[QUOTE=Drunkie;25802363]I can confirm this. We also discussed this over on wiremod.com
[url]http://www.wiremod.com/forum/off-topic/23302-couple-build-server-hackers.html[/url]
I strongly suspect they were reading/writing to the server.cfg using the upload/download exploit.
Putting this in server.cfg:
sv_allowupload 0
sv_allowdownload 0
Looks like it blocked them from using the exploit, because they came back and couldn't do anything so they left.
They have a couple other guys doing it besides Dark Herald and Firefry.[/QUOTE]
That was already in my server.cfg when it happened. Though they didn't actually edit any files, they just uploaded some text files that said hacked or whatever
[QUOTE=Drunkie;25802363]I can confirm this. We also discussed this over on wiremod.com
[url]http://www.wiremod.com/forum/off-topic/23302-couple-build-server-hackers.html[/url]
I strongly suspect they were reading/writing to the server.cfg using the upload/download exploit.
Putting this in server.cfg:
sv_allowupload 0
sv_allowdownload 0
Looks like it blocked them from using the exploit, because they came back and couldn't do anything so they left.
They have a couple other guys doing it besides Dark Herald and Firefry.[/QUOTE]
I do remember this exploit but we already use FastDL (sv_allow upload and download are disabled on the server as well and the rcon password is not in the server.cfg)
I was assuming it was an admin mod exploit because I did not see anyone using rcon, nor could I find any modified files on the server .. maybe there was who knows.
If you know some "new" exploit don't go around abusing your knowledge of it .. if anything leave a note saying how to fix it but as I said before that may be too much to ask.
[QUOTE=TornadoChas3r;25813547]I was assuming it was an admin mod exploit[/QUOTE]
They wrote lots of files to the data/ folder on my friends server. You can't do that with ULX as far as I know.
[QUOTE=Drunkie;25813934]They wrote lots of files to the data/ folder on my friends server. You can't do that with ULX as far as I know.
How am I abusing my knowledge of it? I posted a possible fix (That worked with my friends server). I'm not even 100% sure thats how they did it.[/QUOTE]
That was not directed toward you.. was wondering if I should clarify that. That statement was directed toward people like Dark Herald.
Ah okay.
I love shitbrix and trolling :PP. Dont add me unless you want kids from me.
Source:
The fucker's profile
That explains so much
Looks almost... fun!
[QUOTE=Noi;25830838]everyone from wiremod.ru banned on wiremod.com.
also, dark herald raged in my skype :D.
[20:31:29] Евгений [Dark Herald]: [url]http://s015.radikal.ru/i331/1011/91/adf944b54172.jpg[/url]
[20:31:30] Евгений [Dark Herald]: you?
[20:31:53] Sergei (Noiwex): yes?
[20:32:07] Sergei (Noiwex): just talking about fact
[20:32:07] Евгений [Dark Herald]: you?
[20:32:09] Sergei (Noiwex): yes
[20:32:11] Евгений [Dark Herald]: great
[20:32:13] Евгений [Dark Herald]: suck dicks
[20:32:27] Sergei (Noiwex): you too[/QUOTE]
Ahaha, oh wow... That's amazing.
I guess some people should learn that if you go around hacking servers, that eventually you're going to be exposed.... And then your online life goes to hell.
I would prefer they go to every Hell that exists, but in this case, I guess Garry's.
Maybe Gabe's as well since they just might go around hacking other servers in other source games, too. Who knows.
Edit:
If that's possible.
Which I sure hope not.
Anyone know how they managed to gain access? Was it a lua script, admin mod exploit, some weird engine exploit that could be done on any other source engine game.
I am not sure if script enforcer would help or not, but if any one knows what the exploit is maybe we can find a way to block, fix it, or report it.
I have not heard of any other cases of servers being compromised lately so they may have been able to exploit something we had on the server who knows.
To SuperDuperScoot
Wiremod.ru is not end for me. I can play and making my shadow work.
To TornadoChas3r
i know, but i not say :P
[QUOTE=Dark Herald;25853233]To SuperDuperScoot
Wiremod.ru is not end for me. I can play and making my shadow work.
To TornadoChas3r
i know, but i not say :P[/QUOTE]
Well then I ask one favor, as I said in a few posts above don't abuse your knowledge of it.
No one can stop people from doing these things, there will always be exploits and hackers, but if you are going to go into peoples servers don't do it for malicious reasons. Leave some sort of note for the server owner explaining ways to fix it and don't do damage to the server. (I have to give you some credit for not destroying the server, I am not sure how much access you where able to obtain with your exploit, although banning the players was not really necessary /: )
It might be a good idea to report the exploit so it can get fixed, or if you are not going to do that at least keep it secret and don't give it out.
This is my job. Find exploit and fix'd* :D
* Fix'd only for my commynity. Today is for self.
[QUOTE=Dark Herald;25855244]This is my job. Find exploit and fix'd* :D
* Fix'd only for my commynity. Today is for self.[/QUOTE]
Why not share the fix with other server owners, or why not send a report in to fix it before someone else gets a hold of it and does who knows what.
[QUOTE=Dark Herald;25855244]This is my job. Find exploit and fix'd* :D
* Fix'd only for my commynity. Today is for self.[/QUOTE]
That's skiddie talk
you don't know how you did it, you just used some fancy program someone who actually know shit made :colbert:
Just put scriptenforcer on your sandbox, and your safe for now. :v:
[QUOTE=Cubar;25857973]Just put scriptenforcer on your sandbox, and your safe for now. :v:[/QUOTE]
Ya we will give it a try, hope its not a pain and I hope it works, never had any reason to use it on a build server but I guess that has changed.
To Van-man
I know how its work :P
To TornadoChas3r
Becouse, I never help other servers. I think every gmods admins must know lua.
To Cubar
No, its dont help you :P
[QUOTE=Dark Herald;25866184]To Van-man
I know how its work :P
To TornadoChas3r
Becouse, I never help other servers. I think every gmods admins must know lua.
To Cubar
No, its dont help you :P[/QUOTE]
I think every gmod admin must know (good) English (grammar and spelling), but I don't come in your server yelling "English mother******, do you speak it?".
:D Nice post, but: lua - realy need, english for talk - not always necessary :D
No one should need to be a Lua King in order to ask how to fix a exploit.
[QUOTE=Dark Herald;25866184]
Becouse, I never help other servers. I think every gmods admins must know lua.
[/QUOTE]
And i think [B]EVERYONE[/B] should know English, beyond the [B]BUY THIS, GOOD PRICE GOOD PRICE!![/B] level.
But that doesn't mean it's gonna happen :colbert:
[QUOTE=Dark Herald;25866184]
Becouse, I never help other servers. I think every gmods admins must know lua.
[/QUOTE]
You don't need to know any coding language to be a good server admin ( you could know lua and be the worse admin ever it does not matter, its how you run your server). Or they could be learning lua and do know enough to fix the problem. If you have a thing against most server admins I can agree with you on that, but there are good servers and admins out there as well.
I don't see the harm reporting this exploit so it gets fixed for everyone, unless your motive on using this is for bad reasons.. which I have a feeling they are /:
The only reason to exploit a vulnerability is to get it fixed. And have some enjoyment on the way.
You're being a twat by not having it fixed.
Another example why the RCON should never be put in the server cfg
Where's the bad reading rating?
He said rcon was never accessed.
[QUOTE=DatMeg;25884636]Another example why the RCON should never be put in the server cfg[/QUOTE]
In our case the rcon was not in the server.cfg ( its in the startup command line). I don't know how they gained access did not look like they exploited the admin mod. (I am not 100% percent sure if they were able to get the rcon password .. or if they just executed commands through their script)
We have FastDL running with sv allow upload and download disabled so I don't think it was the Upload/Download exploit.. but who knows /: He wont report it in to get it fixed so it will either stay hidden or it will be leaked and someone will have to fix it.
Sorry, you need to Log In to post a reply to this thread.
