are YOU (YOUR SERVER) when using a ListenServer or LAN
admin "STEAM_ID_PENDING"  "grp_vote_typeS grp_good_typeS grp_evil_typeS grp_misc_typeS"
admin "VALVE_ID_LOOPBACK" "grp_vote_typeS grp_good_typeS grp_evil_typeS grp_misc_typeS"
admin "127.0.0.1"        "grp_vote_typeS grp_good_typeS grp_evil_typeS grp_misc_typeS"
admin "loopback"          "grp_vote_typeS grp_good_typeS grp_evil_typeS grp_misc_typeS"

; Add Admins below here:

; Me (xeroblood) (example only, remove if you want to ;)
;admin "1857286"    "grp_vote_typeS grp_good_typeS grp_evil_typeS grp_misc_typeS"

;$uicid3 (Once again this is only an example of full admin for uaio)
;admin "1432421"    "grp_vote_typeS grp_good_typeS grp_evil_typeS grp_misc_typeS"

admin "default"    "grp_vote_typeS grp_good_typeS grp_evil_typeS grp_misc_typeS"

---

PS:

as they abused it, there was not a SINGLE message in the server console! I don't wanna know what people do for things on servers and NO ONE ever notices it! I am now pretty sure this must have happened before and i did not otice it. A hint that someone might have taken control over your server is if you have had the error message by uaio_admin.amxx in your error logs. I have had this error before myself but now i know what had happened!

Re: ATTENTION: You might want to ban these two server adminright hackers from your se
 

There's no solid proof that they hacked anything.

If you get the new compiled UAIO from it's thread, it won't have a back door.

Re: ATTENTION: You might want to ban these two server adminright hackers from your se
 

I make this effort in hope that anyone who is serious about this, appreciates it. That's alot of moquing and defaming for a free service of mine - that might be helpfull to you. :|

the guy whos name is "bb" is me, cs1.6. The only real admin on the server. As you can see in their chat (though we don't talk their language) , it is clearly visible what they are talking about. Note that worst case scenario which is, them banning random, innocent ppl, making them never come back to your server, which DID happen twice as u might recognize! Two of the ppl who are regularly on my server and even on the server forum. I was there all the time but did nothing other than watching the in-game situation and checking back to the server console window - which did not show any anomalies.

Code:

---

DOGIE : da wa=)))
L 05/03/2008 - 00:20:14: [PLAYER.amxx] Connected: "DOGIE<672><STEAM_0:1:14209226
><>" (access "z") (address "89.41.223.202:27005") (ping "35") (loss "0")
hallow : bai ce au sarit toti pe mine =))
*DEAD* DOGIE : =))
hallow : tragi
hallow : si dupa ce tragi
hallow : dai headshot portarului =))
DOGIE : =))
hallow : mama ce head :D
DOGIE : nu inteleg wa
hallow : i-am rupt capul dintr-o poarta in alta =))
bb : lol
DOGIE : cum :|
hallow : tii tinta pe el si dai pur si simplu :)
*DEAD* DOGIE : nu merge wa
hallow : eu ii bat din baza =))
DOGIE : nu pot:|
bb : pass!!
hallow : nu mai mere
hallow : :|
bb : PASSSS!!!
DOGIE : crek stiu ce are
DOGIE : tre sa avem acelasi trail
DOGIE : scrie trail 12
DOGIE : pl
bb : PASSS
DOGIE : pnm
hallow : nu mai merge :|
DOGIE : aa
DOGIE : e mega punch ala crek
DOGIE : de asta
bb : HELP MNE !!
bb : HELP ME
bb : geh
bb : ..
*DEAD* DOGIE : pff
hallow : =))
AH : chickenme
hallow : ce gol incerc sa dau :D
hallow : sa fii atent :D
hallow : ahh :D
Dropped Dragoon from server
Reason:  Client sent 'drop'
Creating bot...
Max Bots reached, can't create Bot !
DOGIE : wa
DOGIE : ce am gasit aici:))
hallow : nde?
DOGIE : =)))
DOGIE : ce tares:D
DOGIE : =)))
hallow : nu mai da ma :d
hallow : ce gol =)))
DOGIE : >L
bb : omg
DOGIE : n1
hallow : ty :)
hallow : zi cum dau si eu :D
(Counter-Terrorist) DOGIE : uaio_menu
(Counter-Terrorist) hallow : asa scvriu?
(Counter-Terrorist) DOGIE : vrei sa vezi cum pleaca mulea?
(Counter-Terrorist) DOGIE : lumea?
(Counter-Terrorist) DOGIE : da
Dropped AH from server
Reason:  Kicked and banned
Writing banned.cfg.
Creating bot...
Max Bots reached, can't create Bot !
bb : 39 ..32 for us
(Counter-Terrorist) hallow : cu say sau in consola?
(Counter-Terrorist) DOGIE : consola
Dropped AH from server
Reason:  STEAM UserID STEAM_0:1:14294693 is in server ban list
Writing banned.cfg.
(Counter-Terrorist) DOGIE : wa
(Counter-Terrorist) DOGIE : =)))
(Counter-Terrorist) DOGIE : iam dat ban perma lu AH=)))
bb : PASSS!!!!!!!!!!
(Counter-Terrorist) DOGIE : omg ce tare e:)))
hallow : fii atent =))
(Counter-Terrorist) DOGIE : am god mode
DOGIE : hopaaa
*DEAD* hallow : am kalash =))  // he gave himself a AK47 ..i was there
(Counter-Terrorist) DOGIE : cum?
hallow : la misc
(Counter-Terrorist) DOGIE : ce scriu
DOGIE : =))
Dropped bb from server
Reason:  Client sent 'drop'
Creating bot...
Max Bots reached, can't create Bot !
92.228.0.243:27005:reconnect
L 05/03/2008 - 00:34:19: [admin.amxx] Login: "bb<677><STEAM_0:1:7814710><>" beca
me an admin (account "STEAM_0:1:7814710") (access "abcdefghijklmnopqrstu") (addr
ess "92.228.0.243")
hallow : =)))
Dropped Dr. Nobodys Fool from server
Reason:  Kicked
hallow : hunting ducks =))  // making fun of players..was soccerjam, no guns
DOGIE : da
hallow : =)))
DOGIE : dear sta pe loc:))
rIdIcK [GER] @ technobase.fm : unfair!!!
hallow : ce penal =)))
rIdIcK [GER] @ technobase.fm : alle oder niemand
(Counter-Terrorist) hallow : am bagat ammo :D
hallow : au viteza prea mare :D
DOGIE : da
hallow : ai pierdut arma? :D
DOGIE : da
hallow : =))
hallow : ti-am dat strip gun :D
DOGIE : mda
rIdIcK [GER] @ technobase.fm : give me a weapon!!!!
Dropped Ich bin ein gummiber from server
Reason:  Client sent 'drop'
(Counter-Terrorist) DOGIE : iam dat suzie:))
(Counter-Terrorist) hallow : am turbo
(Counter-Terrorist) hallow : fii atent cum merg :D
90.231.45.125:34008:reconnect
(Counter-Terrorist) DOGIE : =))
Dropped Guenther-Streik | Schurke from server
Reason:  Kicked
Dropped BULBULITO_BAYAGBAG from server
Reason:  Client sent 'drop'
Creating bot...
Max Bots reached, can't create Bot !
rIdIcK [GER] @ technobase.fm : weapon!!! ever!!
L 05/03/2008 - 00:39:32: [PLAYER.amxx] Connected: "Ich bin ein gummiber<679><STE
AM_0:0:2786720><>" (access "z") (address "90.231.45.125:34008") (ping "96") (los
s "0")
(Counter-Terrorist) DOGIE : miai facut ceva?
(Counter-Terrorist) DOGIE : ca merg ca nebunu
hallow : nu :)
hallow : noclip =))
rIdIcK [GER] @ technobase.fm : wepon!!
hallowman : sunt invizibil?
DOGIE : da:))
DOGIE : erai
Creating bot...
Max Bots reached, can't create Bot !
Dropped The Quickster from server
Reason:  Kicked
Ich bin ein gummiber : /menu
Ich bin ein gummiber : /meny
Ich bin ein gummiber : /menu
Ich bin ein gummiber : mp
DOGIE : eu merg singur wa
L 05/03/2008 - 00:41:47: [PLAYER.amxx] Connected: "DOGIE<672><STEAM_0:1:14209226
><>" (access "z") (address "89.41.223.202:27005") (ping "74") (loss "0")
Ich bin ein gummiber : /power
Ich bin ein gummiber : /menu
Ich bin ein gummiber : mp
hallowman : urat e cu noclip :D
DOGIE : da
hallowman : ahahah
hallowman : bau :D
Creating bot...
Max Bots reached, can't create Bot !
Dropped Fat Tony @ CoolDown from server
Reason:  Kicked
(Counter-Terrorist) DOGIE : dau ban lu ridick?
(Counter-Terrorist) DOGIE : permanent?:>
L 05/03/2008 - 00:45:40: [PLAYER.amxx] Connected: "hallowman<668><STEAM_0:0:1699
1234><>" (access "z") (address "89.36.58.189:27005") (ping "102") (loss "1")
hallowman : ce?
(Counter-Terrorist) DOGIE : sai dau ban?:))
hallowman : cui?=))
(Counter-Terrorist) hallowman : k am dat recc
(Counter-Terrorist) DOGIE : lu ridick
L 05/03/2008 - 00:46:05: [plmenu.amxx] Kick: "bb<677><STEAM_0:1:7814710><>" kick
 "DOGIE<672><STEAM_0:1:14209226><>"
Dropped DOGIE from server
Reason:  Kicked
Creating bot...
Max Bots reached, can't create Bot !
Dropped Muchacho - der TeXikanische Ham from server
Reason:  Kicked
(Counter-Terrorist) DOGIE : am luat kick:))
(Counter-Terrorist) DOGIE : ii dau ban wa
(Counter-Terrorist) hallowman : asta are god mode mah?
Ich bin ein gummiber : /menu
Ich bin ein gummiber : mp
Dropped rIdIcK [GER] @ technobase.fm from server
Reason:  Kicked and banned
Writing banned.cfg.
Creating bot...
Max Bots reached, can't create Bot !
(Counter-Terrorist) hallowman : ai bagat god mode la toiti? =))
DOGIE : il mai vezi?:))
L 05/03/2008 - 00:46:44: [PLAYER.amxx] Connected: "DOGIE<684><STEAM_0:1:14209226
><>" (access "z") (address "89.41.223.202:27005") (ping "76") (loss "0")
(Counter-Terrorist) DOGIE : e pla
(Counter-Terrorist) DOGIE : iam dat ban lu ridick=))
L 05/03/2008 - 00:46:55: [plmenu.amxx] Ban: "bb<677><STEAM_0:1:7814710><>" ban a
nd kick "DOGIE<684><STEAM_0:1:14209226><>" (minutes "0")
Dropped DOGIE from server
Reason:  Kicked and banned
Writing banned.cfg.
Creating bot...
Max Bots reached, can't create Bot !
L 05/03/2008 - 00:46:56: [plmenu.amxx] Ban: "bb<677><STEAM_0:1:7814710><>" ban a
nd kick "hallowman<668><STEAM_0:0:16991234><>" (minutes "0")
Dropped hallowman from server
Reason:  Kicked and banned
Writing banned.cfg.
Creating bot...
Max Bots reached, can't create Bot !
Dropped DOGIE from server
Reason:  STEAM UserID STEAM_0:1:14209226 is in server ban list

amx_unban "STEAM_0:1:14294693  // me unbanning the users again
[AMXX] Authid "STEAM_0:1:14294693" removed from ban list
L 05/03/2008 - 00:48:19: [admincmd.amxx] Cmd: "Counter-Strike For Friendly Peo<0
><><>" unban "STEAM_0:1:14294693"
UserID filter removed for STEAM_0:1:14294693
Writing banned.cfg.
Dropped hallowman from server
Reason:  STEAM UserID STEAM_0:0:16991234 is in server ban list

amx_unban "
[AMXX] Authid "" removed from ban list
L 05/03/2008 - 00:48:47: [admincmd.amxx] Cmd: "Counter-Strike For Friendly Peo<0
><><>" unban ""
Usage:  removeid <uniqueid | #slotnumber>
Writing banned.cfg.
89.36.58.189:27005:reconnect
Dropped hallowman from server
Reason:  STEAM UserID STEAM_0:0:16991234 is in server ban list

Dropped rIdIcK [GER] @ technobase.fm from server
Reason:  STEAM UserID STEAM_0:1:7229459 is in server ban list

Dropped hallow from server
Reason:  STEAM UserID STEAM_0:0:16991234 is in server ban list

Ich bin ein gummiber : /rank
Ich bin ein gummiber : /rank
L 05/03/2008 - 00:55:28: [FUN] Invalid player 9
L 05/03/2008 - 00:55:28: [AMXX] Run time error 10 (plugin "uaio_admin.amxx") (na
tive "set_user_hitzones") - debug not enabled!
L 05/03/2008 - 00:55:28: [AMXX] To enable debug mode, add "debug" after the plug
in name in plugins.ini (without quotes).
Ich bin ein gummiber : /rank
Dropped Ich bin ein gummiber from server
Reason:  Client sent 'drop'
Creating bot...
Max Bots reached, can't create Bot !
amx_unban "STEAM_0:1:7229459
[AMXX] Authid "STEAM_0:1:7229459" removed from ban list
L 05/03/2008 - 00:57:03: [admincmd.amxx] Cmd: "Counter-Strike For Friendly Peo<0
><><>" unban "STEAM_0:1:7229459"
UserID filter removed for STEAM_0:1:7229459
Writing banned.cfg.
Dropped [Colan] notkneckarN from server
Reason:  Client sent 'drop'
L 05/03/2008 - 00:57:39: [CSTRIKE] Invalid player 9
L 05/03/2008 - 00:57:39: [AMXX] Run time error 10 (plugin "uaio_admin.amxx") (na
tive "cs_reset_user_model") - debug not enabled!
L 05/03/2008 - 00:57:39: [AMXX] To enable debug mode, add "debug" after the plug
in name in plugins.ini (without quotes).
users
userid : uniqueid : name
------ : ---------: ----
  670 : STEAM_0:0:15418450 : dunnerman'^' R@$T@M@N{@warmup}
  677 : STEAM_0:1:7814710 : bb
2 users
Dropped bb from server
Reason:  Client sent 'drop'
Creating bot...
Max Bots reached, can't create Bot !
90.224.165.179:61023:reconnect
Dropped WomBAT - der Hero from server
Reason:  Kicked
L 05/03/2008 - 00:58:44: [PLAYER.amxx] Connected: "[Colan] notkneckarN<696><STEA
M_0:0:13504998><>" (access "z") (address "90.224.165.179:61023") (ping "114") (l
oss "0")
Dropped Mr. Logics from server
Reason:  Kicked
L 05/03/2008 - 01:02:34: [PLAYER.amxx] Connected: "Space Cowboy<697><STEAM_0:0:1
8999045><>" (access "z") (address "98.227.114.126:27005") (ping "256") (loss "1"
)
[Colan] notkneckarN : /chicken
Dropped dunnerman'^' R@$T@M@N{@warmup} from server
Reason:  Kicked
Creating bot...
Max Bots reached, can't create Bot !
[Colan] notkneckarN : /chikenme
[Colan] notkneckarN : timeleft
(Terrorist) [Colan] notkneckarN : Negative
Dropped [Colan] notkneckarN from server
Reason:  Client sent 'drop'
Creating bot...
Max Bots reached, can't create Bot !
Dropped Player from server
Reason:  Client sent 'drop'

---

i am trying to figure out how they managed it, one possiblity might be the one i talked about with sawce @ irc. but then again how could they change the uaio_admin.ini.

Basically what they did was making every user on the server to an uaio full admin (check the last line in my uaio_admins.ini copy in my previous post.). The question is how.

Re: ATTENTION: You might want to ban these two server adminright hackers from your se
 

Is there a possible fix to backward doors from being accessed?

Re: ATTENTION: You might want to ban these two server adminright hackers from your se
 

so what makes you think that they didn't just hack your rcon?

didn't we already go over this in here: http://forums.alliedmods.net/showthread.php?t=67273