These people downloaded everyone's server configs, and my rcon password was unhackable due to the complexity of it. Only one of my servers were affected. If you look in your cfg folder and you see a "server.cfg. .ztmp" then you have been hacked too. I have a feeling there is a major exploit in the wild that will soon hit more than fakeclient servers.
And for the record we run fake clients for one reason, so our server shows up on the list when you refresh. By default empty servers will not show up in the master list, no one will ever see the empty server to populate it. We only have 1 client running because we know how much the community hates them. The worst part is I found this post from 2003, seems like the same kind of exploit 7 years later? Thanks valve. http://www.mail-archive.com/[email protected]/msg22649.html Anyone have any ideas as to how this was performed so we all can get it fixed before it's too late? -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Tony Paloma Sent: Monday, November 16, 2009 5:11 PM To: 'Half-Life dedicated Win32 server mailing list' Subject: Re: [hlds] Its the law! Or IPSec rules. -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Shizzle Nizzle Sent: Monday, November 16, 2009 4:51 PM To: Half-Life dedicated Win32 server mailing list Subject: Re: [hlds] Its the law! ip filtering your rcon port.. does the job and keeps all the rcon exploits away. for those on windows just use emsa port blocker On Mon, Nov 16, 2009 at 6:31 PM, Craig McLure <[email protected]> wrote: > Maybe, but I'm pretty sure that's illegal in most countries :/ > > 2009/11/17 Alex <[email protected]> > > > They got what was coming to them. Good for him :) > > > > 1nsane wrote: > > > Under certain conditions It is possible to download files from the > > server. > > > Server.cfg being a good one. > > > > > > Also the reverse is true. > > > > > > On Mon, Nov 16, 2009 at 5:37 PM, JäKë T <[email protected]> > wrote: > > > > > > > > >> It's just cracking rcon password, then they set it to private and > change > > >> the name. > > >> So just having rcon locker and a nice password fixes it. > > >> > > >> > > >> > > >>> From: [email protected] > > >>> To: [email protected] > > >>> Date: Mon, 16 Nov 2009 23:32:24 +0100 > > >>> Subject: Re: [hlds] Its the law! > > >>> > > >>> The big question is: how is it done? Let's hope there is backdoor in > > the > > >>> fake player app and not a bug in the server code. > > >>> > > >>> > > >>>> http://img692.imageshack.us/img692/4728/71956486.jpg > > >>>> I lay money on Lotusclan getting there comeuppance! > > >>>> > > >>>> > > >>>> > > >>>> _______________________________________________ > > >>>> To unsubscribe, edit your list preferences, or view the list > archives, > > >>>> please visit: > > >>>> http://list.valvesoftware.com/mailman/listinfo/hlds > > >>>> > > >>>> > > >>> _______________________________________________ > > >>> To unsubscribe, edit your list preferences, or view the list > archives, > > >>> > > >> please visit: > > >> > > >>> http://list.valvesoftware.com/mailman/listinfo/hlds > > >>> > > >> _________________________________________________________________ > > >> Windows Live: Make it easier for your friends to see what youre up to > > on > > >> Facebook. > > >> http://go.microsoft.com/?linkid=9691816 > > >> _______________________________________________ > > >> To unsubscribe, edit your list preferences, or view the list archives, > > >> please visit: > > >> http://list.valvesoftware.com/mailman/listinfo/hlds > > >> > > >> > > > _______________________________________________ > > > To unsubscribe, edit your list preferences, or view the list archives, > > please visit: > > > http://list.valvesoftware.com/mailman/listinfo/hlds > > > > > > > > > > > > > > > __________ Information from ESET Smart Security, version of virus > > signature database 4613 (20091116) __________ > > > > > > The message was checked by ESET Smart Security. > > > > > > http://www.eset.com > > > > > > > > > > > > > > > > > __________ Information from ESET Smart Security, version of virus > signature > > database 4613 (20091116) __________ > > > > The message was checked by ESET Smart Security. > > > > http://www.eset.com > > > > > > > > _______________________________________________ > > To unsubscribe, edit your list preferences, or view the list archives, > > please visit: > > http://list.valvesoftware.com/mailman/listinfo/hlds > > > > > > -- > /********************************************** > * Craig "FrostyCoolSlug" McLure > * ChatSpike - http://www.chatspike.net > * InspIRCd - http://www.inspircd.org > **********************************************/ > _______________________________________________ > To unsubscribe, edit your list preferences, or view the list archives, > please visit: > http://list.valvesoftware.com/mailman/listinfo/hlds > _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
