Does this only effect Garry's Mod? or anything with LUA? I seem to recall Fortress Forever using LUA underneath? Not that anybody plays that any more. Just an example.
On Fri, Apr 18, 2014 at 8:37 PM, Ryan Kistner <[email protected]> wrote: > I've also mirrored the gist since it appears to be have been taken down: > > https://dl.dropboxusercontent.com/u/759758/gistd9872acbf2da227e9281- > 122b03e8c03fabc15f5acb3b52d5ca0b4baa2360.tar.gz > > > On Friday, April 18, 2014 9:33:56 PM, Ryan Kistner wrote: > >> Looking at that thread, it appears that engine_win32.dll has a working >> bypass of the net_file blacklist. If anyone has a sample of that file >> I would be interested in taking a look at it. >> >> A quick look at the provided files (gist: >> https://gist.github.com/Chrisaster/d9872acbf2da227e9281) suggests that: >> - Initial infection from client to server is in client_init.lua, which >> downloads server.cfg (looking for the RCON password to continue the >> exploit) and uploads engine_win32.dll >> - Once the server runs the server_infect.lua code, it writes back >> engine_win32.dll and does a SendLua to install client_init.lua >> >> If you've firewalled off RCON (as you should have) then this >> particular version of the exploit won't hurt you. However, there is >> definitely some sort of bypass for the net_file blacklist. >> >> On 4/18/2014 9:11 PM, wickedplayer494 wrote: >> >>> http://facepunch.com/showthread.php?t=1386818 >>> >>> If your clients are complaining about "*cough*" spam or similar >>> through Steam chat, this is what's causing it. It may be wise to just >>> completely kill your server until the Facepunch folks release an >>> update to fix this (even though it's 3 AM in the UK), as it's rumored >>> that even if rcon/client uploads are disabled, it'll still work. >>> >>> _______________________________________________ >>> To unsubscribe, edit your list preferences, or view the list >>> archives, please visit: >>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds >>> >> >> > _______________________________________________ > To unsubscribe, edit your list preferences, or view the list archives, > please visit: > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds >
_______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds
