Players able to get an admins IP?

Last night a player on my DarkRP server was able to get the IP of an admin on my server.
Anyway I can check exactly how this was done?
I’d like to get this patched ASAP (assuming it is patchable) as it really is a security risk in my opinion.

Most likely “status” command in console. And having someone’s IP isn’t a security risk of any kind normally.

EDIT: Err, nevermind. It doesn’t show IP addresses when ran on client. I’m pretty sure it did before.

Considering that allows them to DDoS, I would say it is.
Then again, maybe he’s just a skid and likes to threaten people.

I read somewhere that the status command is restricted to rcon only, is that true? If not anyway I can restrict it to rcon?

If a person would DDoS something it usually would be the server itself and not clients simply because it results in a “larger” effect. Also with DDoS you often target some network-enabled service on target’s computer, and in case of someone’s home computer it’s unlikely there’s any (well, yes, there are a few attack modes that don’t require this, like stupid ping thing).

Getting players ip through status requires rcon but the client version just lists steamids. Unless that person had a backdoor in your server he did not get that admins ip through your server. PlayerConnect used to be a shared hook witch is what people would use to get players ips but it’s now restricted to the server.

Hmm, alright. Since they didn’t use any admin commands would you say it’s unlikely that they had a backdoor?

IIRC there was some kind of vulnerability in the game’s VOIP that let you get other players’ IPs. I think there might have been a similar one in Steam’s VOIP.

if this is a worry to you, inform your admins to not give out their skype, pick a skype username that isn’t their steam one, literally force stop/uninstall/remove/nuke skype from your mobile devices and make sure the option in skype for desktop is picked that only gives ips to contacts (and obviously never add random people on steam or skype)

backdoors don’t have to be that severe

Clientside “status” only gives stuff you already see, like SteamID, Steam name etc, the RCON status gives the IP.

The “skid” most likely got the IP through wireshark(using steam call, or just guessing it), skype, an IP-Logger URL, an backdoor or other stuff, I would recommend you, making an addon which disables normal users sending urls ingame, since there are also Sourcebanners, make vip+ being able to send URLs, doesnt look good, but its effective, since I had many source banners/iploggers sent through the chat.