[QUOTE=Cpt. Cakes;48603913]I joined one server that WAS NOT the server that had the virus to play a bit of deathmatch, should I scan my computer? By the way, I don't see a hidden file or folder where the source 2013 is installed, and where the virus normally installs.
Is it safe to launch up the game so I can see which servers are still up and so I can contact the owners?[/QUOTE]
[B]Any server with sv_upload at 1 could be compromised. Scan and rescan.[/B]
[QUOTE=Cpt. Cakes;48603913]I joined one server that WAS NOT the server that had the virus to play a bit of deathmatch, should I scan my computer? By the way, I don't see a hidden file or folder where the source 2013 is installed, and where the virus normally installs.
Is it safe to launch up the game so I can see which servers are still up and so I can contact the owners?[/QUOTE]
Do a virus scan anyway to be safe.
Basically: The virus is transmitted through sprays. You take an image, leave the file header in, and put whatever you'd like to be executed to the rest of the file.
No, it wasn't 404's fault. 404 got hacked via the spray exploit. By the way, yes, it's RubberFruitFace and a couple of his friends.
My best advice right now is to NOT play tf2cc or any other s2013 MP mod until Valve sorts this out, as this is an EXTREMELY huge security risk.
Basically, stop playing tf2c and if you've been in a server in the past few days, DO A VIRUS CHECK. The fake server thing was a diversion by RubberFruit and his friends to basically blame 404.
[QUOTE=danielmm8888;48603978]Do a virus scan anyway to be safe.
Basically: The virus is transmitted through sprays. You take an image, leave the file header in, and put whatever you'd like to be executed to the rest of the file.
No, it wasn't 404's fault. 404 got hacked via the spray exploit. By the way, yes, it's RubberFruitFace and a couple of his friends.
My best advice right now is to NOT play tf2cc or any other s2013 MP mod until Valve sorts this out, as this is an EXTREMELY huge security risk.
Basically, stop playing tf2c and if you've been in a server in the past few days, DO A VIRUS CHECK. The fake server thing was a diversion by RubberFruit and his friends to basically blame 404.[/QUOTE]
Wait, the Rubberfruit? What the hell happened to him from making his Gmod vids to this?
I have sprays disabled I think, and have also never seen a spray in tf2c before except the default
I'll do a scan with ESET NOD32 antivirus
[QUOTE=X_Sam;48603987]Wait, the Rubberfruit? What the hell happened to him from making his Gmod vids to this?[/QUOTE]
No, this is a different guy named TheRubberFruitFace.
[QUOTE=X_Sam;48603987]Wait, the Rubberfruit? What the hell happened to him from making his Gmod vids to this?[/QUOTE]
Not RubberFruit, it's [B]TheRubberFruitFace[/B], completely different person.
[QUOTE=X_Sam;48603987]Wait, the Rubberfruit? What the hell happened to him from making his Gmod vids to this?[/QUOTE]
TheRubberFruitFace, general asshole who's been hanging around the TF2C mod and drama for a while now. Not RubberFruit.
Edit: Wow, second late. Oops.
[QUOTE=iiboharz;48604003]Not RubberFruit, it's [B]TheRubberFruitFace[/B], completely different person.[/QUOTE]
That's even worse, cause I know a guy who's friends with that guy.
On the bright side, we learned that 404 isn't being petty anymore, and he's trying to get on this mods good side again. :cat:
[QUOTE=danielmm8888;48603978]Do a virus scan anyway to be safe.
Basically: The virus is transmitted through sprays. You take an image, leave the file header in, and put whatever you'd like to be executed to the rest of the file.
No, it wasn't 404's fault. 404 got hacked via the spray exploit. By the way, yes, it's RubberFruitFace and a couple of his friends.
My best advice right now is to NOT play tf2cc or any other s2013 MP mod until Valve sorts this out, as this is an EXTREMELY huge security risk.
Basically, stop playing tf2c and if you've been in a server in the past few days, DO A VIRUS CHECK. The fake server thing was a diversion by RubberFruit and his friends to basically blame 404.[/QUOTE]
By "in the past few days", how long ago do you mean? I currently do not have access to my computer with TF2C on it, and I'm getting paranoid about it (last time I played was either Sunday or Monday)
Apparently there is more than one culprit involved: (404's post from the tf2c forums)
"Further update. It seems that the keylogger/Rat was delivered via the spray exploit that was patched in Garry's Mod.
The deliverer?
Friend of RubberFruitFace named Sikes. Here are Sikes's two friends (Roy and RubberFruitFace) if you want to block these three goofs from your servers:
[url]http://steamcommunity.com/profiles/76561197964899068[/url] - Sikes (aka "Ryu", fellow who was mentioned in the chat logs. He also has all of The Yiffy Fox's items, so that's damning evidence right there)
[url]http://steamcommunity.com/profiles/76561198031372221[/url] - Roy
[url]http://steamcommunity.com/profiles/76561198136391192[/url] - TheRubberFruitFace
Please note that I am not friends with any of those three stooges. I used to be friends with Rubber until he fucked around and screwed up my server by banning half the players permanently for no reason after hacking my RCON."
[b]*EDIT*[/b] Apparently everybody is now saying that this guy is the one responsible - [url]http://steamcommunity.com/id/TheAlucardFromHell[/url]. It's been pretty much confirmed that it involves both something to do with sprays and sv_upload. These two functions seem to coordinate with eachother in some way making this exploit possible. I would highly suggest shutting down your servers for the night, as several people are reporting strange files and slight changes showing up in their server configuration and file system in general.
[QUOTE=OneFourth;48603957][B]Any server with sv_upload at 1 could be compromised. Scan and rescan.[/B][/QUOTE]
Shouldn't it be sv_allowupload?
:snip:
Was it only DM servers? I haven't played since yesterday afternoon, and it was just on a regular CTF map
[QUOTE=Doctor Hunt;48604505]Was it only DM servers? I haven't played since yesterday afternoon, and it was just on a regular CTF map[/QUOTE]
Any server can be affected.
Oh gosh not another conspiracy
I hope it goes alright this time
im abit late to this hole SDK exploit, can someone give me a quick recap?
Can someone who only has TF2C installed be impacted by this? I have it on my computer but never really play it...
[QUOTE=darkspire17;48604737]im abit late to this hole SDK exploit, can someone give me a quick recap?[/QUOTE]
A certain server has a virus that can download on your computer via spray images, and can block your steam and fp accounts, steal your items, and many other undesirable things. Moral of the story: stay off of TF2C until further notice.
[QUOTE=Pastel;48604760]Can someone who only has TF2C installed be impacted by this? I have it on my computer but never really play it...[/QUOTE]
nope
[QUOTE=Pastel;48604760]Can someone who only has TF2C installed be impacted by this? I have it on my computer but never really play it...[/QUOTE]
No. As long as you don't join the server you're fine. To be safe, don't join any servers until the problem is fixed.
anyone got a mirror for the client, allso do i still have permission to use patch 1.6 as a base of my mod?
This shit is scary
[QUOTE=darkspire17;48605311]anyone got a mirror for the client, allso do i still have permission to use patch 1.6 as a base of my mod?[/QUOTE]
How do you plan on doing that if you don't have the 1.6-era code?
We should write a letter to Valve to ask them to manual VAC ban FruitFace and his lackeys.
[QUOTE=iAmaNewb;48605549]We should write a letter to Valve to ask them to manual VAC ban FruitFace and his lackeys.[/QUOTE]
You guys need to lay down the accusations.
This is just a big spiral of shit - there's no hard evidence as to who did what.
[QUOTE=NitronikALT;48605679]You guys need to lay down the accusations.
This is just a big spiral of shit - there's no hard evidence as to who did what.[/QUOTE]
yes there is
wow this just got really fucking crazy really fucking quick[I][/I]
[QUOTE=BarJarHinks;48604771]A certain server has a virus that can download on your computer via spray images, and can block your steam and fp accounts, steal your items, and many other undesirable things. Moral of the story: stay off of TF2C until further notice.[/QUOTE]
can also infect other servers and so just dont get on for now
Is it possible to completely remove the ability to use sprays in later versions of TF2C so we can avoid something similar to this later? I actually completely forgot sprays existed until now.
Who am I kidding, it's probably not that easy. It really does suck, but I am glad someone noticed early enough.
Shit. I haven't played TF2C on my other laptop (am currently using my new one, getting Windows 10 installed) for a few days now; would I somehow even have this file? It's kinda freaking me out.
On the record of banning people, we are already engineering a system to ban people from the mod at this time. People can of course bypass it, especially if they're experienced, but adding a server-side system to kick people on joining or similar should discourage and make those attempts more difficult.
Sorry, you need to Log In to post a reply to this thread.
Team Fortress 2 Classic V3
