A player sent a message on my server early this morning just before it crashed:
ŠŦΣǺП−ƤΘζĨČĒ>ŊĬ� : : /me SERVER H4CK3D BY TEAM N2o-->steam police!!! MORE INFO: [EMAIL PROTECTED] ENGINE SOURCE SUCK !!! Probably related. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of GS Sent: Saturday, December 06, 2008 11:12 AM To: Half-Life dedicated Win32 server mailing list Subject: Re: [hlds] TF2 Server Lag Caused By Possible Exploit Wel US-CERT themselves constantly say that they wish more incidents were reported. We have a person here who has made a cyber threat and acted upon it on a distributed system hosted in the United States. Does it matter that the system is used to play a game? This person has likely conducted other attacks in the past, and will most likely move on to "bigger" things in the future if left unchecked. We're not expecting an immediate task force to suit up Team America style and go after this guy busting down doors or anything close to that, we're just reporting it to the ISPs involved, and the Gov't Agency that has jurisdiction. It's the SOP for a cyber attack and should be followed by any organization who falls victim to one. In the meantime we value comments and suggestions like those from SakeFox and DontWannaName. Thank you, we will be implementing those fixes/plugins. If there are any other suggestions out there on how to tighten security for TF2 servers, please keep them coming. Best Regards On Sat, Dec 6, 2008 at 2:00 AM, Midnight <[EMAIL PROTECTED]> wrote: > Please tell me you didn't waste US-CERT's time on this. I find that hard > to believe and a really bad idea. Although I bet they would get a huge > laugh out of it. > > > GS wrote: > > Hi all, > > > > I'm a member of a gaming community that runs a few dozen TF2 and L4D > > servers. Today one of our most popular TF2 servers was and continues to > be > > attacked by someone who holds some unknown grudge against our community. > > This person has claimed credit for the attacks through a posting on our > > message board. > > > > It appears that the method which this attacker or group of attackers is > > using is limited to an in game exploit. No other server instances, or > other > > server services are affected other than a single game server using a > single > > core of a quad core win32 server hosted in a datacenter. Bandwidth use > is > > normal during attacks. > > > > Are there any unpatched game exploits that anyone in the HLDS list > community > > is aware of that can cause a server to increasingly lag up to the point > of > > unplayability? The effects are similar to previous exploits that Valve > > patched earlier this year. > > > > We have contacted our ISP, the ISP of the poster who took credit for the > > attack (a whois lookup appears to lead to a proxy server in Chicago, IL), > > and the US Dept of Homeland Security (US-CERT). However we would like to > be > > able to prevent these attacks as the investigation by the authorities > > progresses. > > > > If there are any suggestions, no matter how unlikely, we would be forever > > grateful for any help with this problem. > > > > Best Regards, > > Jason > > _______________________________________________ > > To unsubscribe, edit your list preferences, or view the list archives, > please visit: > > http://list.valvesoftware.com/mailman/listinfo/hlds > > > > > _______________________________________________ > To unsubscribe, edit your list preferences, or view the list archives, > please visit: > http://list.valvesoftware.com/mailman/listinfo/hlds > _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
