Hi:
https://forums.alliedmods.net/showthread.php?t=225925
________________________________
From: lilly <[email protected]>
To: [email protected]
Sent: Sunday, September 15, 2013 4:10:51 PM
Subject: [Csgo_servers] Please Fix this Valve!! Exploit!!! Many Communities are
getting hit with Ads
This is a big issue, please fix this!!
http://www.reddit.com/tb/1mfgky
Old 09-11-13 , 12:15 AM Warning to people running CS:GO servers
Reply With Quote Multi-Quote This Message Quick reply to this message #1
A number of communities have been hit by at least one person abusing the
fact CS:GO's engine is lacking the fixes Valve made in the 2009 engine for
file transfers.
This means that it's possible for a malicious person to
Download a number of files from the gameserver (it's unknown at this
time if the engine is vulnerable to bypassing the extension blacklist).
Upload a number of files to the gameserver (see note above).
"Delete" a file by overwriting it with a folder.
There is an extension created by Zephyrus to combat this exploit available
here.
There is a plugin that is being upload to game servers that will display
hidden ads to clients.
The ad provider username in use by this individual is "bazdmegjo", please
contact me privately if you have any further information about who this
individual may be.
Known versions:
Filename: "basechats.smx" (note the 's' on the end)
File MD5 Hash: bd493c03a0115f704eaa96a0e1d8400e
Plugin Hash: 1f37a04083b593f5b024888a1dfbfe7d
Filename: "adminhelp.smx"
File MD5 Hash: 34ea070da0e8d820e7e1b5285d0a7db1
Plugin Hash: 4f3b8f9131ac3de3c4abfd21ca61c237
The "Plugin Hash" in the list above refers to the "Hash:" line seen in the
"sm plugins info" output if you're running a version of SourceMod with the
malicious plugin blacklist (most 1.5.0-dev snapshots, 1.5.0 and later, and
all 1.6.x snapshots) - if you're hosting CS:GO servers, I suggest making
sure you are.
The binaries above have already been pushed out to SourceMod's plugin
blacklist - if you see any plugins fail to load because of this, please make
sure to check all your other plugins.
The 2nd one (adminhelp.smx) appears to be the more refined plugin and was
likely a later attempt by the exploiter. It also attempts to replicated
itself to "votemenus.smx", although due to a bug in the code this
fortunately fails. It is highly likely that the person involved in these
actions will make continued attempts, so please be vigilant.
Checking your server (using the 'find' command) for the cvars "sm_ad_url"
and "sm_xchat_name" may help to find other instances of the malicious plugin
- please note these were both reused from legitimate plugins, so do not
indicate malicious activity alone.
If you find any strange plugins on your server that are trying to
impersonate base SM plugins, please PM them to me - they're only going to
get harder to spot from here on in.
Some of you may remember a similar thread to this from almost a year ago...
-----
ClanVPP.com
32 man Chicago 74.121.181.87:27015
26 man DM 216.231.130.101:26015
24 man Dallas 66.34.220.7:27015
24 man 24/7 Dust2 216.231.130.101:27025
--
View this message in context:
http://csgo-servers.1073505.n5.nabble.com/Please-Fix-this-Valve-Exploit-Many-Communities-are-getting-hit-with-Ads-tp5417.html
Sent from the CSGO_Servers mailing list archive at Nabble.com.
_______________________________________________
Csgo_servers mailing list
[email protected]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
_______________________________________________
Csgo_servers mailing list
[email protected]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
