It is however the case that on most webhosts, if you store the rcon
password in the database and all of the install files in your web
folders, that any other user on the system can read your database
details, and then next read out the rcon password. For more information
on this google on apache vhosts and mysql passwords - it's a VERY common
problem.
Next, are you sure that your HSP are not repsonsible? Are the boxes
otherwise secured?
Rick Payton wrote:
This is a multi-part message in MIME format.
--
You can disable it, as Mani has it's own section dedicated to rcon commands
that are allowed to run. A few stats packages require rcon though, most notably
HLstats and HLstatsX.
Rick Payton, IT Support
Morikawa & Associates
(808) 572-1745
http://www.mai-hawaii.com/
________________________________
From: [EMAIL PROTECTED] on behalf of Alexander Kobbevik
Sent: Mon 8/15/2005 9:51 PM
To: [email protected]
Subject: RE: [hlds] Possible hack
When you run mods like mani, can't you just disable RCON?
Or does it need to be there?
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Drew Hostetler
Sent: 16. august 2005 06:10
To: [email protected]
Subject: Re: [hlds] Possible hack
I had something similar happen to me once but mani was not involved.
Someone who had just connected to the server (not even in the game
yet) managed to hack the quite complex rcon password and start
spamming dozens of lines of "hahahahahahaha" as console chat all
within one second. When I noticed this in the logs the next day (some
other event caused me to look through my logs and I came across this),
I changed the rcon password and I haven't noticed it since. This was
like 4 months ago.
Drew
On 8/15/05, Chris K <[EMAIL PROTECTED]> wrote:
OK, I'm freaking out here. Someone is running mani + console commands
on my box and it's not me or any of my two other admins. I was even
frozen once before I dropped out to see who,what, why this is
happening. First thing I did was change RCON password and restart the
server. I join and all is going well so I leave, then check HLSW and
someone is talking as Console. I take a quick snapshot of all the
Steam ID's involved & plow into the logs. Cannot tell what is going
on. People are asking the Console for Admin & there are none on the
box! Looks like a map was changed without a vote. I'm lost. I did ban
one guy that caught my eye and nothing has happened for a little while
but we'll see.
There are only 3 admins, none with RCON password but me & none of them
were playing.
Just me or anyone else getting this? Maybe a new hack out there?
Oh, and it is a VAC2 secure server.
_______________________________________________
To unsubscribe, edit your list preferences, or view the list archives,
please visit:
http://list.valvesoftware.com/mailman/listinfo/hlds
_______________________________________________
To unsubscribe, edit your list preferences, or view the list archives,
please visit:
http://list.valvesoftware.com/mailman/listinfo/hlds
_______________________________________________
To unsubscribe, edit your list preferences, or view the list archives, please
visit:
http://list.valvesoftware.com/mailman/listinfo/hlds
--
[ winmail.dat of type application/ms-tnef deleted ]
--
_______________________________________________
To unsubscribe, edit your list preferences, or view the list archives, please
visit:
http://list.valvesoftware.com/mailman/listinfo/hlds
_______________________________________________
To unsubscribe, edit your list preferences, or view the list archives, please
visit:
http://list.valvesoftware.com/mailman/listinfo/hlds
