That crash is in CTeamplayRoundBasedRules::ShouldCreateEntity(char const*)
I checked Throttle for any other crashes with this signature (hoping to get
a stacktrace), but I couldn't find any.
~~~~~
"Their heads are green, and their hands are blue,
And they went to sea in a Sieve." - Edward Lear
On Sun, Mar 2, 2014 at 2:58 PM, Kevin <[email protected]> wrote:
> From your graph it seems like you are on NFO, the best action to take
> would of been getting a network snapshot while the server was being taken
> down.
>
>
> On 3/2/2014 5:12 AM, Mitchell Huang wrote:
>
>> Thanks for the suggestions. Although we are more concerned about making
>> sure everyone including Valve is aware that a new server exploit might be
>> in the wild.
>>
>> And besides, every time we have to deal with AKARaccoon he just comes back
>> with a new dynamic IP. We'd rather just have this exploit patched than
>> have
>> to deal with him repeatedly.
>>
>> We are not 100% sure this is an exploit but based on his Reddit account
>> history he seems to be very good at creating hacks. He is also
>> apparently the creator of "MVMBot" which is a bot that adds people to an
>> MVM game and aimbots everything so they win.
>>
>> He seems to know what he's doing and like every other hacker, comes off as
>> a narcissistic self righteous asshole. He's probably subscribed to this
>> mailing list too so AKARaccoon if you're reading this: go fuck yourself
>> :-)
>>
>> On Sunday, March 2, 2014, ics <[email protected]> wrote:
>>
>> Drop packets from his ip with iptables. See if he can do any crashing
>>> after that.
>>>
>>> -ics
>>>
>>> Mitchell Huang kirjoitti:
>>>
>>> Late Saturday night (2014-03-02), AKARaccoon (
>>>> http://steamcommunity.com/id/AKARaccoon,
>>>> http://www.reddit.com/user/AKARacooon, IP 70.192.16.230) joined our
>>>> server
>>>> on alts and started aimbotting. After we banned a couple of his
>>>> accounts,
>>>> he said, at 01:07:41 EDT:
>>>>
>>>>
>>>> "Hey faggot, I don't like being kicked. Server goes down for you now.
>>>> <3"
>>>>
>>>>
>>>> The server then immediately crashed and was unreachable. Initially, we
>>>> assumed it was a DDoS, however the network logs showed nothing out of
>>>> the
>>>> ordinary.
>>>>
>>>>
>>>> Server network graph (times are in PDT): http://i.imgur.com/Otip5JW.png
>>>>
>>>>
>>>> Very normal network logs for a TF2 server... no more than 5Mbit traffic
>>>> the
>>>> entire time.
>>>>
>>>> There is also nothing unusual in the SRCDS logs. No RCON login attempts
>>>> or
>>>> anything out of the ordinary.
>>>>
>>>>
>>>> After the first crash, he reconnects as "BAN ME NOW FAGGOT"
>>>> (STEAM_0:1:84052152) and says:
>>>>
>>>>
>>>> "CRSAH"
>>>>
>>>> "I crashed the server."
>>>>
>>>> "Faggot admins wanna try and ban me."
>>>>
>>>> "Lol, no."
>>>>
>>>> "I always win."
>>>>
>>>> "Faggots."
>>>>
>>>>
>>>> We then kicked and banned him again at 01:11:10 EDT, and the server
>>>> again
>>>> crashed within a couple of minutes of his ban. After shutting down all
>>>> connections to the server and looking through our logs, we found
>>>> suspicious
>>>> segfaults coinciding with the server crashes:
>>>>
>>>>
>>>> Mar 2 01:08:09 ny kernel: [593389.393517] srcds_linux[19195]: segfault
>>>> at
>>>> 5b ip 00000000ed2b8b4a sp 00000000ffcb85c0 error 4 in
>>>> server_srv.so[eccab000+65c000]
>>>> Mar 2 01:09:30 ny kernel: [593470.670819] srcds_linux[20799]: segfault
>>>> at
>>>> 3ed ip 00000000ed2e3b4a sp 00000000ff822540 error 4 in
>>>> server_srv.so[eccd6000+65c000]
>>>> Mar 2 01:12:26 ny kernel: [593646.211683] srcds_linux[20828]: segfault
>>>> at
>>>> 60 ip 00000000ed21fb4a sp 00000000ff862270 error 4 in
>>>> server_srv.so[ecc12000+65c000]
>>>>
>>>>
>>>> It looks as if he exploited something in server_srv.so to make the
>>>> server
>>>> crash. We run SRCDS on Linux (Debian stable). We are not sure if windows
>>>> servers are also affected.
>>>>
>>>>
>>>> We also found a similar post related to him on the Lotus Clan forums
>>>> dated
>>>> Feb 18 where players mentioned that he crashed the server after
>>>> aimbotting.
>>>> However, we doubt it's related to the achievement manager spam the first
>>>> poster mentions:
>>>>
>>>>
>>>> http://forums.gamingterritory.com/topic/28821-ban-request-
>>>> akaraccoon-server-crashing-god/
>>>>
>>>>
>>>> Thoughts?
>>>> _______________________________________________
>>>> To unsubscribe, edit your list preferences, or view the list archives,
>>>> please visit:
>>>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux
>>>>
>>>>
>>> _______________________________________________
>>> To unsubscribe, edit your list preferences, or view the list archives,
>>> please visit:
>>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux
>>>
>>> _______________________________________________
>> To unsubscribe, edit your list preferences, or view the list archives,
>> please visit:
>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux
>>
>
>
> _______________________________________________
> To unsubscribe, edit your list preferences, or view the list archives,
> please visit:
> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux
>
_______________________________________________
To unsubscribe, edit your list preferences, or view the list archives, please
visit:
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux
