This is a big issue, please fix this!!
http://www.reddit.com/tb/1mfgky Old 09-11-13 , 12:15 AM Warning to people running CS:GO servers Reply With Quote Multi-Quote This Message Quick reply to this message #1 A number of communities have been hit by at least one person abusing the fact CS:GO's engine is lacking the fixes Valve made in the 2009 engine for file transfers. This means that it's possible for a malicious person to Download a number of files from the gameserver (it's unknown at this time if the engine is vulnerable to bypassing the extension blacklist). Upload a number of files to the gameserver (see note above). "Delete" a file by overwriting it with a folder. There is an extension created by Zephyrus to combat this exploit available here. There is a plugin that is being upload to game servers that will display hidden ads to clients. The ad provider username in use by this individual is "bazdmegjo", please contact me privately if you have any further information about who this individual may be. Known versions: Filename: "basechats.smx" (note the 's' on the end) File MD5 Hash: bd493c03a0115f704eaa96a0e1d8400e Plugin Hash: 1f37a04083b593f5b024888a1dfbfe7d Filename: "adminhelp.smx" File MD5 Hash: 34ea070da0e8d820e7e1b5285d0a7db1 Plugin Hash: 4f3b8f9131ac3de3c4abfd21ca61c237 The "Plugin Hash" in the list above refers to the "Hash:" line seen in the "sm plugins info" output if you're running a version of SourceMod with the malicious plugin blacklist (most 1.5.0-dev snapshots, 1.5.0 and later, and all 1.6.x snapshots) - if you're hosting CS:GO servers, I suggest making sure you are. The binaries above have already been pushed out to SourceMod's plugin blacklist - if you see any plugins fail to load because of this, please make sure to check all your other plugins. The 2nd one (adminhelp.smx) appears to be the more refined plugin and was likely a later attempt by the exploiter. It also attempts to replicated itself to "votemenus.smx", although due to a bug in the code this fortunately fails. It is highly likely that the person involved in these actions will make continued attempts, so please be vigilant. Checking your server (using the 'find' command) for the cvars "sm_ad_url" and "sm_xchat_name" may help to find other instances of the malicious plugin - please note these were both reused from legitimate plugins, so do not indicate malicious activity alone. If you find any strange plugins on your server that are trying to impersonate base SM plugins, please PM them to me - they're only going to get harder to spot from here on in. Some of you may remember a similar thread to this from almost a year ago... ----- ClanVPP.com 32 man Chicago 74.121.181.87:27015 26 man DM 216.231.130.101:26015 24 man Dallas 66.34.220.7:27015 24 man 24/7 Dust2 216.231.130.101:27025 -- View this message in context: http://csgo-servers.1073505.n5.nabble.com/Please-Fix-this-Valve-Exploit-Many-Communities-are-getting-hit-with-Ads-tp5417.html Sent from the CSGO_Servers mailing list archive at Nabble.com. _______________________________________________ Csgo_servers mailing list [email protected] https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
