Thread: Protecting your server!
View Single Post
Krillin
Senior Member
Krillin's Avatar
Join Date: Jul 2004
Old 06-03-2010 , 17:39   Re: Protecting your server!
Reply With Quote #8
Quote:
Originally Posted by thetwistedpanda View Post
You don't really need anything in EventScripts to protect your server. If your Mani admin is being hacked, well, that's all the more reason to remove it and pick something more secure eh? Everything that's needed is in devicenull's original post.
It's overrated and overstated.

MAP is NOT being hacked. I am not going to explain the exploit. It was only used to give themselves admin. ServSecurity requires EventScripts to run. If you followed the links you would know this. I noted this in the above posting to avoid confusion as to why EventScript is required. But as I stated, KAC won't let these cheaters / hackers get that far. I have read that the combo I stated above works effortlessly without all the clutter stated. I only used the rcon_locker from the 'here' link so admins cannot change the rcon password, I hope (but they are unable to writecfg without the ServSecurity password). But I do not give my admins rcon access.

I made my post because this is what works without reading every detail of how and why. All that other post is doing is being an enabler of "how-to" exploit. Be warned, they will find a workaround in a matter of time, but KAC is a step ahead of the game. But ServSecurity is just an added extra measure. No harm in overprotecting your servers in the event of failure. But it is the Admins choice of using ServSecurity with its requirement or not. That is why KAC is separated but that requires SourceMOD.

Quote:
Originally Posted by Bacardi View Post
...can be change server to read different named configuration files than default server.cfg ??
Maybe better if change path
...cfg/abc_123/x_server_qwerty.cfg

And not add that rcon_password any cfg file, just only in launch parameters...

And can be change default autoexec.cfg to different name or add in sub-folder
Nice idea, but this was not the problem. The problem was the exploit allowed them to change the rcon_password no matter what it was set for. Then using rcon command gave themselves FULL 100% ACCESS to Mani Admin Plug-in. ServSecurity will not allow key files like server.cfg, client.txt (Admin list for MAP) without unlocking with a password set within ServSecurity.cfg.

Krillin
__________________
Krillin's World Server(s) Operator

Last edited by Krillin; 06-03-2010 at 18:13. Reason: Making a clearer statement.
Krillin is offline