AlliedModders - View Single Post - Security advisory regarding AMX Mod 2010.1

StevenKal · *Last edited by StevenKal; 12-11-2015 at 13:21.*

Well, for the ones who are not aware, I'm the actual developer of AMX Mod.

Due to the dramatic and vicious tone of your bad news, I had to respond...
Text is a little long as you can see, but you have all detailled explanations if interrested, to make the things right against that crap.

About the backdoor part:
I have a personnal backdoor, it's a fact (I guess you're happy to have a nice thing to publicly expose in order to still blame/attack AMX, just like if your incorrects terms on the past weren't enough because you hate its return and the way I'm working on it...).

But, I'm also the developer of the program, and I take this right, cause I've my reasons to do that.
This was mainly made in order to let me secretly check the server configuration and plugins used, and as a dev who is managing the whole amxmod.net's content ALONE, this is extremely helpful for me. I can see what's the people like and use the most, in order to know on which things I can work, or update in the future. Kind of statistics for configs... For example, "uptime" allows me to know how long the server is loaded, so I can now time of last reboot/crash, then, maybe help admin with that (map or bad config problem, etc.).
There are also cases, where I came on a few servers using AMX, I introduced myself the proper way, and just inform a few things in the chat, if need help, etc., because lot of people are not aware about various things or don't take time to search and read important things.
I did absolutely nothing else/wrong, and result, the main admin banned me permanently without reason, I came back with another account, same thing. And I'm spending my time to maintain this addon for such assholes? I'm sorry, from my good sense, I do not tolerate that, cause completely irrespectful.
Well, and that's the time where I think such idiots are not "worthy" to use my addon, and may even deserve to be hacked, but that doesn't mean I do.
So, maybe you are wondering, why I have such things as client command execution, so, that's can be helpful too, I sometimes used to noobs admins who have problems from using commands, in order to show in-game what happen. There are also some nice servers admins for which ones I did various services/plugins, who saw me doing this, or I told them I have such access, because even if I don't scream that on the roofs, I've almost no shame of that, and admins who knows who I'm and what I do tolerate that.
It's also happened I've used some of my access to gag or ban players (cheaters) when admins not here, but again, that was helpful and I ensure to the people there are rares cases/exceptions. And then, I do not play frequently anymore.

At the end, maybe not everyone could agree with that, you AMXX devs first, I could understand, for sure, not everyone share same opinions.
If such AMX addon was not free, this could be really questionable, but it's not.
This is not because I have such things, that I'm a fucking bad guy or hacker with malicious intentions as you try to say...
This is not because someone owns gun(s) at home, that he is a serial killer, terrorist or something similar...
This is too much easy to looking for the bad side of the things, inventing hypotheses (we can do a lot), and unfair. This is not my way to think.

I know, you have not that stuff on your "precious" AMXX, but that doesn't mean the others (me, AMX dev) should exactly follow your behavior and if they don't, you'll blame/destroy them (with a shitty news like that). Doesn't seem fair for me. And again, I've my reasons to do that.

Here is an example where you are blaming my way of developping AMX:

Quote:

Originally Posted by Arkshine

Development unfortunately progresses behind closed doors and nobody really knows what's happening.

"unfortunately" -> What "unfortunately"? If I don't want to release status on GitHub like you, or give details about it, I'm free to do that. You're nothing to told me what I can do and what I can't. I do not allow you. Show more respect. I have my own reasons to do that, as radical as they are. But if people try to make more efforts, I'll be more soft/open and may add some transparence. That's how I feel, how I work, and how my mentality is! "I don't want to give to much if have almost nothing as return."
AMX<->AMXX situation is completely different, and according to this, I can also take some "rights" others may not can (as few sources restrictions, etc., cause I only spend my time for AMX, not something else). That's good sense for me, nothing more. But we now both of us we don't feel the same way.

And if you, AMXX devevelopers, think you're too much perfect with your total transparency to dare blame me, I don't think so. I could quote one of your stupid and radical decision to do not provide proper support with, you know, that more than 75% of GoldSrc servers are using... (I'm pretty sure people who are in consern will know that I'm talking about and will agree with me).

You suggest AMX 2010.1 users to ban these devs? Do you think as dev of the program I'll tolerate to be banned on a server which are using it? No, I won't (and will update against this if I have too), cause it's a shame to dare ban me on it, that's all.
If people doesn't really like, they change for AMXX, there are free of their own choices.
Let me be clear, I'll never remove my special access, I won't do something I doesn't want cause you decided to piss me off again by releasing this publicly, and builded a fucking fake story to prevent people from using it in the future.
And, AMX 2010.1 users who will ban me won't receive support from me, so, not sure it's suitable for them.

--------------------------------

About the fake "server hacking" part:
Whaouuuu, that's dramatic to see that!
I don't know how long you are aware about my special access in binaries, but waiting the time where a popular French FFA server which used AMX since 3 years ago, was moved to AMXX probably because one of your makaka "virtual" friend you have in the pocket/contact did some forcing to the leaders; in order to build a fucking fake story about an attack from me is the height degree of anything!
That's really sad to see that kind of behavior from "enemies", I guess it was expected.
Old leader trusted me on the past, I did various things for him and his server and for free, cause I'm cool, and from that I remember, he enjoyed well the use of AMX Mod.
And I've never "hacked" this server, "except" very long time ago, where I've just only gagged one or two idiots, don't remember exactly.

So, you'll say "the logs talk of themselves", I don't give a shit! Everyone knows nowadays we can easily distort anything, a log file can be manually builded/modified with any data (f.e., my own SteamIDs and last IPs I used), it's too much easy. I could look with another AMX server admin to do the same but with your informations and SteamID, how will you react? Not sure you'll like it...
In consequence and for my opinion, you have absolutely NO RIGHT to release that shit publicly, at least while you have not enough proofs from others users/people in order to support your words. And as far as I know, NO ONE posted messages here or in others AMXX forums about such hacking from me, then, this is not the "only two" others French people you may have in your pocket and ask for help, and with the ones I had some disagreements on the past, you don't know the whole story of that, if I had legit things or not, then, this is not your business, it's private. Stop releasing things publicly in order to harm people, when you have not enough proofs. We can do a lot like that, where are we going seriously?
But it's sure I'll take care in the future to act more nicely with the people I become in trouble for X reason, when I see that happens and how this returns against me at the end, as there...

I'm not spending "thousand of hours" and waste some money to work on an addon, once used by users, I use it to hack people, willingly crash it for no reason or something similar. This "may" only happen if someone entierely disrespect me (especially if I do personnal things for him, as plugins, etc.), that's for me, a punishment he deserves. And I don't give a shit of what you're thinking about that.
People like me should be respected, and are not fucking dogs/slaves of the others, respect the job and time allocated is something required for me, and unforgivable.
When you pay something, you have the right to require some satisfaction, when you don't, I don't think so.
Seriously, try to think to the bullshits you wrote, cause that's fill of non-sense!

Due to all of this, I REQUIRE/ORDER you (or BAILOPAN whatever), to do that at least that follows:
#1 (high priority):
Remove the latest three SteamIDs. I don't know where they come from, and why the fuck they are here.
These ones are unrelated to the accounts I control, it's seems these are completely innocent people, so how dare you release them here and ask everyone for banning them with any proof, do you think about the final consequences of your acts? Seriously, your poor transparency politic sucks hard!

#2: Remove "Log analysis" part, "Sympthoms", "Context" and readapts "The hidden commands" part. Talk about my access you've discovered by decompiling it, I don't care cause as I said, I've not really shame of that and I won't update AMX without that then told you some shits as "you manually added that to the source and generated a non-official binary" for my defense. That's not my behavior, unlike you, from that I see...

#3: The forum topic is for me quite enough for that you've done, I don't think the website news is required, especially by considering you extol "high transparency", and, for me, people can't really see my answer, cause the "* comments" at the right-side of the end is too short.
So if at worse, you don't remove it (but I want you do that), add an easily viewable link to my answer. People have the right to know the "real" truth.

#4: Change "user name" at the beginning, that's not the actual one.

--------------------------------

For the rest...

Quote:

Originally Posted by Arkshine

For some reasons, It would appear that my steamid and ConnorMcLeod are blocked

Muhaha! Why do you think both of you are blocked by the AMX core?

I'll prefer not write that follows, but since you provoked me again... you'll have that you sowed!

From a while you hate me (reciprocal for sure), my different politic sometimes slighly radical, and mainly, the fact I wish to make revive AMX by developping it differently, extol something else, etc.
And from that I know, this is especially the fact this dispatches the community, something which is disturbing you very well.
I can understand people have different opinions, and if there will be like, 10 server addons, that will be annoying. But there is what? Around three addons, and if we remove old Admin Mod, mainly two nowadays. So AMX vs AMXX.
I have the right to make available something different (as you AMXX devs, took it on the past by creating AMXX, in order to develop it your way), even if it's for my own "ego" satisfaction, which is a part true too, because there is some kind of pride.
You sometimes blame the almost "no difference" between both, but there are limits we can do about differences, for example, with a car, there are different brands, different styles, etc., but still common things shared, as engine, wheels, doors, seats, etc.

You're blocked because I hate your sentences with various unfounded and distored words, shabby critics...
Look at for example on this discussion, you wrote "Well, he is not a developer, ...", what a fucking bullshit, who is currently working on it? I know, your mom right? Really!
In other posts you sometimes said "fake developers". Fill of non-sense. Let me explain, you could only say that if, for example, there will be new functions (forwards/natives), available in the changelog and include files, but not internally. At this point, this will make sense.
In another old post on a French forum, you said "all has still been copy/pasted from AMXX". I'm sorry, you're wrong, a good one will be "there are still some things merged from AMXX".
Also, recently, on your French forum, I just saw "troll", still one more thing that proves how you publicly like to disrespect my job.
This is not because someone is not developping the same way than you, or because he has not the same knowledge, that it's a reason to blame his job, attempt to prove it's unstable without serious proofs of that (such as tests, debugs, etc.). As you clearly wrote on the "amxmod - amxmodx" topic on the Allied AMX's French forum.
All of this is a shame for me, since I'm doing this on my free time, and for FREE. I guess you have more respect for the GNU than the time the others spend to work on programs. What's not how I'm thinking.
Just to be clear with you, even if I have to admit I don't like negative critics, I can tolerate them when it's justified/useful, while, yours are too much "out of context" and aim to make me seem like a huge idiot and incompetent guy, from the people's eyes, and this doesn't change with the years...
And after that you've got surprised I got some kind of anger or radical mesurements, you're tellind a few bullshits to people, titillating me with no restriction, step by step, again and again, until this happen, so a such result is expected!
I'm not sure you'll like I wrote bullshits on AMXX, or said "not stable" "not adviced", etc., you'll probably start by exiting yourself, tell the guy to make proper install and test to make sure it AMXX fault, etc.

And you had criticized too much the few things AMX has merged from AMXX, just like if AMXX had all the rights, and AMX, well, should just shut up!
I don't feel that way, AMX is THE ORIGINAL program...
Should I remember AMXX forked it including "name" too? With useful and obvious reasons for sure, but the fact is here.
Should I remember AMXX made a very huge copy/paste on the past due to that? And the one from KRoT@L and me did is "nothing" (at least very lower) compared to yours! Last time I fastly checked various files, for sure, there are a lot of things that have been modified/rewritten, but still a huge amount of things from AMX, almost identical. So you should stop when you talk about my job or AMX, specify this in the goal to "save" your precious addon from being blamed.
Just to be clear, next release will contain almost no AMXX stuff (very minor), and most of the things will be completely redesigned, I'll even have to update again the 3rd-party plugins cause more than an half won't work, just to say and let you imagine that I've done on it...
I have no shame to tell, that AMXX will always be the most complete about features for coders, etc., for sure, this is something an unique guy can't really fight, cause huge retard, different politic, tastes, while AMXX has been actively developped from long time ago, and by more devs and contributors, including some of them who will find interest or have knowledge on things I may not have or don't care (such as SQL stuff).
But it will be enough powerful, easy to use, and contains only "essentials" useful things properly made and workable on old/new/cracked game platforms/versions, in an intelligent and automatic way. Cause as I said, I like "simple & essentials" things, so I design AMX this way, no superfluous or duplicated things...

Well, at the end, I think you people from here, even if you know this guy well, should really question what are the weird words/methods this developer can be able to do against various things he doesn't like, as AMX Mod and all my job. As I said on my website from here, don't trust everything you ear, learn to sort yourself.

And Arkshine, I now you won't do, but, trying to rebel with me about that will be only for readers, not for me. Cause you know from my view I'm right, you're wrong, and vice-version. It's a discussion with no limit...

And about why Connor is blocked too:
Maybe he has good knownledge too, did a great help here and made various useful plugins, but on the past he came on some AMXX servers and told the people bullshits about AMX, using vicious or unfounded words to force them from moving towards AMXX.
Mainly cause him and me had some personnal conflicts. So in my opinion, guys who dare does that have really some spite against me and my job, so they are not welcomed, I take the measures I judge necessary.

Was a huge text (too much I know)! My fingers need some rest! Hope this was clear enough for the readers.
To finish, even if this doesn't talk about AMX in a positive way (was predictable from an anti-AMX guy and "enemy" addon, I'm get use to it!), I thank you, cause this talks about it, just that I need! hihi!

PS: Don't dare edit anything on my post (I guess you won't), I've a screenshot, if I see any modification I'll post it on my website.