http://www.hlstatsx.com/download/current "Fixed: Webpage Vulnerability."
So this should no longer be an issue as long as you have the most up-to-date release, correct? -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of NaughtyGeek Sent: Sunday, May 20, 2007 5:48 PM To: [email protected] Subject: [Bulk] RE: [hlds] unwanted rcon from unknown There was a security flaw in HLStatsX in December. They issued an email to premium members stating that passwords were potentially compromised and suggested changing them. I have copied the email below. Dear Customer, We have been informed about an undocumented security related bug in one of our systems. It could have been possible that your rcon password could be retrieved. The problem has been fixed immediately. We strongly recommend, that you change your rcon password as soon as possible to avoid problems with your gameserver. We apologize for any inconveniences this may cause. Best regards The HLstatsX - Team -------------- Original message ---------------------- From: "Hackmett" <[EMAIL PROTECTED]> > Hi folks, > > i would like to limit to a certain range, not blocking a certain IP. > > btw, I think I found out what happened. > After having fixed the password I saw that my hlstats-stats were flushed > and background image was changed to some "my penis is short, but I hacked > your side"-image. > Then I remembered that hlstats-db also contains rcon passwords. > > btw, is there some kind of security issue with HLstats 1.32 ? > I already changed pw, copied the data from some hours before and changed > mysql rights for the hlstats-user to read-only, but I would like to be > sure that there is no SQL-insertion leak or something else. > > Regards > Rolf > > > Will that also ban player IP's? > > > > Jason > > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of Whisper > > Sent: Sunday, May 20, 2007 12:19 PM > > To: [email protected] > > Subject: Re: [hlds] unwanted rcon from unknown > > > > -- > > [ Picked text/plain from multipart/alternative ] > > Roman, does that work for both HLDS & SRCDS? > > > > On 5/21/07, Roman Hatsiev <[EMAIL PROTECTED]> wrote: > >> > >> To limit access from certain IPs just banip them. Use .0 to ban the > >> whole subnet, i.e. 123.123.123.0 or 123.123.0.0. Do not forget to > >> writeip your bans. > >> > >> On 20/05/07, Hackmett <[EMAIL PROTECTED]> wrote: > >> > Hi, > >> > > >> > I just saw somebody ran rcon commands on my servers: > >> > > >> > His script says Test, kicks some palyers and renames the server: > >> > L 05/20/2007 - 15:12:56: rcon from "84.240.52.71:4470": command > >> "hostname > >> > "#eGames-Css Public Arena [STEAM]"" > >> > I do not use rcon in any way, so im wondering a bit. Is there some > > kind > >> of > >> > security issue in Source server or did he just have luck with the > > rcon > >> > password (9 characters including numer, already replaced with > >> > random-strings) ? > >> > btw, is there a way to disable rcon or limit to certain IPs without > >> > firewalling ? > >> > > >> > Regards > >> > Rolf > >> > > >> > > >> > _______________________________________________ > >> > To unsubscribe, edit your list preferences, or view the list > > archives, > >> please visit: > >> > http://list.valvesoftware.com/mailman/listinfo/hlds > >> > > >> > >> _______________________________________________ > >> To unsubscribe, edit your list preferences, or view the list archives, > >> please visit: > >> http://list.valvesoftware.com/mailman/listinfo/hlds > >> > > -- > > > > _______________________________________________ > > To unsubscribe, edit your list preferences, or view the list archives, > > please visit: > > http://list.valvesoftware.com/mailman/listinfo/hlds > > > > > > > > _______________________________________________ > > To unsubscribe, edit your list preferences, or view the list archives, > > please visit: > > http://list.valvesoftware.com/mailman/listinfo/hlds > > > > > > _______________________________________________ > To unsubscribe, edit your list preferences, or view the list archives, please > visit: > http://list.valvesoftware.com/mailman/listinfo/hlds _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
