Hello everyone.
I am running AMX Mod X 1.8.2 and one of my servers was hacked today. The attacker installed 2 plugins named cs.amxx and dproto.amxx and two config files named plugins-amxxx.ini and plugins-players.ini. The plugins modified files on my players' computers to connect them to a Romanian server. Here are the files if anybody is interested:
http://s000.tinyupload.com/index.php?file_id=96730576301751480828
Don't run them on your server.
For months I have been running the same plugins all of which I've downloaded and recompiled from here, I've been running them on both servers but only one was hacked. The servers are behind a router which only lets through traffic on HLDS-related ports. I've checked the logs and found no sign of anybody using the rcon password, I did change it after I restored everything from backups. I haven't been using the server for anything else than uploading maps and adding/removing admins meaning for the past months I hadn't run anything I've downloaded off the internet. I really don't know what could've caused this. I hope it's one of the plugins nevertheless and Amx Mod X isn't compromised.
Luckily I noticed this in time before too many players were slowhacked.