First of all..Why does the counter-strike web page now go to. http://dc3.cogitive.com/sbcdc/www.counter-strike.net/index.html
Second of all..Why cannot I authenticate to WON ?? It was working .. now it isnt. James Bourke wrote: > > Hi all, > > I've always been pretty careful about security but I made a mistake > this weekend and I wanted to share it with everyone here. > > Over the weekend I configured a new server for my game hosting > company. I went through the same basic process I always go through > before installing the machine in the colocation facility. I lock > everything down with very restrictive firewall settings and I disable > everything that isn't absolutely necesary for running halflife mods. > > After testing the machine out for a day or two I got a bit lazy and > decided to open up wu-ftp so I could use a regular ftp program to > upload files. > > I had the port open for a few hours when someone hacked into the > system using a wu-ftp vulnerability. They installed their own > rootkit, overwriting the contents of about 60 files in the /bin > directory. They created several "group 0" accounts and installed a > few processes of their own. > > I was very lucky to catch this person. On any other day he could > have gotten in entirely unnoticed, installed his software, and left > my system in a state where he would be invisible to further > inspection. > > I'll have to do a reinstall now. I've cleaned up all results of his > break-in as best I can but it wouldn't be fair to my customers to > risk their information. Reinstalling is really the only choice in > this situation. > > Here is my advice, geared for linux users: > > 1. DO NOT RUN: ftp, irc, bind, pop, or any other unnecessary service > on a gaming machine. Run sshd on the gaming server and put the other > processes on another machine. > 2. Run chkrootkit periodically to detect the presence of known > rootkits. > 3. Use ipchains or iptables to block everything you do not > absolutely need. > 4. Configure all users except yourself to run in a chrooted jail, if > you aren't doing so already. Incidentally, I did this and it is part > of what helped me catch him, as he had to edit /etc/ftpaccess to give > himself priveleges on the accounts he created. The hacker forgot to > change /etc/ftpaccess back to the original. If he had, I may never > have noticed any problems at all. > 5. Install AIDE, a free program that makes it easy to know when > someone has been on your system. > 6. DO NOT RUN ANY HALFLIFE PROCESSES THAT ALERT THE WORLD ABOUT YOUR > SERVERS UNTIL THE ABOVE STEPS ARE TAKEN. I believe that the hacker > found out about my vulnerability by watching a program like gamespy > for new servers. He happened to catch me while wu-ftp was running. > This guy, and people like him, are probably looking at these server > lists every day for new machines they can use. > 7. Do not use the same root password on multiple machines. I have > different passwords on my machines which is a real blessing at a time > like this. I don't have to worry that some trojan program has > captured my password and will enable a hacker to get onto my other > machines. > 8. Remember that a hacker doesn't necessarily want to take your > system down. In my case I have a dual AMD 1800+ machine with 1.2 Gig > of memory and 200 Gig of HD space. This is an ideal server for > halflife, but is also a great server for dealing in illegal child > porn, bootleg videos, MP3s, etc. Hackers want to use your machine so > they install rootkits that make it very hard to detect them. Next > time I build a machine I'll use smaller drives so it won't be as > tempting. > 9. Is your server acting funny? Does ps work in a way you don't > expect? Having trouble logging in sometimes? Has your machine > become slow, is it using more bandwidth than you expect? Does your > disk hover near capacity but you can't find the files that are > causing the problem? Chances are you have been hacked. > 10. If you think you have been compromised, don't trust ps, last, > who, .bash_history, ls, etc to tell you anything. Hackers leave > their own versions of these files so that you can't see what they are > doing. In my case the hacker used a version of ps that hid 3 > processes from me. > > *IMPORTANT* > If you are running wu-ftp and a halflife server I hate to break it to > you but you should just assume you are compromised. It took just a > few hours for my machine. Get paranoid but don't panic. The first > thing you should do is install chkrootkit. Its free and easy to use > and it will give you a good indication of whether you've been hit. > > I'd like to work with some other admins to create a security guide > for game servers. If you are interested reply to this thread or > email me at [EMAIL PROTECTED] > > Jim > > __________________________________________________ > Do You Yahoo!? > Yahoo! Health - Feel better, live better > http://health.yahoo.com > _______________________________________________ > To unsubscribe, edit your list preferences, or view the list archives, please visit: > http://list.valvesoftware.com/mailman/listinfo/hlds_linux _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
