02-11-2010, 06:13 AM
|
#1 | |
|
FF Whiner
Server Owner
Beta Tester 
Join Date: Sep 2007
Location: Chair.. sometimes a couch
Class/Position: D Engy, D Soldier Gametype: Capture the Flag Posts Rated Helpful 1 Times
|
Nasty file-upload exploit
Greetings everyone,
It seems valve / steam has done it again. A nasty exploit has surfaced which threatend my server. I wasn't able to use any console command to see what was going on. They all resulted into an error saying `Unknown command "es_msg"`. To my shock it seemed a new folder called 'mani admin' was on my server with just a single steamid as admin. There are no log entries of what happened. Neither are there any logging attempts I could spot in my firewall (for abusive retrying) or successful login. There's no FTP server on my machine so that wouldn't be the issue. After a bit of searching with hlsw I spotted some person issuing mani admin commands. The moron who did this goes by the following, so the logs tell me: Quote:
Voorgru has made a plugin which should initially block these attacks on your server. You can grab the plugin from here and follow it's instructions on how to install it. The plugin is both for windows and linux! Hopefully the thing that happened to me doesn't happen to your server. I got a reinstall planned for the machine tomorrow seeing I'm not sure about what has been done with it. Better safe then sorrow I suppose.... *snif* -- Rawh Last edited by Rawh; 02-11-2010 at 05:02 PM. |
|
|
|
| Currently Active Users Viewing This Thread: 1 (0 members and 1 guests) | |
|
|
Threaded Mode