Re: [Csgo_servers] A LOT of IPs in servers bann-list. any ideas?!
There is currently an "exploit" going around which is essentially a web page with malicious Javascript code that attempts to log in to the RCON of specific servers 10 times in an attempt to get whoever visited the web page IP banned from the server. On 1/15/2017 10:57 AM, Sven 'Chaos' Pachnit wrote: Hey, the only IP bans I get are from „rcon hacking attempts“. If you keep your logs you should be able to see why an IP got banned. [ROOT@Hugo(pts-3)] /home/csgo# grep -f <(awk '{sub(/\r$/, ""); printf "%s\n", $3}' ./competitive/csgo/cfg/banned_ip.cfg) /root/competitive.log | uniq Banning 208.100.X.X for rcon hacking attempts Banning 208.100.X.X for rcon hacking attempts Banning 113.240.X.X for rcon hacking attempts Banning 208.100.X.X for rcon hacking attempts Banning 61.49.X.X for rcon hacking attempts I used my screenlog since it doesn’t appear to log bans to csgo/logs but I’m guessing that is where you get your entries from. Cheers! Chaos Am 15.01.2017 um 15:19 schrieb MiShU # gameserver-syndicate.de: Hey mates, since a while there are daily a lot of IPs in the bann-list of our servers and i dont know why. Any ideas? Sourcebans isnt active and basebans is also not active on those servers. Thx in advance for some ideas! :) regards, mishu ___ Csgo_servers mailing list Csgo_servers@list.valvesoftware.com https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers ___ Csgo_servers mailing list Csgo_servers@list.valvesoftware.com https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers -- Brendan Heinonen ___ Csgo_servers mailing list Csgo_servers@list.valvesoftware.com https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
Re: [Csgo_servers] Double port
I can't think of any reason why Valve would ban you for doing this. Your server will only be submitted to the server browser master list once, even if it is available on multiple ports. Perhaps you should elaborate on what exactly you're looking to accomplish. On 9/10/2016 0:19 AM, Ali Bey wrote: Thank you for answers So if i managed to do this with port to port, valve will be ban me? On 10 Sep 2016, at 06:49, Nomaan Ahmad <n0man@gmail.com <mailto:n0man@gmail.com>> wrote: I don't think this is allowed by Valve. On 10 September 2016 at 04:33, Brendan H <inv...@platinumdigitalgroup.net <mailto:inv...@platinumdigitalgroup.net>> wrote: Srcds does not have this feature as far as I'm aware. You can, however, use iptables to forward a port to another port if you're on Linux. If you're running Windows there is likely a firewall option to do this for you. On 9/9/2016 23:28 PM, Ali Bey wrote: Hello, I wan to open my server with double port. I mean its gonna be 1 server but it use 27015 and 27016. Is that possible? If it is, how can i do this? Thank you. ___ Csgo_servers mailing list Csgo_servers@list.valvesoftware.com <mailto:Csgo_servers@list.valvesoftware.com> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers <https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers> ___ Csgo_servers mailing list Csgo_servers@list.valvesoftware.com <mailto:Csgo_servers@list.valvesoftware.com> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers <https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers> ___ Csgo_servers mailing list Csgo_servers@list.valvesoftware.com <mailto:Csgo_servers@list.valvesoftware.com> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers ___ Csgo_servers mailing list Csgo_servers@list.valvesoftware.com https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers ___ Csgo_servers mailing list Csgo_servers@list.valvesoftware.com https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
Re: [Csgo_servers] Double port
Srcds does not have this feature as far as I'm aware. You can, however, use iptables to forward a port to another port if you're on Linux. If you're running Windows there is likely a firewall option to do this for you. On 9/9/2016 23:28 PM, Ali Bey wrote: Hello, I wan to open my server with double port. I mean its gonna be 1 server but it use 27015 and 27016. Is that possible? If it is, how can i do this? Thank you. ___ Csgo_servers mailing list Csgo_servers@list.valvesoftware.com https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers ___ Csgo_servers mailing list Csgo_servers@list.valvesoftware.com https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
Re: [Csgo_servers] Update
Denial of Service attacks are both illegal, and in my opinion, extremely immature. Security issues are not a joke, and as a long-time former server operator I sympathize greatly with other server operators who have to deal with such attacks every day. On 3/21/2016 18:43 PM, Tom Devonport wrote: Thanks for the breakdown, nice to have a full explanation, since it never came up clearly. Also, it seems a bit counter intuitive to have your website in your signature while posting here, especially what the site sells. Unless I'm missing something? But yeah. On 21 Mar 2016 22:32, "Brendan H" <inv...@platinumdigitalgroup.net <mailto:inv...@platinumdigitalgroup.net>> wrote: This update patches a crash exploit circulating for CSGO SRCDS. This affected both official and community servers. Since this update came with no documentation for server owners, I'd thought I'd do some documentation myself. The crash worked by using a malicious client to run the ConCommand "setinfo" in rapid succession for a period of time. Malicious commands were in the format "setinfo %d %d" where %d was an incrementing integer. On low-memory configurations, SRCDS could run out of heap space, or cause high CPU usage - enough to lag the server. This memory and resource exhaustion worked because a) setinfo iterated every registered ConCommand looking for one with the same name as the first parameter, which would block, b) if none exists, a new one is created with the specified name and value on the heap, and c) each unique run of setinfo would cause step (a) to take longer, thereby consuming more resources. Prior to this patch, mitigation was possible with SourceMod plugins that rate-limited ConVars. SourceMod Anti-Cheat had this capability, among other plugins. Vanilla servers were doneskies. *Most servers will be unaffected by this patch.* If your server, for whatever reason, needs to use setinfo or FCVAR_USERINFO in the middle of the game, then you must selectively whitelist allowed userinfo keys by defining the FCVAR_USERINFO ConVar on connection. This can be done quite easily on SourceMod. 1. Listen for OnClientConnect events. 2. Define a new ConVar with the specified key name with flag FCVAR_USERINFO (9). Regards, Brendan H Senior Software Engineer Platinum Digital Group LLC On 3/21/2016 16:52 PM, Vitaliy Genkin wrote: An optional server stability update for CS:GO has been released. It is recommended for server operators to update servers with PatchVersion=1.35.2.9 to the latest build ServerVersion=310. Community servers that need clients to upload changes to their userinfo entries during gameplay must set all allowed server-side userinfo setting keys when processing client connect. GL HF! ___ Csgo_servers mailing list Csgo_servers@list.valvesoftware.com <mailto:Csgo_servers@list.valvesoftware.com> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers ___ Csgo_servers mailing list Csgo_servers@list.valvesoftware.com <mailto:Csgo_servers@list.valvesoftware.com> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers ___ Csgo_servers mailing list Csgo_servers@list.valvesoftware.com https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers ___ Csgo_servers mailing list Csgo_servers@list.valvesoftware.com https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
Re: [Csgo_servers] Update
This update patches a crash exploit circulating for CSGO SRCDS. This affected both official and community servers. Since this update came with no documentation for server owners, I'd thought I'd do some documentation myself. The crash worked by using a malicious client to run the ConCommand "setinfo" in rapid succession for a period of time. Malicious commands were in the format "setinfo %d %d" where %d was an incrementing integer. On low-memory configurations, SRCDS could run out of heap space, or cause high CPU usage - enough to lag the server. This memory and resource exhaustion worked because a) setinfo iterated every registered ConCommand looking for one with the same name as the first parameter, which would block, b) if none exists, a new one is created with the specified name and value on the heap, and c) each unique run of setinfo would cause step (a) to take longer, thereby consuming more resources. Prior to this patch, mitigation was possible with SourceMod plugins that rate-limited ConVars. SourceMod Anti-Cheat had this capability, among other plugins. Vanilla servers were doneskies. *Most servers will be unaffected by this patch.* If your server, for whatever reason, needs to use setinfo or FCVAR_USERINFO in the middle of the game, then you must selectively whitelist allowed userinfo keys by defining the FCVAR_USERINFO ConVar on connection. This can be done quite easily on SourceMod. 1. Listen for OnClientConnect events. 2. Define a new ConVar with the specified key name with flag FCVAR_USERINFO (9). Regards, Brendan H Senior Software Engineer Platinum Digital Group LLC On 3/21/2016 16:52 PM, Vitaliy Genkin wrote: An optional server stability update for CS:GO has been released. It is recommended for server operators to update servers with PatchVersion=1.35.2.9 to the latest build ServerVersion=310. Community servers that need clients to upload changes to their userinfo entries during gameplay must set all allowed server-side userinfo setting keys when processing client connect. GL HF! ___ Csgo_servers mailing list Csgo_servers@list.valvesoftware.com https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers ___ Csgo_servers mailing list Csgo_servers@list.valvesoftware.com https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers