I administer 3 SM+MM Servers for Left 4 Dead 2. These servers have the latest Dev snapshots for Windows.
Lately, in 2 of the servers, certain players have been able to use admin commands and access the admin menu
without their IP's or ID's being in the admins_simple or admins files. When I type sm_who it even says that these players have root access.
Some players are even saying somebody is teaching them how to do it. I do not know how nor can I keep track of who sees what because well, our group is a clusterfuck and our 800 members don't cooperate well or don't know how to thoroughly document and analyze the situation for evidence or proof.
I personally have seen this, one player even said that he forcefully took admin because he deserved it and that he was 9 years old (obviously trolling).
My question is, are there any known exploits or work arounds to SM and MM that has the ability to do this? If so, what can we do to prevent this from happening any further?
Plugins:
Code:
"Admin File Reader" (1.3.6) by AlliedModders LLC
"Admin Help" (1.3.6) by AlliedModders LLC
"Admin Menu" (1.3.6) by AlliedModders LLC
"Anti-Flood" (1.3.6) by AlliedModders LLC
"Basic Ban Commands" (1.3.6) by AlliedModders LLC
"Basic Chat" (1.3.6) by AlliedModders LLC
"Basic Comm Control" (1.3.6) by AlliedModders LLC
"Basic Commands" (1.3.6) by AlliedModders LLC
"Basic Info Triggers" (1.3.6) by AlliedModders LLC
"Basic Votes" (1.3.6) by AlliedModders LLC
"Client Preferences" (1.3.6) by AlliedModders LLC
"Fun Commands" (1.3.6) by AlliedModders LLC
"Fun Commands X" (1.8) by Spazman0 and Arg!
"Fun Votes" (1.3.6) by AlliedModders LLC
"Grooveshark" (1.2.1) by [GNC] Matt
"Jetpack" (1.1.0) by Knagg0
"L4D Build enabler" (1.3.0) by R-Hehl
"L4D2 Gore" (2.4) by DiscoBBQ, CAPS LOCK FUCK YEAH
"L4D2 Unstick" (1.0.6) by HowIChrgeLazer
"[L4D2] Coffee Ammo" (1.2) by McFlurry
"[L4D2] Custom admin commands" (1.0.8) by honorcode23
"L4D2 Weapon Drop" (1.2.0) by Machine
"[L4D2] Drop weapon when punched" (1.0) by cheewongken
"[L4D2] Explosive Ammo Enable" (1.0) by McFlurry
"[L4D2] Explosive Cars" (1.0.2) by honorcode23
"L4D2 Incapped Meds Munch" (1.1.8) by AtomicStryker
"[L4D2] Incapped Crawling with Animation" (1.16) by SilverShot
"Incapped Magnum" (1.4) by Oshroth
"L4D2 Laser Sights" (1.0.2) by AtomicStryker
"[L4D2] laser sight crosshair removal" (1.2) by Gowness
"[L4D2] Last Resource" (GETVERSION) by honorcode23
"[L4D2] Lethal Weapon" (2.1) by ztar
"[L4D2] Satellite Cannon" (1.3) by ztar
"L4D2 Spawn Uncommons" (1.0.4) by AtomicStryker
"[L4D2] Objects Spawner" (2.0.5e) by honorcode23
"L4D2 Special Ammo" (1.0.5) by AtomicStryker
"[L4D2] Tank Buster 2 Menu" (1.2.1) by Teddy Ruxpin
"[L4D2] Weapon/Zombie Spawner" (1.0a) by Zuko & McFlurry
"[L4D2] Weapon Unlock" (0.8.1) by Crimson_Fox
"[L4D(2)] 4+ Survivor Afk Fix" (1.2) by MI 5, SwiftReal
"[L4D/L4D2] Character Select Menu" (2.5a) by MI 5
"[L4D(2)] MultiSlots" (1.0) by SwiftReal, MI 5
"[L4D] & [L4D2] No Death Check Until Dead" (1.4.2) by chinagreenelvis
"[L4D, L4D2] Self Revive" (1.2.2) by chinagreenelvis (Based on the Self Help plugin by Pan Xiaohai)
"thirdperson view" (2.12) by Pan Xiaohai
"[L4D & L4D2] Achievement Trophy" (1.4) by SilverShot, retroGamer
"L4D_Cloud_Damage" (2.18) by AtomicStryker
"[L4D/L4D2] Melee Fatigue" (1.0.0) by Damizean
"Push And Drag" (1.2) by Pan Xiaohai
"Robot system" (1.2) by Pan Xiaohai
"Self Help " (1.0.1) by Pan Xiaohai
"Smoker Lightning" (1.0) by Pan Xiaohai
"L4D SM Respawn" (1.9.2) by AtomicStryker & Ivailosp
"[L4D1&2] Spawn Alarmcars" (1.0.4) by Die Teetasse
"starfall" (1.0) by Pan Xiaohai
"Tripmine" (1.0) by Pan Xiaohai
"Special Weapon" (1.2.6.1) by Pan Xiaohai
"ZOOM" (1.0) by xiaohai
"MaxHealth Changer" (1.0.0) by bl4nk
"PlayerAddCountryTag" (2.5.0) by n3wton
"Player Commands" (1.3.6) by AlliedModders LLC
"psyRTD L4D2 Effects" (1.0.0) by McFlurry
"psyRTD Core" (1.0.1) by psyduck
"Reserved Slots" (1.3.6) by AlliedModders LLC
"Key Binder" (1.1) by hihi1210
"Doorspawner" (1.4.1) by HyperKiLLeR
"Set Health" (1.2.2) by Mr. Blip
"Sound Commands" (1.3.6) by AlliedModders LLC
"Wallwalk" (1.1) by Pinkfairie
"L4D Info" (0.0.11) by TeddyRuxpin
"Portals" (1.4) by FluD (tnx hihi1210)
Admin simple config:
Code:
//
// READ THIS CAREFULLY! SEE BOTTOM FOR EXAMPLES
//
// For each admin, you need three settings:
// "identity" "permissions" "password"
//
// For the Identity, you can use a SteamID or Name. To use an IP address, prepend a ! character.
// For the Permissions, you can use a flag string and an optional password.
//
// PERMISSIONS:
// Flag definitions are in "admin_levels.cfg"
// You can combine flags into a string like this:
// "abcdefgh"
//
// If you want to specify a group instead of a flag, use an @ symbol. Example:
// "@Full Admins"
//
// You can also specify immunity values. Two examples:
// "83:abcdefgh" //Immunity is 83, flags are abcdefgh
// "6:@Full Admins" //Immunity is 6, group is "Full Admins"
//
// Immunity values can be any number. An admin cannot target an admin with
// a higher access value (see sm_immunity_mode to tweak the rules). Default
// immunity value is 0 (no immunity).
//
// PASSWORDS:
// Passwords are generally not needed unless you have name-based authentication.
// In this case, admins must type this in their console:
//
// setinfo "KEY" "PASSWORD"
//
// Where KEY is the "PassInfoVar" setting in your core.cfg file, and "PASSWORD"
// is their password. With name based authentication, this must be done before
// changing names or connecting. Otherwise, SourceMod will automatically detect
// the password being set.
//
////////////////////////////////
// Examples: (do not put // in front of real lines, as // means 'comment')
//
// "STEAM_0:1:16" "bce" //generic, kick, unban for this steam ID, no immunity
// "!127.0.0.1" "99:z" //all permissions for this ip, immunity value is 99
// "BAILOPAN" "abc" "Gab3n" //name BAILOPAN, password "Gab3n": gets reservation, generic, kick
//
////////////////////////////////
"STEAM_1:1:16xx8190" "99:z" //Takelon9
"STEAM_1:1:19xx7237" "99:z" //Surf3rDud3
"STEAM_1:0:24xx4852" "99:bcdfk" //Orange
"STEAM_1:0:25xx9866" "99:bcdfk" //Alex
"STEAM_1:0:17xx8469" "99:bcdfk" //Myciek
"STEAM_1:0:25xx2610" "99:bcdfk" //Austin
"STEAM_1:1:14xx3109" "99:z" //CoRpSe916
"STEAM_1:0:23xx0952" "99:bcdfk" //Raward
"STEAM_1:0:17xx5192" "99:bcdfk" //Pete
"STEAM_1:1:95xx517" "99:bcdfk" //Jen
"STEAM_1:1:26xx3730" "99:bcdfk" //Pwnage
"STEAM_1:1:29xx5457" "99:bcdfk" //Ultroxmga
"STEAM_1:0:216xx548" "99:bcdfk" //Twik
The Steam ID of 1 of the people being able to access the admin menu is STEAM_1:0:26xx2691 (as you can see it doesn't match any of the admins and it said that he had root access)