Fortress Forever

Go Back   Fortress Forever > Help & Technical > Server Administration

Reply
 
Thread Tools Display Modes
Old 02-11-2010, 05:13 AM   #1
Rawh
FF Whiner
Server Owner
Beta Tester
 
Rawh's Avatar
 
Join Date: Sep 2007
Location: Chair.. sometimes a couch
Class/Position: D Engy, D Soldier
Gametype: Capture the Flag
Posts Rated Helpful 1 Times
Nasty file-upload exploit

Greetings everyone,

It seems valve / steam has done it again. A nasty exploit has surfaced which threatend my server.

I wasn't able to use any console command to see what was going on.
They all resulted into an error saying `Unknown command "es_msg"`. To my shock it seemed a new folder called 'mani admin' was on my server with just a single steamid as admin.

There are no log entries of what happened. Neither are there any logging attempts I could spot in my firewall (for abusive retrying) or successful login. There's no FTP server on my machine so that wouldn't be the issue.

After a bit of searching with hlsw I spotted some person issuing mani admin commands. The moron who did this goes by the following, so the logs tell me:
Quote:
L 02/10/2010 - 20:57:36: "z0rn | bestmeth0ds<223><STEAM_ID_PENDING><>" connected, address "72.24.117.40:27005"
L 02/10/2010 - 20:57:39: "z0rn | bestmeth0ds<223><STEAM_0:1:20674296><>" STEAM USERID validated
Above steamid resolves to the steamcommunity page here.

Voorgru has made a plugin which should initially block these attacks on your server. You can grab the plugin from here and follow it's instructions on how to install it.
The plugin is both for windows and linux!

Hopefully the thing that happened to me doesn't happen to your server.
I got a reinstall planned for the machine tomorrow seeing I'm not sure about what has been done with it. Better safe then sorrow I suppose.... *snif*

-- Rawh

Last edited by Rawh; 02-11-2010 at 04:02 PM.
Rawh is offline   Reply With Quote


Old 02-11-2010, 05:22 AM   #2
Rawh
FF Whiner
Server Owner
Beta Tester
 
Rawh's Avatar
 
Join Date: Sep 2007
Location: Chair.. sometimes a couch
Class/Position: D Engy, D Soldier
Gametype: Capture the Flag
Posts Rated Helpful 1 Times
<cut>

There, install manual is already on the forum

Last edited by Rawh; 02-11-2010 at 04:02 PM.
Rawh is offline   Reply With Quote


Old 02-11-2010, 10:43 AM   #3
moosh
WhenNailGrenWillOut?
Beta Tester
 
moosh's Avatar
 
Join Date: May 2009
Gametype: mp_prematch
Affiliations: [:)] - Frag Happy, babe|
Posts Rated Helpful 29 Times
Woah,creepy. Thanks for posting the plugin.
moosh is offline   Reply With Quote


Old 02-11-2010, 04:03 PM   #4
Rawh
FF Whiner
Server Owner
Beta Tester
 
Rawh's Avatar
 
Join Date: Sep 2007
Location: Chair.. sometimes a couch
Class/Position: D Engy, D Soldier
Gametype: Capture the Flag
Posts Rated Helpful 1 Times
Updated main post with "new" plugin which blocks a bit better!
Rawh is offline   Reply With Quote


Old 06-06-2010, 10:49 AM   #5
loveripad
 
Join Date: Jun 2010
Gametype: Capture the Flag
Posts Rated Helpful 0 Times
I really understand the situation here, my friend. This is certainly frustrating especially with the error message you are receiving. It seems as if someone can now have access into your account. I say this because you said you couldn’t use your console command. Right? So I am expecting someone has hacked into your account. That is the only possible reason. Furthermore, there are no log entries as to what happened so certainly as you said this must be the job of valve/steam!
__________________
Call Center
loveripad is offline   Reply With Quote


Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 11:06 AM.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2024, vBulletin Solutions, Inc.