It looks like he's a problem child. Do a search on the Steam Community for:
ŠŦΣǺП−ƤΘζĨČĒ
Either he/she really likes to cheat or he/she is stealing accounts. Judging
by the choice of name, I'd guess a phisher.
-Richard Eid
On Sun, Dec 7, 2008 at 3:24 PM, Tony Paloma <[EMAIL PROTECTED]> wrote:
> On a more serious note, I got the attacker's SteamID in case anyone would
> like to ban him.
> STEAM_0:0:16496340
> http://steamcommunity.com/profiles/76561197993258408
>
> Anyone seen this before or know what he may have done? I block achievement
> command spam as well as joinclass/team spam, so it's not that. The people
> that were playing didn't notice anything strange before it crashed either. I
> don't run SourceMod, so it's not a SourceMod exploit.
>
> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:
> [EMAIL PROTECTED] On Behalf Of Dave Reid
> Sent: Sunday, December 07, 2008 6:36 AM
> To: Half-Life dedicated Win32 server mailing list
> Subject: Re: [hlds] TF2 Server Lag Caused By Possible Exploit
>
> Better call the feds. The terrorist kiddies are threating national
> security again.
>
> Tony Paloma wrote:
> > A player sent a message on my server early this morning just before it
> crashed:
> >
> > ŠŦΣǺП−ƤΘζĨČĒ>ŊĬ� : : /me SERVER H4CK3D BY TEAM N2o-->steam police!!!
> MORE INFO: [EMAIL PROTECTED] ENGINE SOURCE SUCK !!!
> >
> > Probably related.
> >
> > -----Original Message-----
> > From: [EMAIL PROTECTED] [mailto:
> [EMAIL PROTECTED] On Behalf Of GS
> > Sent: Saturday, December 06, 2008 11:12 AM
> > To: Half-Life dedicated Win32 server mailing list
> > Subject: Re: [hlds] TF2 Server Lag Caused By Possible Exploit
> >
> > Wel US-CERT themselves constantly say that they wish more incidents were
> > reported. We have a person here who has made a cyber threat and acted
> upon
> > it on a distributed system hosted in the United States. Does it matter
> that
> > the system is used to play a game? This person has likely conducted
> other
> > attacks in the past, and will most likely move on to "bigger" things in
> the
> > future if left unchecked.
> >
> > We're not expecting an immediate task force to suit up Team America style
> > and go after this guy busting down doors or anything close to that, we're
> > just reporting it to the ISPs involved, and the Gov't Agency that has
> > jurisdiction. It's the SOP for a cyber attack and should be followed by
> any
> > organization who falls victim to one.
> >
> > In the meantime we value comments and suggestions like those from SakeFox
> > and DontWannaName. Thank you, we will be implementing those
> > fixes/plugins. If there are any other suggestions out there on how to
> > tighten security for TF2 servers, please keep them coming.
> >
> > Best Regards
> >
> >
> >
> > On Sat, Dec 6, 2008 at 2:00 AM, Midnight <[EMAIL PROTECTED]> wrote:
> >
> >
> >> Please tell me you didn't waste US-CERT's time on this. I find that hard
> >> to believe and a really bad idea. Although I bet they would get a huge
> >> laugh out of it.
> >>
> >>
> >> GS wrote:
> >>
> >>> Hi all,
> >>>
> >>> I'm a member of a gaming community that runs a few dozen TF2 and L4D
> >>> servers. Today one of our most popular TF2 servers was and continues
> to
> >>>
> >> be
> >>
> >>> attacked by someone who holds some unknown grudge against our
> community.
> >>> This person has claimed credit for the attacks through a posting on our
> >>> message board.
> >>>
> >>> It appears that the method which this attacker or group of attackers is
> >>> using is limited to an in game exploit. No other server instances, or
> >>>
> >> other
> >>
> >>> server services are affected other than a single game server using a
> >>>
> >> single
> >>
> >>> core of a quad core win32 server hosted in a datacenter. Bandwidth use
> >>>
> >> is
> >>
> >>> normal during attacks.
> >>>
> >>> Are there any unpatched game exploits that anyone in the HLDS list
> >>>
> >> community
> >>
> >>> is aware of that can cause a server to increasingly lag up to the point
> >>>
> >> of
> >>
> >>> unplayability? The effects are similar to previous exploits that Valve
> >>> patched earlier this year.
> >>>
> >>> We have contacted our ISP, the ISP of the poster who took credit for
> the
> >>> attack (a whois lookup appears to lead to a proxy server in Chicago,
> IL),
> >>> and the US Dept of Homeland Security (US-CERT). However we would like
> to
> >>>
> >> be
> >>
> >>> able to prevent these attacks as the investigation by the authorities
> >>> progresses.
> >>>
> >>> If there are any suggestions, no matter how unlikely, we would be
> forever
> >>> grateful for any help with this problem.
> >>>
> >>> Best Regards,
> >>> Jason
> >>> _______________________________________________
> >>> To unsubscribe, edit your list preferences, or view the list archives,
> >>>
> >> please visit:
> >>
> >>> http://list.valvesoftware.com/mailman/listinfo/hlds
> >>>
> >>>
> >>>
> >> _______________________________________________
> >> To unsubscribe, edit your list preferences, or view the list archives,
> >> please visit:
> >> http://list.valvesoftware.com/mailman/listinfo/hlds
> >>
> >>
> > _______________________________________________
> > To unsubscribe, edit your list preferences, or view the list archives,
> please visit:
> > http://list.valvesoftware.com/mailman/listinfo/hlds
> >
> >
> > _______________________________________________
> > To unsubscribe, edit your list preferences, or view the list archives,
> please visit:
> > http://list.valvesoftware.com/mailman/listinfo/hlds
> >
>
> _______________________________________________
> To unsubscribe, edit your list preferences, or view the list archives,
> please visit:
> http://list.valvesoftware.com/mailman/listinfo/hlds
>
>
> _______________________________________________
> To unsubscribe, edit your list preferences, or view the list archives,
> please visit:
> http://list.valvesoftware.com/mailman/listinfo/hlds
>
_______________________________________________
To unsubscribe, edit your list preferences, or view the list archives, please
visit:
http://list.valvesoftware.com/mailman/listinfo/hlds
