[hoboman]

now I don't know what is going on, on my server now, but yesterday somehow some guys from the "dna" clan came onto the server and started kicking everyone...

i checked the users.ini and none of them are admins...i checked the amxx admin logs and no kicking command were logged...

this was actually reported to me by one of my admins ( who had immunity btw ) who they kept on repeatedly kicking...
i checked the server logs and got suspicious too...

look at these console kicks:

Code:

 02/18/2008 - 13:41:10: Kick: "O.C Naranjero<355><STEAM_0:0:8287189><>" was kicked by "Console"
L 02/18/2008 - 13:41:10: "O.C Naranjero<355><STEAM_0:0:8287189><CT>" disconnected
.
.
.L 02/18/2008 - 13:41:35: Kick: ".::AMS::.TheyHaveAwps<361><STEAM_0:0:18079190><>" was kicked by "Console"
L 02/18/2008 - 13:41:35: ".::AMS::.TheyHaveAwps<361><STEAM_0:0:18079190><CT>" disconnected
.
.
.
L 02/18/2008 - 13:42:11: Kick: "O.C Naranjero<376><STEAM_0:0:8287189><>" was kicked by "Console"
L 02/18/2008 - 13:42:11: "O.C Naranjero<376><STEAM_0:0:8287189><CT>" disconnected
.
.
.
L 02/18/2008 - 13:42:35: Kick: "O.C Naranjero<377><STEAM_0:0:8287189><>" was kicked by "Console"
L 02/18/2008 - 13:42:35: "O.C Naranjero<377><STEAM_0:0:8287189><CT>" disconnected
.
.
.

...at the end the three guys who were suspected of doing this just got kicked ( probably kicked themselves ) and the kickings stopped:

Code:

L 02/18/2008 - 13:44:28: Kick: "dna Nick<334><STEAM_0:0:13749269><>" was kicked by "Console"
L 02/18/2008 - 13:44:28: "dna Nick<334><STEAM_0:0:13749269><TERRORIST>" disconnected
L 02/18/2008 - 13:44:32: Kick: "dna drop<365><STEAM_0:1:7260443><>" was kicked by "Console"
L 02/18/2008 - 13:44:32: "dna drop<365><STEAM_0:1:7260443><CT>" disconnected
L 02/18/2008 - 13:44:36: "I <3 Yo Momma<379><STEAM_0:1:16210178><>" entered the game
L 02/18/2008 - 13:44:36: Kick: "dna silk<380><STEAM_0:1:4498532><>" was kicked by "Console"
L 02/18/2008 - 13:44:36: "dna silk<380><STEAM_0:1:4498532><>" disconnected

the same damn, "was kicked by "Console"" kept popping up again and again in the logs, but I know for a fact that I have never ever told anyone rcon so I don't know what the hell is going on...

for now I just disabled the rcon all together, until I can figure it out...there are 3 things that could have happened in my opinion.

a.) there is an amxx backdoor somewhere
b.) maybe my server host got hacked and the rcons got leaked somehow...but I am hosted by NuclearFallout
c.) someone hacked my server...but that would be pretty strange because according to psychostats neither of those 3 guys have played on my server before this, so they would not have any reason to hack me


...and that just leaves me with a.)

[YamiKaitou]

There is no AMXx backdoor. Do you happen to use UAIO?

[hoboman]

almost forgot to mention this...i looked up that dna slick's guy ip and it turns out that he was playing all the way from Florida ( my server is located in LA )...
now why the hell would someone join a server that is located that far ( they'd get a shitty ping ) from them unless they didn't come to play CS at all...

[hoboman]

Quote:

Originally Posted by YamiKaitou There is no AMXx backdoor. Do you happen to use UAIO?

yeah I saw that topic...don't have to warn me about it and I don't use UAIO...maybe it is another one of the amxx plugins then that has the backdoor?

I am using amxx 1.8 and these are the plugins that I am running:

Code:

; AMX Mod X plugins

; Admin Base - Always one has to be activated
admin.amxx        ; admin base (required for any admin-related)
;admin_sql.amxx        ; admin base - SQL version (comment admin.amxx)

; Basic
admincmd.amxx        ; basic admin console commands
adminhelp.amxx    ; help command for admin console commands
;adminslots.amxx    ; slot reservation
;multilingual.amxx    ; Multi-Lingual management

; Menus
menufront.amxx        ; front-end for admin menus
cmdmenu.amxx        ; command menu (speech, settings)
plmenu.amxx            ; players menu (kick, ban, client cmds.)
;telemenu.amxx        ; teleport menu (Fun Module required!)
;mapsmenu.amxx        ; maps menu (vote, changelevel)

; Chat / Messages
adminchat.amxx        ; console chat commands
antiflood.amxx        ; prevent clients from chat-flooding the server
;scrollmsg.amxx        ; displays a scrolling message
;imessage.amxx        ; displays information messages
adminvote.amxx        ; vote commands

; Map related
;nextmap.amxx        ; displays next map in mapcycle
;mapchooser.amxx    ; allows to vote for next map
;timeleft.amxx        ; displays time left on map

; Configuration
;pausecfg.amxx        ; allows to pause and unpause some plugins
statscfg.amxx        ; allows to manage stats plugins via menu and commands

; Counter-Strike
restmenu.amxx        ; restrict weapons menu
statsx.amxx        ; stats on death or round end (CSX Module required!)
;miscstats.amxx        ; bunch of events announcement for Counter-Strike
;stats_logging.amxx    ; weapons stats logging (CSX Module required!)



; Custom - Add 3rd party plugins here
amx_exec.amxx
bullet_damage.amxx debug
;servershutdown.amxx
admin_allinone.amxx
amx_hpk.amxx
repay.amxx
amx_cvarguard.amxx
afkkicker.amxx
ptb.amxx
round_money.amxx
ad_manager.amxx
realnadedrops.amxx
descriptive_fire_in_the_hole.amxx
amx_parachute.amxx
admin_spec_esp.amxx
amx_gore_ultimate.amxx
ultimate_sounds.amxx
;f_ultimate_sounds.amxx
speeds.amxx
breakable_doors.amxx
assault_vent_fix.amxx
fakefull_original.amxx
loadingsounddir.amxx
;flashbang_dlight.amxx
;grenade_trail.amxx
;drunkdrug.amxx
showndead_bug_fix.amxx
;hats.amxx
adminlisten.amxx

[YamiKaitou]

Chances are he is using rcon to do it. I would disable all 3rd party plugins and see if it still happens. Also change all passwords on the server, starting with FTP first.

[hoboman]

Quote:

Originally Posted by YamiKaitou Chances are he is using rcon to do it. I would disable all 3rd party plugins and see if it still happens. Also change all passwords on the server, starting with FTP first.

well yeah....like I said, I disabled the rcon already...it has only happened once and maybe they won't be back for a while, but I still wanna know how the hell they were kicking people because I have never told my rcon to ANYONE

maybe I should go bug the NuclearFallout staff now :p

[Brad]

Did you get any of the plugins from somewhere other than this site? Presumably you have the source for each?

[kp_uparrow]

amx_mode?

[s3r]

I think they used rcon cus youre rcon lenght have to be 6< someone said that if rcon lenght is >6 theres is a trick,,, but its only my opinion ;)

[TheNewt]

You mean it is only what you heard... Not your opinion... lol