Anything is possible but there are a number of other much more likely sources (i.e his day to day web surfing or installing any number of ad supported programs). If you get any concrete details then please forward them to me off list.
- Alfred -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Michael McKoy Sent: Wednesday, April 27, 2005 7:01 PM To: hlds_linux@list.valvesoftware.com Subject: [hlds_linux] HTTP Downloading.. Exploitable? This is a multi-part message in MIME format. -- [ Picked text/plain from multipart/alternative ] This did not happen to me, but to a member of my community. We have a SourceForts server, as of a few days ago. I'd like to know Alfred's take on this.. Can the sv_urldownload be abused in this manner? This is his post in its entire text.. I don't THINK this is from the Source Forts mod, I believe someone may have found a way to use the http downloads for this, but I could be wrong. SF was originally written by a 12 year old, though he's no longer developing it and a new team is running things. I do know its console randomly prints "go fuck yourself shithead", but I haven't gotten around to looking at the publicly available source code to hunt that down. (See here: http://knd.org.uk/sourceforts/) ... I suppose someone could have used the available source and made a version to do this specificly, though. Or, my user may simply be completely mistaken. However, I thought I'd check. "FYI: Today I was gonna practice some on a server with one other person on a custom map. When I go to join, as expected the dl box opens and proceeds to dl. About half-way through, I.E. opens up and I notice the addition and contruction of a hot link toolbar. I terminate IE and respond to HL2:DM SF to monitor the progress of a non responcive dl box. Imediately escaping to the consul (luckily I configured that some time ago) I exited HL2:DM SF. My next goal is to inspect why there is a toolbar in IE. For I suspected that it was a result of not dling a map but rather the server was installing viruses and spyware. Nothing was further from the truth b/c task panel revealed a shit load of spyware/viruses. I ran a full system scan with a up-todate Norton Antivirus that returned nothing. NAV did not find anything. Extremely pissed at a anti virus program I paid $30 to continue from prior subscription. With out the help of NAV I figure I can easily fix the problem. I terminate all the extrenuos processes induced by the server and go to replace my Registery with a back from 3/30/05. A msgbox appears and states only a partial import of the Register can be done. So I figured I'd reboot the PC and start in safe-mode but (it's only spyware I figured) but the notebook never was able to restart windows. Luckily I was caring the WIndows XP disk with me this week and was able to try to repair what I could through DOS prompt, only to be met with dead ends and no results. I followed up with a repair installation of XP and still nothing. Finally I've had to settle for a full partition, format, and installation of XP. My only concern is that if I got a virus through the SF mod, what is stopping others from doing the same on CSS or HL2:DM servers. Inaddition I'm now refuse to play the Source Forts mod not any other self-published mod unless vALVE backs it up. Atleast then I can point the finger at them. I also post this as a warning for others that the Source Fort mod is insecure and should not be played. Further inquery will be to ask my friend if he to encountered any problems when he went to connect to the relative empty server." -- _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
