[Dutchy]

Hello all, today I noticed that my server's security has been breached.

On a map I noticed that sv_gravity got changed and I am the only one with rcon access. So I silently went into server.ccfg, changed the password and then changed the map. On the next map (4 way tunnel) it happened again and then immediately the server crashed....or was crashed.

I am currently checking my own PC, but the fact that I changed Rcon password, changed map and someone still had rcon worries me. My PC looks like it is clean (behind a firewall and constant virusscanner switched on), my os is Vista.

On my server I run:

- Metamod Source
- Manimod
- Eventscripts
- Es_tools
- Zombiemod
- Grabber

Could a plugin have a security hole? I'm afraid that something quite serious is wrong.

Any other admin expirenced something likewise? Any coders that can comment?

[krod]

The most likely problem is that you have sv_cheats enabled and it has been compromised through that.

Else, it could be an eventscript as their scripts are not approved by anyone and thus could be a backdoor.

[ferret]

If you have logging turned on, you should be able to find where the rcon command was issued and from what IP it came from. If you can't find a log of rcon, then maybe it was a plugin.

[Dutchy]

No please, I am not a noob ;)

I have an update please read:

http://www.fragmasters.co.uk/forum/f13/banned-19490/

This is the same guy, even the same name

The one using the commands on our server was same steam id
STEAM_0:0:12438248

IP
88.78.232.165

If you read the story on Fragmasters you can read that the was banned for flying. So he was not using a hack, hacks don't make you fly. You fly/noclip by using rcon.....

I'm seriously worried that there is a hole somewhere.

I was also using HLSW, I will contact Fragmasters

[bl4nk]

There is no "fly/noclip" command using rcon. The only noclip command is "noclip" and that's usable client-side when sv_cheats is enabled. It's either that or you have a plugin that the player is exploiting.

[BAILOPAN]

Since you're not running SourceMod, this issue wouldn't be SourceMod related anyway. I would suggest looking at your plugins and determining which one lets people do this.

[Dutchy]

Thank you for your responses

I am running:
- Metamod Source
- Manimod
- Eventscripts
- Es_tools
- Zombiemod
- Grabber
- HLSW

Nowhere is sv_cheats activated, not in server.cfg, not the cheatish setting in es_tools, nowhere. I have no map.cfg's that issue other commands.

Bailopan does it sound like a hole in some plugin ??

[Dutchy]

Ok sorry for double posting but it sounds like I found the cause.

The maps ZM_little city has exploits wich can screw RCON. All serveroperators using Zombiemod, REMOVE Little city from your server and mapcycle!!!

http://www.zombiemod.com/forums/show...p?t=386&page=8