Raised This Month: $12 Target: $400
 3% 

Server exploits.


Post New Thread Reply   
 
Thread Tools Display Modes
Author Message
-M-Jon
Member
Join Date: Dec 2009
Old 08-11-2010 , 03:14   Server exploits.
Reply With Quote #1

I have noticed an increase in people crashing / lagging / exploiting my communities counter-strike: source servers (all linux). I am running the latest version of the following scripts:

Kigen's Anti Cheat
Forlix Flood Checker
D-FENS 1.3
Anti Dos
Rcon Locker

My rcon password is very long and it was generated by a pc-tools script.

1. Somehow people are able to crack sourceban's and grant themselves access to the web-based rcon console. I have manually removed it and I think an option to disable it entirely should be added. I have noticed most of the attacks I have dealt with originated from this.

2. Bots are being spawned in the server very frequently. Most of the time this causes a navigation mesh to begin generating. I think this is being done through sourcebans, however, I am not 100% sure.

Last edited by -M-Jon; 08-13-2010 at 04:16.
-M-Jon is offline
KyleS
SourceMod Plugin Approver
Join Date: Jul 2009
Location: Segmentation Fault.
Old 08-11-2010 , 05:05   Re: Server exploits.
Reply With Quote #2

Hmm, maybe there's a vulnerability in SourceBans...

http://forums.alliedmods.net/showthread.php?t=134645 - Same thing happened to HellsGamers as well, apparently.
KyleS is offline
atom0s
Senior Member
Join Date: Jul 2009
Old 08-12-2010 , 09:31   Re: Server exploits.
Reply With Quote #3

As I sad in that topic too, make sure your SourceBans install is up to date (1.4.6 as of this post). There was a known exploit in an old version of SourceBans that users could reset the admin email/password, granting them access to your servers.
atom0s is offline
-M-Jon
Member
Join Date: Dec 2009
Old 08-13-2010 , 04:19   Re: Server exploits.
Reply With Quote #4

I am running the latest version of Sourcebans (1.4.6). I have not had any issues since I removed the web rcon console.
-M-Jon is offline
matrixmark
Senior Member
Join Date: Jun 2010
Old 08-13-2010 , 04:54   Re: Server exploits.
Reply With Quote #5

Quote:
Originally Posted by -M-Jon View Post
I am running the latest version of Sourcebans (1.4.6). I have not had any issues since I removed the web rcon console.
Hmm how did you remove it? I would be interested in this as well

Thanks
matrixmark is offline
thetwistedpanda
Good Little Panda
Join Date: Sep 2008
Old 08-13-2010 , 12:23   Re: Server exploits.
Reply With Quote #6

Rename/delete admin.rcon.php (at least I think that's the name) in the Pages section (again at least I think that's the directory). It'll be hard to miss
__________________
thetwistedpanda is offline
zeroibis
Veteran Member
Join Date: Jun 2007
Old 08-13-2010 , 14:05   Re: Server exploits.
Reply With Quote #7

What about the 2.0 branch, I assume that also does not have the problem.
__________________
zeroibis is offline
Peace-Maker
SourceMod Plugin Approver
Join Date: Aug 2008
Location: Germany
Old 08-21-2010 , 13:16   Re: Server exploits.
Reply With Quote #8

2.0 branch isn't even alpha and doesn't work as you'd expect it.
I never heart of such an exploit in the current version.
You're still welcome to monitor the svn for changes if you want to get the latest fixes and stuff, but there weren't any fixes regarding permission exploits.
__________________
Peace-Maker is offline
zeroibis
Veteran Member
Join Date: Jun 2007
Old 08-21-2010 , 16:03   Re: Server exploits.
Reply With Quote #9

Quote:
Originally Posted by Peace-Maker View Post
2.0 branch isn't even alpha and doesn't work as you'd expect it.
I never heart of such an exploit in the current version.
You're still welcome to monitor the svn for changes if you want to get the latest fixes and stuff, but there weren't any fixes regarding permission exploits.
Wow I am surprised, it seams like they have been working on it for like forever. I wonder what is going on with that...
__________________
zeroibis is offline
nOzE
Member
Join Date: Jul 2008
Old 08-22-2010 , 16:13   Re: Server exploits.
Reply With Quote #10

Yesterday there was an ill kiddie which crashed my server several times(no admin on it) till he was banned. I got all the plugins in the 1st post here.

STEAM_0:1:16806087
http://www.1337fc.de/hlxce14rc3/web/...o&player=48029
__________________
nOzE is offline
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -4. The time now is 11:48.


Powered by vBulletin®
Copyright ©2000 - 2024, vBulletin Solutions, Inc.
Theme made by Freecode