Hmm, any loopholes? Got hacked. Help :)

Jouho · **Author**

Hi guys. My server just got hacked again, it was a while since it last happened, and that one previously was maybe from the es_tools loophole, which I removed.

However, I just got hacked again, but mani only (seems to be the popular one).

Via sm plugins in console outputs:

"Basic Comm Control" (1.2.1) by AlliedModders LLC
"Sound Commands" (1.2.1) by AlliedModders LLC
"Client Preferences" (1.2.1) by AlliedModders LLC
"Model Fun" (0.5) by Arg!
"Get TickRate" (1.0) by Liam
"Basic Info Triggers" (1.2.1) by AlliedModders LLC
"Anti-Flood" (1.2.1) by AlliedModders LLC
"Knife Fight" (1.3.7) by XARiUS, Otstrel.Ru Team
"Basic Ban Commands" (1.2.1) by AlliedModders LLC
"Surf Tools" (1.6) by Fredd

Are any of these known to have loopholes?
Also, what are some protection mod/addon(s) that I could use to prevent this crap from happening again. It's a hassle readding people to mani. X_x.

Thank you

Kigen · 01-30-2010 , 21:54 Re: Hmm, any loopholes? Got hacked. Help :)

D-FENS
http://forums.alliedmods.net/showthread.php?t=109453

And I don't know about Mani. Anyhow, there is a major issue at the moment with exploits within the engine itself that are beyond the abilities of KAC to patch at this point. Your best bet is to use D-FENS and a little permission editing.

Jouho · *Last edited by Jouho; 01-30-2010 at 22:02.*

Thank you, but the server is linux based, :/. Not quite sure what to do to get it to work with Linux, if it's possible.

anonpiss · 01-31-2010 , 00:17 Re: Hmm, any loopholes? Got hacked. Help :)

Get the linux binaries of D-FENS.
Most likely the hacker downloaded your server.cfg and of course got your rcon password.

**KyleS** · 01-31-2010 , 22:59 Re: Hmm, any loopholes? Got hacked. Help :)

D-Fens isn't that good, I was still attacked with it enabled

The best thing you can do is make every single directory read only except for your local DBs, Logs, and your downloads directory for sprays. That way, the worst they can do is just clear your databases which you can backup daily.

NoS · 02-01-2010 , 05:48 Re: Hmm, any loopholes? Got hacked. Help :)

Correct me if I am wrong, but KAC is not on that list. Unless you provided every other plugin other than KAC.

YamiKaitou · 02-01-2010 , 11:54 Re: Hmm, any loopholes? Got hacked. Help :)

Your problem is most likely because you are using Mani as well. Both Mani and ES have holes that their devs refuse to acknowledge. If you can help it, remove Mani and install D-FENS and "rcon locker" by devicenull.

propaganda · 02-02-2010 , 12:41 Re: Hmm, any loopholes? Got hacked. Help :)

Yeah stay clear of mani entirely if you can. We had nothing but problems and since we went to sourcemod it cleared up 99% of them.