I hate to go ban every ip instead of steamid. I'll instruct the admins to take a look at this. Pretty annoying since the ingame menu usually bans the steamid and not the ip. They always seem to crawl out at night when there is almost no admin online.
-----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Kyle Sanderson Sent: zaterdag 14 augustus 2010 13:19 To: Half-Life dedicated Linux server mailing list Subject: Re: [hlds_linux] STEAM_0:0:1 Simple google search reveals: http://www.hackforums.net/showthread.php?tid=265369 Image of the application: http://img39.imageshack.us/img39/4663/serenityclient.png They're selling slots at unbeatable prices! All you want trolling for one easy payment of $50 for 5 months of access! Quote from the forums: [quote='hav0k' pid='2565535' dateline='1266110769'] LOL I wanna get 0:0:1 [/quote] - There is an Alfred wanna be already! It's rather disappointing to see this game out for over 5 years, and clients can still freely set their SteamID (Along with HL1, which has been out for well over 10). Along with maliciously attack servers flooding commands, or simple Denial of Service attacks using 5kb/s of bandwidth, but can bring the servers CPU to its knees. What's even worse is Valve not even addressing these as issues, it's completely asinine. COMPLETELY UNRELATED | Personal Experience | Ranting | Speculation: So I was running SRCDS as root (bad, I know). Just before we were about to swap the IP addresses with the DC, someone had formatted the box for us. Since SRCDS was the only program running as root... I can only draw one conclusion. In the end we only lost one L4D and one TF2 server (both of which have not been brought back up since), however if we were not in the process of moving, that could have been catastrophic. Since then there have been multiple extensions have been blacklisted. Why on earth not create a whitelist? I have a white list of good cvars/commands and the rest have cheats set. I honestly cannot understand the reasoning behind not doing this. However, this is just flogging a dead horse to be honest, the exploit is terribly old and first showed itself in 04 when the game was released. It would be nice to have some protection though, instead of relying on numerous extensions/plugins. As always, I've seemed to have taken the topic in another direction. However, all of these exploits are monumental, and can cause catastrophic damage to the server if used maliciously. Just like client plugins, something needs to be done. Kyle. On Sat, Aug 14, 2010 at 2:59 AM, ics <[email protected]> wrote: > Apparently there is some sort of things going on. Found this > http://www.facepunch.com/showthread.php?t=962042 > > Perhaps someone has found a way to make it work on TF2 and other > Source games. Propably some sort of LUA thing again, with clientside plugins. > > -ics > > 14.8.2010 6:12, Kyle Sanderson kirjoitti: > > Alfred is quite the troll, apparently. >> >> In all seriousness though, it isn't difficult at all to change a >> clients SteamID server side. It would not surprise me if this exploit >> still exists, I know this still exists in HL1 (as of 2009, that is). >> Just look at file Downloads/Uploads(deletions), they are still an >> issue to this day. >> >> It's just sad, >> Kyle. >> >> On Fri, Aug 13, 2010 at 8:01 PM, >> DontWannaName!<[email protected] >> >wrote: >> >> >> >>> VAC Banned says This SC ID does not match any Steam account. >>> >>> On Fri, Aug 13, 2010 at 7:51 PM, ics<[email protected]> wrote: >>> >>> >>> >>>> Heh, steam 0:0:1 belongs to valve folks so either you pranked >>>> somehow or the old trick has resurfaced, which allows somehow >>>> player to change the steamid he uses. This was happening last time >>>> around 6 years ago when CS Source came out. Someone should look >>>> into this @ Valve before it spreads. >>>> >>>> -ics >>>> >>>> 14.8.2010 5:41, Eric Riemers kirjoitti: >>>> >>>> All, >>>> >>>> >>>>> I might not be up to date, but tonight i had a mic spammer. So I >>>>> kicked him, came back ofcourse, banned him.. then still came back, >>>>> then did some speedhacks. (we use sourcebans btw) >>>>> >>>>> When I did a "status" in my console to get the steamid it was >>>>> "STEAM_0:0:1" >>>>> thats also the id sourcebans tried to ban him for. He also came >>>>> back >>>>> >>>>> >>>> with >>> >>> >>>> something like "STEAM_0:1:0", in the end I just banned his ip >>>>> (84.74.29.218) >>>>> >>>>> Seen something familiar like this? >>>>> >>>>> See the stats as example >>>>> http://stats.lethal-zone.eu/hlstats.php?mode=playerinfo&player=486 >>>>> 342 >>>>> >>>>> http://stats.lethal-zone.eu/hlstats.php?mode=playerinfo&player=486 >>>>> 344 >>>>> >>>>> (trying google with those steam id's didn't actually show up what >>>>> I >>>>> wanted) >>>>> >>>>> Eric >>>>> >>>>> >>>>> _______________________________________________ >>>>> To unsubscribe, edit your list preferences, or view the list >>>>> archives, please visit: >>>>> http://list.valvesoftware.com/mailman/listinfo/hlds_linux >>>>> >>>>> >>>>> >>>>> >>>> >>>> _______________________________________________ >>>> To unsubscribe, edit your list preferences, or view the list >>>> archives, please visit: >>>> http://list.valvesoftware.com/mailman/listinfo/hlds_linux >>>> >>>> >>>> >>> _______________________________________________ >>> To unsubscribe, edit your list preferences, or view the list >>> archives, please visit: >>> http://list.valvesoftware.com/mailman/listinfo/hlds_linux >>> >>> >>> >> _______________________________________________ >> To unsubscribe, edit your list preferences, or view the list >> archives, please visit: >> http://list.valvesoftware.com/mailman/listinfo/hlds_linux >> >> > > > _______________________________________________ > To unsubscribe, edit your list preferences, or view the list archives, > please visit: > http://list.valvesoftware.com/mailman/listinfo/hlds_linux > _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
