Am 18.04.2013 21:39, schrieb Marcin Paterek:
I'm not sure how that's possible, so let me explain:
Sometimes my server suddenly adds 10 bots to the game despite the fact
they're disabled in .cfg (bot_quota_modenormal, bot_quota0). Sourcemod
admins can't kick them and the only way to get rid of bots is to
reload a map (which means reload configs) or kick them using rcon. I'm
using rcon_lock plugin to log all commands send via rcon and here's
the weird part:
L 04/18/2013 - 21:15:50: [rcon_lock.smx] Got half-connected command
from client 11 (ip unknown): exec server.cfg
L 04/18/2013 - 21:15:50: [rcon_lock.smx] Got half-connected command
from client 11 (ip unknown): exec "gamemode_competitive.cfg"
L 04/18/2013 - 21:15:50: [rcon_lock.smx] Got half-connected command
from client 11 (ip unknown): exec "gamemode_competitive_server.cfg"
L 04/18/2013 - 21:15:50: [rcon_lock.smx] Got half-connected command
from client 11 (ip unknown): exec "co_custom_convar.cfg"
Those 4 commands were used just a moment BEFORE the bots were spawned.
What's more, it isn't the first time I see bots spawning that way, so
a few days ago I've changed my rcon password. I've also changed
av-software (from Kaspersky Internet Security 2013 to Norton Internet
Security 2013) to be sure, that I don't have any malware installed on
my computer. I haven't shared my rcon password with anyone.
To sum up, I'm wondering if it's possible to somehow backdoor server
security and use rcon commands even without knowing it?
I do not kown about an exploit, but:
Only way of telling if the server is infected is a boot CD. Instaling a
different AV tool ist not sufficient.
Most of RCON changes(hacks) are done via a third party tool like
sourcebans. If you use such a tool, change your RCON without changing
the configs for those tools and retry.
_______________________________________________
Csgo_servers mailing list
[email protected]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
