[Happy DODs player]

Got something strange today,

One of my gameservers ( tf2 ) was hacked and locked.

The normal name was changed in HACKED!!!! and was locked with a password.

When i looked on my server.cfg and the server files of the game i didnt notice any strange files or stuff.

Even my server.cfg had the normal name and no server password enabled.

So i changed my Rcon pas and restarted the server.

And everything looks for now good again and people can enjoy a game once again.

I have Smac installed btw.

Do more people have had this before, and howe do they do this.?

[Powerlord]

Did you check your logs to see what happened?

[11530]

Any unapproved/private plugins which might inadvertently contain code for a ServerCommand injection?

[crayz]

One of my servers and another server were recently exploited via sv_allowdownload "1", I guess the player was able to download & read the server.cfg to see the rcon password. I'm not sure if the exploit works on tf2 & this might be old, but disabling the rcon password and/or setting sv_allowdownload "0" should patch it (make sure you have fastdl set up before disabling allowdownload)

Having rcon access would allow a player to change settings in-game like the server name & password but it wouldn't reflect in the server.cfg, so it's a possibility

[Ade]

u sure that's what it was? disabling allowdownload means players won't be able to dl custom maps, right?

[Happy DODs player]

Got nothing strange in my logs.

i havent have anything strange or private plugins on my gameserver.

In my server.cfg i have only: allow download, upload isnt enabled.

---------------------------------------------------------------------------

01 "Admin File Reader" (1.5.3-dev+394 by AlliedModders LLC
02 "adminannounce.smx"
03 "Admin Help" (1.5.3-dev+394 by AlliedModders LLC
04 "Admin Menu" (1.5.3-dev+394 by AlliedModders LLC
05 "Advertisements" (0.5.5) by Tsunami
06 "Anti-Flood" (1.5.3-dev+394 by AlliedModders LLC
07 "Autorespawn for Admins" (1.5.1) by Chefe
08 "Basic Ban Commands" (1.5.3-dev+394 by AlliedModders LLC
09 "Basic Chat" (1.5.3-dev+394 by AlliedModders LLC
10 "Basic Comm Control" (1.5.3-dev+394 by AlliedModders LLC
11 "Basic Commands" (1.5.3-dev+394 by AlliedModders LLC
12 "Basic Info Triggers" (1.5.3-dev+394 by AlliedModders LLC
13 "Basic Votes" (1.5.3-dev+394 by AlliedModders LLC
14 "Bonus Round Immunity" (1.1.0) by Antithasys
15 "bonusroundrespawn" (1.2) by Ratty
16 "TF2 Class Restrictions" (0.6) by Tsunami
17 "Client Preferences" (1.5.3-dev+394 by AlliedModders LLC
18 "[Source 2009] Custom Chat Colors" (2.4.1) by Dr. McKay
19 "Donate" (1.0) by FreakyLike
20 "Execute Configs" (1.0) by Tsunami
21 "Fish Humiliation" (0.2) by retsam
22 "[TF2] Halloween Footprints" (1.0) by Oshizu
23 "Fun Commands" (1.5.3-dev+394 by AlliedModders LLC
24 "Fun Votes" (1.5.3-dev+394 by AlliedModders LLC
25 "[TF2] Golden Stocks" (1.0.0) by 11530
26 "In-game Help Menu" (0.3) by chundo
27 "Hive365 Player" (3.0.0) by Hive365.co.uk
28 "High Ping Kicker - Lite Edition" (1.0.0.1) by Liam
29 "MOTDgd Ads" (1.6.3) by MOTDgd
30 "Nextmap" (1.5.3-dev+394 by AlliedModders LLC
31 "[ANY] Rcon Password Protect" (1.0.0) by DarthNinja
32 "PermaMute" (0.1) by Ryan "FLOOR_MASTER" Mannion
33 "Player Commands" (1.5.3-dev+394 by AlliedModders LLC
34 "Reserved Slots" (1.5.3-dev+394 by AlliedModders LLC
35 "[TF2] Roll The Dice" (0.3.8.2) by linux_lover
36 "rules.smx"
37 "Server Hud Logo" (2.1.1) by ReFlexPoison
38 "Simple Chat Processor (Redux)" (1.1.4-fix2) by Simple Plugins, Mini
39 "SourceMod Anti-Cheat" (0.8.4.0) by SMAC Development Team
40 "SMAC Aimbot Detector" (0.8.4.0) by SMAC Development Team
41 "SMAC AutoTrigger Detector" (0.8.4.0) by SMAC Development Team
42 "SMAC Client Protection" (0.8.4.0) by SMAC Development Team
43 "SMAC Command Monitor" (0.8.4.0) by SMAC Development Team
44 "SMAC ConVar Checker" (0.8.4.1) by SMAC Development Team
45 "SMAC Eye Angle Test" (0.8.4.0) by SMAC Development Team
46 "SMAC Rcon Locker" (0.8.4.0) by SMAC Development Team
47 "SMAC Anti-Speedhack" (0.8.4.0) by SMAC Development Team
48 "SMAC Spinhack Detector" (0.8.4.0) by SMAC Development Team
49 "Sound Commands" (1.5.3-dev+394 by AlliedModders LLC
50 "TempBan" (1.0.0) by bl4nk
51 "[TF2] TF2Attributes" (1.1.1) by FlaminSarge
52 "[TF2] Bot Quota Fix" (1.0.0) by Leonardo
53 "[DEV] TF2 Items Info" (1.7.11-20120715) by Leonardo
54 "[TF2Items] Manager" (1.4.1) by Damizean & Asherkin
55 "TF2 Fast Respawns" (1.0.6) by WoZeR
56 "[TF2] Player Stats" (9.1.0) by DarthNinja
57 "TF Force Holidays" (1.8.1) by Powerlord
58 "[TF2] No Matchmaking" (1.0.0) by Dr. McKay
59 "[TF2] Thirdperson" (2.1.0) by DarthNinja
60 "Tidy Chat" (0.4) by linux_lover
61 "Unusual" (2.01) by Erreur 500
62 "Win panel for losing team" (1.2) by Reflex

[crayz]

Quote:

Originally Posted by Ade u sure that's what it was? disabling allowdownload means players won't be able to dl custom maps, right?

Who knows, it coulda been exploited through sv_allowupload or sv_allowdownload, or the exploiter simply found another way to access my server's server.cfg, which contained my rcon password. All I know is after removing the rcon password and disabling sv_allowdownload the exploit is now patched.

If you have a fastdl set up it wont affect your client downloads, afaik sv_allowupload lets players upload simple content such as custom sprays & sv_allowdownload gives players permission to download files directly from your gameserver on connect. Considering fastdl lets players download from a webserver via sv_downloadurl, sv_allowdownload isn't needed.

[Ade]

i didnt mention custom maps from fastdl i guess it's worth testing

and u can not know til he/she strikes again... rules.smx looks custom; also did u try rcon locker?

[Happy DODs player]

Rules.smx is just a simpel code wich gives a popup when a player connects with server info.

and i have this installed,

SMAC Rcon Locker" (0.8.4.0) by SMAC Development Team

[Ade]

mh theres also this https://forums.alliedmods.net/showthread.php?p=841590 idk if same thing