Re: [Csgo_servers] A LOT of IPs in servers bann-list. any ideas?!
There is currently an "exploit" going around which is essentially a web
page with malicious Javascript code that attempts to log in to the RCON
of specific servers 10 times in an attempt to get whoever visited the
web page IP banned from the server.
On 1/15/2017 10:57 AM, Sven 'Chaos' Pachnit wrote:
Hey,
the only IP bans I get are from „rcon hacking attempts“. If you keep your logs
you should be able to see why an IP got banned.
[ROOT@Hugo(pts-3)] /home/csgo# grep -f <(awk '{sub(/\r$/, ""); printf "%s\n",
$3}' ./competitive/csgo/cfg/banned_ip.cfg) /root/competitive.log | uniq
Banning 208.100.X.X for rcon hacking attempts
Banning 208.100.X.X for rcon hacking attempts
Banning 113.240.X.X for rcon hacking attempts
Banning 208.100.X.X for rcon hacking attempts
Banning 61.49.X.X for rcon hacking attempts
I used my screenlog since it doesn’t appear to log bans to csgo/logs but I’m
guessing that is where you get your entries from.
Cheers!
Chaos
Am 15.01.2017 um 15:19 schrieb MiShU # gameserver-syndicate.de
:
Hey mates,
since a while there are daily a lot of IPs in the bann-list of our servers and
i dont know why. Any ideas?
Sourcebans isnt active and basebans is also not active on those servers.
Thx in advance for some ideas! :)
regards,
mishu
___
Csgo_servers mailing list
Csgo_servers@list.valvesoftware.com
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
___
Csgo_servers mailing list
Csgo_servers@list.valvesoftware.com
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
--
Brendan Heinonen
___
Csgo_servers mailing list
Csgo_servers@list.valvesoftware.com
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
Re: [Csgo_servers] Double port
I can't think of any reason why Valve would ban you for doing this. Your server will only be submitted to the server browser master list once, even if it is available on multiple ports. Perhaps you should elaborate on what exactly you're looking to accomplish. On 9/10/2016 0:19 AM, Ali Bey wrote: Thank you for answers So if i managed to do this with port to port, valve will be ban me? On 10 Sep 2016, at 06:49, Nomaan Ahmad <n0man@gmail.com <mailto:n0man@gmail.com>> wrote: I don't think this is allowed by Valve. On 10 September 2016 at 04:33, Brendan H <inv...@platinumdigitalgroup.net <mailto:inv...@platinumdigitalgroup.net>> wrote: Srcds does not have this feature as far as I'm aware. You can, however, use iptables to forward a port to another port if you're on Linux. If you're running Windows there is likely a firewall option to do this for you. On 9/9/2016 23:28 PM, Ali Bey wrote: Hello, I wan to open my server with double port. I mean its gonna be 1 server but it use 27015 and 27016. Is that possible? If it is, how can i do this? Thank you. ___ Csgo_servers mailing list Csgo_servers@list.valvesoftware.com <mailto:Csgo_servers@list.valvesoftware.com> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers <https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers> ___ Csgo_servers mailing list Csgo_servers@list.valvesoftware.com <mailto:Csgo_servers@list.valvesoftware.com> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers <https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers> ___ Csgo_servers mailing list Csgo_servers@list.valvesoftware.com <mailto:Csgo_servers@list.valvesoftware.com> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers ___ Csgo_servers mailing list Csgo_servers@list.valvesoftware.com https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers ___ Csgo_servers mailing list Csgo_servers@list.valvesoftware.com https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
Re: [Csgo_servers] Double port
Srcds does not have this feature as far as I'm aware. You can, however, use iptables to forward a port to another port if you're on Linux. If you're running Windows there is likely a firewall option to do this for you. On 9/9/2016 23:28 PM, Ali Bey wrote: Hello, I wan to open my server with double port. I mean its gonna be 1 server but it use 27015 and 27016. Is that possible? If it is, how can i do this? Thank you. ___ Csgo_servers mailing list Csgo_servers@list.valvesoftware.com https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers ___ Csgo_servers mailing list Csgo_servers@list.valvesoftware.com https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
Re: [Csgo_servers] Update
Denial of Service attacks are both illegal, and in my opinion, extremely
immature. Security issues are not a joke, and as a long-time former
server operator I sympathize greatly with other server operators who
have to deal with such attacks every day.
On 3/21/2016 18:43 PM, Tom Devonport wrote:
Thanks for the breakdown, nice to have a full explanation, since it
never came up clearly.
Also, it seems a bit counter intuitive to have your website in your
signature while posting here, especially what the site sells. Unless
I'm missing something? But yeah.
On 21 Mar 2016 22:32, "Brendan H" <inv...@platinumdigitalgroup.net
<mailto:inv...@platinumdigitalgroup.net>> wrote:
This update patches a crash exploit circulating for CSGO SRCDS.
This affected both official and community servers. Since this
update came with no documentation for server owners, I'd thought
I'd do some documentation myself.
The crash worked by using a malicious client to run the ConCommand
"setinfo" in rapid succession for a period of time. Malicious
commands were in the format "setinfo %d %d" where %d was an
incrementing integer. On low-memory configurations, SRCDS could
run out of heap space, or cause high CPU usage - enough to lag the
server.
This memory and resource exhaustion worked because a) setinfo
iterated every registered ConCommand looking for one with the same
name as the first parameter, which would block, b) if none exists,
a new one is created with the specified name and value on the
heap, and c) each unique run of setinfo would cause step (a) to
take longer, thereby consuming more resources.
Prior to this patch, mitigation was possible with SourceMod
plugins that rate-limited ConVars. SourceMod Anti-Cheat had this
capability, among other plugins. Vanilla servers were doneskies.
*Most servers will be unaffected by this patch.* If your server,
for whatever reason, needs to use setinfo or FCVAR_USERINFO in the
middle of the game, then you must selectively whitelist allowed
userinfo keys by defining the FCVAR_USERINFO ConVar on
connection. This can be done quite easily on SourceMod.
1. Listen for OnClientConnect events.
2. Define a new ConVar with the specified key name with flag
FCVAR_USERINFO (9).
Regards,
Brendan H
Senior Software Engineer
Platinum Digital Group LLC
On 3/21/2016 16:52 PM, Vitaliy Genkin wrote:
An optional server stability update for CS:GO has been released. It is
recommended for server operators to update servers with PatchVersion=1.35.2.9
to the latest build ServerVersion=310.
Community servers that need clients to upload changes to their userinfo
entries during gameplay must set all allowed server-side userinfo setting keys
when processing client connect.
GL HF!
___
Csgo_servers mailing list
Csgo_servers@list.valvesoftware.com
<mailto:Csgo_servers@list.valvesoftware.com>
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
___
Csgo_servers mailing list
Csgo_servers@list.valvesoftware.com
<mailto:Csgo_servers@list.valvesoftware.com>
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
___
Csgo_servers mailing list
Csgo_servers@list.valvesoftware.com
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
___
Csgo_servers mailing list
Csgo_servers@list.valvesoftware.com
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
Re: [Csgo_servers] Update
This update patches a crash exploit circulating for CSGO SRCDS. This affected both official and community servers. Since this update came with no documentation for server owners, I'd thought I'd do some documentation myself. The crash worked by using a malicious client to run the ConCommand "setinfo" in rapid succession for a period of time. Malicious commands were in the format "setinfo %d %d" where %d was an incrementing integer. On low-memory configurations, SRCDS could run out of heap space, or cause high CPU usage - enough to lag the server. This memory and resource exhaustion worked because a) setinfo iterated every registered ConCommand looking for one with the same name as the first parameter, which would block, b) if none exists, a new one is created with the specified name and value on the heap, and c) each unique run of setinfo would cause step (a) to take longer, thereby consuming more resources. Prior to this patch, mitigation was possible with SourceMod plugins that rate-limited ConVars. SourceMod Anti-Cheat had this capability, among other plugins. Vanilla servers were doneskies. *Most servers will be unaffected by this patch.* If your server, for whatever reason, needs to use setinfo or FCVAR_USERINFO in the middle of the game, then you must selectively whitelist allowed userinfo keys by defining the FCVAR_USERINFO ConVar on connection. This can be done quite easily on SourceMod. 1. Listen for OnClientConnect events. 2. Define a new ConVar with the specified key name with flag FCVAR_USERINFO (9). Regards, Brendan H Senior Software Engineer Platinum Digital Group LLC On 3/21/2016 16:52 PM, Vitaliy Genkin wrote: An optional server stability update for CS:GO has been released. It is recommended for server operators to update servers with PatchVersion=1.35.2.9 to the latest build ServerVersion=310. Community servers that need clients to upload changes to their userinfo entries during gameplay must set all allowed server-side userinfo setting keys when processing client connect. GL HF! ___ Csgo_servers mailing list Csgo_servers@list.valvesoftware.com https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers ___ Csgo_servers mailing list Csgo_servers@list.valvesoftware.com https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
