Had an incident on my server today where someone somehow got full admin on my server now i'm not sure how the hell it happened, i'm the only one that knows our server FTP and all the files checked out so how could this guys have got full admin on my server? is there a bug or security hole in AMX Mod X?
Server Log Entry: L0928
Code:
L 09/28/2004 - 10:12:26: -------- Mapchange --------
L 09/28/2004 - 10:23:13: -------- Mapchange --------
L 09/28/2004 - 10:23:41: [admin.amxx] Login: "[DS-Elite] The0ne<1><STEAM_0:0:3859533><>" became an admin (account "STEAM_0:0:3859533") (access "abcdefghijklmnopqrstu") (address "81.110.218.38")
L 09/28/2004 - 10:25:00: [admincmd.amxx] Cmd: "[DS-Elite] The0ne<1><STEAM_0:0:3859533><>" ask for players list
L 09/28/2004 - 10:39:21: -------- Mapchange --------
L 09/28/2004 - 10:39:21: [AMXX] Module "csstats" required for plugin. Check modules.ini. (plugin "statsx.amxx")
L 09/28/2004 - 10:39:21: [AMXX] Module "csstats" required for plugin. Check modules.ini. (plugin "stats_logging.amxx")
L 09/28/2004 - 10:40:04: [admin.amxx] Login: "[DS-Elite] The0ne<1><STEAM_0:0:3859533><>" became an admin (account "STEAM_0:0:3859533") (access "abcdefghijklmnopqrstu") (address "81.110.218.38")
L 09/28/2004 - 10:41:03: [mapsmenu.amxx] Cmd: "[DS-Elite] The0ne<1><STEAM_0:0:3859533><>" changelevel "cs_office_cz"
L 09/28/2004 - 10:41:05: -------- Mapchange --------
L 09/28/2004 - 10:41:06: [AMXX] Module "csstats" required for plugin. Check modules.ini. (plugin "statsx.amxx")
L 09/28/2004 - 10:41:06: [AMXX] Module "csstats" required for plugin. Check modules.ini. (plugin "stats_logging.amxx")
L 09/28/2004 - 10:41:07: [admin.amxx] Login: "[DS-Elite] The0ne<1><STEAM_0:0:3859533><>" became an admin (account "STEAM_0:0:3859533") (access "abcdefghijklmnopqrstu") (address "81.110.218.38")
L 09/28/2004 - 10:49:27: -------- Mapchange --------
L 09/28/2004 - 10:49:55: [admin.amxx] Login: "[DS-Elite] The0ne<1><STEAM_0:0:3859533><>" became an admin (account "STEAM_0:0:3859533") (access "abcdefghijklmnopqrstu") (address "81.110.218.38")
L 09/28/2004 - 11:04:57: [mapsmenu.amxx] Cmd: "[DS-Elite] The0ne<1><STEAM_0:0:3859533><>" changelevel "cs_italy_cz"
L 09/28/2004 - 11:05:00: -------- Mapchange --------
L 09/28/2004 - 11:05:01: [admin.amxx] Login: "[DS-Elite] The0ne<1><STEAM_0:0:3859533><>" became an admin (account "STEAM_0:0:3859533") (access "abcdefghijklmnopqrstu") (address "81.110.218.38")
L 09/28/2004 - 11:08:49: [mapsmenu.amxx] Cmd: "[DS-Elite] The0ne<1><STEAM_0:0:3859533><>" changelevel "de_dust2_cz"
L 09/28/2004 - 11:08:51: -------- Mapchange --------
L 09/28/2004 - 11:08:53: [admin.amxx] Login: "[DS-Elite] The0ne<1><STEAM_0:0:3859533><>" became an admin (account "STEAM_0:0:3859533") (access "abcdefghijklmnopqrstu") (address "81.110.218.38")
users.ini listed below:
Code:
; Users configuration file
; File location: $moddir/addons/amxx/configs/users.ini
; Line starting with ; is a comment
; Access flags:
; a - immunity (can't be kicked/baned/slayed/slaped and affected by other commmands)
; b - reservation (can join on reserved slots)
; c - amx_kick command
; d - amx_ban and amx_unban commands
; e - amx_slay and amx_slap commands
; f - amx_map command
; g - amx_cvar command (not all cvars will be available)
; h - amx_cfg command
; i - amx_chat and other chat commands
; j - amx_vote and other vote commands
; k - access to sv_password cvar (by amx_cvar command)
; l - access to amx_rcon command and rcon_password cvar (by amx_cvar command)
; m - custom level A (for additional plugins)
; n - custom level B
; o - custom level C
; p - custom level D
; q - custom level E
; r - custom level F
; s - custom level G
; t - custom level H
; u - menu access
; z - user (no admin)
; Account flags:
; a - disconnect player on invalid password
; b - clan tag
; c - this is steamid/wonid
; d - this is ip
; e - password is not checked (only name/ip/steamid needed)
; Format of admin account:
; <name|ip|steamid> <password> <access flags> <account flags> <comment>
"STEAM_*:*:******" "" "abcdefghijklmnopqrstu" "ce" ;Kakistos (Full Admin + RCON + Immunity)
"STEAM_*:*:******" "" "abcdefghijklmnopqrstu" "ce" ;Lister (Full Admin + RCON + Immunity)
"STEAM_*:*:******" "" "abcdefghijklmnopqrstu" "ce" ;Soap-Bar (Full Admin + RCON + Immunity)
"STEAM_*:*:******" "" "bcefghijklmnopqrstu" "ce" ;Babey (Full Admin + RCON)
"STEAM_*:*:******" "" "bceij" "ce" ;MRM!N! (Standard Admin)
"STEAM_*:*:******" "" "bceij" "ce" ;BDP (Standard Admin)
"STEAM_*:*:******" "" "bceij" "ce" ;Furious (Standard Admin)
"STEAM_*:*:******" "" "bceij" "ce" ;MrKu1e (Standard Admin)
"STEAM_*:*:******" "" "bceij" "ce" ;ZAIN (Standard Admin)
"STEAM_*:*:******""" "bceij" "ce" ;MrSmokey (Standard Admin)
"STEAM_*:*:******" "" "b" "ce" ;L!quId (Reserve Slot)
"loopback" "" "abcdefghijklmnopqrstu" "de"
Any ideas? Help + rapid reply much appreciated!
*Note* STEAM_ID's hidden for privacy
amxx.cfg \/
Code:
/ AMX Configuration File
echo Executing AMX Mod X Configuration File
// Default access for all non admin players (see users.ini for access details)
amx_default_access "z"
// Name of setinfo which should store a password on a client (you should change this)
// (Example: setinfo _pw "password")
amx_password_field "_pw-home"
// Mode of logging to a server
// 0 - disable logging, players won't be checked (and access won't be set)
// 1 - normal mode which obey flags set in accounts
// 2 - kick all players not on list
amx_mode 1
// Show admins activity
// 0 - disabled
// 1 - show without admin name
// 2 - show with name
amx_show_activity 2
// Frequency in seconds and text of scrolling message
amx_scrollmsg "Welcome to %hostname% -- www.painafterdeath.co.uk" 600
// Center typed colored messages (last parameter is a color in RRRGGGBBB format)
amx_imessage "Welcome to %hostname%" "000255100"
amx_imessage "This server is monitored by Admins" "000100255"
amx_imessage "Www.painafterdeath.co.uk" "000255100"
// Frequency in seconds of colored messages
amx_freq_imessage 180
// Set in seconds how fast players can chat (chat-flood protection)
amx_flood_time 0.75
// Amount of reserved slots (for more details see comments in a plugin source)
amx_reservation 0
// Displaying of time remaining
// a - display white text on bottom
// b - use voice
// c - don't add "remaining" (only in voice)
// d - don't add "hours/minutes/seconds" (only in voice)
// e - show/speak if current time is less than this set in parameter
amx_time_display "ab 1200" "ab 600" "ab 300" "ab 180" "ab 60" "bcde 11"
// Announce "say thetime" and "say timeleft" with voice
amx_time_voice 1
// Minimum delay in seconds between two voting sessions
amx_vote_delay 600
// How long voting session goes on
amx_vote_time 30
// Display who votes for what option
amx_vote_answers 1
// Some ratios for voting success
amx_votekick_ratio 0.40
amx_voteban_ratio 0.40
amx_votemap_ratio 0.40
amx_vote_ratio 0.02
// Max. time to which map can be extended
amx_extendmap_max 90
// Step for each extending
amx_extendmap_step 15
// Rank mode
// 0 - by nick
// 1 - by authid
// 2 - by ip
csstats_rank 1
// Max size of the stats file
csstats_maxsize 3500
// Duration of HUD-statistics
amx_statsx_duration 12.0
// HUD-statistics display limit relative round freeze end
// Negative time will clear the HUD-statstics before the round freeze time has ended
amx_statsx_freeze -2.0
//If you set this to 0, clients cannot chose their language
amx_client_languages 0
// Plugin Debug mode
// 0 - No debugging (garbage line numbers)
// 1 - Plugins with "debug" option in plugins.ini are put into debug mode
// 2 - All plugins are put in debug mode
// Note - debug mode will affect JIT performance
amx_debug 1