[Mitchell]

I just saw on my server, a sum of 10 unique clients join instantly near the same times here is from chat:

Code:

{ygt}  mill03's last connection: 06/28/2012 - 02:37:04.
Player Alice has joined the game
Player Alice has joined the game
Player Duplex I Joshy has joined the game
Player Duplex I Joshy has joined the game
Player Knobjockey has joined the game
Player Knobjockey has joined the game
Player - \/G - kagoliksis has joined the game
Player - \/G - kagoliksis has joined the game
Player The Unknown l teh pimp has joined the game
Player The Unknown l teh pimp has joined the game
Player NeX-_^zT has joined the game
[օառɛʀϟ Mitch: the hack
Player NeX-_^zT has joined the game
Player gizzey has joined the game
Player gizzey has joined the game
MØNST€R: Mitch is it possible for more vehicles??
Player SillyMan has joined the game
Player SillyMan has joined the game
Player B-DAY! Cdpf2 The Robo Guy ツ has joined the game
Player B-DAY! Cdpf2 The Robo Guy ツ has joined the game
(>SpG<) Portlink: ooooh
[օառɛʀϟ Mitch: who are these people?

in console status:

Code:

] status
hostname: >Sandboxx
version : 1.0.0.71/21 4934 insecure
udp/ip  : 8.6.74.162:27015  (public ip: 8.6.74.162)
map     : build_flor_v2b at: 0 x, 0 y, 0 z
sourcetv:  port 27020, delay 30.0s
players : 15 (16 max)

# userid name                uniqueid            connected ping loss state
#     50 "U G☠T ☠WNED"   STEAM_0:1:******  39:18       96    0 active
#     53 "MØNST€R"        STEAM_0:0:****** 36:59       57    0 active
#     60 "{ygt}  mill03"     STEAM_0:1:******  03:06       92    0 active
#     55 "WishANigguhWould"  STEAM_0:0:******   31:26       74    0 active
#     64 "Duplex I Joshy"    STEAM_0:1:******  02:35        0    0 connecting
#     58 "Mitch"             STEAM_0:1:******  21:36       62    0 active
#     59 "(>SpG<) Portlink"  STEAM_0:0:******   20:04       79    0 active
#     24 "SourceTV"          BOT                                     active
#     66 "Knobjockey"        STEAM_0:0:42699484  02:35        0    0 connecting
#     68 "- \/G - kagoliksis" STEAM_0:1:49582220 02:31        0    0 connecting
#     70 "The Unknown l teh pimp" STEAM_0:0:32576069 02:31    0    0 connecting
#     72 "NeX-_^zT"          STEAM_0:1:43066163  02:30        0    0 connecting
#     74 "gizzey"            STEAM_0:1:41953868  02:30        0    0 connecting
#     76 "SillyMan"          STEAM_0:0:21401197  02:26        0    0 connecting
#     78 "B-DAY! Cdpf2 The Robo Guy ツ" STEAM_0:0:43801293 02:26    0    0 connecting

i highlited in red how long they have been "connecting"
it should have changed them to spawning on retrieveing server info.
it made my server go from 6/16 slots to 15/16 slots in an instance.
What's strange is that all the steamid seem to be unique.

Edit:
I checked out one of their steamid's and it said he wasnt even playing css.
But he did have CSS as a recent game of the two weeks.

Edit2: I checked out another steamid that connected: "STEAM_0:0:42699484"
and it seems that the profile said he hasnt been online for 5 hours. and this happened within the hour of this topic posted.

[raydan]

ban the ip "89.238.160.234"

[Snowknight26]

Had the same thing on my server. Really curious to know what happened.

Code:

Client "Alice" connected (89.238.160.234:27000).
Client "Duplex I Joshy" connected (89.238.160.234:27001).
Client "Knobjockey" connected (89.238.160.234:27002).
S3: Client connected with expired ticket: UserID: 279
Client "D00m" connected (89.238.160.234:27004).
S3: Client connected with expired ticket: UserID: 27a
Client "Cheese" connected (89.238.160.234:27006).
Client "Bubbles" connected (89.238.160.234:27007).
Client "Dak" connected (89.238.160.234:27008).
Client "KillaKrew" connected (89.238.160.234:27009).
Client "Kicker" connected (89.238.160.234:27010).
Client "- \/G - kagoliksis" connected (89.238.160.234:27011).
Client "The Unknown l teh pimp" connected (89.238.160.234:27012).
Client "Erica" connected (89.238.160.234:27015).
Client "Audio BLurr #lemonkeyface" connected (89.238.160.234:27016).
Client "Predator" connected (89.238.160.234:27017).
Client "DRAGON_PRINCE 33" connected (89.238.160.234:27018).
Client "Gestapo" connected (89.238.160.234:27019).
Client "Raymond #Hentai" connected (89.238.160.234:27020).
Client "Teerts" connected (89.238.160.234:27021).
Client "Redbullman" connected (89.238.160.234:27022).
Client "Gravitics" connected (89.238.160.234:27026).
Client "BEARTATO!" connected (89.238.160.234:27027).
Client "WAKA" connected (89.238.160.234:27028).
S3: Duplicate client connection: UserID: 28c SteamID 2523e47
Client "NeX-_^zT" connected (89.238.160.234:27030).
Client "gizzey" connected (89.238.160.234:27031).
status
hostname: S26's 24/7 fy_iceworld [Noblock]
version : 1.0.0.71/21 4934 secure
udp/ip : 209.144.20.13:27015 (public ip: 209.144.20.13)
map : fy_iceworld at: 0 x, 0 y, 0 z
players : 24 (24 max)
# userid name uniqueid connected ping loss state adr
# 630 "Alice" STEAM_0:1:20237730 02:44 0 0 connecting 89.238.160.234:27000
# 631 "Duplex I Joshy" STEAM_0:1:38846072 02:41 0 0 connecting 89.238.160.234:27001
# 632 "Knobjockey" STEAM_0:0:42699484 02:40 0 0 connecting 89.238.160.234:27002
# 633 "D00m" STEAM_0:1:33755189 02:39 0 0 connecting 89.238.160.234:27004
# 634 "Cheese" STEAM_0:0:758676 02:38 0 0 connecting 89.238.160.234:27006
# 635 "Bubbles" STEAM_0:0:20099861 02:38 0 0 connecting 89.238.160.234:27007
# 636 "Dak" STEAM_0:1:9953147 02:38 0 0 connecting 89.238.160.234:27008
# 637 "KillaKrew" STEAM_0:1:41407727 02:37 0 0 connecting 89.238.160.234:27009
# 638 "Kicker" STEAM_0:1:19472163 02:37 0 0 connecting 89.238.160.234:27010
# 639 "- \/G - kagoliksis" STEAM_0:1:49582220 02:36 0 0 connecting 89.238.160.234:27011
# 640 "The Unknown l teh pimp" STEAM_0:0:32576069 02:36 0 0 connecting 89.238.160.234:27012
# 641 "Erica" STEAM_0:1:17330525 02:34 0 0 connecting 89.238.160.234:27015
# 642 "Audio BLurr #lemonkeyface" STEAM_0:1:44662967 02:34 0 0 connecting 89.238.160.234:27016
# 643 "Predator" STEAM_0:0:992994 02:33 0 0 connecting 89.238.160.234:27017
# 644 "DRAGON_PRINCE 33" STEAM_0:0:50610209 02:33 0 0 connecting 89.238.160.234:27018
# 645 "Gestapo" STEAM_0:0:42777303 02:32 0 0 connecting 89.238.160.234:27019
# 646 "Raymond #Hentai" STEAM_0:1:23567084 02:32 0 0 connecting 89.238.160.234:27020
# 647 "Teerts" STEAM_0:0:40367470 02:31 0 0 connecting 89.238.160.234:27021
# 648 "Redbullman" STEAM_0:1:43922845 02:31 0 0 connecting 89.238.160.234:27022
# 649 "Gravitics" STEAM_0:0:25852360 02:29 0 0 connecting 89.238.160.234:27026
# 650 "BEARTATO!" STEAM_0:0:46847338 02:28 0 0 connecting 89.238.160.234:27027
# 651 "WAKA" STEAM_0:1:43532453 02:28 0 0 connecting 89.238.160.234:27028
# 652 "NeX-_^zT" STEAM_0:1:43066163 02:27 0 0 connecting 89.238.160.234:27030
# 653 "gizzey" STEAM_0:1:41953868 02:27 0 0 connecting 89.238.160.234:27031
Calculate Stats total time [-0.023227]
Dropped Alice from server (Alice timed out)
Dropped Duplex I Joshy from server (Duplex I Joshy timed out)
Dropped Knobjockey from server (Knobjockey timed out)
Dropped D00m from server (D00m timed out)
Dropped Cheese from server (Cheese timed out)
Dropped Bubbles from server (Bubbles timed out)
Dropped Dak from server (Dak timed out)
Dropped KillaKrew from server (KillaKrew timed out)
Dropped Kicker from server (Kicker timed out)
Dropped - \/G - kagoliksis from server (- \/G - kagoliksis timed out)
Dropped The Unknown l teh pimp from server (The Unknown l teh pimp timed out)
Dropped Erica from server (Erica timed out)
Dropped Audio BLurr #lemonkeyface from server (Audio BLurr #lemonkeyface timed out)
Dropped Predator from server (Predator timed out)
Dropped DRAGON_PRINCE 33 from server (DRAGON_PRINCE 33 timed out)
Dropped Gestapo from server (Gestapo timed out)
Dropped Raymond #Hentai from server (Raymond #Hentai timed out)
Dropped Teerts from server (Teerts timed out)
Dropped Redbullman from server (Redbullman timed out)
Dropped Gravitics from server (Gravitics timed out)
Dropped BEARTATO! from server (BEARTATO! timed out)
Dropped WAKA from server (WAKA timed out)
Dropped NeX-_^zT from server (NeX-_^zT timed out)
Dropped gizzey from server (gizzey timed out)
status
hostname: S26's 24/7 fy_iceworld [Noblock]
version : 1.0.0.71/21 4934 secure
udp/ip : 209.144.20.13:27015 (public ip: 209.144.20.13)
map : fy_iceworld at: 0 x, 0 y, 0 z
players : 0 (24 max)
# userid name uniqueid connected ping loss state adr
Client "Alice" connected (89.238.160.234:27000).
Client "Duplex I Joshy" connected (89.238.160.234:27001).
Client "Knobjockey" connected (89.238.160.234:27002).
S3: Client connected with expired ticket: UserID: 291
Client "D00m" connected (89.238.160.234:27004).
S3: Client connected with expired ticket: UserID: 292
Client "Cheese" connected (89.238.160.234:27006).
Client "Bubbles" connected (89.238.160.234:27007).
Client "The Unknown l teh pimp" connected (89.238.160.234:27012).
Client "NeX-_^zT" connected (89.238.160.234:27013).
Client "gizzey" connected (89.238.160.234:27014).
Client "Audio BLurr #lemonkeyface" connected (89.238.160.234:27016).
Client "Predator" connected (89.238.160.234:27017).
Client "DRAGON_PRINCE 33" connected (89.238.160.234:27018).
Client "Gestapo" connected (89.238.160.234:27019).
Client "Raymond #Hentai" connected (89.238.160.234:27020).
Client "B-DAY! Cdpf2 The Robo Guy πâä" connected (89.238.160.234:27025).
Client "Gravitics" connected (89.238.160.234:27026).
Client "BEARTATO!" connected (89.238.160.234:27027).
Client "WAKA" connected (89.238.160.234:27028).
Client "Kicker" connected (89.238.160.234:27029).
S3: Duplicate client connection: UserID: 2a1 SteamID 5224667
Client "«uTL» Nikolai" connected (89.238.160.234:27032).
S3: Duplicate client connection: UserID: 2a2 SteamID 6088042
Client "^4Tim The ToolMan Taylor" connected (89.238.160.234:27037).
Client "«uTA» Hawkman" connected (89.238.160.234:27038).
Client "k0a- #prod1gy" connected (89.238.160.234:27039).
Client "Jake" connected (89.238.160.234:27040).
Dropped Knobjockey from server (Knobjockey timed out)
Dropped Raymond #Hentai from server (Raymond #Hentai timed out)
Dropped Gestapo from server (Gestapo timed out)

Ironically, there is also a game server running on port 27015 of that IP.

[Mitchell]

Quote:

Originally Posted by raydan ban the ip "89.238.160.234"

how is it that you knew this ip before Snowknight26 said his ip?

[Snowknight26]

He probably had the same thing happen (and searched the SteamIDs and ended up here, just like me).

My guess is that those accounts were phished. Still doesn't explain why they were joining servers and just timing out, or how some profiles show them as being in other games at the same time or offline.

What's even more strange is that the first person on my list has a VAC ban but was still able to connect to my secure server.

[Mitchell]

Quote:

Originally Posted by Snowknight26 He probably had the same thing happen (and searched the SteamIDs and ended up here, just like me). My guess is that those accounts were phished. Still doesn't explain why they were joining servers and just timing out, or how some profiles show them as being in other games at the same time or offline. What's even more strange is that the first person on my list has a VAC ban but was still able to connect to my secure server.

Exactly my server is secure, and one of the accounts were vacbanned, so the only thing that explains it is a steamid spoofer.

[Snowknight26]

Your quote says insecure.

[Mitchell]

Weird cause it shows that it's secure on the server browser.

[blue zebra]

This is an old exploit. The writer are here on this forum. You can saying thanks for him.


- this exploit run on servermachines. This Ip are a gameserver IP too (89.238.160.234)
see:
http://www.gametracker.com/search/?query=89.238.160.234
- you can reduce the entryes from one ip on your server
- You can ban this IP adress or the whole IP field ( addip 0 89.238.160.0 ). Players never not come from this ip field.

[Mitchell]

Quote:

Originally Posted by blue zebra This is an old exploit. The writer are here on this forum. You can saying thanks for him. - this exploit run on servermachines. This Ip are a gameserver IP too (89.238.160.234) see: http://www.gametracker.com/search/?query=89.238.160.234 - you can reduce the entryes from one ip on your server - You can ban this IP adress or the whole IP field ( addip 0 89.238.160.0 ). Players never not come from this ip field.

But im wondering how he is doing it..
If he is using a server to connect to other servers that dosent seem possible..