Server hacked
Hello everyone.
I am running AMX Mod X 1.8.2 and one of my servers was hacked today. The attacker installed 2 plugins named cs.amxx and dproto.amxx and two config files named plugins-amxxx.ini and plugins-players.ini. The plugins modified files on my players' computers to connect them to a Romanian server. Here are the files if anybody is interested: http://s000.tinyupload.com/index.php?file_id=96730576301751480828 Don't run them on your server. For months I have been running the same plugins all of which I've downloaded and recompiled from here, I've been running them on both servers but only one was hacked. The servers are behind a router which only lets through traffic on HLDS-related ports. I've checked the logs and found no sign of anybody using the rcon password, I did change it after I restored everything from backups. I haven't been using the server for anything else than uploading maps and adding/removing admins meaning for the past months I hadn't run anything I've downloaded off the internet. I really don't know what could've caused this. I hope it's one of the plugins nevertheless and Amx Mod X isn't compromised. Luckily I noticed this in time before too many players were slowhacked. |
Re: Server hacked
No steam = No support
|
Re: Server hacked
Screenshot of my Steam licenses:
http://imgur.com/JmM7U57 |
Re: Server hacked
Your Running Non steam server , which this community doesnt support . If you want support then please do remove dproto from your server.
|
Re: Server hacked
Quote:
|
Re: Server hacked
You would require FTP access to put plugins on your server (unless you have a plugin for downloading plugins). So, I'd recommend changing all passwords that relate to your server (CPanel, FTP, Rcon, etc.).
|
Re: Server hacked
fysiks: Thank you for your reply. I access the server on a local network and all the ports apart from the two used by my servers are closed from outside access. But if you say that it's possible for a plugin to download and install other plugins, I'll have to review all plugins I have, maybe I've missed one or two with a backdoor.
|
Re: Server hacked
There are exploits which upload files to the server, without any plugin installed. I am not sure if they work on a steam only server. Anyway, in case you run dproto remove it.
|
Re: Server hacked
HamletEagle, thanks for the info, I didn't know it was possible. Maybe the easiest solution here would be to just prevent HLDS from modifying or creating any files except for stats and the ones in the logs folder. I'll fiddle with Windows user ownership and permission settings, the exploits will probably not end today anyway.
|
Re: Server hacked
Update your HLDS to the latest version using steamcmd and your problem will be fixed. Its an exploit as Hamlet said.
|
All times are GMT -4. The time now is 01:46. |
Powered by vBulletin®
Copyright ©2000 - 2024, vBulletin Solutions, Inc.