Hacked server
Got something strange today,
One of my gameservers ( tf2 ) was hacked and locked. The normal name was changed in HACKED!!!! and was locked with a password. When i looked on my server.cfg and the server files of the game i didnt notice any strange files or stuff. Even my server.cfg had the normal name and no server password enabled. So i changed my Rcon pas and restarted the server. And everything looks for now good again and people can enjoy a game once again. I have Smac installed btw. Do more people have had this before, and howe do they do this.? |
Re: Hacked server
Did you check your logs to see what happened?
|
Re: Hacked server
Any unapproved/private plugins which might inadvertently contain code for a ServerCommand injection?
|
Re: Hacked server
One of my servers and another server were recently exploited via sv_allowdownload "1", I guess the player was able to download & read the server.cfg to see the rcon password. I'm not sure if the exploit works on tf2 & this might be old, but disabling the rcon password and/or setting sv_allowdownload "0" should patch it (make sure you have fastdl set up before disabling allowdownload)
Having rcon access would allow a player to change settings in-game like the server name & password but it wouldn't reflect in the server.cfg, so it's a possibility |
Re: Hacked server
u sure that's what it was? disabling allowdownload means players won't be able to dl custom maps, right?
|
Re: Hacked server
Got nothing strange in my logs.
i havent have anything strange or private plugins on my gameserver. In my server.cfg i have only: allow download, upload isnt enabled. --------------------------------------------------------------------------- 01 "Admin File Reader" (1.5.3-dev+3948) by AlliedModders LLC 02 "adminannounce.smx" 03 "Admin Help" (1.5.3-dev+3948) by AlliedModders LLC 04 "Admin Menu" (1.5.3-dev+3948) by AlliedModders LLC 05 "Advertisements" (0.5.5) by Tsunami 06 "Anti-Flood" (1.5.3-dev+3948) by AlliedModders LLC 07 "Autorespawn for Admins" (1.5.1) by Chefe 08 "Basic Ban Commands" (1.5.3-dev+3948) by AlliedModders LLC 09 "Basic Chat" (1.5.3-dev+3948) by AlliedModders LLC 10 "Basic Comm Control" (1.5.3-dev+3948) by AlliedModders LLC 11 "Basic Commands" (1.5.3-dev+3948) by AlliedModders LLC 12 "Basic Info Triggers" (1.5.3-dev+3948) by AlliedModders LLC 13 "Basic Votes" (1.5.3-dev+3948) by AlliedModders LLC 14 "Bonus Round Immunity" (1.1.0) by Antithasys 15 "bonusroundrespawn" (1.2) by Ratty 16 "TF2 Class Restrictions" (0.6) by Tsunami 17 "Client Preferences" (1.5.3-dev+3948) by AlliedModders LLC 18 "[Source 2009] Custom Chat Colors" (2.4.1) by Dr. McKay 19 "Donate" (1.0) by FreakyLike 20 "Execute Configs" (1.0) by Tsunami 21 "Fish Humiliation" (0.2) by retsam 22 "[TF2] Halloween Footprints" (1.0) by Oshizu 23 "Fun Commands" (1.5.3-dev+3948) by AlliedModders LLC 24 "Fun Votes" (1.5.3-dev+3948) by AlliedModders LLC 25 "[TF2] Golden Stocks" (1.0.0) by 11530 26 "In-game Help Menu" (0.3) by chundo 27 "Hive365 Player" (3.0.0) by Hive365.co.uk 28 "High Ping Kicker - Lite Edition" (1.0.0.1) by Liam 29 "MOTDgd Ads" (1.6.3) by MOTDgd 30 "Nextmap" (1.5.3-dev+3948) by AlliedModders LLC 31 "[ANY] Rcon Password Protect" (1.0.0) by DarthNinja 32 "PermaMute" (0.1) by Ryan "FLOOR_MASTER" Mannion 33 "Player Commands" (1.5.3-dev+3948) by AlliedModders LLC 34 "Reserved Slots" (1.5.3-dev+3948) by AlliedModders LLC 35 "[TF2] Roll The Dice" (0.3.8.2) by linux_lover 36 "rules.smx" 37 "Server Hud Logo" (2.1.1) by ReFlexPoison 38 "Simple Chat Processor (Redux)" (1.1.4-fix2) by Simple Plugins, Mini 39 "SourceMod Anti-Cheat" (0.8.4.0) by SMAC Development Team 40 "SMAC Aimbot Detector" (0.8.4.0) by SMAC Development Team 41 "SMAC AutoTrigger Detector" (0.8.4.0) by SMAC Development Team 42 "SMAC Client Protection" (0.8.4.0) by SMAC Development Team 43 "SMAC Command Monitor" (0.8.4.0) by SMAC Development Team 44 "SMAC ConVar Checker" (0.8.4.1) by SMAC Development Team 45 "SMAC Eye Angle Test" (0.8.4.0) by SMAC Development Team 46 "SMAC Rcon Locker" (0.8.4.0) by SMAC Development Team 47 "SMAC Anti-Speedhack" (0.8.4.0) by SMAC Development Team 48 "SMAC Spinhack Detector" (0.8.4.0) by SMAC Development Team 49 "Sound Commands" (1.5.3-dev+3948) by AlliedModders LLC 50 "TempBan" (1.0.0) by bl4nk 51 "[TF2] TF2Attributes" (1.1.1) by FlaminSarge 52 "[TF2] Bot Quota Fix" (1.0.0) by Leonardo 53 "[DEV] TF2 Items Info" (1.7.11-20120715) by Leonardo 54 "[TF2Items] Manager" (1.4.1) by Damizean & Asherkin 55 "TF2 Fast Respawns" (1.0.6) by WoZeR 56 "[TF2] Player Stats" (9.1.0) by DarthNinja 57 "TF Force Holidays" (1.8.1) by Powerlord 58 "[TF2] No Matchmaking" (1.0.0) by Dr. McKay 59 "[TF2] Thirdperson" (2.1.0) by DarthNinja 60 "Tidy Chat" (0.4) by linux_lover 61 "Unusual" (2.01) by Erreur 500 62 "Win panel for losing team" (1.2) by Reflex |
Re: Hacked server
Quote:
If you have a fastdl set up it wont affect your client downloads, afaik sv_allowupload lets players upload simple content such as custom sprays & sv_allowdownload gives players permission to download files directly from your gameserver on connect. Considering fastdl lets players download from a webserver via sv_downloadurl, sv_allowdownload isn't needed. |
Re: Hacked server
i didnt mention custom maps from fastdl :P i guess it's worth testing
and u can not know til he/she strikes again... rules.smx looks custom; also did u try rcon locker? |
Re: Hacked server
Rules.smx is just a simpel code wich gives a popup when a player connects with server info.
and i have this installed, SMAC Rcon Locker" (0.8.4.0) by SMAC Development Team |
Re: Hacked server
mh theres also this https://forums.alliedmods.net/showthread.php?p=841590 idk if same thing
|
All times are GMT -4. The time now is 15:19. |
Powered by vBulletin®
Copyright ©2000 - 2024, vBulletin Solutions, Inc.