Illegal Admin

[PAD]Lister · **Author**

Had an incident on my server today where someone somehow got full admin on my server now i'm not sure how the hell it happened, i'm the only one that knows our server FTP and all the files checked out so how could this guys have got full admin on my server? is there a bug or security hole in AMX Mod X?

Server Log Entry: L0928

Code:

L 09/28/2004 - 10:12:26: -------- Mapchange --------
L 09/28/2004 - 10:23:13: -------- Mapchange --------
L 09/28/2004 - 10:23:41: [admin.amxx] Login: "[DS-Elite] The0ne<1><STEAM_0:0:3859533><>" became an admin (account "STEAM_0:0:3859533") (access "abcdefghijklmnopqrstu") (address "81.110.218.38")
L 09/28/2004 - 10:25:00: [admincmd.amxx] Cmd: "[DS-Elite] The0ne<1><STEAM_0:0:3859533><>" ask for players list
L 09/28/2004 - 10:39:21: -------- Mapchange --------
L 09/28/2004 - 10:39:21: [AMXX] Module "csstats" required for plugin.  Check modules.ini. (plugin "statsx.amxx")
L 09/28/2004 - 10:39:21: [AMXX] Module "csstats" required for plugin.  Check modules.ini. (plugin "stats_logging.amxx")
L 09/28/2004 - 10:40:04: [admin.amxx] Login: "[DS-Elite] The0ne<1><STEAM_0:0:3859533><>" became an admin (account "STEAM_0:0:3859533") (access "abcdefghijklmnopqrstu") (address "81.110.218.38")
L 09/28/2004 - 10:41:03: [mapsmenu.amxx] Cmd: "[DS-Elite] The0ne<1><STEAM_0:0:3859533><>" changelevel "cs_office_cz"
L 09/28/2004 - 10:41:05: -------- Mapchange --------
L 09/28/2004 - 10:41:06: [AMXX] Module "csstats" required for plugin.  Check modules.ini. (plugin "statsx.amxx")
L 09/28/2004 - 10:41:06: [AMXX] Module "csstats" required for plugin.  Check modules.ini. (plugin "stats_logging.amxx")
L 09/28/2004 - 10:41:07: [admin.amxx] Login: "[DS-Elite] The0ne<1><STEAM_0:0:3859533><>" became an admin (account "STEAM_0:0:3859533") (access "abcdefghijklmnopqrstu") (address "81.110.218.38")
L 09/28/2004 - 10:49:27: -------- Mapchange --------
L 09/28/2004 - 10:49:55: [admin.amxx] Login: "[DS-Elite] The0ne<1><STEAM_0:0:3859533><>" became an admin (account "STEAM_0:0:3859533") (access "abcdefghijklmnopqrstu") (address "81.110.218.38")
L 09/28/2004 - 11:04:57: [mapsmenu.amxx] Cmd: "[DS-Elite] The0ne<1><STEAM_0:0:3859533><>" changelevel "cs_italy_cz"
L 09/28/2004 - 11:05:00: -------- Mapchange --------
L 09/28/2004 - 11:05:01: [admin.amxx] Login: "[DS-Elite] The0ne<1><STEAM_0:0:3859533><>" became an admin (account "STEAM_0:0:3859533") (access "abcdefghijklmnopqrstu") (address "81.110.218.38")
L 09/28/2004 - 11:08:49: [mapsmenu.amxx] Cmd: "[DS-Elite] The0ne<1><STEAM_0:0:3859533><>" changelevel "de_dust2_cz"
L 09/28/2004 - 11:08:51: -------- Mapchange --------
L 09/28/2004 - 11:08:53: [admin.amxx] Login: "[DS-Elite] The0ne<1><STEAM_0:0:3859533><>" became an admin (account "STEAM_0:0:3859533") (access "abcdefghijklmnopqrstu") (address "81.110.218.38")

users.ini listed below:

Code:

; Users configuration file
; File location: $moddir/addons/amxx/configs/users.ini

; Line starting with ; is a comment

; Access flags:
; a - immunity (can't be kicked/baned/slayed/slaped and affected by other commmands)
; b - reservation (can join on reserved slots)
; c - amx_kick command
; d - amx_ban and amx_unban commands
; e - amx_slay and amx_slap commands
; f - amx_map command
; g - amx_cvar command (not all cvars will be available)
; h - amx_cfg command
; i - amx_chat and other chat commands
; j - amx_vote and other vote commands
; k - access to sv_password cvar (by amx_cvar command)
; l - access to amx_rcon command and rcon_password cvar (by amx_cvar command)
; m - custom level A (for additional plugins)
; n - custom level B
; o - custom level C
; p - custom level D
; q - custom level E
; r - custom level F
; s - custom level G
; t - custom level H
; u - menu access
; z - user (no admin)

; Account flags:
; a - disconnect player on invalid password
; b - clan tag
; c - this is steamid/wonid
; d - this is ip
; e - password is not checked (only name/ip/steamid needed)

; Format of admin account:
; <name|ip|steamid> 	        <password> 	<access flags> 	       <account flags>	<comment>

"STEAM_0:0:376611" 	"" 	"abcdefghijklmnopqrstu" 	"ce"	;Kakistos (Full Admin + RCON + Immunity)
"STEAM_0:0:2598121"	""	"abcdefghijklmnopqrstu"	"ce"	;Lister (Full Admin + RCON) DISABLE
"STEAM_0:0:1514928"	""	"abcdefghijklmnopqrstu"	"ce"	;Soap-Bar (Full Admin + RCON)
"STEAM_0:1:4538076"	""	"bcefghijklmnopqrstu"		"ce"	;Babey (Limited Admin [No RCON No sv_password]
"STEAM_0:0:2999654"	""	"bceij"			"ce"	;MRM!N! (Standard Admin)
"STEAM_0:0:4733963"	""	"bceij"			"ce"	;BDP (Standard Admin)
"STEAM_0:0:6338722"	""	"bceij"			"ce"	;Furious (Standard Admin)
"STEAM_0:1:2853930"	""	"bceij"			"ce"	;MrKu1e (Standard Admin)
"STEAM_0:0:6952876"	""	"bceij"			"ce"	;ZAIN (Standard Admin)
;"STEAM_0:1:415871"		""	"bceij"			"ce"	;MrSmokey (Standard Admin)
"STEAM_0:1:3037121"	""	"b"			"ce"	;L!quId (Reserve Slot) 

"loopback" "" "abcdefghijklmnopqrstu" "de"

Any ideas? Help + rapid reply much appreciated!

*Note* STEAM_ID's hidden for privacy

Bento · 09-12-2005 , 18:03

Strange

Lazarus Long · 09-12-2005 , 18:32

There has been filled a bug report about a similar situation, but the filler lacked full logs. It is still an open bug, you probably should be posting there.

Regards,

**bmann_420** · 09-12-2005 , 20:06

What the hell do u think we will do with those Steam ID's you have stared out? Really......
You can take the 5 minuts to block em out, but for what? so we can ban you? or mabye make you admin?

[PAD]Lister · 09-12-2005 , 20:12

nope nothing like that at all, the clan leader don't want them viewable so i blanked them out

Dr_Knuckles · 09-12-2005 , 20:21

Well we obviously cannot tell for sure without being able to see the steamids. So, unless this is some bug that has not affected me EVER, you should post the real users.ini Us seeing your ids does nothing for us, unless you're a bunch of 8 digit nubs, in which case we probably won't make fun of you for it

PaP.ISO · 09-12-2005 , 23:17

this is kinda off topic but what is the limit on admins in user.ini file?

slmclarengt · 09-12-2005 , 23:20

My guess is 64 because many times we make things only up to 64, but don't take my word on that. I may be one of a few who does that.

Kensai · 09-13-2005 , 00:02

Code:

#define MAX_ADMINS 64

Yup.

Esge · 12-18-2005 , 13:47

i have a similar problem, but its only the pause server command...

The thing is that everybody who enters the server has the ability to pause our server which is pretty annoying...

Can anyone tell me what the loopback in the bottom is?