|
evolv
|
 |
« on: February 08, 2010, 07:11:35 PM » |
|
As some of you might know there have been a couple of people going around breaking into servers. (Buck Nasty's surf shack being one of them) Recently we have caught a couple of these guys, but I feel we may have found the main culprit behind this.
L 02/08/2010 - 01:17:22: [rcon_lock.smx] Blocking changelevel from '-[Lg]- мвѕυяғзя': 2 "ma_say;rcon_Password hacked"
L 02/08/2010 - 01:17:22: [rcon_lock.smx] Blocking changelevel from '-[Lg]- мвѕυяғзя': 3 "ma_say;rcon_Password hacked"
As you can see our logs have recorded -[Lg]- мвѕυяғзя has attempted to break into our rcon (Thank god for rcon_lock.smx). After doing a check up on this user we have traced it to the user MBSurfer.
He managed to somehow gain access to sourcemod/mani admin and removed all our admins/ banned a bunch of people in our server. (I believe D-Fens saved us from unauthorized plugin uploads, which had happened to us before.)
If there is a global banlist anyone would like to add this too, it will save you alot of trouble before this skiddie attempts to break in using mani/sm upload exploit.
|
|
|
|
« Last Edit: February 08, 2010, 11:18:21 PM by evolv »
|
Logged
|
|
|
|
|
spoz
|
|
« Reply #1 on: February 08, 2010, 07:13:05 PM » |
|
Dupe thread, just email his ISP's abuse department regarding a unauthorized breach and circumvention of network protection  Also, sup MB  |
|
|
|
« Last Edit: February 08, 2010, 07:17:17 PM by spoz »
|
Logged
|
 But if u really wanna see a screwed up map take a look at that greatriver awesome 1... freaked the shit out of me... its like a child molestation adventure..... |
|
|
|
evolv
|
|
« Reply #2 on: February 08, 2010, 07:17:48 PM » |
|
Dupe thread, just email his ISP's abuse department regarding a unauthorized breach and circumvention of network protection You make a very good point, I would like to contact MBSurfer before I begin to use drastic measures. Thanks for your help ^^ |
|
|
|
|
Logged
|
|
|
|
|
spoz
|
|
« Reply #3 on: February 08, 2010, 07:22:04 PM » |
|
I'll just leave this here. 843-602-8273  |
|
|
|
|
Logged
|
But if u really wanna see a screwed up map take a look at that greatriver awesome 1... freaked the shit out of me... its like a child molestation adventure..... |
|
|
|
|
|
spoz
|
|
« Reply #5 on: February 08, 2010, 07:26:18 PM » |
|
protip: NEVER post your cell on twitter |
|
|
|
|
Logged
|
But if u really wanna see a screwed up map take a look at that greatriver awesome 1... freaked the shit out of me... its like a child molestation adventure..... |
|
|
|
Ryan_S
|
|
« Reply #6 on: February 08, 2010, 07:26:38 PM » |
|
IP Location Lookup results for 98.122.44.29 in South Carolina
IP Address Region: South Carolina
IP Address City: Myrtle Beach
IP Address Latitude: (33.6985)
IP Address Longtitude: (-78.9032)
Hahahaha Myrtle Beach is such a fun place. |
|
|
|
|
Logged
|
|
|
|
|
evolv
|
|
« Reply #7 on: February 08, 2010, 07:28:04 PM » |
|
I'll just leave this here. no way lol spoz u so 1337  |
|
|
|
|
Logged
|
|
|
|
|
RazerSurf
|
|
« Reply #8 on: February 08, 2010, 07:35:19 PM » |
|
I'll just leave this here. wtf is that? : o his phone number or sumethin? |
|
|
|
|
Logged
|
|
|
|
|
evolv
|
|
« Reply #9 on: February 14, 2010, 03:33:23 PM » |
|
Well another exploit attempt today.
L 02/14/2010 - 10:18:58: rcon from "68.102.137.254:62194": command "say OWNEDBYSKY"
L 02/14/2010 - 10:18:58: "Console<0><Console><Console>" say "OWNEDBYSKY"
I dont know who this is but I got there IP. For any global ban list one might have.
|
|
|
|
|
Logged
|
|
|
|
|
Paul
|
|
« Reply #10 on: February 14, 2010, 03:52:14 PM » |
|
I think I was there, and I think someone dos attacked the server today...
|
|
|
|
|
Logged
|
|
|
|
|
evolv
|
|
« Reply #11 on: February 14, 2010, 04:12:51 PM » |
|
Yeah its the same old exploit they keep using that allows them to gain rcon access. I am running nearly every single patch you could think of and I still dont know how they managed it  |
|
|
|
|
Logged
|
|
|
|
|
spoz
|
|
« Reply #12 on: February 14, 2010, 05:06:55 PM » |
|
|
|
|
|
|
Logged
|
But if u really wanna see a screwed up map take a look at that greatriver awesome 1... freaked the shit out of me... its like a child molestation adventure..... |
|
|
|
evolv
|
|
« Reply #13 on: February 14, 2010, 06:24:23 PM » |
|
We are running both of those + basically every other exploit patch/fix. Including scortchedearth.smx. We have decided to just now completely firewall off the rcon. This is what they are using http://pastebin.com/f78d3e858and D-Fens does not patch it >< Apparently any servers running Mani or Sourcemod are exploitable. |
|
|
|
|
Logged
|
|
|
|
|
evolv
|
|
« Reply #14 on: February 14, 2010, 06:25:07 PM » |
|
also as a note, making files that are accessible through rcon, readme only might patch it.
|
|
|
|
|
Logged
|
|
|
|
|
silverlol
|
|
« Reply #15 on: February 14, 2010, 06:43:01 PM » |
|
thanks for announcing this evolv.
and spoz, you sir, are leet as fuck. holy shit.
|
|
|
|
|
Logged
|
silver? lol!
|
|
|
|
spoz
|
|
« Reply #16 on: February 14, 2010, 08:02:09 PM » |
|
if you're able to request it from your GSP, change server.cfg to something random like server_lol-hax0rz.cfg and get your GSP to add the +servercfgfile CLS
|
|
|
|
|
Logged
|
But if u really wanna see a screwed up map take a look at that greatriver awesome 1... freaked the shit out of me... its like a child molestation adventure..... |
|
|
|
Arjenlodder
|
|
« Reply #17 on: February 14, 2010, 08:58:49 PM » |
|
if you're able to request it from your GSP, change server.cfg to something random like server_lol-hax0rz.cfg and get your GSP to add the +servercfgfile CLS
This... is one smart solution! I own a couple of servers myself (never got hacked) and changed it directly :p Thnx. Anyway, those instruction... are there files too? like a .sp file of the actual sourcemod plugin? If so, could someone link me to it? Ty  Freaking hackers... (BTW, Isn't hacking a server VAC-Bannable?) |
|
|
|
|
Logged
|
|
|
|
|
