Re: [hlds] Source Engine Upload/Download POC

2009-12-02 Thread Garry Newman
Anyone had any word from Valve on this? I'd rather not install a load of plugins to try to stop people hacking my server. garry ___ To unsubscribe, edit your list preferences, or view the list archives, please visit:

Re: [hlds] Source Engine Upload/Download POC

2009-12-02 Thread Spencer 'voogru' MacDonald
...@list.valvesoftware.com [mailto:hlds-boun...@list.valvesoftware.com] On Behalf Of Garry Newman Sent: Wednesday, December 02, 2009 6:32 PM To: Half-Life dedicated Win32 server mailing list Subject: Re: [hlds] Source Engine Upload/Download POC Anyone had any word from Valve on this? I'd rather not install a load

Re: [hlds] Source Engine Upload/Download POC

2009-12-02 Thread P1cwh0r3
...@list.valvesoftware.com] On Behalf Of Spencer 'voogru' MacDonald Sent: Thursday, 3 December 2009 11:12 AM To: 'Half-Life dedicated Win32 server mailing list' Subject: Re: [hlds] Source Engine Upload/Download POC You can prevent most damage by simply locking down your addons, cfg, scripts directories

Re: [hlds] Source Engine Upload/Download POC

2009-11-29 Thread cnu
On Sunday 29 November 2009 10:26:50 AzuiSleet wrote: Source: http://azu.pastebin.com/m1cd1ab0b You got some other interesting pastes here :p http://azu.pastebin.com/m483ef5a0 http://azu.pastebin.com/f32ff6903 ___ To unsubscribe, edit your list

Re: [hlds] Source Engine Upload/Download POC

2009-11-29 Thread AzuiSleet
Yes well you can ignore those fools. They like to vandalize my pastebin. On Sun, Nov 29, 2009 at 3:55 AM, cnu bsh...@broadpark.no wrote: On Sunday 29 November 2009 10:26:50 AzuiSleet wrote: Source: http://azu.pastebin.com/m1cd1ab0b You got some other interesting pastes here :p

Re: [hlds] Source Engine Upload/Download POC

2009-11-29 Thread Saul Rennison
Awesome. It's not really a server plugin though is it? I'll try this when I get home... take over some servers. 3 VALVe security. On Sunday, November 29, 2009, AzuiSleet azuisl...@gmail.com wrote: Yes well you can ignore those fools. They like to vandalize my pastebin. On Sun, Nov 29, 2009 at

Re: [hlds] Source Engine Upload/Download POC

2009-11-29 Thread Michael Krasnow
wait, so this means anyone can go on a server and download a server.cfg? time to bury my rcon in a crap load of exec files lol On Sun, Nov 29, 2009 at 7:49 AM, Saul Rennison saul.renni...@gmail.comwrote: Awesome. It's not really a server plugin though is it? I'll try this when I get home...

Re: [hlds] Source Engine Upload/Download POC

2009-11-29 Thread P. Bhandal
You're better off blocking your game server's TCP port. On Sun, Nov 29, 2009 at 7:51 AM, Michael Krasnow mnk...@mnkras.com wrote: wait, so this means anyone can go on a server and download a server.cfg? time to bury my rcon in a crap load of exec files lol On Sun, Nov 29, 2009 at 7:49 AM,

Re: [hlds] Source Engine Upload/Download POC

2009-11-29 Thread Shane Arnold
Shell/RDP account. Cryptography key. RCON port blocked/filtered to a specific IP. Winrar. Michael Krasnow wrote: wait, so this means anyone can go on a server and download a server.cfg? time to bury my rcon in a crap load of exec files lol On Sun, Nov 29, 2009 at 7:49 AM, Saul Rennison

Re: [hlds] Source Engine Upload/Download POC

2009-11-29 Thread w4rezz
Or you can remove rcon_password from server.cfg and use it as a server startup parameter +rcon_password blabla 2009/11/29 Michael Krasnow mnk...@mnkras.com: wait, so this means anyone can go on a server and download a server.cfg? time to bury my rcon in a crap load of exec files lol On Sun,

Re: [hlds] Source Engine Upload/Download POC

2009-11-29 Thread Michael Krasnow
Good idea i think thats a bit easier :) On Sun, Nov 29, 2009 at 11:13 AM, w4rezz w4r...@gmail.com wrote: Or you can remove rcon_password from server.cfg and use it as a server startup parameter +rcon_password blabla 2009/11/29 Michael Krasnow mnk...@mnkras.com: wait, so this means anyone

Re: [hlds] Source Engine Upload/Download POC

2009-11-29 Thread Saul Rennison
You could upload a plugin which dumped Rcon and password data to a certain PHP page to the server, then crash the server (several known crashing exploits) to make the plugin auto-load. It's like a server root-kit lol. On Sunday, November 29, 2009, w4rezz w4r...@gmail.com wrote: Or you can remove

Re: [hlds] Source Engine Upload/Download POC

2009-11-29 Thread Saul Rennison
Read the OP... On Sunday, November 29, 2009, Aaron A. Maricic pennsta...@gmail.com wrote: Does this apply to L4D / L4D2? AzuiSleet wrote: It seems the upload/download exploits aren't dead yet, and Valve didn't do a good job at patching them. A blacklist didn't work too well. Here is a

Re: [hlds] Source Engine Upload/Download POC

2009-11-29 Thread Spencer 'voogru' MacDonald
mailing list Subject: Re: [hlds] Source Engine Upload/Download POC You could upload a plugin which dumped Rcon and password data to a certain PHP page to the server, then crash the server (several known crashing exploits) to make the plugin auto-load. It's like a server root-kit lol. On Sunday