Better to ban ID's instead of IP's IMO
Here are some that made everyone time out on my server:
L 10/15/2004 - 21:56:40: "%n<2288><STEAM_0:1:1287646>" disconnected ("%n
timed out")
L 10/15/2004 - 23:24:15: "Joey Fagnuts<2318><STEAM_0:1:657221><CT>" changed
name to "%n"
L 10/15/2004 - 23:24:18: "%n<2318><STEAM_0:1:657221><CT>" committed suicide
with "world"
L 10/16/2004 - 03:44:18: "%n<2513><STEAM_0:0:570997>" disconnected ("%n
timed out")
L 10/16/2004 - 22:26:49: "%n<636><STEAM_0:0:734331><TERRORIST>" say
"groont.com and votenader.org says this server is going to crash"
L 10/16/2004 - 22:26:55: "%n<636><STEAM_0:0:734331><TERRORIST>" committed
suicide with "world"
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Bruce "Bahamut"
Andrews
Sent: Sunday, October 17, 2004 3:25 AM
To: [EMAIL PROTECTED]
Subject: Re: [hlds] serious cs:s vulnerability
might like to ban their ID's as well. Though it is pretty much impossible
to tell the difference between someone that got a new account for HL2 so
they didn't lose their old cd key and someone who's using the steam exploit,
it's better to keep them off the servers in any way possible.
Since these are malicious attacks against your server, you could try some
legal movements on the people if you have some spare time =)
- Bruce "Bahamut" Andrews
[EMAIL PROTECTED] wrote:
>All you can do for now is to go thru your logs, looking for ppl who
>have changed their name to %n and ban their IP address accordingly so
>they cant come back and do it again. I have noticed some repeat
>offenders on my servers, just got thru banning several people on my
>servers.
>
>- K2
>
>
>"thrillhaus" <[EMAIL PROTECTED]> wrote:
>
>
>
>>So what can be done?? Nothing? Just happened on my server :(
>>
>>-----Original Message-----
>>From: [EMAIL PROTECTED]
>>[mailto:[EMAIL PROTECTED] On Behalf Of Kevin Gerry
>>Sent: Saturday, October 16, 2004 9:58 AM
>>To: [EMAIL PROTECTED]
>>Subject: RE: [hlds] serious cs:s vulnerability
>>
>>Peh, I just had this happen to myself.
>>
>>What idiots >.<
>>
>>Pretty much...
>>"%n: Don't kill or kick me or you'll all crash -myg0t"
>>
>>Then it crashed.
>>
>>*sigh*
>>
>>~
>>
>>-----Original Message-----
>>From: [EMAIL PROTECTED]
>>[mailto:[EMAIL PROTECTED] On Behalf Of
>>[EMAIL PROTECTED]
>>Sent: Saturday, October 16, 2004 9:27 AM
>>To: [EMAIL PROTECTED]
>>Subject: Re: [hlds] serious cs:s vulnerability
>>
>>Yup. One of my admins was watching the console on my server and saw
>>exactly how it's done. Dave, did ya send the particulars to Valve
>>already? Hoping this gets resolved soon Valve.
>>
>>- K2
>>
>>David Fencik <[EMAIL PROTECTED]> wrote:
>>
>>
>>
>>>Here's another ip address of someone who exploited the format string
>>>vulnerability to disconnect all clients on one of my servers:
>>>
>>>138.88.222.21
>>>
>>>Dave
>>>
>>>-----Original Message-----
>>>From: [EMAIL PROTECTED]
>>>[mailto:[EMAIL PROTECTED] On Behalf Of David Fencik
>>>Sent: Friday, October 15, 2004 8:29 PM
>>>To: [EMAIL PROTECTED]
>>>Subject: RE: [hlds] serious cs:s vulnerability
>>>
>>>Just for grins....here's the ip address of the offending hacker:
>>>
>>>68.37.174.181
>>>
>>>Dave
>>>
>>>-----Original Message-----
>>>From: [EMAIL PROTECTED]
>>>[mailto:[EMAIL PROTECTED] On Behalf Of
>>>[EMAIL PROTECTED]
>>>Sent: Friday, October 15, 2004 8:07 PM
>>>To: [EMAIL PROTECTED]
>>>Subject: Re: [hlds] serious cs:s vulnerability
>>>
>>>Yeah I just had to restart one of my servers as well. It *looks* like
>>>the last exploit (malformed rcon command that would hang the server
>>>and peg the CPU at
>>>100%) however this time cpu usage doesnt skyrocket, and in the console
>>>you can
>>>see all of the players drop via timing out, all at the same time almost.
>>>
>>>You seeing the same thing Dave?
>>>
>>>- K2
>>>http://www.hardfought.org
>>>
>>>
>>>David Fencik <[EMAIL PROTECTED]> wrote:
>>>
>>>
>>>
>>>>This is a multi-part message in MIME format.
>>>>--
>>>>[ Picked text/plain from multipart/alternative ]
>>>>Some script kiddie just crashed one of my source servers. It amazes
>>>>
>>>>
>>>me
>>>
>>>
>>>>that there could be such an easily exploitable vulnerability in such
>>>>
>>>>
>>>an
>>>
>>>
>>>>obvious place. Here's a hint to you all: format-string
>>>>
>>>>
>>>vulnerability.
>>>
>>>
>>>>Feel free to email me off list if you'd like the specifics.
>>>>
>>>>Dave
>>>>--
>>>>
>>>>_______________________________________________
>>>>To unsubscribe, edit your list preferences, or view the list
>>>>archives,
>>>>
>>>>
>>>please
>>>
>>>
>>>>visit:
>>>>http://list.valvesoftware.com/mailman/listinfo/hlds
>>>>
>>>>
>>>>
>>>
>>>
>>>_______________________________________________
>>>To unsubscribe, edit your list preferences, or view the list
>>>archives, please visit:
>>>http://list.valvesoftware.com/mailman/listinfo/hlds
>>>
>>>
>>>_______________________________________________
>>>To unsubscribe, edit your list preferences, or view the list
>>>archives, please visit:
>>>http://list.valvesoftware.com/mailman/listinfo/hlds
>>>
>>>
>>>_______________________________________________
>>>To unsubscribe, edit your list preferences, or view the list
>>>archives,
>>>
>>>
>>please
>>
>>
>>>visit:
>>>http://list.valvesoftware.com/mailman/listinfo/hlds
>>>
>>>
>>>
>>
>>
>>_______________________________________________
>>To unsubscribe, edit your list preferences, or view the list archives,
>>please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
>>
>>
>>_______________________________________________
>>To unsubscribe, edit your list preferences, or view the list archives,
>>please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
>>
>>
>>
>>_______________________________________________
>>To unsubscribe, edit your list preferences, or view the list archives,
>>
>>
>please
>
>
>>visit:
>>http://list.valvesoftware.com/mailman/listinfo/hlds
>>
>>
>>
>
>
>
>
>_______________________________________________
>To unsubscribe, edit your list preferences, or view the list archives,
>please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
>
>
>
_______________________________________________
To unsubscribe, edit your list preferences, or view the list archives,
please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
_______________________________________________
To unsubscribe, edit your list preferences, or view the list archives, please visit:
http://list.valvesoftware.com/mailman/listinfo/hlds
