Re: [hlds] New server exploit (not nuking)
So i think found out the hacker's who sent those bots in my server ip and steamid: from logfile: The Spamminator connected, address 65.13.45.43:50347 The Spamminator STEAM USERID validated The Spamminator joined team Spectator Bot01 connected, address 0.0.0.0:0 Bot01 entered the game Bot01 joined team Blue Bot01 changed role to engineer Bot01 triggered builtobject (object OBJ_SENTRYGUN) (position -3202 2784 -445) Bot02 connected, address 0.0.0.0:0 Bot02 entered the game and so on.. while the server became full of bots :( I hope this could someone find out the reason of this problem Quoting P. Bhandal : I'd really prefer it if they spent their time ensuring that the wonder that is the custom tab is successful rather than patching this security hole. Priorities people! On Mon, Apr 28, 2008 at 10:02 PM, voogru lt;[EMAIL PROTECTED]gt; wrote: gt; Well, we still did the right thing. gt; gt; Whether they give us credit or not, no big deal. gt; gt; It would be neat though :D gt; gt; - voogru. gt; gt; -Original Message- gt; From: [EMAIL PROTECTED] gt; [mailto:[EMAIL PROTECTED] On Behalf Of Tony Paloma gt; Sent: Tuesday, April 29, 2008 12:54 AM gt; To: 'Half-Life dedicated Win32 server mailing list' gt; Subject: Re: [hlds] New server exploit (not nuking) gt; gt; One srcds exploit. I helped. That reminds me, didn't valve say they'd give gt; us a mention in a steam news update thing? gt; gt; -Original Message- gt; From: [EMAIL PROTECTED] gt; [mailto:[EMAIL PROTECTED] On Behalf Of voogru gt; Sent: Monday, April 28, 2008 9:41 PM gt; To: 'Half-Life dedicated Win32 server mailing list' gt; Subject: Re: [hlds] New server exploit (not nuking) gt; gt; No. gt; gt; Me first. gt; gt; I probably found some of the coolest srcds exploits anyway (was recently gt; fixed :D) gt; gt; - voogru. gt; gt; -Original Message- gt; From: [EMAIL PROTECTED] gt; [mailto:[EMAIL PROTECTED] On Behalf Of Tony Paloma gt; Sent: Tuesday, April 29, 2008 12:24 AM gt; To: 'Half-Life dedicated Win32 server mailing list' gt; Subject: Re: [hlds] New server exploit (not nuking) gt; gt; Uhm, me first. gt; gt; -Original Message- gt; From: [EMAIL PROTECTED] gt; [mailto:[EMAIL PROTECTED] On Behalf Of Nephyrin Zey gt; Sent: Monday, April 28, 2008 9:19 PM gt; To: Half-Life dedicated Win32 server mailing list gt; Subject: Re: [hlds] New server exploit (not nuking) gt; gt; Dear Valve: gt; gt; God damn. gt; I just finished my damn iptables rule to fix your broken packethandling. gt; gt; In conclusion, give me a job. (please? I'll pretend to like wow around gt; gabe!) gt; gt; - Neph gt; gt; On Mon, Apr 28, 2008 at 9:12 PM, Tony Paloma lt;[EMAIL PROTECTED]gt; gt; wrote: gt; gt; Found the problem gt; gt; gt; gt; quot;sv_benchmark_force_startquot; gt; gt; game gt; gt; - Force start the benchmark. This is only for debugging. It's better gt; to gt; set gt; gt; sv_benchmark to 1 and restart the level. gt; gt; gt; gt; Players can run this and make the server start the benchmark. Real bad gt; gt; k. gt; gt; gt; gt; gt; gt; -Original Message- gt; gt; From: [EMAIL PROTECTED] gt; gt; gt; gt; [mailto:[EMAIL PROTECTED] On Behalf Of Ian Shaffer gt; gt; Sent: Monday, April 28, 2008 9:06 PM gt; gt; To: Half-Life dedicated Win32 server mailing list gt; gt; gt; gt; gt; gt; Subject: Re: [hlds] New server exploit (not nuking) gt; gt; gt; gt; What map is running? gt; gt; gt; gt; Tony Paloma wrote: gt; gt; gt; Also, this is what shows up in the logs. No indication of any RCON gt; gt; commands gt; gt; gt; being executed. gt; gt; gt; gt; gt; gt; ... gt; gt; gt; L 04/28/2008 - 22:43:54: quot;Anona gt; mouselt;12gt;lt;STEAM_0:0:4512137gt;lt;Unassignedgt;quot; gt; gt; gt; joined team quot;Redquot; gt; gt; gt; L 04/28/2008 - 22:43:54: server_cvar: quot;mp_teams_unbalance_limitquot; quot;0quot; gt; gt; gt; L 04/28/2008 - 22:43:54: quot;Thomaslt;2gt;lt;STEAM_0:1:3471103gt;lt;Redgt;quot; say gt; quot;hmmmquot; gt; gt; gt; L 04/28/2008 - 22:43:55: quot;Bot01lt;17gt;lt;BOTgt;lt;gt;quot; connected, address gt; quot;0.0.0.0:0quot; gt; gt; gt; L 04/28/2008 - 22:43:55: quot;Bot01lt;17gt;lt;BOTgt;lt;gt;quot; entered the game gt; gt; gt; L 04/28/2008 - 22:43:55: quot;Voltaiclt;6gt;lt;STEAM_0:0:851288gt;lt;Bluegt;quot; changed gt; role gt; gt; gt; to quot;medicquot; gt; gt; gt; L 04/28/2008 - 22:43:55: quot;Bot01lt;17gt;lt;BOTgt;lt;Unassignedgt;quot; joined team gt; quot;Bluequot; gt; gt; gt; L 04/28/2008 - 22:43:55: quot;Bot01lt;17gt;lt;BOTgt;lt;Bluegt;quot; changed role to gt; quot;engineerquot; gt; gt; gt; L 04/28/2008 - 22:43:55: quot;Bot01lt;17gt;lt;BOTgt;lt;Bluegt;quot; triggered gt; quot;builtobjectquot; gt; gt; gt; (object quot;OBJ_SENTRYGUNquot;) (position quot;-3202 2574 -450quot;) gt; gt; gt; ... gt; gt; gt; gt; gt; gt; Again, another time: gt; gt; gt; .. gt; gt; gt; L 04/28/2008 - 22:42:49:
Re: [hlds] sv_benchmark_force_start exploit info and *fix*
Oh thanks Neph, but where is a vdf file? Quoting Nephyrin Zey : (repost since list partially (?) rejected message with attachment instead of link) sv_benchmark_force_start, when typed in the console by any player, crashes a server. Yay. This is a plugin: http://www.nephyrin.net/NephCVUH_1.0.zip The plugin adds the 'ncp' command, which makes the selected cvar a CHEAT so load up the plugin, and add to your server.cfg: ncp sv_benchmark_force_start That should be it. Let me know if you have any problems. - Neph ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds Links: -- [1] mailto:[EMAIL PROTECTED] ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] sv_benchmark_force_start exploit info and *fix*
Looks like it works great. Just tested it on a server and was unable to use the command. Props to you, good sir! Valve should be looking into a pre-release update for the server binaries to fix this ASAP. Nephyrin Zey wrote: (repost since list partially (?) rejected message with attachment instead of link) sv_benchmark_force_start, when typed in the console by any player, crashes a server. Yay. This is a plugin: http://www.nephyrin.net/NephCVUH_1.0.zip The plugin adds the 'ncp' command, which makes the selected cvar a CHEAT so load up the plugin, and add to your server.cfg: ncp sv_benchmark_force_start That should be it. Let me know if you have any problems. - Neph ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] sv_benchmark_force_start exploit info and *fix*
Add the following to a VDF named NephCVUH.vdf Plugin { file ../orangebox/tf/addons/NephCVUH } Andrius Pirus wrote: Oh thanks Neph, but where is a vdf file? Quoting Nephyrin Zey : (repost since list partially (?) rejected message with attachment instead of link) sv_benchmark_force_start, when typed in the console by any player, crashes a server. Yay. This is a plugin: http://www.nephyrin.net/NephCVUH_1.0.zip The plugin adds the 'ncp' command, which makes the selected cvar a CHEAT so load up the plugin, and add to your server.cfg: ncp sv_benchmark_force_start That should be it. Let me know if you have any problems. - Neph ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds Links: -- [1] mailto:[EMAIL PROTECTED] ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] sv_benchmark_force_start exploit info and *fix*
Updated the .zip to include a .vdf. Whoops. On Mon, Apr 28, 2008 at 11:09 PM, Cc2iscooL [EMAIL PROTECTED] wrote: Looks like it works great. Just tested it on a server and was unable to use the command. Props to you, good sir! Valve should be looking into a pre-release update for the server binaries to fix this ASAP. Nephyrin Zey wrote: (repost since list partially (?) rejected message with attachment instead of link) sv_benchmark_force_start, when typed in the console by any player, crashes a server. Yay. This is a plugin: http://www.nephyrin.net/NephCVUH_1.0.zip The plugin adds the 'ncp' command, which makes the selected cvar a CHEAT so load up the plugin, and add to your server.cfg: ncp sv_benchmark_force_start That should be it. Let me know if you have any problems. - Neph ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] sv_benchmark_force_start exploit info and *fix*
(That's assuming the .dll/so is in orangebox/tf/addons, if you followed my instructions (orangebox/bin) use the .vdf in the zip) On Mon, Apr 28, 2008 at 11:11 PM, Cc2iscooL [EMAIL PROTECTED] wrote: Add the following to a VDF named NephCVUH.vdf Plugin { file ../orangebox/tf/addons/NephCVUH } Andrius Pirus wrote: Oh thanks Neph, but where is a vdf file? Quoting Nephyrin Zey : (repost since list partially (?) rejected message with attachment instead of link) sv_benchmark_force_start, when typed in the console by any player, crashes a server. Yay. This is a plugin: http://www.nephyrin.net/NephCVUH_1.0.zip The plugin adds the 'ncp' command, which makes the selected cvar a CHEAT so load up the plugin, and add to your server.cfg: ncp sv_benchmark_force_start That should be it. Let me know if you have any problems. - Neph ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds Links: -- [1] mailto:[EMAIL PROTECTED] ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] New server exploit (not nuking)
Do you run the tf2.gign.lv servers by any chance? - voogru. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Andrius Pirus Sent: Tuesday, April 29, 2008 2:03 AM To: Half-Life dedicated Win32 server mailing list Subject: Re: [hlds] New server exploit (not nuking) So i think found out the hacker's who sent those bots in my server ip and steamid: from logfile: The Spamminator connected, address 65.13.45.43:50347 The Spamminator STEAM USERID validated The Spamminator joined team Spectator Bot01 connected, address 0.0.0.0:0 Bot01 entered the game Bot01 joined team Blue Bot01 changed role to engineer Bot01 triggered builtobject (object OBJ_SENTRYGUN) (position -3202 2784 -445) Bot02 connected, address 0.0.0.0:0 Bot02 entered the game and so on.. while the server became full of bots :( I hope this could someone find out the reason of this problem Quoting P. Bhandal : I'd really prefer it if they spent their time ensuring that the wonder that is the custom tab is successful rather than patching this security hole. Priorities people! On Mon, Apr 28, 2008 at 10:02 PM, voogru lt;[EMAIL PROTECTED]gt; wrote: gt; Well, we still did the right thing. gt; gt; Whether they give us credit or not, no big deal. gt; gt; It would be neat though :D gt; gt; - voogru. gt; gt; -Original Message- gt; From: [EMAIL PROTECTED] gt; [mailto:[EMAIL PROTECTED] On Behalf Of Tony Paloma gt; Sent: Tuesday, April 29, 2008 12:54 AM gt; To: 'Half-Life dedicated Win32 server mailing list' gt; Subject: Re: [hlds] New server exploit (not nuking) gt; gt; One srcds exploit. I helped. That reminds me, didn't valve say they'd give gt; us a mention in a steam news update thing? gt; gt; -Original Message- gt; From: [EMAIL PROTECTED] gt; [mailto:[EMAIL PROTECTED] On Behalf Of voogru gt; Sent: Monday, April 28, 2008 9:41 PM gt; To: 'Half-Life dedicated Win32 server mailing list' gt; Subject: Re: [hlds] New server exploit (not nuking) gt; gt; No. gt; gt; Me first. gt; gt; I probably found some of the coolest srcds exploits anyway (was recently gt; fixed :D) gt; gt; - voogru. gt; gt; -Original Message- gt; From: [EMAIL PROTECTED] gt; [mailto:[EMAIL PROTECTED] On Behalf Of Tony Paloma gt; Sent: Tuesday, April 29, 2008 12:24 AM gt; To: 'Half-Life dedicated Win32 server mailing list' gt; Subject: Re: [hlds] New server exploit (not nuking) gt; gt; Uhm, me first. gt; gt; -Original Message- gt; From: [EMAIL PROTECTED] gt; [mailto:[EMAIL PROTECTED] On Behalf Of Nephyrin Zey gt; Sent: Monday, April 28, 2008 9:19 PM gt; To: Half-Life dedicated Win32 server mailing list gt; Subject: Re: [hlds] New server exploit (not nuking) gt; gt; Dear Valve: gt; gt; God damn. gt; I just finished my damn iptables rule to fix your broken packethandling. gt; gt; In conclusion, give me a job. (please? I'll pretend to like wow around gt; gabe!) gt; gt; - Neph gt; gt; On Mon, Apr 28, 2008 at 9:12 PM, Tony Paloma lt;[EMAIL PROTECTED]gt; gt; wrote: gt; gt; Found the problem gt; gt; gt; gt; quot;sv_benchmark_force_startquot; gt; gt; game gt; gt; - Force start the benchmark. This is only for debugging. It's better gt; to gt; set gt; gt; sv_benchmark to 1 and restart the level. gt; gt; gt; gt; Players can run this and make the server start the benchmark. Real bad gt; gt; k. gt; gt; gt; gt; gt; gt; -Original Message- gt; gt; From: [EMAIL PROTECTED] gt; gt; gt; gt; [mailto:[EMAIL PROTECTED] On Behalf Of Ian Shaffer gt; gt; Sent: Monday, April 28, 2008 9:06 PM gt; gt; To: Half-Life dedicated Win32 server mailing list gt; gt; gt; gt; gt; gt; Subject: Re: [hlds] New server exploit (not nuking) gt; gt; gt; gt; What map is running? gt; gt; gt; gt; Tony Paloma wrote: gt; gt; gt; Also, this is what shows up in the logs. No indication of any RCON gt; gt; commands gt; gt; gt; being executed. gt; gt; gt; gt; gt; gt; ... gt; gt; gt; L 04/28/2008 - 22:43:54: quot;Anona gt; mouselt;12gt;lt;STEAM_0:0:4512137gt;lt;Unassignedgt;quot; gt; gt; gt; joined team quot;Redquot; gt; gt; gt; L 04/28/2008 - 22:43:54: server_cvar: quot;mp_teams_unbalance_limitquot; quot;0quot; gt; gt; gt; L 04/28/2008 - 22:43:54: quot;Thomaslt;2gt;lt;STEAM_0:1:3471103gt;lt;Redgt;quot; say gt; quot;hmmmquot; gt; gt; gt; L 04/28/2008 - 22:43:55: quot;Bot01lt;17gt;lt;BOTgt;lt;gt;quot; connected, address gt; quot;0.0.0.0:0quot; gt; gt; gt; L 04/28/2008 - 22:43:55: quot;Bot01lt;17gt;lt;BOTgt;lt;gt;quot; entered the game gt; gt; gt; L 04/28/2008 - 22:43:55: quot;Voltaiclt;6gt;lt;STEAM_0:0:851288gt;lt;Bluegt;quot; changed gt; role gt; gt; gt; to quot;medicquot; gt; gt; gt; L 04/28/2008 - 22:43:55: quot;Bot01lt;17gt;lt;BOTgt;lt;Unassignedgt;quot; joined team gt; quot;Bluequot; gt; gt; gt; L 04/28/2008 - 22:43:55: quot;Bot01lt;17gt;lt;BOTgt;lt;Bluegt;quot; changed role to gt; quot;engineerquot; gt; gt; gt; L
Re: [hlds] New server exploit (not nuking)
no. and i think we shouldnt make offtopic :) Quoting voogru : Do you run the tf2.gign.lv servers by any chance? - voogru. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Andrius Pirus Sent: Tuesday, April 29, 2008 2:03 AM To: Half-Life dedicated Win32 server mailing list Subject: Re: [hlds] New server exploit (not nuking) So i think found out the hacker's who sent those bots in my server ip and steamid: from logfile: The Spamminator connected, address 65.13.45.43:50347 The Spamminator STEAM USERID validated The Spamminator joined team Spectator Bot01 connected, address 0.0.0.0:0 Bot01 entered the game Bot01 joined team Blue Bot01 changed role to engineer Bot01 triggered builtobject (object OBJ_SENTRYGUN) (position -3202 2784 -445) Bot02 connected, address 0.0.0.0:0 Bot02 entered the game and so on.. while the server became full of bots :( I hope this could someone find out the reason of this problem Quoting P. Bhandal : I'd really prefer it if they spent their time ensuring that the wonder that is the custom tab is successful rather than patching this security hole. Priorities people! On Mon, Apr 28, 2008 at 10:02 PM, voogru lt;[EMAIL PROTECTED]gt; wrote: gt; Well, we still did the right thing. gt; gt; Whether they give us credit or not, no big deal. gt; gt; It would be neat though :D gt; gt; - voogru. gt; gt; -Original Message- gt; From: [EMAIL PROTECTED] gt; [mailto:[EMAIL PROTECTED] On Behalf Of Tony Paloma gt; Sent: Tuesday, April 29, 2008 12:54 AM gt; To: 'Half-Life dedicated Win32 server mailing list' gt; Subject: Re: [hlds] New server exploit (not nuking) gt; gt; One srcds exploit. I helped. That reminds me, didn't valve say they'd give gt; us a mention in a steam news update thing? gt; gt; -Original Message- gt; From: [EMAIL PROTECTED] gt; [mailto:[EMAIL PROTECTED] On Behalf Of voogru gt; Sent: Monday, April 28, 2008 9:41 PM gt; To: 'Half-Life dedicated Win32 server mailing list' gt; Subject: Re: [hlds] New server exploit (not nuking) gt; gt; No. gt; gt; Me first. gt; gt; I probably found some of the coolest srcds exploits anyway (was recently gt; fixed :D) gt; gt; - voogru. gt; gt; -Original Message- gt; From: [EMAIL PROTECTED] gt; [mailto:[EMAIL PROTECTED] On Behalf Of Tony Paloma gt; Sent: Tuesday, April 29, 2008 12:24 AM gt; To: 'Half-Life dedicated Win32 server mailing list' gt; Subject: Re: [hlds] New server exploit (not nuking) gt; gt; Uhm, me first. gt; gt; -Original Message- gt; From: [EMAIL PROTECTED] gt; [mailto:[EMAIL PROTECTED] On Behalf Of Nephyrin Zey gt; Sent: Monday, April 28, 2008 9:19 PM gt; To: Half-Life dedicated Win32 server mailing list gt; Subject: Re: [hlds] New server exploit (not nuking) gt; gt; Dear Valve: gt; gt; God damn. gt; I just finished my damn iptables rule to fix your broken packethandling. gt; gt; In conclusion, give me a job. (please? I'll pretend to like wow around gt; gabe!) gt; gt; - Neph gt; gt; On Mon, Apr 28, 2008 at 9:12 PM, Tony Paloma lt;[EMAIL PROTECTED]gt; gt; wrote: gt; gt; Found the problem gt; gt; gt; gt; quot;sv_benchmark_force_startquot; gt; gt; game gt; gt; - Force start the benchmark. This is only for debugging. It's better gt; to gt; set gt; gt; sv_benchmark to 1 and restart the level. gt; gt; gt; gt; Players can run this and make the server start the benchmark. Real bad gt; gt; k. gt; gt; gt; gt; gt; gt; -Original Message- gt; gt; From: [EMAIL PROTECTED] gt; gt; gt; gt; [mailto:[EMAIL PROTECTED] On Behalf Of Ian Shaffer gt; gt; Sent: Monday, April 28, 2008 9:06 PM gt; gt; To: Half-Life dedicated Win32 server mailing list gt; gt; gt; gt; gt; gt; Subject: Re: [hlds] New server exploit (not nuking) gt; gt; gt; gt; What map is running? gt; gt; gt; gt; Tony Paloma wrote: gt; gt; gt; Also, this is what shows up in the logs. No indication of any RCON gt; gt; commands gt; gt; gt; being executed. gt; gt; gt; gt; gt; gt; ... gt; gt; gt; L 04/28/2008 - 22:43:54: quot;Anona gt; mouselt;12gt;lt;STEAM_0:0:4512137gt;lt;Unassignedgt;quot; gt; gt; gt; joined team quot;Redquot; gt; gt; gt; L 04/28/2008 - 22:43:54: server_cvar: quot;mp_teams_unbalance_limitquot; quot;0quot; gt; gt; gt; L 04/28/2008 - 22:43:54: quot;Thomaslt;2gt;lt;STEAM_0:1:3471103gt;lt;Redgt;quot; say gt; quot;hmmmquot; gt; gt; gt; L 04/28/2008 - 22:43:55: quot;Bot01lt;17gt;lt;BOTgt;lt;gt;quot; connected, address gt; quot;0.0.0.0:0quot; gt; gt; gt; L 04/28/2008 - 22:43:55: quot;Bot01lt;17gt;lt;BOTgt;lt;gt;quot; entered the game gt; gt; gt; L 04/28/2008 - 22:43:55: quot;Voltaiclt;6gt;lt;STEAM_0:0:851288gt;lt;Bluegt;quot; changed gt; role gt; gt; gt; to quot;medicquot; gt; gt; gt; L 04/28/2008 - 22:43:55: quot;Bot01lt;17gt;lt;BOTgt;lt;Unassignedgt;quot; joined team gt; quot;Bluequot; gt; gt; gt; L 04/28/2008 - 22:43:55:
Re: [hlds] New server exploit (not nuking)
What server do you run? I'm quite interested. - voogru. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Andrius Pirus Sent: Tuesday, April 29, 2008 2:24 AM To: Half-Life dedicated Win32 server mailing list Subject: Re: [hlds] New server exploit (not nuking) no. and i think we shouldnt make offtopic :) Quoting voogru : Do you run the tf2.gign.lv servers by any chance? - voogru. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Andrius Pirus Sent: Tuesday, April 29, 2008 2:03 AM To: Half-Life dedicated Win32 server mailing list Subject: Re: [hlds] New server exploit (not nuking) So i think found out the hacker's who sent those bots in my server ip and steamid: from logfile: The Spamminator connected, address 65.13.45.43:50347 The Spamminator STEAM USERID validated The Spamminator joined team Spectator Bot01 connected, address 0.0.0.0:0 Bot01 entered the game Bot01 joined team Blue Bot01 changed role to engineer Bot01 triggered builtobject (object OBJ_SENTRYGUN) (position -3202 2784 -445) Bot02 connected, address 0.0.0.0:0 Bot02 entered the game and so on.. while the server became full of bots :( I hope this could someone find out the reason of this problem Quoting P. Bhandal : I'd really prefer it if they spent their time ensuring that the wonder that is the custom tab is successful rather than patching this security hole. Priorities people! On Mon, Apr 28, 2008 at 10:02 PM, voogru lt;[EMAIL PROTECTED]gt; wrote: gt; Well, we still did the right thing. gt; gt; Whether they give us credit or not, no big deal. gt; gt; It would be neat though :D gt; gt; - voogru. gt; gt; -Original Message- gt; From: [EMAIL PROTECTED] gt; [mailto:[EMAIL PROTECTED] On Behalf Of Tony Paloma gt; Sent: Tuesday, April 29, 2008 12:54 AM gt; To: 'Half-Life dedicated Win32 server mailing list' gt; Subject: Re: [hlds] New server exploit (not nuking) gt; gt; One srcds exploit. I helped. That reminds me, didn't valve say they'd give gt; us a mention in a steam news update thing? gt; gt; -Original Message- gt; From: [EMAIL PROTECTED] gt; [mailto:[EMAIL PROTECTED] On Behalf Of voogru gt; Sent: Monday, April 28, 2008 9:41 PM gt; To: 'Half-Life dedicated Win32 server mailing list' gt; Subject: Re: [hlds] New server exploit (not nuking) gt; gt; No. gt; gt; Me first. gt; gt; I probably found some of the coolest srcds exploits anyway (was recently gt; fixed :D) gt; gt; - voogru. gt; gt; -Original Message- gt; From: [EMAIL PROTECTED] gt; [mailto:[EMAIL PROTECTED] On Behalf Of Tony Paloma gt; Sent: Tuesday, April 29, 2008 12:24 AM gt; To: 'Half-Life dedicated Win32 server mailing list' gt; Subject: Re: [hlds] New server exploit (not nuking) gt; gt; Uhm, me first. gt; gt; -Original Message- gt; From: [EMAIL PROTECTED] gt; [mailto:[EMAIL PROTECTED] On Behalf Of Nephyrin Zey gt; Sent: Monday, April 28, 2008 9:19 PM gt; To: Half-Life dedicated Win32 server mailing list gt; Subject: Re: [hlds] New server exploit (not nuking) gt; gt; Dear Valve: gt; gt; God damn. gt; I just finished my damn iptables rule to fix your broken packethandling. gt; gt; In conclusion, give me a job. (please? I'll pretend to like wow around gt; gabe!) gt; gt; - Neph gt; gt; On Mon, Apr 28, 2008 at 9:12 PM, Tony Paloma lt;[EMAIL PROTECTED]gt; gt; wrote: gt; gt; Found the problem gt; gt; gt; gt; quot;sv_benchmark_force_startquot; gt; gt; game gt; gt; - Force start the benchmark. This is only for debugging. It's better gt; to gt; set gt; gt; sv_benchmark to 1 and restart the level. gt; gt; gt; gt; Players can run this and make the server start the benchmark. Real bad gt; gt; k. gt; gt; gt; gt; gt; gt; -Original Message- gt; gt; From: [EMAIL PROTECTED] gt; gt; gt; gt; [mailto:[EMAIL PROTECTED] On Behalf Of Ian Shaffer gt; gt; Sent: Monday, April 28, 2008 9:06 PM gt; gt; To: Half-Life dedicated Win32 server mailing list gt; gt; gt; gt; gt; gt; Subject: Re: [hlds] New server exploit (not nuking) gt; gt; gt; gt; What map is running? gt; gt; gt; gt; Tony Paloma wrote: gt; gt; gt; Also, this is what shows up in the logs. No indication of any RCON gt; gt; commands gt; gt; gt; being executed. gt; gt; gt; gt; gt; gt; ... gt; gt; gt; L 04/28/2008 - 22:43:54: quot;Anona gt; mouselt;12gt;lt;STEAM_0:0:4512137gt;lt;Unassignedgt;quot; gt; gt; gt; joined team quot;Redquot; gt; gt; gt; L 04/28/2008 - 22:43:54: server_cvar: quot;mp_teams_unbalance_limitquot; quot;0quot; gt; gt; gt; L 04/28/2008 - 22:43:54: quot;Thomaslt;2gt;lt;STEAM_0:1:3471103gt;lt;Redgt;quot; say gt; quot;hmmmquot; gt; gt; gt; L 04/28/2008 - 22:43:55: quot;Bot01lt;17gt;lt;BOTgt;lt;gt;quot; connected, address gt; quot;0.0.0.0:0quot; gt; gt; gt; L 04/28/2008 - 22:43:55: quot;Bot01lt;17gt;lt;BOTgt;lt;gt;quot; entered the game gt;
Re: [hlds] sv_benchmark_force_start exploit info and *fix*
Ok I installed it but I dont really now why. I know it blocks a certain exploit so its good that all server ops have it im guessing. I have Sourcemod but I doubt anyone is going to write it in Sourcepawn. Maybe Valve will fix it by tomorrow Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now. http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] New server exploit (not nuking)
Hi Andrius Pirus, I am going to call you out on this, the IP address you posted on this mailing list is mine. I went on a rampage of using this exploit on cracked servers, I joined suspect servers and looked for cracked steamids in the status. The only way you could have got my IP address is by running a cracked server. This is a status of what I believe to be your server. hostname: GIGN Team Fortress 2 | tf2.gign.lv version : 1.0.2.3/14 3434 secure udp/ip : 193.46.236.246:27015 map : cp_dustbowl at: 0 x, 0 y, 0 z players : 31 (32 max) # userid name uniqueid connected ping loss state # 14394 unnamed STEAM_666:88_666 42:55 335 0 active # 14230 RIM STEAM_666:88_666 4:26:14 196 0 active # 14420 HitmanForMoney STEAM_666:88_666 13:26 72 0 active # 14347 JellyBean STEAM_666:88_666 1:34:25 240 0 active Interesting steamids! You deny running this server, so I took your username from your email address and googled it, I found this: http://www.btmon.com/uploader/izvrashenj (NOT SAFE FOR WORK) http://thepiratebay.org/user/izvrashenj/0/7 Interesting, someone with that weird name just so happens to pirate TF2. And then, your email, just so happens to be [EMAIL PROTECTED], coincidence? I think not! Andrius Pirus is actively pirating our beloved TF2. Go fuck yourself. - voogru. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Andrius Pirus Sent: Tuesday, April 29, 2008 2:24 AM To: Half-Life dedicated Win32 server mailing list Subject: Re: [hlds] New server exploit (not nuking) no. and i think we shouldnt make offtopic :) Quoting voogru : Do you run the tf2.gign.lv servers by any chance? - voogru. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Andrius Pirus Sent: Tuesday, April 29, 2008 2:03 AM To: Half-Life dedicated Win32 server mailing list Subject: Re: [hlds] New server exploit (not nuking) So i think found out the hacker's who sent those bots in my server ip and steamid: from logfile: The Spamminator connected, address 65.13.45.43:50347 The Spamminator STEAM USERID validated The Spamminator joined team Spectator Bot01 connected, address 0.0.0.0:0 Bot01 entered the game Bot01 joined team Blue Bot01 changed role to engineer Bot01 triggered builtobject (object OBJ_SENTRYGUN) (position -3202 2784 -445) Bot02 connected, address 0.0.0.0:0 Bot02 entered the game and so on.. while the server became full of bots :( I hope this could someone find out the reason of this problem Quoting P. Bhandal : I'd really prefer it if they spent their time ensuring that the wonder that is the custom tab is successful rather than patching this security hole. Priorities people! On Mon, Apr 28, 2008 at 10:02 PM, voogru lt;[EMAIL PROTECTED]gt; wrote: gt; Well, we still did the right thing. gt; gt; Whether they give us credit or not, no big deal. gt; gt; It would be neat though :D gt; gt; - voogru. gt; gt; -Original Message- gt; From: [EMAIL PROTECTED] gt; [mailto:[EMAIL PROTECTED] On Behalf Of Tony Paloma gt; Sent: Tuesday, April 29, 2008 12:54 AM gt; To: 'Half-Life dedicated Win32 server mailing list' gt; Subject: Re: [hlds] New server exploit (not nuking) gt; gt; One srcds exploit. I helped. That reminds me, didn't valve say they'd give gt; us a mention in a steam news update thing? gt; gt; -Original Message- gt; From: [EMAIL PROTECTED] gt; [mailto:[EMAIL PROTECTED] On Behalf Of voogru gt; Sent: Monday, April 28, 2008 9:41 PM gt; To: 'Half-Life dedicated Win32 server mailing list' gt; Subject: Re: [hlds] New server exploit (not nuking) gt; gt; No. gt; gt; Me first. gt; gt; I probably found some of the coolest srcds exploits anyway (was recently gt; fixed :D) gt; gt; - voogru. gt; gt; -Original Message- gt; From: [EMAIL PROTECTED] gt; [mailto:[EMAIL PROTECTED] On Behalf Of Tony Paloma gt; Sent: Tuesday, April 29, 2008 12:24 AM gt; To: 'Half-Life dedicated Win32 server mailing list' gt; Subject: Re: [hlds] New server exploit (not nuking) gt; gt; Uhm, me first. gt; gt; -Original Message- gt; From: [EMAIL PROTECTED] gt; [mailto:[EMAIL PROTECTED] On Behalf Of Nephyrin Zey gt; Sent: Monday, April 28, 2008 9:19 PM gt; To: Half-Life dedicated Win32 server mailing list gt; Subject: Re: [hlds] New server exploit (not nuking) gt; gt; Dear Valve: gt; gt; God damn. gt; I just finished my damn iptables rule to fix your broken packethandling. gt; gt; In conclusion, give me a job. (please? I'll pretend to like wow around gt; gabe!) gt; gt; - Neph gt; gt; On Mon, Apr 28, 2008 at 9:12 PM, Tony Paloma lt;[EMAIL PROTECTED]gt; gt; wrote: gt; gt; Found the problem gt; gt; gt; gt; quot;sv_benchmark_force_startquot; gt; gt; game gt; gt; - Force start the benchmark. This is only for debugging. It's better gt; to gt; set gt; gt; sv_benchmark to 1 and restart the level. gt; gt; gt; gt; Players can run this
Re: [hlds] sv_benchmark_force_start exploit info and *fix*
It's like three lines in sourcepawn. The exploit it blocks is typing sv_benchmark_force_start in console crashes anyone's server, so anyone could use it on you if you don't use ncp on that command. - Neph On Mon, Apr 28, 2008 at 11:37 PM, DontWannaName! [EMAIL PROTECTED] wrote: Ok I installed it but I dont really now why. I know it blocks a certain exploit so its good that all server ops have it im guessing. I have Sourcemod but I doubt anyone is going to write it in Sourcepawn. Maybe Valve will fix it by tomorrow Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now. http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] Nuke Exploit Info and Prevention
So, I was able to make the IPSec thing work to allow certain IPs also. You just set up a separate pass rule for the IPs you want to let in. Works fine. I used it to block all RCON except for those sent from HLStatsX and myself. This line blocks all access to TCP port 27015: ipseccmd.exe -w REG -p Block TCP 27015 Filter -r Block Inbound TCP 27015 Rule -f *=0:27015:TCP -n BLOCK -x Then use this line to allow those you trust at the rcon port (shown with 216.40.218.146): ipseccmd.exe -w REG -p Block TCP 27015 Filter -r Allow TCP 27015 From 216.40.218.146 -f 216.40.218.146=0:27015:TCP -n PASS -x I hope this helps someone. I've seen no adverse side effects to blocking TCP 27015 except for blocking RCON. It seems that all game data goes to UDP 27015. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tony Paloma Sent: Monday, April 28, 2008 10:43 PM To: 'Half-Life dedicated Win32 server mailing list' Subject: Re: [hlds] Nuke Exploit Info and Prevention You can block TCP/IP port 27015 on Windows Server using IPSec policies. IPSeccmd.exe -W REG -p Block TCP 27015 Filter -r Block Inbound 27015 Rule -f *=0:27015:TCP -n BLOCK -x This will of course prevent RCON connections. Allowing certain IP addresses is probably possible but I'm unsure of how to do it. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Nephyrin Zey Sent: Monday, April 28, 2008 10:26 PM To: Half-Life dedicated Win32 server mailing list; Half-Life dedicated Linux server mailing list Subject: [hlds] Nuke Exploit Info and Prevention The nuke exploit works as follows: Connect to a server via TCP (rcon, does anything else use TCP? I have no idea.) on its port. Send a million garbage packets ??? Profit The server goes insane handling them. Solution: Limit incoming TCP packets to ~1/second from any given IP on that port, *OR* Block TCP access to the server's port except from trusted people. Linux IPtables rules: iptables -A INPUT -p tcp --dport 27015 -m hashlimit --hashlimit-mode srcip,dstip,dstport --hashlimit 1/sec --hashlimit-burst 1 --hashlimit-name TF_PACKET_LIMIT -j ACCEPT iptables -A INPUT -p tcp --dport 27015 -j DROP /etc/init.d/iptables save /etc/init.d/iptables start (Note: you probably shouldn't enable iptables blindly if you don't know what you're doing) Windows: Block TCP to 27015 except for trusted people. Or something. Someone who admins window servers will need to guide you! - Neph (sv_benchmark_force_start fix coming in a few minutes) ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] sv_benchmark_force_start exploit info and *fix*
Neph, does this issue exist on Linux as well if you know? Cheers, Saint K. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Nephyrin Zey Sent: Tuesday, April 29, 2008 8:16 AM To: Half-Life dedicated Win32 server mailing list Subject: Re: [hlds] sv_benchmark_force_start exploit info and *fix* (That's assuming the .dll/so is in orangebox/tf/addons, if you followed my instructions (orangebox/bin) use the .vdf in the zip) On Mon, Apr 28, 2008 at 11:11 PM, Cc2iscooL [EMAIL PROTECTED] wrote: Add the following to a VDF named NephCVUH.vdf Plugin { file ../orangebox/tf/addons/NephCVUH } Andrius Pirus wrote: Oh thanks Neph, but where is a vdf file? Quoting Nephyrin Zey : (repost since list partially (?) rejected message with attachment instead of link) sv_benchmark_force_start, when typed in the console by any player, crashes a server. Yay. This is a plugin: http://www.nephyrin.net/NephCVUH_1.0.zip The plugin adds the 'ncp' command, which makes the selected cvar a CHEAT so load up the plugin, and add to your server.cfg: ncp sv_benchmark_force_start That should be it. Let me know if you have any problems. - Neph ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds Links: -- [1] mailto:[EMAIL PROTECTED] ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] New server exploit (not nuking)
Sick burnnn -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of voogru Sent: Monday, April 28, 2008 11:41 PM To: 'Half-Life dedicated Win32 server mailing list' Subject: Re: [hlds] New server exploit (not nuking) Hi Andrius Pirus, I am going to call you out on this, the IP address you posted on this mailing list is mine. I went on a rampage of using this exploit on cracked servers, I joined suspect servers and looked for cracked steamids in the status. The only way you could have got my IP address is by running a cracked server. This is a status of what I believe to be your server. hostname: GIGN Team Fortress 2 | tf2.gign.lv version : 1.0.2.3/14 3434 secure udp/ip : 193.46.236.246:27015 map : cp_dustbowl at: 0 x, 0 y, 0 z players : 31 (32 max) # userid name uniqueid connected ping loss state # 14394 unnamed STEAM_666:88_666 42:55 335 0 active # 14230 RIM STEAM_666:88_666 4:26:14 196 0 active # 14420 HitmanForMoney STEAM_666:88_666 13:26 72 0 active # 14347 JellyBean STEAM_666:88_666 1:34:25 240 0 active Interesting steamids! You deny running this server, so I took your username from your email address and googled it, I found this: http://www.btmon.com/uploader/izvrashenj (NOT SAFE FOR WORK) http://thepiratebay.org/user/izvrashenj/0/7 Interesting, someone with that weird name just so happens to pirate TF2. And then, your email, just so happens to be [EMAIL PROTECTED], coincidence? I think not! Andrius Pirus is actively pirating our beloved TF2. Go fuck yourself. - voogru. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Andrius Pirus Sent: Tuesday, April 29, 2008 2:24 AM To: Half-Life dedicated Win32 server mailing list Subject: Re: [hlds] New server exploit (not nuking) no. and i think we shouldnt make offtopic :) Quoting voogru : Do you run the tf2.gign.lv servers by any chance? - voogru. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Andrius Pirus Sent: Tuesday, April 29, 2008 2:03 AM To: Half-Life dedicated Win32 server mailing list Subject: Re: [hlds] New server exploit (not nuking) So i think found out the hacker's who sent those bots in my server ip and steamid: from logfile: The Spamminator connected, address 65.13.45.43:50347 The Spamminator STEAM USERID validated The Spamminator joined team Spectator Bot01 connected, address 0.0.0.0:0 Bot01 entered the game Bot01 joined team Blue Bot01 changed role to engineer Bot01 triggered builtobject (object OBJ_SENTRYGUN) (position -3202 2784 -445) Bot02 connected, address 0.0.0.0:0 Bot02 entered the game and so on.. while the server became full of bots :( I hope this could someone find out the reason of this problem Quoting P. Bhandal : I'd really prefer it if they spent their time ensuring that the wonder that is the custom tab is successful rather than patching this security hole. Priorities people! On Mon, Apr 28, 2008 at 10:02 PM, voogru lt;[EMAIL PROTECTED]gt; wrote: gt; Well, we still did the right thing. gt; gt; Whether they give us credit or not, no big deal. gt; gt; It would be neat though :D gt; gt; - voogru. gt; gt; -Original Message- gt; From: [EMAIL PROTECTED] gt; [mailto:[EMAIL PROTECTED] On Behalf Of Tony Paloma gt; Sent: Tuesday, April 29, 2008 12:54 AM gt; To: 'Half-Life dedicated Win32 server mailing list' gt; Subject: Re: [hlds] New server exploit (not nuking) gt; gt; One srcds exploit. I helped. That reminds me, didn't valve say they'd give gt; us a mention in a steam news update thing? gt; gt; -Original Message- gt; From: [EMAIL PROTECTED] gt; [mailto:[EMAIL PROTECTED] On Behalf Of voogru gt; Sent: Monday, April 28, 2008 9:41 PM gt; To: 'Half-Life dedicated Win32 server mailing list' gt; Subject: Re: [hlds] New server exploit (not nuking) gt; gt; No. gt; gt; Me first. gt; gt; I probably found some of the coolest srcds exploits anyway (was recently gt; fixed :D) gt; gt; - voogru. gt; gt; -Original Message- gt; From: [EMAIL PROTECTED] gt; [mailto:[EMAIL PROTECTED] On Behalf Of Tony Paloma gt; Sent: Tuesday, April 29, 2008 12:24 AM gt; To: 'Half-Life dedicated Win32 server mailing list' gt; Subject: Re: [hlds] New server exploit (not nuking) gt; gt; Uhm, me first. gt; gt; -Original Message- gt; From: [EMAIL PROTECTED] gt; [mailto:[EMAIL PROTECTED] On Behalf Of Nephyrin Zey gt; Sent: Monday, April 28, 2008 9:19 PM gt; To: Half-Life dedicated Win32 server mailing list gt; Subject: Re: [hlds] New server exploit (not nuking) gt; gt; Dear Valve: gt; gt; God damn. gt; I just finished my damn iptables rule to fix your broken packethandling. gt; gt; In conclusion, give me a job. (please? I'll pretend to like wow around gt; gabe!) gt; gt; - Neph gt; gt; On Mon, Apr 28, 2008 at 9:12 PM, Tony Paloma lt;[EMAIL PROTECTED]gt; gt; wrote: gt; gt; Found the problem gt; gt;
Re: [hlds] Nuke Exploit Info and Prevention
While the iptables thing I posted (1 rcon/second) works fine, if you instead want to do a whitelist like this in linux as well: iptables -A INPUT -p tcp --dport 27015 --source 123.123.12.3 -j ACCEPT iptables -A INPUT -p tcp --dport 27015 --source 115.53.3.22 -j ACCEPT [... repeat for as many IPs as you want to allow] iptables -A INPUT -p tcp --dport 27015 -j DROP you can also do iptables -A INPUT -p tcp --dport 27015 --source 123.123.12.3 -j ACCEPT iptables -A INPUT -p tcp --dport 27015 --source 115.53.3.22 -j ACCEPT [... repeat for as many IPs as you want to allow] iptables -A INPUT -p tcp --dport 27015 -m hashlimit --hashlimit-mode srcip,dstip,dstport --hashlimit 1/sec --hashlimit-burst 1 --hashlimit-name TF_PACKET_LIMIT -j ACCEPT iptables -A INPUT -p tcp --dport 27015 -j DROP Do combine both - a whitelist, then a 1rcon/second limit for non-whitelisted people. - Neph On Mon, Apr 28, 2008 at 11:45 PM, Tony Paloma [EMAIL PROTECTED] wrote: So, I was able to make the IPSec thing work to allow certain IPs also. You just set up a separate pass rule for the IPs you want to let in. Works fine. I used it to block all RCON except for those sent from HLStatsX and myself. This line blocks all access to TCP port 27015: ipseccmd.exe -w REG -p Block TCP 27015 Filter -r Block Inbound TCP 27015 Rule -f *=0:27015:TCP -n BLOCK -x Then use this line to allow those you trust at the rcon port (shown with 216.40.218.146): ipseccmd.exe -w REG -p Block TCP 27015 Filter -r Allow TCP 27015 From 216.40.218.146 -f 216.40.218.146=0:27015:TCP -n PASS -x I hope this helps someone. I've seen no adverse side effects to blocking TCP 27015 except for blocking RCON. It seems that all game data goes to UDP 27015. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tony Paloma Sent: Monday, April 28, 2008 10:43 PM To: 'Half-Life dedicated Win32 server mailing list' Subject: Re: [hlds] Nuke Exploit Info and Prevention You can block TCP/IP port 27015 on Windows Server using IPSec policies. IPSeccmd.exe -W REG -p Block TCP 27015 Filter -r Block Inbound 27015 Rule -f *=0:27015:TCP -n BLOCK -x This will of course prevent RCON connections. Allowing certain IP addresses is probably possible but I'm unsure of how to do it. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Nephyrin Zey Sent: Monday, April 28, 2008 10:26 PM To: Half-Life dedicated Win32 server mailing list; Half-Life dedicated Linux server mailing list Subject: [hlds] Nuke Exploit Info and Prevention The nuke exploit works as follows: Connect to a server via TCP (rcon, does anything else use TCP? I have no idea.) on its port. Send a million garbage packets ??? Profit The server goes insane handling them. Solution: Limit incoming TCP packets to ~1/second from any given IP on that port, *OR* Block TCP access to the server's port except from trusted people. Linux IPtables rules: iptables -A INPUT -p tcp --dport 27015 -m hashlimit --hashlimit-mode srcip,dstip,dstport --hashlimit 1/sec --hashlimit-burst 1 --hashlimit-name TF_PACKET_LIMIT -j ACCEPT iptables -A INPUT -p tcp --dport 27015 -j DROP /etc/init.d/iptables save /etc/init.d/iptables start (Note: you probably shouldn't enable iptables blindly if you don't know what you're doing) Windows: Block TCP to 27015 except for trusted people. Or something. Someone who admins window servers will need to guide you! - Neph (sv_benchmark_force_start fix coming in a few minutes) ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] sv_benchmark_force_start exploit info and *fix*
I've tested it on both OS's... It works on both. (Exploit and fix.) Saint K. wrote: Neph, does this issue exist on Linux as well if you know? Cheers, Saint K. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Nephyrin Zey Sent: Tuesday, April 29, 2008 8:16 AM To: Half-Life dedicated Win32 server mailing list Subject: Re: [hlds] sv_benchmark_force_start exploit info and *fix* (That's assuming the .dll/so is in orangebox/tf/addons, if you followed my instructions (orangebox/bin) use the .vdf in the zip) On Mon, Apr 28, 2008 at 11:11 PM, Cc2iscooL [EMAIL PROTECTED] wrote: Add the following to a VDF named NephCVUH.vdf Plugin { file ../orangebox/tf/addons/NephCVUH } Andrius Pirus wrote: Oh thanks Neph, but where is a vdf file? Quoting Nephyrin Zey : (repost since list partially (?) rejected message with attachment instead of link) sv_benchmark_force_start, when typed in the console by any player, crashes a server. Yay. This is a plugin: http://www.nephyrin.net/NephCVUH_1.0.zip The plugin adds the 'ncp' command, which makes the selected cvar a CHEAT so load up the plugin, and add to your server.cfg: ncp sv_benchmark_force_start That should be it. Let me know if you have any problems. - Neph ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds Links: -- [1] mailto:[EMAIL PROTECTED] ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] Nuke Exploit Info and Prevention
Another update, because i love iptables so much, you might want to do --hashlimit-burst 3 instead of 1, so that 'bursts' of three packets can occur. This allows the rcon login packet + a command packet to get through before triggering the filter, so your first rcon command isn't lagged a second becuase it has to resend. - Neph On Mon, Apr 28, 2008 at 11:52 PM, Nephyrin Zey [EMAIL PROTECTED] wrote: While the iptables thing I posted (1 rcon/second) works fine, if you instead want to do a whitelist like this in linux as well: iptables -A INPUT -p tcp --dport 27015 --source 123.123.12.3 -j ACCEPT iptables -A INPUT -p tcp --dport 27015 --source 115.53.3.22 -j ACCEPT [... repeat for as many IPs as you want to allow] iptables -A INPUT -p tcp --dport 27015 -j DROP you can also do iptables -A INPUT -p tcp --dport 27015 --source 123.123.12.3 -j ACCEPT iptables -A INPUT -p tcp --dport 27015 --source 115.53.3.22 -j ACCEPT [... repeat for as many IPs as you want to allow] iptables -A INPUT -p tcp --dport 27015 -m hashlimit --hashlimit-mode srcip,dstip,dstport --hashlimit 1/sec --hashlimit-burst 1 --hashlimit-name TF_PACKET_LIMIT -j ACCEPT iptables -A INPUT -p tcp --dport 27015 -j DROP Do combine both - a whitelist, then a 1rcon/second limit for non-whitelisted people. - Neph On Mon, Apr 28, 2008 at 11:45 PM, Tony Paloma [EMAIL PROTECTED] wrote: So, I was able to make the IPSec thing work to allow certain IPs also. You just set up a separate pass rule for the IPs you want to let in. Works fine. I used it to block all RCON except for those sent from HLStatsX and myself. This line blocks all access to TCP port 27015: ipseccmd.exe -w REG -p Block TCP 27015 Filter -r Block Inbound TCP 27015 Rule -f *=0:27015:TCP -n BLOCK -x Then use this line to allow those you trust at the rcon port (shown with 216.40.218.146): ipseccmd.exe -w REG -p Block TCP 27015 Filter -r Allow TCP 27015 From 216.40.218.146 -f 216.40.218.146=0:27015:TCP -n PASS -x I hope this helps someone. I've seen no adverse side effects to blocking TCP 27015 except for blocking RCON. It seems that all game data goes to UDP 27015. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tony Paloma Sent: Monday, April 28, 2008 10:43 PM To: 'Half-Life dedicated Win32 server mailing list' Subject: Re: [hlds] Nuke Exploit Info and Prevention You can block TCP/IP port 27015 on Windows Server using IPSec policies. IPSeccmd.exe -W REG -p Block TCP 27015 Filter -r Block Inbound 27015 Rule -f *=0:27015:TCP -n BLOCK -x This will of course prevent RCON connections. Allowing certain IP addresses is probably possible but I'm unsure of how to do it. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Nephyrin Zey Sent: Monday, April 28, 2008 10:26 PM To: Half-Life dedicated Win32 server mailing list; Half-Life dedicated Linux server mailing list Subject: [hlds] Nuke Exploit Info and Prevention The nuke exploit works as follows: Connect to a server via TCP (rcon, does anything else use TCP? I have no idea.) on its port. Send a million garbage packets ??? Profit The server goes insane handling them. Solution: Limit incoming TCP packets to ~1/second from any given IP on that port, *OR* Block TCP access to the server's port except from trusted people. Linux IPtables rules: iptables -A INPUT -p tcp --dport 27015 -m hashlimit --hashlimit-mode srcip,dstip,dstport --hashlimit 1/sec --hashlimit-burst 1 --hashlimit-name TF_PACKET_LIMIT -j ACCEPT iptables -A INPUT -p tcp --dport 27015 -j DROP /etc/init.d/iptables save /etc/init.d/iptables start (Note: you probably shouldn't enable iptables blindly if you don't know what you're doing) Windows: Block TCP to 27015 except for trusted people. Or something. Someone who admins window servers will need to guide you! - Neph (sv_benchmark_force_start fix coming in a few minutes) ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit:
Re: [hlds] sv_benchmark_force_start exploit info and *fix*
VALVe, Any hint on if this can be patched with the update tonight? Cheers, -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Cc2iscooL Sent: Tuesday, April 29, 2008 8:59 AM To: Half-Life dedicated Win32 server mailing list Subject: Re: [hlds] sv_benchmark_force_start exploit info and *fix* I've tested it on both OS's... It works on both. (Exploit and fix.) Saint K. wrote: Neph, does this issue exist on Linux as well if you know? Cheers, Saint K. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Nephyrin Zey Sent: Tuesday, April 29, 2008 8:16 AM To: Half-Life dedicated Win32 server mailing list Subject: Re: [hlds] sv_benchmark_force_start exploit info and *fix* (That's assuming the .dll/so is in orangebox/tf/addons, if you followed my instructions (orangebox/bin) use the .vdf in the zip) On Mon, Apr 28, 2008 at 11:11 PM, Cc2iscooL [EMAIL PROTECTED] wrote: Add the following to a VDF named NephCVUH.vdf Plugin { file ../orangebox/tf/addons/NephCVUH } Andrius Pirus wrote: Oh thanks Neph, but where is a vdf file? Quoting Nephyrin Zey : (repost since list partially (?) rejected message with attachment instead of link) sv_benchmark_force_start, when typed in the console by any player, crashes a server. Yay. This is a plugin: http://www.nephyrin.net/NephCVUH_1.0.zip The plugin adds the 'ncp' command, which makes the selected cvar a CHEAT so load up the plugin, and add to your server.cfg: ncp sv_benchmark_force_start That should be it. Let me know if you have any problems. - Neph ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds Links: -- [1] mailto:[EMAIL PROTECTED] ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] sv_benchmark_force_start exploit info and *fix*
Valve is sleeping. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Saint K. Sent: Tuesday, April 29, 2008 12:04 AM To: 'Half-Life dedicated Win32 server mailing list' Subject: Re: [hlds] sv_benchmark_force_start exploit info and *fix* VALVe, Any hint on if this can be patched with the update tonight? Cheers, -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Cc2iscooL Sent: Tuesday, April 29, 2008 8:59 AM To: Half-Life dedicated Win32 server mailing list Subject: Re: [hlds] sv_benchmark_force_start exploit info and *fix* I've tested it on both OS's... It works on both. (Exploit and fix.) Saint K. wrote: Neph, does this issue exist on Linux as well if you know? Cheers, Saint K. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Nephyrin Zey Sent: Tuesday, April 29, 2008 8:16 AM To: Half-Life dedicated Win32 server mailing list Subject: Re: [hlds] sv_benchmark_force_start exploit info and *fix* (That's assuming the .dll/so is in orangebox/tf/addons, if you followed my instructions (orangebox/bin) use the .vdf in the zip) On Mon, Apr 28, 2008 at 11:11 PM, Cc2iscooL [EMAIL PROTECTED] wrote: Add the following to a VDF named NephCVUH.vdf Plugin { file ../orangebox/tf/addons/NephCVUH } Andrius Pirus wrote: Oh thanks Neph, but where is a vdf file? Quoting Nephyrin Zey : (repost since list partially (?) rejected message with attachment instead of link) sv_benchmark_force_start, when typed in the console by any player, crashes a server. Yay. This is a plugin: http://www.nephyrin.net/NephCVUH_1.0.zip The plugin adds the 'ncp' command, which makes the selected cvar a CHEAT so load up the plugin, and add to your server.cfg: ncp sv_benchmark_force_start That should be it. Let me know if you have any problems. - Neph ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds Links: -- [1] mailto:[EMAIL PROTECTED] ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] sv_benchmark_force_start exploit info and *fix*
Make a plugin for that then too :P -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Nephyrin Zey Sent: Tuesday, April 29, 2008 12:15 AM To: Half-Life dedicated Win32 server mailing list Subject: Re: [hlds] sv_benchmark_force_start exploit info and *fix* Yes this applies to windows and linux. My .zip contains a plugin for both. I would hope VALVe doesn't delay the update for this though. This plugin fixes it just fine in the meantime, and I need goldrush desperately :-P On Tue, Apr 29, 2008 at 12:03 AM, Saint K. [EMAIL PROTECTED] wrote: VALVe, Any hint on if this can be patched with the update tonight? Cheers, ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] sv_benchmark_force_start exploit info and *fix*
Valve is busy fixing important things like the custom tab, they have no time for extremely destructive security holes! On Tue, Apr 29, 2008 at 12:16 AM, Tony Paloma [EMAIL PROTECTED] wrote: Valve is sleeping. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Saint K. Sent: Tuesday, April 29, 2008 12:04 AM To: 'Half-Life dedicated Win32 server mailing list' Subject: Re: [hlds] sv_benchmark_force_start exploit info and *fix* VALVe, Any hint on if this can be patched with the update tonight? Cheers, -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Cc2iscooL Sent: Tuesday, April 29, 2008 8:59 AM To: Half-Life dedicated Win32 server mailing list Subject: Re: [hlds] sv_benchmark_force_start exploit info and *fix* I've tested it on both OS's... It works on both. (Exploit and fix.) Saint K. wrote: Neph, does this issue exist on Linux as well if you know? Cheers, Saint K. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Nephyrin Zey Sent: Tuesday, April 29, 2008 8:16 AM To: Half-Life dedicated Win32 server mailing list Subject: Re: [hlds] sv_benchmark_force_start exploit info and *fix* (That's assuming the .dll/so is in orangebox/tf/addons, if you followed my instructions (orangebox/bin) use the .vdf in the zip) On Mon, Apr 28, 2008 at 11:11 PM, Cc2iscooL [EMAIL PROTECTED] wrote: Add the following to a VDF named NephCVUH.vdf Plugin { file ../orangebox/tf/addons/NephCVUH } Andrius Pirus wrote: Oh thanks Neph, but where is a vdf file? Quoting Nephyrin Zey : (repost since list partially (?) rejected message with attachment instead of link) sv_benchmark_force_start, when typed in the console by any player, crashes a server. Yay. This is a plugin: http://www.nephyrin.net/NephCVUH_1.0.zip The plugin adds the 'ncp' command, which makes the selected cvar a CHEAT so load up the plugin, and add to your server.cfg: ncp sv_benchmark_force_start That should be it. Let me know if you have any problems. - Neph ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds Links: -- [1] mailto:[EMAIL PROTECTED] ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] sv_benchmark_force_start exploit info and *fix*
For those of you more SourceMod inclined, I have made an equivalent plugin. http://forums.alliedmods.net/showthread.php?p=618453 DontWannaName! wrote: Ok I installed it but I dont really now why. I know it blocks a certain exploit so its good that all server ops have it im guessing. I have Sourcemod but I doubt anyone is going to write it in Sourcepawn. Maybe Valve will fix it by tomorrow Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now. http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] sv_benchmark_force_start exploit info and *fix*
Yes, and remove the custom tab ! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Saint K. Sent: Tuesday, April 29, 2008 9:04 AM To: 'Half-Life dedicated Win32 server mailing list' Subject: Re: [hlds] sv_benchmark_force_start exploit info and *fix* VALVe, Any hint on if this can be patched with the update tonight? Cheers, -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Cc2iscooL Sent: Tuesday, April 29, 2008 8:59 AM To: Half-Life dedicated Win32 server mailing list Subject: Re: [hlds] sv_benchmark_force_start exploit info and *fix* I've tested it on both OS's... It works on both. (Exploit and fix.) Saint K. wrote: Neph, does this issue exist on Linux as well if you know? Cheers, Saint K. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Nephyrin Zey Sent: Tuesday, April 29, 2008 8:16 AM To: Half-Life dedicated Win32 server mailing list Subject: Re: [hlds] sv_benchmark_force_start exploit info and *fix* (That's assuming the .dll/so is in orangebox/tf/addons, if you followed my instructions (orangebox/bin) use the .vdf in the zip) On Mon, Apr 28, 2008 at 11:11 PM, Cc2iscooL [EMAIL PROTECTED] wrote: Add the following to a VDF named NephCVUH.vdf Plugin { file ../orangebox/tf/addons/NephCVUH } Andrius Pirus wrote: Oh thanks Neph, but where is a vdf file? Quoting Nephyrin Zey : (repost since list partially (?) rejected message with attachment instead of link) sv_benchmark_force_start, when typed in the console by any player, crashes a server. Yay. This is a plugin: http://www.nephyrin.net/NephCVUH_1.0.zip The plugin adds the 'ncp' command, which makes the selected cvar a CHEAT so load up the plugin, and add to your server.cfg: ncp sv_benchmark_force_start That should be it. Let me know if you have any problems. - Neph ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds Links: -- [1] mailto:[EMAIL PROTECTED] ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds -- Pt! Schon vom neuen GMX MultiMessenger gehört? Der kann`s mit allen: http://www.gmx.net/de/go/multimessenger ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] Nuke Exploit Info and Prevention
Hey, i'm sending another email! How about it. I just started using this rule as well: iptables -A INPUT -p tcp --syn --dport 27015 -m connlimit --connlimit-above 3 -j REJECT to limit myself to 3 (adjust to suit your needs) concurrent TCP connections from any given IP to the server port. Why would you need to have more than three rcon sessions going with one server? - Neph On Mon, Apr 28, 2008 at 11:59 PM, Nephyrin Zey [EMAIL PROTECTED] wrote: Another update, because i love iptables so much, you might want to do --hashlimit-burst 3 instead of 1, so that 'bursts' of three packets can occur. This allows the rcon login packet + a command packet to get through before triggering the filter, so your first rcon command isn't lagged a second becuase it has to resend. - Neph ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
[hlds] Pirated TF2 Servers
Seriously voogru, lets not get off topic. Here, I moved it to its own there where it's on topic: People too cheap to pay developers $30 to play one of the best games of the genre. Discuss. On Mon, Apr 28, 2008 at 11:24 PM, Andrius Pirus [EMAIL PROTECTED] wrote: no. and i think we shouldnt make offtopic :) Quoting voogru : Do you run the tf2.gign.lv servers by any chance? - voogru. ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] Pirated TF2 Servers
It was $20 last weekend. :) Nephyrin Zey wrote: Seriously voogru, lets not get off topic. Here, I moved it to its own there where it's on topic: People too cheap to pay developers $30 to play one of the best games of the genre. Discuss. On Mon, Apr 28, 2008 at 11:24 PM, Andrius Pirus [EMAIL PROTECTED] wrote: no. and i think we shouldnt make offtopic :) Quoting voogru : Do you run the tf2.gign.lv servers by any chance? - voogru. ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] New server exploit (not nuking)
yeah thanks for making this info public :/ my tf2 servers are getting hammered , maybe there could be an invite only list for these sort of topics On Tue, Apr 29, 2008 at 4:50 PM, Tony Paloma [EMAIL PROTECTED] wrote: Sick burnnn -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of voogru Sent: Monday, April 28, 2008 11:41 PM To: 'Half-Life dedicated Win32 server mailing list' Subject: Re: [hlds] New server exploit (not nuking) Hi Andrius Pirus, I am going to call you out on this, the IP address you posted on this mailing list is mine. I went on a rampage of using this exploit on cracked servers, I joined suspect servers and looked for cracked steamids in the status. The only way you could have got my IP address is by running a cracked server. This is a status of what I believe to be your server. hostname: GIGN Team Fortress 2 | tf2.gign.lv version : 1.0.2.3/14 3434 secure udp/ip : 193.46.236.246:27015 map : cp_dustbowl at: 0 x, 0 y, 0 z players : 31 (32 max) # userid name uniqueid connected ping loss state # 14394 unnamed STEAM_666:88_666 42:55 335 0 active # 14230 RIM STEAM_666:88_666 4:26:14 196 0 active # 14420 HitmanForMoney STEAM_666:88_666 13:26 72 0 active # 14347 JellyBean STEAM_666:88_666 1:34:25 240 0 active Interesting steamids! You deny running this server, so I took your username from your email address and googled it, I found this: http://www.btmon.com/uploader/izvrashenj (NOT SAFE FOR WORK) http://thepiratebay.org/user/izvrashenj/0/7 Interesting, someone with that weird name just so happens to pirate TF2. And then, your email, just so happens to be [EMAIL PROTECTED], coincidence? I think not! Andrius Pirus is actively pirating our beloved TF2. Go fuck yourself. - voogru. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Andrius Pirus Sent: Tuesday, April 29, 2008 2:24 AM To: Half-Life dedicated Win32 server mailing list Subject: Re: [hlds] New server exploit (not nuking) no. and i think we shouldnt make offtopic :) Quoting voogru : Do you run the tf2.gign.lv servers by any chance? - voogru. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Andrius Pirus Sent: Tuesday, April 29, 2008 2:03 AM To: Half-Life dedicated Win32 server mailing list Subject: Re: [hlds] New server exploit (not nuking) So i think found out the hacker's who sent those bots in my server ip and steamid: from logfile: The Spamminator connected, address 65.13.45.43:50347 The Spamminator STEAM USERID validated The Spamminator joined team Spectator Bot01 connected, address 0.0.0.0:0 Bot01 entered the game Bot01 joined team Blue Bot01 changed role to engineer Bot01 triggered builtobject (object OBJ_SENTRYGUN) (position -3202 2784 -445) Bot02 connected, address 0.0.0.0:0 Bot02 entered the game and so on.. while the server became full of bots :( I hope this could someone find out the reason of this problem Quoting P. Bhandal : I'd really prefer it if they spent their time ensuring that the wonder that is the custom tab is successful rather than patching this security hole. Priorities people! On Mon, Apr 28, 2008 at 10:02 PM, voogru [EMAIL PROTECTED] wrote: Well, we still did the right thing. Whether they give us credit or not, no big deal. It would be neat though :D - voogru. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tony Paloma Sent: Tuesday, April 29, 2008 12:54 AM To: 'Half-Life dedicated Win32 server mailing list' Subject: Re: [hlds] New server exploit (not nuking) One srcds exploit. I helped. That reminds me, didn't valve say they'd give us a mention in a steam news update thing? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of voogru Sent: Monday, April 28, 2008 9:41 PM To: 'Half-Life dedicated Win32 server mailing list' Subject: Re: [hlds] New server exploit (not nuking) No. Me first. I probably found some of the coolest srcds exploits anyway (was recently fixed :D) - voogru. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tony Paloma Sent: Tuesday, April 29, 2008 12:24 AM To: 'Half-Life dedicated Win32 server mailing list' Subject: Re: [hlds] New server exploit (not nuking) Uhm, me first. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Nephyrin Zey Sent: Monday, April 28, 2008 9:19 PM To: Half-Life dedicated Win32 server mailing list Subject: Re: [hlds] New server exploit (not nuking) Dear Valve: God damn. I just finished my damn iptables rule to fix your broken packethandling. In conclusion, give me a job. (please?
Re: [hlds] New server exploit (not nuking)
2008/4/29 Andrew A [EMAIL PROTECTED]: yeah thanks for making this info public :/ my tf2 servers are getting hammered , maybe there could be an invite only list for these sort of topics On Tue, Apr 29, 2008 at 4:50 PM, Tony Paloma [EMAIL PROTECTED] wrote: Sick burnnn -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of voogru Sent: Monday, April 28, 2008 11:41 PM To: 'Half-Life dedicated Win32 server mailing list' Subject: Re: [hlds] New server exploit (not nuking) Hi Andrius Pirus, I am going to call you out on this, the IP address you posted on this mailing list is mine. I went on a rampage of using this exploit on cracked servers, I joined suspect servers and looked for cracked steamids in the status. The only way you could have got my IP address is by running a cracked server. This is a status of what I believe to be your server. hostname: GIGN Team Fortress 2 | tf2.gign.lv version : 1.0.2.3/14 3434 secure udp/ip : 193.46.236.246:27015 map : cp_dustbowl at: 0 x, 0 y, 0 z players : 31 (32 max) # userid name uniqueid connected ping loss state # 14394 unnamed STEAM_666:88_666 42:55 335 0 active # 14230 RIM STEAM_666:88_666 4:26:14 196 0 active # 14420 HitmanForMoney STEAM_666:88_666 13:26 72 0 active # 14347 JellyBean STEAM_666:88_666 1:34:25 240 0 active Interesting steamids! You deny running this server, so I took your username from your email address and googled it, I found this: http://www.btmon.com/uploader/izvrashenj (NOT SAFE FOR WORK) http://thepiratebay.org/user/izvrashenj/0/7 Interesting, someone with that weird name just so happens to pirate TF2. And then, your email, just so happens to be [EMAIL PROTECTED], coincidence? I think not! Andrius Pirus is actively pirating our beloved TF2. Go fuck yourself. - voogru. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Andrius Pirus Sent: Tuesday, April 29, 2008 2:24 AM To: Half-Life dedicated Win32 server mailing list Subject: Re: [hlds] New server exploit (not nuking) no. and i think we shouldnt make offtopic :) Quoting voogru : Do you run the tf2.gign.lv servers by any chance? - voogru. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Andrius Pirus Sent: Tuesday, April 29, 2008 2:03 AM To: Half-Life dedicated Win32 server mailing list Subject: Re: [hlds] New server exploit (not nuking) So i think found out the hacker's who sent those bots in my server ip and steamid: from logfile: The Spamminator connected, address 65.13.45.43:50347 The Spamminator STEAM USERID validated The Spamminator joined team Spectator Bot01 connected, address 0.0.0.0:0 Bot01 entered the game Bot01 joined team Blue Bot01 changed role to engineer Bot01 triggered builtobject (object OBJ_SENTRYGUN) (position -3202 2784 -445) Bot02 connected, address 0.0.0.0:0 Bot02 entered the game and so on.. while the server became full of bots :( I hope this could someone find out the reason of this problem Quoting P. Bhandal : I'd really prefer it if they spent their time ensuring that the wonder that is the custom tab is successful rather than patching this security hole. Priorities people! On Mon, Apr 28, 2008 at 10:02 PM, voogru [EMAIL PROTECTED] wrote: Well, we still did the right thing. Whether they give us credit or not, no big deal. It would be neat though :D - voogru. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tony Paloma Sent: Tuesday, April 29, 2008 12:54 AM To: 'Half-Life dedicated Win32 server mailing list' Subject: Re: [hlds] New server exploit (not nuking) One srcds exploit. I helped. That reminds me, didn't valve say they'd give us a mention in a steam news update thing? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of voogru Sent: Monday, April 28, 2008 9:41 PM To: 'Half-Life dedicated Win32 server mailing list' Subject: Re: [hlds] New server exploit (not nuking) No. Me first. I probably found some of the coolest srcds exploits anyway (was recently fixed :D) - voogru. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tony Paloma Sent: Tuesday, April 29, 2008 12:24 AM To: 'Half-Life dedicated Win32 server mailing list' Subject: Re: [hlds] New server exploit (not nuking) Uhm, me first. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL
Re: [hlds] New server exploit (not nuking)
yup.. mine are getting hammered also with the benchmark one.. although... thanks to this list and the people on it i have applied the fix from Neph.. Thanks Andrew A wrote: yeah thanks for making this info public :/ my tf2 servers are getting hammered , maybe there could be an invite only list for these sort of topics On Tue, Apr 29, 2008 at 4:50 PM, Tony Paloma [EMAIL PROTECTED] wrote: Sick burnnn -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of voogru Sent: Monday, April 28, 2008 11:41 PM To: 'Half-Life dedicated Win32 server mailing list' Subject: Re: [hlds] New server exploit (not nuking) Hi Andrius Pirus, I am going to call you out on this, the IP address you posted on this mailing list is mine. I went on a rampage of using this exploit on cracked servers, I joined suspect servers and looked for cracked steamids in the status. The only way you could have got my IP address is by running a cracked server. This is a status of what I believe to be your server. hostname: GIGN Team Fortress 2 | tf2.gign.lv version : 1.0.2.3/14 3434 secure udp/ip : 193.46.236.246:27015 map : cp_dustbowl at: 0 x, 0 y, 0 z players : 31 (32 max) # userid name uniqueid connected ping loss state # 14394 unnamed STEAM_666:88_666 42:55 335 0 active # 14230 RIM STEAM_666:88_666 4:26:14 196 0 active # 14420 HitmanForMoney STEAM_666:88_666 13:26 72 0 active # 14347 JellyBean STEAM_666:88_666 1:34:25 240 0 active Interesting steamids! You deny running this server, so I took your username from your email address and googled it, I found this: http://www.btmon.com/uploader/izvrashenj (NOT SAFE FOR WORK) http://thepiratebay.org/user/izvrashenj/0/7 Interesting, someone with that weird name just so happens to pirate TF2. And then, your email, just so happens to be [EMAIL PROTECTED], coincidence? I think not! Andrius Pirus is actively pirating our beloved TF2. Go fuck yourself. - voogru. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Andrius Pirus Sent: Tuesday, April 29, 2008 2:24 AM To: Half-Life dedicated Win32 server mailing list Subject: Re: [hlds] New server exploit (not nuking) no. and i think we shouldnt make offtopic :) Quoting voogru : Do you run the tf2.gign.lv servers by any chance? - voogru. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Andrius Pirus Sent: Tuesday, April 29, 2008 2:03 AM To: Half-Life dedicated Win32 server mailing list Subject: Re: [hlds] New server exploit (not nuking) So i think found out the hacker's who sent those bots in my server ip and steamid: from logfile: The Spamminator connected, address 65.13.45.43:50347 The Spamminator STEAM USERID validated The Spamminator joined team Spectator Bot01 connected, address 0.0.0.0:0 Bot01 entered the game Bot01 joined team Blue Bot01 changed role to engineer Bot01 triggered builtobject (object OBJ_SENTRYGUN) (position -3202 2784 -445) Bot02 connected, address 0.0.0.0:0 Bot02 entered the game and so on.. while the server became full of bots :( I hope this could someone find out the reason of this problem Quoting P. Bhandal : I'd really prefer it if they spent their time ensuring that the wonder that is the custom tab is successful rather than patching this security hole. Priorities people! On Mon, Apr 28, 2008 at 10:02 PM, voogru [EMAIL PROTECTED] wrote: Well, we still did the right thing. Whether they give us credit or not, no big deal. It would be neat though :D - voogru. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tony Paloma Sent: Tuesday, April 29, 2008 12:54 AM To: 'Half-Life dedicated Win32 server mailing list' Subject: Re: [hlds] New server exploit (not nuking) One srcds exploit. I helped. That reminds me, didn't valve say they'd give us a mention in a steam news update thing? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of voogru Sent: Monday, April 28, 2008 9:41 PM To: 'Half-Life dedicated Win32 server mailing list' Subject: Re: [hlds] New server exploit (not nuking) No. Me first. I probably found some of the coolest srcds exploits anyway (was recently fixed :D) - voogru. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tony Paloma Sent: Tuesday, April 29, 2008 12:24 AM To: 'Half-Life dedicated Win32 server mailing list' Subject: Re: [hlds] New server exploit (not nuking) Uhm, me first. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Nephyrin Zey Sent: Monday, April 28, 2008 9:19 PM To: Half-Life dedicated Win32 server mailing list Subject: Re: [hlds] New
Re: [hlds] New server exploit (not nuking)
I already published a simple plugin to fix this. We made it public and resolved it :-P - Neph ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] New server exploit (not nuking)
Yeah i've noticed this one a while ago. But it wasn't happening too often. Thanks for the fix anyways. On Tue, Apr 29, 2008 at 6:28 AM, Nephyrin Zey [EMAIL PROTECTED] wrote: I already published a simple plugin to fix this. We made it public and resolved it :-P - Neph ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] New server exploit (not nuking)
On Tue, Apr 29, 2008 at 3:34 AM, Chad Austin [EMAIL PROTECTED] wrote: You should ask Valve to double your pay this week for working all night. That would be funny if it weren't so sad. -Neph two times zero Zey ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] New server exploit (not nuking)
Neph likes to work for free though... Don't ya Neph? *runs* On Tue, Apr 29, 2008 at 6:51 AM, Nephyrin Zey [EMAIL PROTECTED] wrote: On Tue, Apr 29, 2008 at 3:34 AM, Chad Austin [EMAIL PROTECTED] wrote: You should ask Valve to double your pay this week for working all night. That would be funny if it weren't so sad. -Neph two times zero Zey ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] New server exploit (not nuking)
there is another command that crash the server and should be blocked - sv_soundscape_printdebuginfo Quoting Nephyrin Zey : I already published a simple plugin to fix this. We made it public and resolved it :-P - Neph ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds Links: -- [1] mailto:[EMAIL PROTECTED] ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] New server exploit (not nuking)
Does it affect only TF2 servers or all Source based games? there is another command that crash the server and should be blocked - sv_soundscape_printdebuginfo Quoting Nephyrin Zey : I already published a simple plugin to fix this. We made it public and resolved it :-P - Neph ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds Links: -- [1] mailto:[EMAIL PROTECTED] ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] New server exploit (not nuking)
I have tested it only on TF2... if you are able to test it on other games, please share your results Quoting Ronny Schedel [EMAIL PROTECTED]: Does it affect only TF2 servers or all Source based games? there is another command that crash the server and should be blocked - sv_soundscape_printdebuginfo Quoting Nephyrin Zey : I already published a simple plugin to fix this. We made it public and resolved it :-P - Neph ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds Links: -- [1] mailto:[EMAIL PROTECTED] ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] New server exploit (not nuking)
It didn't seem to crash my server but you can use Neph's plugin to disable this one as well: ncp sv_soundscape_printdebuginfo should do the trick On Tue, Apr 29, 2008 at 8:21 AM, Kaspars [EMAIL PROTECTED] wrote: I have tested it only on TF2... if you are able to test it on other games, please share your results Quoting Ronny Schedel [EMAIL PROTECTED]: Does it affect only TF2 servers or all Source based games? there is another command that crash the server and should be blocked - sv_soundscape_printdebuginfo Quoting Nephyrin Zey : I already published a simple plugin to fix this. We made it public and resolved it :-P - Neph ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds Links: -- [1] mailto:[EMAIL PROTECTED] ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] New server exploit (not nuking)
I already did so... dunno about the command, maybe it works in some specific situations, however it crashed my server every time. The command is executed from client console when I haven't joined any team, the server output before crash is following: --- SERVER SOUNDSCAPES --- - 6: 2fort.Indoor - 5: 2fort.OutdoorFort - 4: 2fort.OutdoorPond - 2: 2fort.Underground - 3: 2fort.Underground2 - 12: Badlands.Inside - 13: Badlands.Outside - 14: Badlands.OutsideInterior - 8: Dustbowl.Indoors - 7: Dustbowl.Outdoors - 20: Granary.Inside - 19: Granary.Outside - 16: GravelPit.Inside - 15: GravelPit.Outside - 18: Hydro.Inside - 17: Hydro.Outside - 1: tf2.general_ambient - 0: tf2.respawn_room - 9: Well.DeepInside - 10: Well.Inside - 11: Well.Outside SOUNDSCAPE ENTITIES - ./srcds_run: line 346: 20996 Illegal instruction $HL_CMD Add -debug to the ./srcds_run command line to generate a debug.log to help with solving this problem Tue Apr 29 15:44:56 EEST 2008: Server restart in 10 seconds Tue Apr 29 15:44:57 EEST 2008: Server Quit Quoting 1nsane . [EMAIL PROTECTED]: It didn't seem to crash my server but you can use Neph's plugin to disable this one as well: ncp sv_soundscape_printdebuginfo should do the trick On Tue, Apr 29, 2008 at 8:21 AM, Kaspars [EMAIL PROTECTED] wrote: I have tested it only on TF2... if you are able to test it on other games, please share your results Quoting Ronny Schedel [EMAIL PROTECTED]: Does it affect only TF2 servers or all Source based games? there is another command that crash the server and should be blocked - sv_soundscape_printdebuginfo Quoting Nephyrin Zey : I already published a simple plugin to fix this. We made it public and resolved it :-P - Neph ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds Links: -- [1] mailto:[EMAIL PROTECTED] ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] New server exploit (not nuking)
Yeah I got that output but it didn't crash my server. It's a Windows server though. Maybe that's why. On Tue, Apr 29, 2008 at 8:56 AM, Kaspars [EMAIL PROTECTED] wrote: I already did so... dunno about the command, maybe it works in some specific situations, however it crashed my server every time. The command is executed from client console when I haven't joined any team, the server output before crash is following: --- SERVER SOUNDSCAPES --- - 6: 2fort.Indoor - 5: 2fort.OutdoorFort - 4: 2fort.OutdoorPond - 2: 2fort.Underground - 3: 2fort.Underground2 - 12: Badlands.Inside - 13: Badlands.Outside - 14: Badlands.OutsideInterior - 8: Dustbowl.Indoors - 7: Dustbowl.Outdoors - 20: Granary.Inside - 19: Granary.Outside - 16: GravelPit.Inside - 15: GravelPit.Outside - 18: Hydro.Inside - 17: Hydro.Outside - 1: tf2.general_ambient - 0: tf2.respawn_room - 9: Well.DeepInside - 10: Well.Inside - 11: Well.Outside SOUNDSCAPE ENTITIES - ./srcds_run: line 346: 20996 Illegal instruction $HL_CMD Add -debug to the ./srcds_run command line to generate a debug.log to help with solving this problem Tue Apr 29 15:44:56 EEST 2008: Server restart in 10 seconds Tue Apr 29 15:44:57 EEST 2008: Server Quit Quoting 1nsane . [EMAIL PROTECTED]: It didn't seem to crash my server but you can use Neph's plugin to disable this one as well: ncp sv_soundscape_printdebuginfo should do the trick On Tue, Apr 29, 2008 at 8:21 AM, Kaspars [EMAIL PROTECTED] wrote: I have tested it only on TF2... if you are able to test it on other games, please share your results Quoting Ronny Schedel [EMAIL PROTECTED]: Does it affect only TF2 servers or all Source based games? there is another command that crash the server and should be blocked - sv_soundscape_printdebuginfo Quoting Nephyrin Zey : I already published a simple plugin to fix this. We made it public and resolved it :-P - Neph ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds Links: -- [1] mailto:[EMAIL PROTECTED] ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] New server exploit (not nuking)
What's your server IP? - voogru. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kaspars Sent: Tuesday, April 29, 2008 8:56 AM To: Half-Life dedicated Win32 server mailing list Subject: Re: [hlds] New server exploit (not nuking) I already did so... dunno about the command, maybe it works in some specific situations, however it crashed my server every time. The command is executed from client console when I haven't joined any team, the server output before crash is following: --- SERVER SOUNDSCAPES --- - 6: 2fort.Indoor - 5: 2fort.OutdoorFort - 4: 2fort.OutdoorPond - 2: 2fort.Underground - 3: 2fort.Underground2 - 12: Badlands.Inside - 13: Badlands.Outside - 14: Badlands.OutsideInterior - 8: Dustbowl.Indoors - 7: Dustbowl.Outdoors - 20: Granary.Inside - 19: Granary.Outside - 16: GravelPit.Inside - 15: GravelPit.Outside - 18: Hydro.Inside - 17: Hydro.Outside - 1: tf2.general_ambient - 0: tf2.respawn_room - 9: Well.DeepInside - 10: Well.Inside - 11: Well.Outside SOUNDSCAPE ENTITIES - ./srcds_run: line 346: 20996 Illegal instruction $HL_CMD Add -debug to the ./srcds_run command line to generate a debug.log to help with solving this problem Tue Apr 29 15:44:56 EEST 2008: Server restart in 10 seconds Tue Apr 29 15:44:57 EEST 2008: Server Quit Quoting 1nsane . [EMAIL PROTECTED]: It didn't seem to crash my server but you can use Neph's plugin to disable this one as well: ncp sv_soundscape_printdebuginfo should do the trick On Tue, Apr 29, 2008 at 8:21 AM, Kaspars [EMAIL PROTECTED] wrote: I have tested it only on TF2... if you are able to test it on other games, please share your results Quoting Ronny Schedel [EMAIL PROTECTED]: Does it affect only TF2 servers or all Source based games? there is another command that crash the server and should be blocked - sv_soundscape_printdebuginfo Quoting Nephyrin Zey : I already published a simple plugin to fix this. We made it public and resolved it :-P - Neph ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds Links: -- [1] mailto:[EMAIL PROTECTED] ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] New server exploit (not nuking)
Does it matter? Let me guess, you're gonna crashtest my server and in case u succeed, you will welcome everyone to your server, right? It's not gonna happen, puppy! Quoting voogru [EMAIL PROTECTED]: What's your server IP? - voogru. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kaspars Sent: Tuesday, April 29, 2008 8:56 AM To: Half-Life dedicated Win32 server mailing list Subject: Re: [hlds] New server exploit (not nuking) I already did so... dunno about the command, maybe it works in some specific situations, however it crashed my server every time. The command is executed from client console when I haven't joined any team, the server output before crash is following: --- SERVER SOUNDSCAPES --- - 6: 2fort.Indoor - 5: 2fort.OutdoorFort - 4: 2fort.OutdoorPond - 2: 2fort.Underground - 3: 2fort.Underground2 - 12: Badlands.Inside - 13: Badlands.Outside - 14: Badlands.OutsideInterior - 8: Dustbowl.Indoors - 7: Dustbowl.Outdoors - 20: Granary.Inside - 19: Granary.Outside - 16: GravelPit.Inside - 15: GravelPit.Outside - 18: Hydro.Inside - 17: Hydro.Outside - 1: tf2.general_ambient - 0: tf2.respawn_room - 9: Well.DeepInside - 10: Well.Inside - 11: Well.Outside SOUNDSCAPE ENTITIES - ./srcds_run: line 346: 20996 Illegal instruction $HL_CMD Add -debug to the ./srcds_run command line to generate a debug.log to help with solving this problem Tue Apr 29 15:44:56 EEST 2008: Server restart in 10 seconds Tue Apr 29 15:44:57 EEST 2008: Server Quit Quoting 1nsane . [EMAIL PROTECTED]: It didn't seem to crash my server but you can use Neph's plugin to disable this one as well: ncp sv_soundscape_printdebuginfo should do the trick On Tue, Apr 29, 2008 at 8:21 AM, Kaspars [EMAIL PROTECTED] wrote: I have tested it only on TF2... if you are able to test it on other games, please share your results Quoting Ronny Schedel [EMAIL PROTECTED]: Does it affect only TF2 servers or all Source based games? there is another command that crash the server and should be blocked - sv_soundscape_printdebuginfo Quoting Nephyrin Zey : I already published a simple plugin to fix this. We made it public and resolved it :-P - Neph ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds Links: -- [1] mailto:[EMAIL PROTECTED] ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] New server exploit (not nuking)
Uhm, no. The reason why I am asking is I have not seen a .lv server that was not a cracked/pirated TF2 server. - voogru. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kaspars Sent: Tuesday, April 29, 2008 10:02 AM To: Half-Life dedicated Win32 server mailing list Subject: Re: [hlds] New server exploit (not nuking) Does it matter? Let me guess, you're gonna crashtest my server and in case u succeed, you will welcome everyone to your server, right? It's not gonna happen, puppy! Quoting voogru [EMAIL PROTECTED]: What's your server IP? - voogru. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kaspars Sent: Tuesday, April 29, 2008 8:56 AM To: Half-Life dedicated Win32 server mailing list Subject: Re: [hlds] New server exploit (not nuking) I already did so... dunno about the command, maybe it works in some specific situations, however it crashed my server every time. The command is executed from client console when I haven't joined any team, the server output before crash is following: --- SERVER SOUNDSCAPES --- - 6: 2fort.Indoor - 5: 2fort.OutdoorFort - 4: 2fort.OutdoorPond - 2: 2fort.Underground - 3: 2fort.Underground2 - 12: Badlands.Inside - 13: Badlands.Outside - 14: Badlands.OutsideInterior - 8: Dustbowl.Indoors - 7: Dustbowl.Outdoors - 20: Granary.Inside - 19: Granary.Outside - 16: GravelPit.Inside - 15: GravelPit.Outside - 18: Hydro.Inside - 17: Hydro.Outside - 1: tf2.general_ambient - 0: tf2.respawn_room - 9: Well.DeepInside - 10: Well.Inside - 11: Well.Outside SOUNDSCAPE ENTITIES - ./srcds_run: line 346: 20996 Illegal instruction $HL_CMD Add -debug to the ./srcds_run command line to generate a debug.log to help with solving this problem Tue Apr 29 15:44:56 EEST 2008: Server restart in 10 seconds Tue Apr 29 15:44:57 EEST 2008: Server Quit Quoting 1nsane . [EMAIL PROTECTED]: It didn't seem to crash my server but you can use Neph's plugin to disable this one as well: ncp sv_soundscape_printdebuginfo should do the trick On Tue, Apr 29, 2008 at 8:21 AM, Kaspars [EMAIL PROTECTED] wrote: I have tested it only on TF2... if you are able to test it on other games, please share your results Quoting Ronny Schedel [EMAIL PROTECTED]: Does it affect only TF2 servers or all Source based games? there is another command that crash the server and should be blocked - sv_soundscape_printdebuginfo Quoting Nephyrin Zey : I already published a simple plugin to fix this. We made it public and resolved it :-P - Neph ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds Links: -- [1] mailto:[EMAIL PROTECTED] ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] New server exploit (not nuking)
Maybe thats because of people in this damn country doesn't give a sh** in supporting the developers and buying the game? Probably you just won't understand it anyway... Quoting voogru [EMAIL PROTECTED]: Uhm, no. The reason why I am asking is I have not seen a .lv server that was not a cracked/pirated TF2 server. - voogru. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kaspars Sent: Tuesday, April 29, 2008 10:02 AM To: Half-Life dedicated Win32 server mailing list Subject: Re: [hlds] New server exploit (not nuking) Does it matter? Let me guess, you're gonna crashtest my server and in case u succeed, you will welcome everyone to your server, right? It's not gonna happen, puppy! Quoting voogru [EMAIL PROTECTED]: What's your server IP? - voogru. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kaspars Sent: Tuesday, April 29, 2008 8:56 AM To: Half-Life dedicated Win32 server mailing list Subject: Re: [hlds] New server exploit (not nuking) I already did so... dunno about the command, maybe it works in some specific situations, however it crashed my server every time. The command is executed from client console when I haven't joined any team, the server output before crash is following: --- SERVER SOUNDSCAPES --- - 6: 2fort.Indoor - 5: 2fort.OutdoorFort - 4: 2fort.OutdoorPond - 2: 2fort.Underground - 3: 2fort.Underground2 - 12: Badlands.Inside - 13: Badlands.Outside - 14: Badlands.OutsideInterior - 8: Dustbowl.Indoors - 7: Dustbowl.Outdoors - 20: Granary.Inside - 19: Granary.Outside - 16: GravelPit.Inside - 15: GravelPit.Outside - 18: Hydro.Inside - 17: Hydro.Outside - 1: tf2.general_ambient - 0: tf2.respawn_room - 9: Well.DeepInside - 10: Well.Inside - 11: Well.Outside SOUNDSCAPE ENTITIES - ./srcds_run: line 346: 20996 Illegal instruction $HL_CMD Add -debug to the ./srcds_run command line to generate a debug.log to help with solving this problem Tue Apr 29 15:44:56 EEST 2008: Server restart in 10 seconds Tue Apr 29 15:44:57 EEST 2008: Server Quit Quoting 1nsane . [EMAIL PROTECTED]: It didn't seem to crash my server but you can use Neph's plugin to disable this one as well: ncp sv_soundscape_printdebuginfo should do the trick On Tue, Apr 29, 2008 at 8:21 AM, Kaspars [EMAIL PROTECTED] wrote: I have tested it only on TF2... if you are able to test it on other games, please share your results Quoting Ronny Schedel [EMAIL PROTECTED]: Does it affect only TF2 servers or all Source based games? there is another command that crash the server and should be blocked - sv_soundscape_printdebuginfo Quoting Nephyrin Zey : I already published a simple plugin to fix this. We made it public and resolved it :-P - Neph ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds Links: -- [1] mailto:[EMAIL PROTECTED] ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] New server exploit (not nuking)
Well, that sure makes me accusing you of being a pirate a lot easier. But I found your server anyway. It appears that this server, also has a member who happens to be named Kaspars. IP: 193.46.236.246:27015 http://www.game-monitor.com/tf2_GameServer/193.46.236.246:27015/GIGN_Team_Fo rtress_2__tf2.gign.lv-Variables.html The sv_contact is [EMAIL PROTECTED] And your name just so happens to be Kaspars ([EMAIL PROTECTED]) To show that this server, is a cracked server, this is a output of the status command on the server: hostname: GIGN Team Fortress 2 | tf2.gign.lv version : 1.0.2.3/14 3434 secure udp/ip : 193.46.236.246:27015 map : tc_hydro at: 0 x, 0 y, 0 z players : 31 (32 max) # userid name uniqueid connected ping loss state # 385 russman087 STEAM_0:0:7896881 00:14 231 73 spawning # 117 FroZen STEAM_666:88_666 2:43:07 190 0 active # 244 HyDE STEAM_0:0:4411810 1:27:48 180 0 active # 367 [GGP] tenochtitlan STEAM_0:0:17337278 11:44 199 0 active # 305 Grenade STEAM_666:88_666 49:01 444 0 active # 374 Unicefs STEAM_0:0:18971438 04:43 61 0 active # 265 [BEBRI] BulleT STEAM_0:1:1365 1:06:26 44 0 active # 337 Farnsworth STEAM_0:1:16598480 33:39 280 0 active # 384 Archeoptrix -V- STEAM_0:1:8149645 00:29 691 32 active # 288 [BEBRI] LongMan STEAM_0:0:18860784 55:02 63 0 active # 386 Steses STEAM_0:0:16557404 00:13 148 76 active # 382 Thief -V- STEAM_0:1:223130 01:09 205 0 active # 376 eBatas STEAM_0:0:18646857 03:14 153 0 active # 273 mara_spb STEAM_0:1:18877348 59:35 142 0 active # 364 Drept STEAM_666:88_666 13:44 140 0 active # 338 yang257 STEAM_0:1:16620122 33:34 442 0 active # 324 unnamed STEAM_666:88_666 42:05 110 0 active # 354 Dojacek STEAM_0:1:4573064 23:48 134 0 active # 378 [Merc]Kato STEAM_0:1:17449079 02:51 102 0 active # 331 Karuse STEAM_0:1:16652263 37:40 54 0 active # 346 Scratch STEAM_0:1:18647825 28:32 163 0 active # 330 RIkkY STEAM_666:88_666 38:17 53 0 active # 380 [RTFM] naziic STEAM_666:88_666 01:44 49 0 active # 339 Sharingan STEAM_666:88_666 32:41 35 0 active # 285 Lazze De Luxe STEAM_0:1:5044709 55:41 150 0 active # 361 BonD*Tm | rePlaY STEAM_666:88_666 16:51 46 0 active # 286 Mighty_Fluff STEAM_0:0:18990863 55:26 141 0 active # 340 kiki STEAM_666:88_666 32:37 73 0 active # 372 Revenger STEAM_666:88_666 07:28 157 0 active # 355 ReaLisTic STEAM_666:88_666 22:05 108 0 active # 381 -=CaNtThInKoFaNaMe=- STEAM_0:1:14115974 01:39 162 0 active At 10:35 AM EST, there are 11 players on this server with the steamid STEAM_666:88_666. Interesting! Or people can simply connect to the server, run status, and see it for yourself. Somehow, running a hacked tf2 server, you pretty much deserve whatever is coming to you with regards to your hacked server. I don't think you deserve to benefit from information on these lists when you didn't even pay for the game, and I don't think you have any room to talk about whining about your hacked server, getting hacked. - voogru. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kaspars Sent: Tuesday, April 29, 2008 10:25 AM To: Half-Life dedicated Win32 server mailing list Subject: Re: [hlds] New server exploit (not nuking) Maybe thats because of people in this damn country doesn't give a sh** in supporting the developers and buying the game? Probably you just won't understand it anyway... Quoting voogru [EMAIL PROTECTED]: Uhm, no. The reason why I am asking is I have not seen a .lv server that was not a cracked/pirated TF2 server. - voogru. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kaspars Sent: Tuesday, April 29, 2008 10:02 AM To: Half-Life dedicated Win32 server mailing list Subject: Re: [hlds] New server exploit (not nuking) Does it matter? Let me guess, you're gonna crashtest my server and in case u succeed, you will welcome everyone to your server, right? It's not gonna happen, puppy! Quoting voogru [EMAIL PROTECTED]: What's your server IP? - voogru. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kaspars Sent: Tuesday, April 29, 2008 8:56 AM To: Half-Life dedicated Win32 server mailing list Subject: Re: [hlds] New server exploit (not nuking) I already did so... dunno about the command, maybe it works in some specific situations, however it crashed my server every time. The command is executed from client console when I haven't joined any team, the server output before crash is following: --- SERVER SOUNDSCAPES --- - 6: 2fort.Indoor - 5: 2fort.OutdoorFort - 4: 2fort.OutdoorPond - 2: 2fort.Underground - 3: 2fort.Underground2 - 12: Badlands.Inside - 13: Badlands.Outside - 14: Badlands.OutsideInterior - 8: Dustbowl.Indoors - 7: Dustbowl.Outdoors - 20: Granary.Inside - 19: Granary.Outside - 16: GravelPit.Inside - 15: GravelPit.Outside - 18: Hydro.Inside - 17: Hydro.Outside - 1: tf2.general_ambient -
Re: [hlds] New server exploit (not nuking)
I'm not whining, I'm LMAO about you putting so much effort into crashing the server :) Quoting voogru [EMAIL PROTECTED]: Well, that sure makes me accusing you of being a pirate a lot easier. But I found your server anyway. It appears that this server, also has a member who happens to be named Kaspars. IP: 193.46.236.246:27015 http://www.game-monitor.com/tf2_GameServer/193.46.236.246:27015/GIGN_Team_Fo rtress_2__tf2.gign.lv-Variables.html The sv_contact is [EMAIL PROTECTED] And your name just so happens to be Kaspars ([EMAIL PROTECTED]) To show that this server, is a cracked server, this is a output of the status command on the server: hostname: GIGN Team Fortress 2 | tf2.gign.lv version : 1.0.2.3/14 3434 secure udp/ip : 193.46.236.246:27015 map : tc_hydro at: 0 x, 0 y, 0 z players : 31 (32 max) # userid name uniqueid connected ping loss state # 385 russman087 STEAM_0:0:7896881 00:14 231 73 spawning # 117 FroZen STEAM_666:88_666 2:43:07 190 0 active # 244 HyDE STEAM_0:0:4411810 1:27:48 180 0 active # 367 [GGP] tenochtitlan STEAM_0:0:17337278 11:44 199 0 active # 305 Grenade STEAM_666:88_666 49:01 444 0 active # 374 Unicefs STEAM_0:0:18971438 04:43 61 0 active # 265 [BEBRI] BulleT STEAM_0:1:1365 1:06:26 44 0 active # 337 Farnsworth STEAM_0:1:16598480 33:39 280 0 active # 384 Archeoptrix -V- STEAM_0:1:8149645 00:29 691 32 active # 288 [BEBRI] LongMan STEAM_0:0:18860784 55:02 63 0 active # 386 Steses STEAM_0:0:16557404 00:13 148 76 active # 382 Thief -V- STEAM_0:1:223130 01:09 205 0 active # 376 eBatas STEAM_0:0:18646857 03:14 153 0 active # 273 mara_spb STEAM_0:1:18877348 59:35 142 0 active # 364 Drept STEAM_666:88_666 13:44 140 0 active # 338 yang257 STEAM_0:1:16620122 33:34 442 0 active # 324 unnamed STEAM_666:88_666 42:05 110 0 active # 354 Dojacek STEAM_0:1:4573064 23:48 134 0 active # 378 [Merc]Kato STEAM_0:1:17449079 02:51 102 0 active # 331 Karuse STEAM_0:1:16652263 37:40 54 0 active # 346 Scratch STEAM_0:1:18647825 28:32 163 0 active # 330 RIkkY STEAM_666:88_666 38:17 53 0 active # 380 [RTFM] naziic STEAM_666:88_666 01:44 49 0 active # 339 Sharingan STEAM_666:88_666 32:41 35 0 active # 285 Lazze De Luxe STEAM_0:1:5044709 55:41 150 0 active # 361 BonD*Tm | rePlaY STEAM_666:88_666 16:51 46 0 active # 286 Mighty_Fluff STEAM_0:0:18990863 55:26 141 0 active # 340 kiki STEAM_666:88_666 32:37 73 0 active # 372 Revenger STEAM_666:88_666 07:28 157 0 active # 355 ReaLisTic STEAM_666:88_666 22:05 108 0 active # 381 -=CaNtThInKoFaNaMe=- STEAM_0:1:14115974 01:39 162 0 active At 10:35 AM EST, there are 11 players on this server with the steamid STEAM_666:88_666. Interesting! Or people can simply connect to the server, run status, and see it for yourself. Somehow, running a hacked tf2 server, you pretty much deserve whatever is coming to you with regards to your hacked server. I don't think you deserve to benefit from information on these lists when you didn't even pay for the game, and I don't think you have any room to talk about whining about your hacked server, getting hacked. - voogru. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kaspars Sent: Tuesday, April 29, 2008 10:25 AM To: Half-Life dedicated Win32 server mailing list Subject: Re: [hlds] New server exploit (not nuking) Maybe thats because of people in this damn country doesn't give a sh** in supporting the developers and buying the game? Probably you just won't understand it anyway... Quoting voogru [EMAIL PROTECTED]: Uhm, no. The reason why I am asking is I have not seen a .lv server that was not a cracked/pirated TF2 server. - voogru. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kaspars Sent: Tuesday, April 29, 2008 10:02 AM To: Half-Life dedicated Win32 server mailing list Subject: Re: [hlds] New server exploit (not nuking) Does it matter? Let me guess, you're gonna crashtest my server and in case u succeed, you will welcome everyone to your server, right? It's not gonna happen, puppy! Quoting voogru [EMAIL PROTECTED]: What's your server IP? - voogru. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kaspars Sent: Tuesday, April 29, 2008 8:56 AM To: Half-Life dedicated Win32 server mailing list Subject: Re: [hlds] New server exploit (not nuking) I already did so... dunno about the command, maybe it works in some specific situations, however it crashed my server every time. The command is executed from client console when I haven't joined any team, the server output before crash is following: --- SERVER SOUNDSCAPES --- - 6: 2fort.Indoor - 5: 2fort.OutdoorFort - 4: 2fort.OutdoorPond - 2: 2fort.Underground - 3: 2fort.Underground2 - 12: Badlands.Inside - 13:
Re: [hlds] Nuke Exploit Info and Prevention
An FYI for those who didnt know this (like me)... You have to install the Windows XP SP2 Support Tools to get ipseccmd on Win2k3 Server. http://support.microsoft.com/kb/838079/ -Dustin On Tue, Apr 29, 2008 at 1:45 AM, Tony Paloma [EMAIL PROTECTED] wrote: So, I was able to make the IPSec thing work to allow certain IPs also. You just set up a separate pass rule for the IPs you want to let in. Works fine. I used it to block all RCON except for those sent from HLStatsX and myself. This line blocks all access to TCP port 27015: ipseccmd.exe -w REG -p Block TCP 27015 Filter -r Block Inbound TCP 27015 Rule -f *=0:27015:TCP -n BLOCK -x Then use this line to allow those you trust at the rcon port (shown with 216.40.218.146): ipseccmd.exe -w REG -p Block TCP 27015 Filter -r Allow TCP 27015 From 216.40.218.146 -f 216.40.218.146=0:27015:TCP -n PASS -x I hope this helps someone. I've seen no adverse side effects to blocking TCP 27015 except for blocking RCON. It seems that all game data goes to UDP 27015. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tony Paloma Sent: Monday, April 28, 2008 10:43 PM To: 'Half-Life dedicated Win32 server mailing list' Subject: Re: [hlds] Nuke Exploit Info and Prevention You can block TCP/IP port 27015 on Windows Server using IPSec policies. IPSeccmd.exe -W REG -p Block TCP 27015 Filter -r Block Inbound 27015 Rule -f *=0:27015:TCP -n BLOCK -x This will of course prevent RCON connections. Allowing certain IP addresses is probably possible but I'm unsure of how to do it. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Nephyrin Zey Sent: Monday, April 28, 2008 10:26 PM To: Half-Life dedicated Win32 server mailing list; Half-Life dedicated Linux server mailing list Subject: [hlds] Nuke Exploit Info and Prevention The nuke exploit works as follows: Connect to a server via TCP (rcon, does anything else use TCP? I have no idea.) on its port. Send a million garbage packets ??? Profit The server goes insane handling them. Solution: Limit incoming TCP packets to ~1/second from any given IP on that port, *OR* Block TCP access to the server's port except from trusted people. Linux IPtables rules: iptables -A INPUT -p tcp --dport 27015 -m hashlimit --hashlimit-mode srcip,dstip,dstport --hashlimit 1/sec --hashlimit-burst 1 --hashlimit-name TF_PACKET_LIMIT -j ACCEPT iptables -A INPUT -p tcp --dport 27015 -j DROP /etc/init.d/iptables save /etc/init.d/iptables start (Note: you probably shouldn't enable iptables blindly if you don't know what you're doing) Windows: Block TCP to 27015 except for trusted people. Or something. Someone who admins window servers will need to guide you! - Neph (sv_benchmark_force_start fix coming in a few minutes) ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] New server exploit (not nuking)
el oh el, pwnd! - Original Message From: voogru [EMAIL PROTECTED] To: Half-Life dedicated Win32 server mailing list hlds@list.valvesoftware.com Sent: Tuesday, April 29, 2008 9:41:10 AM Subject: Re: [hlds] New server exploit (not nuking) Well, that sure makes me accusing you of being a pirate a lot easier. But I found your server anyway. It appears that this server, also has a member who happens to be named Kaspars. IP: 193.46.236.246:27015 http://www.game-monitor.com/tf2_GameServer/193.46.236.246:27015/GIGN_Team_Fo rtress_2__tf2.gign.lv-Variables.html The sv_contact is [EMAIL PROTECTED] And your name just so happens to be Kaspars ([EMAIL PROTECTED]) To show that this server, is a cracked server, this is a output of the status command on the server: hostname: GIGN Team Fortress 2 | tf2.gign.lv version : 1.0.2.3/14 3434 secure udp/ip : 193.46.236.246:27015 map : tc_hydro at: 0 x, 0 y, 0 z players : 31 (32 max) # userid name uniqueid connected ping loss state # 385 russman087 STEAM_0:0:7896881 00:14 231 73 spawning # 117 FroZen STEAM_666:88_666 2:43:07 190 0 active # 244 HyDE STEAM_0:0:4411810 1:27:48 180 0 active # 367 [GGP] tenochtitlan STEAM_0:0:17337278 11:44 199 0 active # 305 Grenade STEAM_666:88_666 49:01 444 0 active # 374 Unicefs STEAM_0:0:18971438 04:43 61 0 active # 265 [BEBRI] BulleT STEAM_0:1:1365 1:06:26 44 0 active # 337 Farnsworth STEAM_0:1:16598480 33:39 280 0 active # 384 Archeoptrix -V- STEAM_0:1:8149645 00:29 691 32 active # 288 [BEBRI] LongMan STEAM_0:0:18860784 55:02 63 0 active # 386 Steses STEAM_0:0:16557404 00:13 148 76 active # 382 Thief -V- STEAM_0:1:223130 01:09 205 0 active # 376 eBatas STEAM_0:0:18646857 03:14 153 0 active # 273 mara_spb STEAM_0:1:18877348 59:35 142 0 active # 364 Drept STEAM_666:88_666 13:44 140 0 active # 338 yang257 STEAM_0:1:16620122 33:34 442 0 active # 324 unnamed STEAM_666:88_666 42:05 110 0 active # 354 Dojacek STEAM_0:1:4573064 23:48 134 0 active # 378 [Merc]Kato STEAM_0:1:17449079 02:51 102 0 active # 331 Karuse STEAM_0:1:16652263 37:40 54 0 active # 346 Scratch STEAM_0:1:18647825 28:32 163 0 active # 330 RIkkY STEAM_666:88_666 38:17 53 0 active # 380 [RTFM] naziic STEAM_666:88_666 01:44 49 0 active # 339 Sharingan STEAM_666:88_666 32:41 35 0 active # 285 Lazze De Luxe STEAM_0:1:5044709 55:41 150 0 active # 361 BonD*Tm | rePlaY STEAM_666:88_666 16:51 46 0 active # 286 Mighty_Fluff STEAM_0:0:18990863 55:26 141 0 active # 340 kiki STEAM_666:88_666 32:37 73 0 active # 372 Revenger STEAM_666:88_666 07:28 157 0 active # 355 ReaLisTic STEAM_666:88_666 22:05 108 0 active # 381 -=CaNtThInKoFaNaMe=- STEAM_0:1:14115974 01:39 162 0 active At 10:35 AM EST, there are 11 players on this server with the steamid STEAM_666:88_666. Interesting! Or people can simply connect to the server, run status, and see it for yourself. Somehow, running a hacked tf2 server, you pretty much deserve whatever is coming to you with regards to your hacked server. I don't think you deserve to benefit from information on these lists when you didn't even pay for the game, and I don't think you have any room to talk about whining about your hacked server, getting hacked. - voogru. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kaspars Sent: Tuesday, April 29, 2008 10:25 AM To: Half-Life dedicated Win32 server mailing list Subject: Re: [hlds] New server exploit (not nuking) Maybe thats because of people in this damn country doesn't give a sh** in supporting the developers and buying the game? Probably you just won't understand it anyway... Quoting voogru [EMAIL PROTECTED]: Uhm, no. The reason why I am asking is I have not seen a .lv server that was not a cracked/pirated TF2 server. - voogru. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kaspars Sent: Tuesday, April 29, 2008 10:02 AM To: Half-Life dedicated Win32 server mailing list Subject: Re: [hlds] New server exploit (not nuking) Does it matter? Let me guess, you're gonna crashtest my server and in case u succeed, you will welcome everyone to your server, right? It's not gonna happen, puppy! Quoting voogru [EMAIL PROTECTED]: What's your server IP? - voogru. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kaspars Sent: Tuesday, April 29, 2008 8:56 AM To: Half-Life dedicated Win32 server mailing list Subject: Re: [hlds] New server exploit (not nuking) I already did so... dunno about the command, maybe it works in some specific situations, however it crashed my server every time. The command is executed from client console when I haven't joined any team, the server output before crash is following: --- SERVER SOUNDSCAPES --- - 6: 2fort.Indoor - 5: 2fort.OutdoorFort - 4: 2fort.OutdoorPond - 2: 2fort.Underground - 3: 2fort.Underground2 - 12: Badlands.Inside - 13: Badlands.Outside -
Re: [hlds] New server exploit (not nuking)
looks like you are really desperate my friend :D Apr 29 18:33:10 pussy sshd[28148]: Invalid user nfsnobody from 200.111.157.187 Apr 29 18:33:10 pussy sshd[28148]: Failed password for invalid user nfsnobody from 200.111.157.187 port 57265 ssh2 Apr 29 18:33:12 pussy sshd[28155]: Invalid user aptproxy from 200.111.157.187 Apr 29 18:33:12 pussy sshd[28155]: Failed password for invalid user aptproxy from 200.111.157.187 port 32977 ssh2 Apr 29 18:33:12 pussy sshd[28158]: Invalid user rpcuser from 200.111.157.187 Apr 29 18:33:12 pussy sshd[28158]: Failed password for invalid user rpcuser from 200.111.157.187 port 57525 ssh2 Apr 29 18:33:14 pussy sshd[28168]: Failed password for rpc from 200.111.157.187 port 57890 ssh2 Apr 29 18:33:15 pussy sshd[28165]: Invalid user desktop from 200.111.157.187 Apr 29 18:33:15 pussy sshd[28165]: Failed password for invalid user desktop from 200.111.157.187 port 8 ssh2 Apr 29 18:33:16 pussy sshd[28174]: Invalid user gopher from 200.111.157.187 Apr 29 18:33:16 pussy sshd[28174]: Failed password for invalid user gopher from 200.111.157.187 port 58160 ssh2 Apr 29 18:33:17 pussy sshd[28178]: Invalid user workshop from 200.111.157.187 Apr 29 18:33:17 pussy sshd[28178]: Failed password for invalid user workshop from 200.111.157.187 port 33734 ssh2 Apr 29 18:33:20 pussy sshd[28183]: Invalid user mailnull from 200.111.157.187 Apr 29 18:33:20 pussy sshd[28183]: Failed password for invalid user mailnull from 200.111.157.187 port 34115 ssh2 Apr 29 18:33:22 pussy sshd[28189]: Invalid user nfsnobody from 200.111.157.187 Apr 29 18:33:22 pussy sshd[28189]: Failed password for invalid user nfsnobody from 200.111.157.187 port 34375 ssh2 Apr 29 18:33:24 pussy sshd[28195]: Invalid user rpcuser from 200.111.157.187 Apr 29 18:33:24 pussy sshd[28195]: Failed password for invalid user rpcuser from 200.111.157.187 port 34711 ssh2 Apr 29 18:33:27 pussy sshd[28201]: Failed password for rpc from 200.111.157.187 port 35017 ssh2 Apr 29 18:33:29 pussy sshd[28207]: Invalid user gopher from 200.111.157.187 Quoting voogru [EMAIL PROTECTED]: Well, that sure makes me accusing you of being a pirate a lot easier. But I found your server anyway. It appears that this server, also has a member who happens to be named Kaspars. IP: 193.46.236.246:27015 http://www.game-monitor.com/tf2_GameServer/193.46.236.246:27015/GIGN_Team_Fo rtress_2__tf2.gign.lv-Variables.html The sv_contact is [EMAIL PROTECTED] And your name just so happens to be Kaspars ([EMAIL PROTECTED]) To show that this server, is a cracked server, this is a output of the status command on the server: hostname: GIGN Team Fortress 2 | tf2.gign.lv version : 1.0.2.3/14 3434 secure udp/ip : 193.46.236.246:27015 map : tc_hydro at: 0 x, 0 y, 0 z players : 31 (32 max) # userid name uniqueid connected ping loss state # 385 russman087 STEAM_0:0:7896881 00:14 231 73 spawning # 117 FroZen STEAM_666:88_666 2:43:07 190 0 active # 244 HyDE STEAM_0:0:4411810 1:27:48 180 0 active # 367 [GGP] tenochtitlan STEAM_0:0:17337278 11:44 199 0 active # 305 Grenade STEAM_666:88_666 49:01 444 0 active # 374 Unicefs STEAM_0:0:18971438 04:43 61 0 active # 265 [BEBRI] BulleT STEAM_0:1:1365 1:06:26 44 0 active # 337 Farnsworth STEAM_0:1:16598480 33:39 280 0 active # 384 Archeoptrix -V- STEAM_0:1:8149645 00:29 691 32 active # 288 [BEBRI] LongMan STEAM_0:0:18860784 55:02 63 0 active # 386 Steses STEAM_0:0:16557404 00:13 148 76 active # 382 Thief -V- STEAM_0:1:223130 01:09 205 0 active # 376 eBatas STEAM_0:0:18646857 03:14 153 0 active # 273 mara_spb STEAM_0:1:18877348 59:35 142 0 active # 364 Drept STEAM_666:88_666 13:44 140 0 active # 338 yang257 STEAM_0:1:16620122 33:34 442 0 active # 324 unnamed STEAM_666:88_666 42:05 110 0 active # 354 Dojacek STEAM_0:1:4573064 23:48 134 0 active # 378 [Merc]Kato STEAM_0:1:17449079 02:51 102 0 active # 331 Karuse STEAM_0:1:16652263 37:40 54 0 active # 346 Scratch STEAM_0:1:18647825 28:32 163 0 active # 330 RIkkY STEAM_666:88_666 38:17 53 0 active # 380 [RTFM] naziic STEAM_666:88_666 01:44 49 0 active # 339 Sharingan STEAM_666:88_666 32:41 35 0 active # 285 Lazze De Luxe STEAM_0:1:5044709 55:41 150 0 active # 361 BonD*Tm | rePlaY STEAM_666:88_666 16:51 46 0 active # 286 Mighty_Fluff STEAM_0:0:18990863 55:26 141 0 active # 340 kiki STEAM_666:88_666 32:37 73 0 active # 372 Revenger STEAM_666:88_666 07:28 157 0 active # 355 ReaLisTic STEAM_666:88_666 22:05 108 0 active # 381 -=CaNtThInKoFaNaMe=- STEAM_0:1:14115974 01:39 162 0 active At 10:35 AM EST, there are 11 players on this server with the steamid STEAM_666:88_666. Interesting! Or people can simply connect to the server, run status, and see it for yourself. Somehow, running a hacked tf2 server, you pretty much deserve whatever is coming to you with regards to your hacked server. I don't think you deserve to benefit from information on these lists when you didn't even pay for the game, and I
Re: [hlds] New server exploit (not nuking)
Sorry mate, that's not me. I live in the United States, Not Chile. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kaspars Sent: Tuesday, April 29, 2008 11:56 AM To: Half-Life dedicated Win32 server mailing list Subject: Re: [hlds] New server exploit (not nuking) looks like you are really desperate my friend :D Apr 29 18:33:10 pussy sshd[28148]: Invalid user nfsnobody from 200.111.157.187 Apr 29 18:33:10 pussy sshd[28148]: Failed password for invalid user nfsnobody from 200.111.157.187 port 57265 ssh2 Apr 29 18:33:12 pussy sshd[28155]: Invalid user aptproxy from 200.111.157.187 Apr 29 18:33:12 pussy sshd[28155]: Failed password for invalid user aptproxy from 200.111.157.187 port 32977 ssh2 Apr 29 18:33:12 pussy sshd[28158]: Invalid user rpcuser from 200.111.157.187 Apr 29 18:33:12 pussy sshd[28158]: Failed password for invalid user rpcuser from 200.111.157.187 port 57525 ssh2 Apr 29 18:33:14 pussy sshd[28168]: Failed password for rpc from 200.111.157.187 port 57890 ssh2 Apr 29 18:33:15 pussy sshd[28165]: Invalid user desktop from 200.111.157.187 Apr 29 18:33:15 pussy sshd[28165]: Failed password for invalid user desktop from 200.111.157.187 port 8 ssh2 Apr 29 18:33:16 pussy sshd[28174]: Invalid user gopher from 200.111.157.187 Apr 29 18:33:16 pussy sshd[28174]: Failed password for invalid user gopher from 200.111.157.187 port 58160 ssh2 Apr 29 18:33:17 pussy sshd[28178]: Invalid user workshop from 200.111.157.187 Apr 29 18:33:17 pussy sshd[28178]: Failed password for invalid user workshop from 200.111.157.187 port 33734 ssh2 Apr 29 18:33:20 pussy sshd[28183]: Invalid user mailnull from 200.111.157.187 Apr 29 18:33:20 pussy sshd[28183]: Failed password for invalid user mailnull from 200.111.157.187 port 34115 ssh2 Apr 29 18:33:22 pussy sshd[28189]: Invalid user nfsnobody from 200.111.157.187 Apr 29 18:33:22 pussy sshd[28189]: Failed password for invalid user nfsnobody from 200.111.157.187 port 34375 ssh2 Apr 29 18:33:24 pussy sshd[28195]: Invalid user rpcuser from 200.111.157.187 Apr 29 18:33:24 pussy sshd[28195]: Failed password for invalid user rpcuser from 200.111.157.187 port 34711 ssh2 Apr 29 18:33:27 pussy sshd[28201]: Failed password for rpc from 200.111.157.187 port 35017 ssh2 Apr 29 18:33:29 pussy sshd[28207]: Invalid user gopher from 200.111.157.187 Quoting voogru [EMAIL PROTECTED]: Well, that sure makes me accusing you of being a pirate a lot easier. But I found your server anyway. It appears that this server, also has a member who happens to be named Kaspars. IP: 193.46.236.246:27015 http://www.game-monitor.com/tf2_GameServer/193.46.236.246:27015/GIGN_Team_Fo rtress_2__tf2.gign.lv-Variables.html The sv_contact is [EMAIL PROTECTED] And your name just so happens to be Kaspars ([EMAIL PROTECTED]) To show that this server, is a cracked server, this is a output of the status command on the server: hostname: GIGN Team Fortress 2 | tf2.gign.lv version : 1.0.2.3/14 3434 secure udp/ip : 193.46.236.246:27015 map : tc_hydro at: 0 x, 0 y, 0 z players : 31 (32 max) # userid name uniqueid connected ping loss state # 385 russman087 STEAM_0:0:7896881 00:14 231 73 spawning # 117 FroZen STEAM_666:88_666 2:43:07 190 0 active # 244 HyDE STEAM_0:0:4411810 1:27:48 180 0 active # 367 [GGP] tenochtitlan STEAM_0:0:17337278 11:44 199 0 active # 305 Grenade STEAM_666:88_666 49:01 444 0 active # 374 Unicefs STEAM_0:0:18971438 04:43 61 0 active # 265 [BEBRI] BulleT STEAM_0:1:1365 1:06:26 44 0 active # 337 Farnsworth STEAM_0:1:16598480 33:39 280 0 active # 384 Archeoptrix -V- STEAM_0:1:8149645 00:29 691 32 active # 288 [BEBRI] LongMan STEAM_0:0:18860784 55:02 63 0 active # 386 Steses STEAM_0:0:16557404 00:13 148 76 active # 382 Thief -V- STEAM_0:1:223130 01:09 205 0 active # 376 eBatas STEAM_0:0:18646857 03:14 153 0 active # 273 mara_spb STEAM_0:1:18877348 59:35 142 0 active # 364 Drept STEAM_666:88_666 13:44 140 0 active # 338 yang257 STEAM_0:1:16620122 33:34 442 0 active # 324 unnamed STEAM_666:88_666 42:05 110 0 active # 354 Dojacek STEAM_0:1:4573064 23:48 134 0 active # 378 [Merc]Kato STEAM_0:1:17449079 02:51 102 0 active # 331 Karuse STEAM_0:1:16652263 37:40 54 0 active # 346 Scratch STEAM_0:1:18647825 28:32 163 0 active # 330 RIkkY STEAM_666:88_666 38:17 53 0 active # 380 [RTFM] naziic STEAM_666:88_666 01:44 49 0 active # 339 Sharingan STEAM_666:88_666 32:41 35 0 active # 285 Lazze De Luxe STEAM_0:1:5044709 55:41 150 0 active # 361 BonD*Tm | rePlaY STEAM_666:88_666 16:51 46 0 active # 286 Mighty_Fluff STEAM_0:0:18990863 55:26 141 0 active # 340 kiki STEAM_666:88_666 32:37 73 0 active # 372 Revenger STEAM_666:88_666 07:28 157 0 active # 355 ReaLisTic STEAM_666:88_666 22:05 108 0 active # 381 -=CaNtThInKoFaNaMe=- STEAM_0:1:14115974 01:39 162 0 active At 10:35 AM EST, there are 11 players on this server with the steamid STEAM_666:88_666. Interesting! Or people can simply connect to
Re: [hlds] New server exploit (not nuking)
Right... and if you somehow would get into my server and launch from me an attach somewhere else, you wouldn't live in Latvia... I wonder... what is your purpose here? To help general public with bugs/problems or to frame nosteam users? Your hacking toy arsenal tells about you enough... Quoting voogru [EMAIL PROTECTED]: Sorry mate, that's not me. I live in the United States, Not Chile. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kaspars Sent: Tuesday, April 29, 2008 11:56 AM To: Half-Life dedicated Win32 server mailing list Subject: Re: [hlds] New server exploit (not nuking) looks like you are really desperate my friend :D Apr 29 18:33:10 pussy sshd[28148]: Invalid user nfsnobody from 200.111.157.187 Apr 29 18:33:10 pussy sshd[28148]: Failed password for invalid user nfsnobody from 200.111.157.187 port 57265 ssh2 Apr 29 18:33:12 pussy sshd[28155]: Invalid user aptproxy from 200.111.157.187 Apr 29 18:33:12 pussy sshd[28155]: Failed password for invalid user aptproxy from 200.111.157.187 port 32977 ssh2 Apr 29 18:33:12 pussy sshd[28158]: Invalid user rpcuser from 200.111.157.187 Apr 29 18:33:12 pussy sshd[28158]: Failed password for invalid user rpcuser from 200.111.157.187 port 57525 ssh2 Apr 29 18:33:14 pussy sshd[28168]: Failed password for rpc from 200.111.157.187 port 57890 ssh2 Apr 29 18:33:15 pussy sshd[28165]: Invalid user desktop from 200.111.157.187 Apr 29 18:33:15 pussy sshd[28165]: Failed password for invalid user desktop from 200.111.157.187 port 8 ssh2 Apr 29 18:33:16 pussy sshd[28174]: Invalid user gopher from 200.111.157.187 Apr 29 18:33:16 pussy sshd[28174]: Failed password for invalid user gopher from 200.111.157.187 port 58160 ssh2 Apr 29 18:33:17 pussy sshd[28178]: Invalid user workshop from 200.111.157.187 Apr 29 18:33:17 pussy sshd[28178]: Failed password for invalid user workshop from 200.111.157.187 port 33734 ssh2 Apr 29 18:33:20 pussy sshd[28183]: Invalid user mailnull from 200.111.157.187 Apr 29 18:33:20 pussy sshd[28183]: Failed password for invalid user mailnull from 200.111.157.187 port 34115 ssh2 Apr 29 18:33:22 pussy sshd[28189]: Invalid user nfsnobody from 200.111.157.187 Apr 29 18:33:22 pussy sshd[28189]: Failed password for invalid user nfsnobody from 200.111.157.187 port 34375 ssh2 Apr 29 18:33:24 pussy sshd[28195]: Invalid user rpcuser from 200.111.157.187 Apr 29 18:33:24 pussy sshd[28195]: Failed password for invalid user rpcuser from 200.111.157.187 port 34711 ssh2 Apr 29 18:33:27 pussy sshd[28201]: Failed password for rpc from 200.111.157.187 port 35017 ssh2 Apr 29 18:33:29 pussy sshd[28207]: Invalid user gopher from 200.111.157.187 Quoting voogru [EMAIL PROTECTED]: Well, that sure makes me accusing you of being a pirate a lot easier. But I found your server anyway. It appears that this server, also has a member who happens to be named Kaspars. IP: 193.46.236.246:27015 http://www.game-monitor.com/tf2_GameServer/193.46.236.246:27015/GIGN_Team_Fo rtress_2__tf2.gign.lv-Variables.html The sv_contact is [EMAIL PROTECTED] And your name just so happens to be Kaspars ([EMAIL PROTECTED]) To show that this server, is a cracked server, this is a output of the status command on the server: hostname: GIGN Team Fortress 2 | tf2.gign.lv version : 1.0.2.3/14 3434 secure udp/ip : 193.46.236.246:27015 map : tc_hydro at: 0 x, 0 y, 0 z players : 31 (32 max) # userid name uniqueid connected ping loss state # 385 russman087 STEAM_0:0:7896881 00:14 231 73 spawning # 117 FroZen STEAM_666:88_666 2:43:07 190 0 active # 244 HyDE STEAM_0:0:4411810 1:27:48 180 0 active # 367 [GGP] tenochtitlan STEAM_0:0:17337278 11:44 199 0 active # 305 Grenade STEAM_666:88_666 49:01 444 0 active # 374 Unicefs STEAM_0:0:18971438 04:43 61 0 active # 265 [BEBRI] BulleT STEAM_0:1:1365 1:06:26 44 0 active # 337 Farnsworth STEAM_0:1:16598480 33:39 280 0 active # 384 Archeoptrix -V- STEAM_0:1:8149645 00:29 691 32 active # 288 [BEBRI] LongMan STEAM_0:0:18860784 55:02 63 0 active # 386 Steses STEAM_0:0:16557404 00:13 148 76 active # 382 Thief -V- STEAM_0:1:223130 01:09 205 0 active # 376 eBatas STEAM_0:0:18646857 03:14 153 0 active # 273 mara_spb STEAM_0:1:18877348 59:35 142 0 active # 364 Drept STEAM_666:88_666 13:44 140 0 active # 338 yang257 STEAM_0:1:16620122 33:34 442 0 active # 324 unnamed STEAM_666:88_666 42:05 110 0 active # 354 Dojacek STEAM_0:1:4573064 23:48 134 0 active # 378 [Merc]Kato STEAM_0:1:17449079 02:51 102 0 active # 331 Karuse STEAM_0:1:16652263 37:40 54 0 active # 346 Scratch STEAM_0:1:18647825 28:32 163 0 active # 330 RIkkY STEAM_666:88_666 38:17 53 0 active # 380 [RTFM] naziic STEAM_666:88_666 01:44 49 0 active # 339 Sharingan STEAM_666:88_666 32:41 35 0 active
Re: [hlds] New server exploit (not nuking)
Oh quit fighting both of you -- From: Kaspars [EMAIL PROTECTED] Sent: Tuesday, April 29, 2008 5:19 PM To: Half-Life dedicated Win32 server mailing list hlds@list.valvesoftware.com Subject: Re: [hlds] New server exploit (not nuking) Right... and if you somehow would get into my server and launch from me an attach somewhere else, you wouldn't live in Latvia... I wonder... what is your purpose here? To help general public with bugs/problems or to frame nosteam users? Your hacking toy arsenal tells about you enough... --- Snip --- ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] New server exploit (not nuking)
Seriously stop filling my inbox with this junk -Original Message- From: Thomas Morton [EMAIL PROTECTED] Date: Tue, 29 Apr 2008 17:28:16 To:Half-Life dedicated Win32 server mailing listhlds@list.valvesoftware.com Subject: Re: [hlds] New server exploit (not nuking) Oh quit fighting both of you -- From: Kaspars [EMAIL PROTECTED] Sent: Tuesday, April 29, 2008 5:19 PM To: Half-Life dedicated Win32 server mailing list hlds@list.valvesoftware.com Subject: Re: [hlds] New server exploit (not nuking) Right... and if you somehow would get into my server and launch from me an attach somewhere else, you wouldn't live in Latvia... I wonder... what is your purpose here? To help general public with bugs/problems or to frame nosteam users? Your hacking toy arsenal tells about you enough... --- Snip --- ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] New server exploit (not nuking)
I'm not doing anything to your server, I gone through a few short lengths to see if you're a pirate and left it at that. I found it quite ironic you were whining about your poor server when you don't even pay for the damned game. I mean, valve can't win can they? Even the people who STEAL the game find stuff to whine about. Oh my god! This game that I stole isn't working properly! OMG SOMEONE PLZ FIX NOW NOW VALVE WTF U SUCK URE NOT WORKING FAST ENOUGH WTF I DESERVE SUPER SUPPORT EVEN THOUGH I STOLE THEIR GAME I help the public with problems, I don't help freeloaders and people who steal the game, and that means you. Now go crawl back into your little hole. - voogru. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kaspars Sent: Tuesday, April 29, 2008 12:19 PM To: Half-Life dedicated Win32 server mailing list Subject: Re: [hlds] New server exploit (not nuking) Right... and if you somehow would get into my server and launch from me an attach somewhere else, you wouldn't live in Latvia... I wonder... what is your purpose here? To help general public with bugs/problems or to frame nosteam users? Your hacking toy arsenal tells about you enough... Quoting voogru [EMAIL PROTECTED]: Sorry mate, that's not me. I live in the United States, Not Chile. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kaspars Sent: Tuesday, April 29, 2008 11:56 AM To: Half-Life dedicated Win32 server mailing list Subject: Re: [hlds] New server exploit (not nuking) looks like you are really desperate my friend :D Apr 29 18:33:10 pussy sshd[28148]: Invalid user nfsnobody from 200.111.157.187 Apr 29 18:33:10 pussy sshd[28148]: Failed password for invalid user nfsnobody from 200.111.157.187 port 57265 ssh2 Apr 29 18:33:12 pussy sshd[28155]: Invalid user aptproxy from 200.111.157.187 Apr 29 18:33:12 pussy sshd[28155]: Failed password for invalid user aptproxy from 200.111.157.187 port 32977 ssh2 Apr 29 18:33:12 pussy sshd[28158]: Invalid user rpcuser from 200.111.157.187 Apr 29 18:33:12 pussy sshd[28158]: Failed password for invalid user rpcuser from 200.111.157.187 port 57525 ssh2 Apr 29 18:33:14 pussy sshd[28168]: Failed password for rpc from 200.111.157.187 port 57890 ssh2 Apr 29 18:33:15 pussy sshd[28165]: Invalid user desktop from 200.111.157.187 Apr 29 18:33:15 pussy sshd[28165]: Failed password for invalid user desktop from 200.111.157.187 port 8 ssh2 Apr 29 18:33:16 pussy sshd[28174]: Invalid user gopher from 200.111.157.187 Apr 29 18:33:16 pussy sshd[28174]: Failed password for invalid user gopher from 200.111.157.187 port 58160 ssh2 Apr 29 18:33:17 pussy sshd[28178]: Invalid user workshop from 200.111.157.187 Apr 29 18:33:17 pussy sshd[28178]: Failed password for invalid user workshop from 200.111.157.187 port 33734 ssh2 Apr 29 18:33:20 pussy sshd[28183]: Invalid user mailnull from 200.111.157.187 Apr 29 18:33:20 pussy sshd[28183]: Failed password for invalid user mailnull from 200.111.157.187 port 34115 ssh2 Apr 29 18:33:22 pussy sshd[28189]: Invalid user nfsnobody from 200.111.157.187 Apr 29 18:33:22 pussy sshd[28189]: Failed password for invalid user nfsnobody from 200.111.157.187 port 34375 ssh2 Apr 29 18:33:24 pussy sshd[28195]: Invalid user rpcuser from 200.111.157.187 Apr 29 18:33:24 pussy sshd[28195]: Failed password for invalid user rpcuser from 200.111.157.187 port 34711 ssh2 Apr 29 18:33:27 pussy sshd[28201]: Failed password for rpc from 200.111.157.187 port 35017 ssh2 Apr 29 18:33:29 pussy sshd[28207]: Invalid user gopher from 200.111.157.187 Quoting voogru [EMAIL PROTECTED]: Well, that sure makes me accusing you of being a pirate a lot easier. But I found your server anyway. It appears that this server, also has a member who happens to be named Kaspars. IP: 193.46.236.246:27015 http://www.game-monitor.com/tf2_GameServer/193.46.236.246:27015/GIGN_Team_Fo rtress_2__tf2.gign.lv-Variables.html The sv_contact is [EMAIL PROTECTED] And your name just so happens to be Kaspars ([EMAIL PROTECTED]) To show that this server, is a cracked server, this is a output of the status command on the server: hostname: GIGN Team Fortress 2 | tf2.gign.lv version : 1.0.2.3/14 3434 secure udp/ip : 193.46.236.246:27015 map : tc_hydro at: 0 x, 0 y, 0 z players : 31 (32 max) # userid name uniqueid connected ping loss state # 385 russman087 STEAM_0:0:7896881 00:14 231 73 spawning # 117 FroZen STEAM_666:88_666 2:43:07 190 0 active # 244 HyDE STEAM_0:0:4411810 1:27:48 180 0 active # 367 [GGP] tenochtitlan STEAM_0:0:17337278 11:44 199 0 active # 305 Grenade STEAM_666:88_666 49:01 444 0 active # 374 Unicefs STEAM_0:0:18971438 04:43 61 0 active # 265 [BEBRI] BulleT STEAM_0:1:1365 1:06:26 44 0 active # 337 Farnsworth
Re: [hlds] New server exploit (not nuking)
Seriously, if this kaspar guy is stealing tf2, can't we remove him from this list? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Tuesday, April 29, 2008 12:40 PM To: Half-Life dedicated Win32 server mailing list Subject: Re: [hlds] New server exploit (not nuking) Seriously stop filling my inbox with this junk -Original Message- From: Thomas Morton [EMAIL PROTECTED] Date: Tue, 29 Apr 2008 17:28:16 To:Half-Life dedicated Win32 server mailing listhlds@list.valvesoftware.com Subject: Re: [hlds] New server exploit (not nuking) Oh quit fighting both of you -- From: Kaspars [EMAIL PROTECTED] Sent: Tuesday, April 29, 2008 5:19 PM To: Half-Life dedicated Win32 server mailing list hlds@list.valvesoftware.com Subject: Re: [hlds] New server exploit (not nuking) Right... and if you somehow would get into my server and launch from me an attach somewhere else, you wouldn't live in Latvia... I wonder... what is your purpose here? To help general public with bugs/problems or to frame nosteam users? Your hacking toy arsenal tells about you enough... --- Snip --- ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] New server exploit (not nuking)
Sorry to spam this list again, I just wanted to state that I own a legit copy of tf2 because I really think it is a great value for the money Quoting voogru [EMAIL PROTECTED]: I'm not doing anything to your server, I gone through a few short lengths to see if you're a pirate and left it at that. I found it quite ironic you were whining about your poor server when you don't even pay for the damned game. I mean, valve can't win can they? Even the people who STEAL the game find stuff to whine about. Oh my god! This game that I stole isn't working properly! OMG SOMEONE PLZ FIX NOW NOW VALVE WTF U SUCK URE NOT WORKING FAST ENOUGH WTF I DESERVE SUPER SUPPORT EVEN THOUGH I STOLE THEIR GAME I help the public with problems, I don't help freeloaders and people who steal the game, and that means you. Now go crawl back into your little hole. - voogru. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kaspars Sent: Tuesday, April 29, 2008 12:19 PM To: Half-Life dedicated Win32 server mailing list Subject: Re: [hlds] New server exploit (not nuking) Right... and if you somehow would get into my server and launch from me an attach somewhere else, you wouldn't live in Latvia... I wonder... what is your purpose here? To help general public with bugs/problems or to frame nosteam users? Your hacking toy arsenal tells about you enough... Quoting voogru [EMAIL PROTECTED]: Sorry mate, that's not me. I live in the United States, Not Chile. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kaspars Sent: Tuesday, April 29, 2008 11:56 AM To: Half-Life dedicated Win32 server mailing list Subject: Re: [hlds] New server exploit (not nuking) looks like you are really desperate my friend :D Apr 29 18:33:10 pussy sshd[28148]: Invalid user nfsnobody from 200.111.157.187 Apr 29 18:33:10 pussy sshd[28148]: Failed password for invalid user nfsnobody from 200.111.157.187 port 57265 ssh2 Apr 29 18:33:12 pussy sshd[28155]: Invalid user aptproxy from 200.111.157.187 Apr 29 18:33:12 pussy sshd[28155]: Failed password for invalid user aptproxy from 200.111.157.187 port 32977 ssh2 Apr 29 18:33:12 pussy sshd[28158]: Invalid user rpcuser from 200.111.157.187 Apr 29 18:33:12 pussy sshd[28158]: Failed password for invalid user rpcuser from 200.111.157.187 port 57525 ssh2 Apr 29 18:33:14 pussy sshd[28168]: Failed password for rpc from 200.111.157.187 port 57890 ssh2 Apr 29 18:33:15 pussy sshd[28165]: Invalid user desktop from 200.111.157.187 Apr 29 18:33:15 pussy sshd[28165]: Failed password for invalid user desktop from 200.111.157.187 port 8 ssh2 Apr 29 18:33:16 pussy sshd[28174]: Invalid user gopher from 200.111.157.187 Apr 29 18:33:16 pussy sshd[28174]: Failed password for invalid user gopher from 200.111.157.187 port 58160 ssh2 Apr 29 18:33:17 pussy sshd[28178]: Invalid user workshop from 200.111.157.187 Apr 29 18:33:17 pussy sshd[28178]: Failed password for invalid user workshop from 200.111.157.187 port 33734 ssh2 Apr 29 18:33:20 pussy sshd[28183]: Invalid user mailnull from 200.111.157.187 Apr 29 18:33:20 pussy sshd[28183]: Failed password for invalid user mailnull from 200.111.157.187 port 34115 ssh2 Apr 29 18:33:22 pussy sshd[28189]: Invalid user nfsnobody from 200.111.157.187 Apr 29 18:33:22 pussy sshd[28189]: Failed password for invalid user nfsnobody from 200.111.157.187 port 34375 ssh2 Apr 29 18:33:24 pussy sshd[28195]: Invalid user rpcuser from 200.111.157.187 Apr 29 18:33:24 pussy sshd[28195]: Failed password for invalid user rpcuser from 200.111.157.187 port 34711 ssh2 Apr 29 18:33:27 pussy sshd[28201]: Failed password for rpc from 200.111.157.187 port 35017 ssh2 Apr 29 18:33:29 pussy sshd[28207]: Invalid user gopher from 200.111.157.187 Quoting voogru [EMAIL PROTECTED]: Well, that sure makes me accusing you of being a pirate a lot easier. But I found your server anyway. It appears that this server, also has a member who happens to be named Kaspars. IP: 193.46.236.246:27015 http://www.game-monitor.com/tf2_GameServer/193.46.236.246:27015/GIGN_Team_Fo rtress_2__tf2.gign.lv-Variables.html The sv_contact is [EMAIL PROTECTED] And your name just so happens to be Kaspars ([EMAIL PROTECTED]) To show that this server, is a cracked server, this is a output of the status command on the server: hostname: GIGN Team Fortress 2 | tf2.gign.lv version : 1.0.2.3/14 3434 secure udp/ip : 193.46.236.246:27015 map : tc_hydro at: 0 x, 0 y, 0 z players : 31 (32 max) # userid name uniqueid connected ping loss state #
Re: [hlds] New server exploit (not nuking)
And you also host non-steam patches for download,right? I have to tell you, I've seen voogru on this list a lot and he does help several people. You though, are a waste of space. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kaspars Sent: Tuesday, April 29, 2008 1:05 PM To: Half-Life dedicated Win32 server mailing list Subject: Re: [hlds] New server exploit (not nuking) Sorry to spam this list again, I just wanted to state that I own a legit copy of tf2 because I really think it is a great value for the money Quoting voogru [EMAIL PROTECTED]: I'm not doing anything to your server, I gone through a few short lengths to see if you're a pirate and left it at that. I found it quite ironic you were whining about your poor server when you don't even pay for the damned game. I mean, valve can't win can they? Even the people who STEAL the game find stuff to whine about. Oh my god! This game that I stole isn't working properly! OMG SOMEONE PLZ FIX NOW NOW VALVE WTF U SUCK URE NOT WORKING FAST ENOUGH WTF I DESERVE SUPER SUPPORT EVEN THOUGH I STOLE THEIR GAME I help the public with problems, I don't help freeloaders and people who steal the game, and that means you. Now go crawl back into your little hole. - voogru. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kaspars Sent: Tuesday, April 29, 2008 12:19 PM To: Half-Life dedicated Win32 server mailing list Subject: Re: [hlds] New server exploit (not nuking) Right... and if you somehow would get into my server and launch from me an attach somewhere else, you wouldn't live in Latvia... I wonder... what is your purpose here? To help general public with bugs/problems or to frame nosteam users? Your hacking toy arsenal tells about you enough... Quoting voogru [EMAIL PROTECTED]: Sorry mate, that's not me. I live in the United States, Not Chile. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kaspars Sent: Tuesday, April 29, 2008 11:56 AM To: Half-Life dedicated Win32 server mailing list Subject: Re: [hlds] New server exploit (not nuking) looks like you are really desperate my friend :D Apr 29 18:33:10 pussy sshd[28148]: Invalid user nfsnobody from 200.111.157.187 Apr 29 18:33:10 pussy sshd[28148]: Failed password for invalid user nfsnobody from 200.111.157.187 port 57265 ssh2 Apr 29 18:33:12 pussy sshd[28155]: Invalid user aptproxy from 200.111.157.187 Apr 29 18:33:12 pussy sshd[28155]: Failed password for invalid user aptproxy from 200.111.157.187 port 32977 ssh2 Apr 29 18:33:12 pussy sshd[28158]: Invalid user rpcuser from 200.111.157.187 Apr 29 18:33:12 pussy sshd[28158]: Failed password for invalid user rpcuser from 200.111.157.187 port 57525 ssh2 Apr 29 18:33:14 pussy sshd[28168]: Failed password for rpc from 200.111.157.187 port 57890 ssh2 Apr 29 18:33:15 pussy sshd[28165]: Invalid user desktop from 200.111.157.187 Apr 29 18:33:15 pussy sshd[28165]: Failed password for invalid user desktop from 200.111.157.187 port 8 ssh2 Apr 29 18:33:16 pussy sshd[28174]: Invalid user gopher from 200.111.157.187 Apr 29 18:33:16 pussy sshd[28174]: Failed password for invalid user gopher from 200.111.157.187 port 58160 ssh2 Apr 29 18:33:17 pussy sshd[28178]: Invalid user workshop from 200.111.157.187 Apr 29 18:33:17 pussy sshd[28178]: Failed password for invalid user workshop from 200.111.157.187 port 33734 ssh2 Apr 29 18:33:20 pussy sshd[28183]: Invalid user mailnull from 200.111.157.187 Apr 29 18:33:20 pussy sshd[28183]: Failed password for invalid user mailnull from 200.111.157.187 port 34115 ssh2 Apr 29 18:33:22 pussy sshd[28189]: Invalid user nfsnobody from 200.111.157.187 Apr 29 18:33:22 pussy sshd[28189]: Failed password for invalid user nfsnobody from 200.111.157.187 port 34375 ssh2 Apr 29 18:33:24 pussy sshd[28195]: Invalid user rpcuser from 200.111.157.187 Apr 29 18:33:24 pussy sshd[28195]: Failed password for invalid user rpcuser from 200.111.157.187 port 34711 ssh2 Apr 29 18:33:27 pussy sshd[28201]: Failed password for rpc from 200.111.157.187 port 35017 ssh2 Apr 29 18:33:29 pussy sshd[28207]: Invalid user gopher from 200.111.157.187 Quoting voogru [EMAIL PROTECTED]: Well, that sure makes me accusing you of being a pirate a lot easier. But I found your server anyway. It appears that this server, also has a member who happens to be named Kaspars. IP: 193.46.236.246:27015 http://www.game-monitor.com/tf2_GameServer/193.46.236.246:27015/GIGN_Team_Fo rtress_2__tf2.gign.lv-Variables.html The sv_contact is [EMAIL PROTECTED] And your name just so happens to
Re: [hlds] Nuke Exploit Info and Prevention
Another FYI, the Support Tools don't work on x64 so you can't use ipseccmd if you're on 2k3 Server x64. You can still set up a policy to block 27015 access, you just have to use the GUI to do it. Administrative Tools Local Security Policy Right click the task pane on the right and add a filter, rule, and then policy. (Man the command line is a lot easier) -Dustin On Tue, Apr 29, 2008 at 10:05 AM, Dustin Wyatt [EMAIL PROTECTED] wrote: An FYI for those who didnt know this (like me)... You have to install the Windows XP SP2 Support Tools to get ipseccmd on Win2k3 Server. http://support.microsoft.com/kb/838079/ -Dustin On Tue, Apr 29, 2008 at 1:45 AM, Tony Paloma [EMAIL PROTECTED] wrote: So, I was able to make the IPSec thing work to allow certain IPs also. You just set up a separate pass rule for the IPs you want to let in. Works fine. I used it to block all RCON except for those sent from HLStatsX and myself. This line blocks all access to TCP port 27015: ipseccmd.exe -w REG -p Block TCP 27015 Filter -r Block Inbound TCP 27015 Rule -f *=0:27015:TCP -n BLOCK -x Then use this line to allow those you trust at the rcon port (shown with 216.40.218.146): ipseccmd.exe -w REG -p Block TCP 27015 Filter -r Allow TCP 27015 From 216.40.218.146 -f 216.40.218.146=0:27015:TCP -n PASS -x I hope this helps someone. I've seen no adverse side effects to blocking TCP 27015 except for blocking RCON. It seems that all game data goes to UDP 27015. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tony Paloma Sent: Monday, April 28, 2008 10:43 PM To: 'Half-Life dedicated Win32 server mailing list' Subject: Re: [hlds] Nuke Exploit Info and Prevention You can block TCP/IP port 27015 on Windows Server using IPSec policies. IPSeccmd.exe -W REG -p Block TCP 27015 Filter -r Block Inbound 27015 Rule -f *=0:27015:TCP -n BLOCK -x This will of course prevent RCON connections. Allowing certain IP addresses is probably possible but I'm unsure of how to do it. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Nephyrin Zey Sent: Monday, April 28, 2008 10:26 PM To: Half-Life dedicated Win32 server mailing list; Half-Life dedicated Linux server mailing list Subject: [hlds] Nuke Exploit Info and Prevention The nuke exploit works as follows: Connect to a server via TCP (rcon, does anything else use TCP? I have no idea.) on its port. Send a million garbage packets ??? Profit The server goes insane handling them. Solution: Limit incoming TCP packets to ~1/second from any given IP on that port, *OR* Block TCP access to the server's port except from trusted people. Linux IPtables rules: iptables -A INPUT -p tcp --dport 27015 -m hashlimit --hashlimit-mode srcip,dstip,dstport --hashlimit 1/sec --hashlimit-burst 1 --hashlimit-name TF_PACKET_LIMIT -j ACCEPT iptables -A INPUT -p tcp --dport 27015 -j DROP /etc/init.d/iptables save /etc/init.d/iptables start (Note: you probably shouldn't enable iptables blindly if you don't know what you're doing) Windows: Block TCP to 27015 except for trusted people. Or something. Someone who admins window servers will need to guide you! - Neph (sv_benchmark_force_start fix coming in a few minutes) ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] Nuke Exploit Info and Prevention
It's early for me... So let me get this right You guys are blocking port 27015 and then you just move your server to a new port? Can't that person just attack the new server port? The tool is not bound to 27015 Date: Tue, 29 Apr 2008 13:18:20 -0500 From: [EMAIL PROTECTED] To: hlds@list.valvesoftware.com Subject: Re: [hlds] Nuke Exploit Info and Prevention Another FYI, the Support Tools don't work on x64 so you can't use ipseccmd if you're on 2k3 Server x64. You can still set up a policy to block 27015 access, you just have to use the GUI to do it. Administrative Tools Local Security Policy Right click the task pane on the right and add a filter, rule, and then policy. (Man the command line is a lot easier) ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] New server exploit (not nuking)
i know pretty much everyone here are now using some plugin or other to protect against the benchmark exploit and i know valve have said they are releasing along with the update a fix (i am assuming its for this) but i thought you might like to know that I missed one of our servers and just caught someone trying to do it..kicked and banned STEAM_0:0:8083158 just thought you all might like to know the player id.. for reference obviously ;) voogru wrote: I'm not doing anything to your server, I gone through a few short lengths to see if you're a pirate and left it at that. I found it quite ironic you were whining about your poor server when you don't even pay for the damned game. I mean, valve can't win can they? Even the people who STEAL the game find stuff to whine about. Oh my god! This game that I stole isn't working properly! OMG SOMEONE PLZ FIX NOW NOW VALVE WTF U SUCK URE NOT WORKING FAST ENOUGH WTF I DESERVE SUPER SUPPORT EVEN THOUGH I STOLE THEIR GAME I help the public with problems, I don't help freeloaders and people who steal the game, and that means you. Now go crawl back into your little hole. - voogru. ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] Nuke Exploit Info and Prevention
No, not to confuse you more but we're just blocking 27015 and leaving the server on 27015. This works fine because the block is for TCP port 27015. All game data and server queries happen on UDP port 27015 which remains unblocked. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mike Stiehm Sent: Tuesday, April 29, 2008 11:35 AM To: Half-Life dedicated Win32 server mailing list Subject: Re: [hlds] Nuke Exploit Info and Prevention It's early for me... So let me get this right You guys are blocking port 27015 and then you just move your server to a new port? Can't that person just attack the new server port? The tool is not bound to 27015 Date: Tue, 29 Apr 2008 13:18:20 -0500 From: [EMAIL PROTECTED] To: hlds@list.valvesoftware.com Subject: Re: [hlds] Nuke Exploit Info and Prevention Another FYI, the Support Tools don't work on x64 so you can't use ipseccmd if you're on 2k3 Server x64. You can still set up a policy to block 27015 access, you just have to use the GUI to do it. Administrative Tools Local Security Policy Right click the task pane on the right and add a filter, rule, and then policy. (Man the command line is a lot easier) ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] Nuke Exploit Info and Prevention
No, we're blocking TCP on port 27015. The game functions fine with TCP blocked since it uses UDP for everything but rcon. Then you just specifically allow the IP's that you want to have rcon access. -Dustin On Tue, Apr 29, 2008 at 1:35 PM, Mike Stiehm [EMAIL PROTECTED] wrote: It's early for me... So let me get this right You guys are blocking port 27015 and then you just move your server to a new port? Can't that person just attack the new server port? The tool is not bound to 27015 Date: Tue, 29 Apr 2008 13:18:20 -0500 From: [EMAIL PROTECTED] To: hlds@list.valvesoftware.com Subject: Re: [hlds] Nuke Exploit Info and Prevention Another FYI, the Support Tools don't work on x64 so you can't use ipseccmd if you're on 2k3 Server x64. You can still set up a policy to block 27015 access, you just have to use the GUI to do it. Administrative Tools Local Security Policy Right click the task pane on the right and add a filter, rule, and then policy. (Man the command line is a lot easier) ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] New server exploit (not nuking)
Internet fight! Anyway, let Valve deal with it. I'm sure they're watching these lists. If they deem it's necessary to take action I'm sure they will. Let them deal with it and stop flooding the board with this back and forth stuff, please. Rodge Stumbaugh wrote: And you also host non-steam patches for download,right? I have to tell you, I've seen voogru on this list a lot and he does help several people. You though, are a waste of space. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kaspars Sent: Tuesday, April 29, 2008 1:05 PM To: Half-Life dedicated Win32 server mailing list Subject: Re: [hlds] New server exploit (not nuking) Sorry to spam this list again, I just wanted to state that I own a legit copy of tf2 because I really think it is a great value for the money Quoting voogru [EMAIL PROTECTED]: I'm not doing anything to your server, I gone through a few short lengths to see if you're a pirate and left it at that. I found it quite ironic you were whining about your poor server when you don't even pay for the damned game. I mean, valve can't win can they? Even the people who STEAL the game find stuff to whine about. Oh my god! This game that I stole isn't working properly! OMG SOMEONE PLZ FIX NOW NOW VALVE WTF U SUCK URE NOT WORKING FAST ENOUGH WTF I DESERVE SUPER SUPPORT EVEN THOUGH I STOLE THEIR GAME I help the public with problems, I don't help freeloaders and people who steal the game, and that means you. Now go crawl back into your little hole. - voogru. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kaspars Sent: Tuesday, April 29, 2008 12:19 PM To: Half-Life dedicated Win32 server mailing list Subject: Re: [hlds] New server exploit (not nuking) Right... and if you somehow would get into my server and launch from me an attach somewhere else, you wouldn't live in Latvia... I wonder... what is your purpose here? To help general public with bugs/problems or to frame nosteam users? Your hacking toy arsenal tells about you enough... Quoting voogru [EMAIL PROTECTED]: Sorry mate, that's not me. I live in the United States, Not Chile. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kaspars Sent: Tuesday, April 29, 2008 11:56 AM To: Half-Life dedicated Win32 server mailing list Subject: Re: [hlds] New server exploit (not nuking) looks like you are really desperate my friend :D Apr 29 18:33:10 pussy sshd[28148]: Invalid user nfsnobody from 200.111.157.187 Apr 29 18:33:10 pussy sshd[28148]: Failed password for invalid user nfsnobody from 200.111.157.187 port 57265 ssh2 Apr 29 18:33:12 pussy sshd[28155]: Invalid user aptproxy from 200.111.157.187 Apr 29 18:33:12 pussy sshd[28155]: Failed password for invalid user aptproxy from 200.111.157.187 port 32977 ssh2 Apr 29 18:33:12 pussy sshd[28158]: Invalid user rpcuser from 200.111.157.187 Apr 29 18:33:12 pussy sshd[28158]: Failed password for invalid user rpcuser from 200.111.157.187 port 57525 ssh2 Apr 29 18:33:14 pussy sshd[28168]: Failed password for rpc from 200.111.157.187 port 57890 ssh2 Apr 29 18:33:15 pussy sshd[28165]: Invalid user desktop from 200.111.157.187 Apr 29 18:33:15 pussy sshd[28165]: Failed password for invalid user desktop from 200.111.157.187 port 8 ssh2 Apr 29 18:33:16 pussy sshd[28174]: Invalid user gopher from 200.111.157.187 Apr 29 18:33:16 pussy sshd[28174]: Failed password for invalid user gopher from 200.111.157.187 port 58160 ssh2 Apr 29 18:33:17 pussy sshd[28178]: Invalid user workshop from 200.111.157.187 Apr 29 18:33:17 pussy sshd[28178]: Failed password for invalid user workshop from 200.111.157.187 port 33734 ssh2 Apr 29 18:33:20 pussy sshd[28183]: Invalid user mailnull from 200.111.157.187 Apr 29 18:33:20 pussy sshd[28183]: Failed password for invalid user mailnull from 200.111.157.187 port 34115 ssh2 Apr 29 18:33:22 pussy sshd[28189]: Invalid user nfsnobody from 200.111.157.187 Apr 29 18:33:22 pussy sshd[28189]: Failed password for invalid user nfsnobody from 200.111.157.187 port 34375 ssh2 Apr 29 18:33:24 pussy sshd[28195]: Invalid user rpcuser from 200.111.157.187 Apr 29 18:33:24 pussy sshd[28195]: Failed password for invalid user rpcuser from 200.111.157.187 port 34711 ssh2 Apr 29 18:33:27 pussy sshd[28201]: Failed password for rpc from 200.111.157.187 port 35017 ssh2 Apr 29 18:33:29 pussy sshd[28207]: Invalid user gopher from 200.111.157.187 Quoting voogru [EMAIL PROTECTED]: Well, that sure makes me accusing you of being a pirate a lot easier. But I found your server anyway. It appears that
Re: [hlds] Nuke Exploit Info and Prevention
Doh... That's right thanks guys :)Makes perfect sence Date: Tue, 29 Apr 2008 13:43:05 -0500 From: [EMAIL PROTECTED] To: hlds@list.valvesoftware.com Subject: Re: [hlds] Nuke Exploit Info and Prevention No, we're blocking TCP on port 27015. The game functions fine with TCP blocked since it uses UDP for everything but rcon. Then you just specifically allow the IP's that you want to have rcon access. -Dustin ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] New server exploit (not nuking)
Can I get a link to fix that exploit? - Original Message - From: voogru [EMAIL PROTECTED] To: 'Half-Life dedicated Win32 server mailing list' hlds@list.valvesoftware.com Sent: 2008-04-29 12:01 PM Subject: Re: [hlds] New server exploit (not nuking) Sorry mate, that's not me. I live in the United States, Not Chile. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kaspars Sent: Tuesday, April 29, 2008 11:56 AM To: Half-Life dedicated Win32 server mailing list Subject: Re: [hlds] New server exploit (not nuking) looks like you are really desperate my friend :D Apr 29 18:33:10 pussy sshd[28148]: Invalid user nfsnobody from 200.111.157.187 Apr 29 18:33:10 pussy sshd[28148]: Failed password for invalid user nfsnobody from 200.111.157.187 port 57265 ssh2 Apr 29 18:33:12 pussy sshd[28155]: Invalid user aptproxy from 200.111.157.187 Apr 29 18:33:12 pussy sshd[28155]: Failed password for invalid user aptproxy from 200.111.157.187 port 32977 ssh2 Apr 29 18:33:12 pussy sshd[28158]: Invalid user rpcuser from 200.111.157.187 Apr 29 18:33:12 pussy sshd[28158]: Failed password for invalid user rpcuser from 200.111.157.187 port 57525 ssh2 Apr 29 18:33:14 pussy sshd[28168]: Failed password for rpc from 200.111.157.187 port 57890 ssh2 Apr 29 18:33:15 pussy sshd[28165]: Invalid user desktop from 200.111.157.187 Apr 29 18:33:15 pussy sshd[28165]: Failed password for invalid user desktop from 200.111.157.187 port 8 ssh2 Apr 29 18:33:16 pussy sshd[28174]: Invalid user gopher from 200.111.157.187 Apr 29 18:33:16 pussy sshd[28174]: Failed password for invalid user gopher from 200.111.157.187 port 58160 ssh2 Apr 29 18:33:17 pussy sshd[28178]: Invalid user workshop from 200.111.157.187 Apr 29 18:33:17 pussy sshd[28178]: Failed password for invalid user workshop from 200.111.157.187 port 33734 ssh2 Apr 29 18:33:20 pussy sshd[28183]: Invalid user mailnull from 200.111.157.187 Apr 29 18:33:20 pussy sshd[28183]: Failed password for invalid user mailnull from 200.111.157.187 port 34115 ssh2 Apr 29 18:33:22 pussy sshd[28189]: Invalid user nfsnobody from 200.111.157.187 Apr 29 18:33:22 pussy sshd[28189]: Failed password for invalid user nfsnobody from 200.111.157.187 port 34375 ssh2 Apr 29 18:33:24 pussy sshd[28195]: Invalid user rpcuser from 200.111.157.187 Apr 29 18:33:24 pussy sshd[28195]: Failed password for invalid user rpcuser from 200.111.157.187 port 34711 ssh2 Apr 29 18:33:27 pussy sshd[28201]: Failed password for rpc from 200.111.157.187 port 35017 ssh2 Apr 29 18:33:29 pussy sshd[28207]: Invalid user gopher from 200.111.157.187 Quoting voogru [EMAIL PROTECTED]: Well, that sure makes me accusing you of being a pirate a lot easier. But I found your server anyway. It appears that this server, also has a member who happens to be named Kaspars. IP: 193.46.236.246:27015 http://www.game-monitor.com/tf2_GameServer/193.46.236.246:27015/GIGN_Team_Fo rtress_2__tf2.gign.lv-Variables.html The sv_contact is [EMAIL PROTECTED] And your name just so happens to be Kaspars ([EMAIL PROTECTED]) To show that this server, is a cracked server, this is a output of the status command on the server: hostname: GIGN Team Fortress 2 | tf2.gign.lv version : 1.0.2.3/14 3434 secure udp/ip : 193.46.236.246:27015 map : tc_hydro at: 0 x, 0 y, 0 z players : 31 (32 max) # userid name uniqueid connected ping loss state # 385 russman087 STEAM_0:0:7896881 00:14 231 73 spawning # 117 FroZen STEAM_666:88_666 2:43:07 190 0 active # 244 HyDE STEAM_0:0:4411810 1:27:48 180 0 active # 367 [GGP] tenochtitlan STEAM_0:0:17337278 11:44 199 0 active # 305 Grenade STEAM_666:88_666 49:01 444 0 active # 374 Unicefs STEAM_0:0:18971438 04:43 61 0 active # 265 [BEBRI] BulleT STEAM_0:1:1365 1:06:26 44 0 active # 337 Farnsworth STEAM_0:1:16598480 33:39 280 0 active # 384 Archeoptrix -V- STEAM_0:1:8149645 00:29 691 32 active # 288 [BEBRI] LongMan STEAM_0:0:18860784 55:02 63 0 active # 386 Steses STEAM_0:0:16557404 00:13 148 76 active # 382 Thief -V- STEAM_0:1:223130 01:09 205 0 active # 376 eBatas STEAM_0:0:18646857 03:14 153 0 active # 273 mara_spb STEAM_0:1:18877348 59:35 142 0 active # 364 Drept STEAM_666:88_666 13:44 140 0 active # 338 yang257 STEAM_0:1:16620122 33:34 442 0 active # 324 unnamed STEAM_666:88_666 42:05 110 0 active # 354 Dojacek STEAM_0:1:4573064 23:48 134 0 active # 378 [Merc]Kato STEAM_0:1:17449079 02:51 102 0 active # 331 Karuse STEAM_0:1:16652263 37:40 54 0 active # 346 Scratch STEAM_0:1:18647825 28:32 163 0 active # 330 RIkkY STEAM_666:88_666 38:17 53 0 active # 380 [RTFM] naziic STEAM_666:88_666 01:44 49 0 active # 339 Sharingan STEAM_666:88_666 32:41 35 0 active # 285 Lazze De Luxe STEAM_0:1:5044709 55:41 150 0 active # 361 BonD*Tm | rePlaY STEAM_666:88_666 16:51 46 0 active # 286 Mighty_Fluff STEAM_0:0:18990863 55:26 141 0 active # 340 kiki STEAM_666:88_666 32:37 73 0
Re: [hlds] ***DHSPAM*** Re: New server exploit (not nuking)
Seconded. Maybe I missed it in one of the emails but there's been a ton of activity today making it difficult to keep up. -Darren On Apr 29, 2008, at 1:07 PM, Don Williams wrote: Can I get a link to fix that exploit? - Original Message - From: voogru [EMAIL PROTECTED] To: 'Half-Life dedicated Win32 server mailing list' hlds@list.valvesoftware.com Sent: 2008-04-29 12:01 PM Subject: Re: [hlds] New server exploit (not nuking) Sorry mate, that's not me. I live in the United States, Not Chile. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kaspars Sent: Tuesday, April 29, 2008 11:56 AM To: Half-Life dedicated Win32 server mailing list Subject: Re: [hlds] New server exploit (not nuking) looks like you are really desperate my friend :D Apr 29 18:33:10 pussy sshd[28148]: Invalid user nfsnobody from 200.111.157.187 Apr 29 18:33:10 pussy sshd[28148]: Failed password for invalid user nfsnobody from 200.111.157.187 port 57265 ssh2 Apr 29 18:33:12 pussy sshd[28155]: Invalid user aptproxy from 200.111.157.187 Apr 29 18:33:12 pussy sshd[28155]: Failed password for invalid user aptproxy from 200.111.157.187 port 32977 ssh2 Apr 29 18:33:12 pussy sshd[28158]: Invalid user rpcuser from 200.111.157.187 Apr 29 18:33:12 pussy sshd[28158]: Failed password for invalid user rpcuser from 200.111.157.187 port 57525 ssh2 Apr 29 18:33:14 pussy sshd[28168]: Failed password for rpc from 200.111.157.187 port 57890 ssh2 Apr 29 18:33:15 pussy sshd[28165]: Invalid user desktop from 200.111.157.187 Apr 29 18:33:15 pussy sshd[28165]: Failed password for invalid user desktop from 200.111.157.187 port 8 ssh2 Apr 29 18:33:16 pussy sshd[28174]: Invalid user gopher from 200.111.157.187 Apr 29 18:33:16 pussy sshd[28174]: Failed password for invalid user gopher from 200.111.157.187 port 58160 ssh2 Apr 29 18:33:17 pussy sshd[28178]: Invalid user workshop from 200.111.157.187 Apr 29 18:33:17 pussy sshd[28178]: Failed password for invalid user workshop from 200.111.157.187 port 33734 ssh2 Apr 29 18:33:20 pussy sshd[28183]: Invalid user mailnull from 200.111.157.187 Apr 29 18:33:20 pussy sshd[28183]: Failed password for invalid user mailnull from 200.111.157.187 port 34115 ssh2 Apr 29 18:33:22 pussy sshd[28189]: Invalid user nfsnobody from 200.111.157.187 Apr 29 18:33:22 pussy sshd[28189]: Failed password for invalid user nfsnobody from 200.111.157.187 port 34375 ssh2 Apr 29 18:33:24 pussy sshd[28195]: Invalid user rpcuser from 200.111.157.187 Apr 29 18:33:24 pussy sshd[28195]: Failed password for invalid user rpcuser from 200.111.157.187 port 34711 ssh2 Apr 29 18:33:27 pussy sshd[28201]: Failed password for rpc from 200.111.157.187 port 35017 ssh2 Apr 29 18:33:29 pussy sshd[28207]: Invalid user gopher from 200.111.157.187 Quoting voogru [EMAIL PROTECTED]: Well, that sure makes me accusing you of being a pirate a lot easier. But I found your server anyway. It appears that this server, also has a member who happens to be named Kaspars. IP: 193.46.236.246:27015 http://www.game-monitor.com/tf2_GameServer/193.46.236.246:27015/GIGN_Team_Fo rtress_2__tf2.gign.lv-Variables.html The sv_contact is [EMAIL PROTECTED] And your name just so happens to be Kaspars ([EMAIL PROTECTED]) To show that this server, is a cracked server, this is a output of the status command on the server: hostname: GIGN Team Fortress 2 | tf2.gign.lv version : 1.0.2.3/14 3434 secure udp/ip : 193.46.236.246:27015 map : tc_hydro at: 0 x, 0 y, 0 z players : 31 (32 max) # userid name uniqueid connected ping loss state # 385 russman087 STEAM_0:0:7896881 00:14 231 73 spawning # 117 FroZen STEAM_666:88_666 2:43:07 190 0 active # 244 HyDE STEAM_0:0:4411810 1:27:48 180 0 active # 367 [GGP] tenochtitlan STEAM_0:0:17337278 11:44 199 0 active # 305 Grenade STEAM_666:88_666 49:01 444 0 active # 374 Unicefs STEAM_0:0:18971438 04:43 61 0 active # 265 [BEBRI] BulleT STEAM_0:1:1365 1:06:26 44 0 active # 337 Farnsworth STEAM_0:1:16598480 33:39 280 0 active # 384 Archeoptrix -V- STEAM_0:1:8149645 00:29 691 32 active # 288 [BEBRI] LongMan STEAM_0:0:18860784 55:02 63 0 active # 386 Steses STEAM_0:0:16557404 00:13 148 76 active # 382 Thief -V- STEAM_0:1:223130 01:09 205 0 active # 376 eBatas STEAM_0:0:18646857 03:14 153 0 active # 273 mara_spb STEAM_0:1:18877348 59:35 142 0 active # 364 Drept STEAM_666:88_666 13:44 140 0 active # 338 yang257 STEAM_0:1:16620122 33:34 442 0 active # 324 unnamed STEAM_666:88_666 42:05 110 0 active # 354 Dojacek STEAM_0:1:4573064 23:48 134 0 active # 378 [Merc]Kato STEAM_0:1:17449079 02:51 102 0 active # 331 Karuse STEAM_0:1:16652263 37:40 54 0 active # 346 Scratch STEAM_0:1:18647825 28:32 163 0 active # 330 RIkkY STEAM_666:88_666 38:17 53 0 active # 380 [RTFM] naziic STEAM_666:88_666 01:44 49 0 active # 339 Sharingan STEAM_666:88_666 32:41 35 0 active # 285 Lazze De Luxe
Re: [hlds] Nuke Exploit Info and Prevention
Only RCON uses TCP, it looks like it chews too much CPU throwing away the garbage data, we are fixing that up. - Alfred -Original Message- From: [EMAIL PROTECTED] [mailto:hlds- [EMAIL PROTECTED] On Behalf Of Nephyrin Zey Sent: Monday, April 28, 2008 10:26 PM To: Half-Life dedicated Win32 server mailing list; Half-Life dedicated Linux server mailing list Subject: [hlds] Nuke Exploit Info and Prevention The nuke exploit works as follows: Connect to a server via TCP (rcon, does anything else use TCP? I have no idea.) on its port. Send a million garbage packets ??? Profit The server goes insane handling them. Solution: Limit incoming TCP packets to ~1/second from any given IP on that port, *OR* Block TCP access to the server's port except from trusted people. Linux IPtables rules: iptables -A INPUT -p tcp --dport 27015 -m hashlimit --hashlimit-mode srcip,dstip,dstport --hashlimit 1/sec --hashlimit-burst 1 --hashlimit-name TF_PACKET_LIMIT -j ACCEPT iptables -A INPUT -p tcp --dport 27015 -j DROP /etc/init.d/iptables save /etc/init.d/iptables start (Note: you probably shouldn't enable iptables blindly if you don't know what you're doing) Windows: Block TCP to 27015 except for trusted people. Or something. Someone who admins window servers will need to guide you! - Neph (sv_benchmark_force_start fix coming in a few minutes) ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] New server exploit (not nuking)
STOP SPAM ME From: [EMAIL PROTECTED] To: hlds@list.valvesoftware.com Date: Tue, 29 Apr 2008 16:07:44 -0400 Subject: Re: [hlds] New server exploit (not nuking) Can I get a link to fix that exploit? - Original Message - From: voogru [EMAIL PROTECTED] To: 'Half-Life dedicated Win32 server mailing list' hlds@list.valvesoftware.com Sent: 2008-04-29 12:01 PM Subject: Re: [hlds] New server exploit (not nuking)Sorry mate, that's not me. I live in the United States, Not Chile. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kaspars Sent: Tuesday, April 29, 2008 11:56 AM To: Half-Life dedicated Win32 server mailing list Subject: Re: [hlds] New server exploit (not nuking) looks like you are really desperate my friend :D Apr 29 18:33:10 pussy sshd[28148]: Invalid user nfsnobody from 200.111.157.187 Apr 29 18:33:10 pussy sshd[28148]: Failed password for invalid user nfsnobody from 200.111.157.187 port 57265 ssh2 Apr 29 18:33:12 pussy sshd[28155]: Invalid user aptproxy from 200.111.157.187 Apr 29 18:33:12 pussy sshd[28155]: Failed password for invalid user aptproxy from 200.111.157.187 port 32977 ssh2 Apr 29 18:33:12 pussy sshd[28158]: Invalid user rpcuser from 200.111.157.187 Apr 29 18:33:12 pussy sshd[28158]: Failed password for invalid user rpcuser from 200.111.157.187 port 57525 ssh2 Apr 29 18:33:14 pussy sshd[28168]: Failed password for rpc from 200.111.157.187 port 57890 ssh2 Apr 29 18:33:15 pussy sshd[28165]: Invalid user desktop from 200.111.157.187 Apr 29 18:33:15 pussy sshd[28165]: Failed password for invalid user desktop from 200.111.157.187 port 8 ssh2 Apr 29 18:33:16 pussy sshd[28174]: Invalid user gopher from 200.111.157.187 Apr 29 18:33:16 pussy sshd[28174]: Failed password for invalid user gopher from 200.111.157.187 port 58160 ssh2 Apr 29 18:33:17 pussy sshd[28178]: Invalid user workshop from 200.111.157.187 Apr 29 18:33:17 pussy sshd[28178]: Failed password for invalid user workshop from 200.111.157.187 port 33734 ssh2 Apr 29 18:33:20 pussy sshd[28183]: Invalid user mailnull from 200.111.157.187 Apr 29 18:33:20 pussy sshd[28183]: Failed password for invalid user mailnull from 200.111.157.187 port 34115 ssh2 Apr 29 18:33:22 pussy sshd[28189]: Invalid user nfsnobody from 200.111.157.187 Apr 29 18:33:22 pussy sshd[28189]: Failed password for invalid user nfsnobody from 200.111.157.187 port 34375 ssh2 Apr 29 18:33:24 pussy sshd[28195]: Invalid user rpcuser from 200.111.157.187 Apr 29 18:33:24 pussy sshd[28195]: Failed password for invalid user rpcuser from 200.111.157.187 port 34711 ssh2 Apr 29 18:33:27 pussy sshd[28201]: Failed password for rpc from 200.111.157.187 port 35017 ssh2 Apr 29 18:33:29 pussy sshd[28207]: Invalid user gopher from 200.111.157.187Quoting voogru [EMAIL PROTECTED]: Well, that sure makes me accusing you of being a pirate a lot easier. But I found your server anyway. It appears that this server, also has a member who happens to be named Kaspars. IP: 193.46.236.246:27015 http://www.game-monitor.com/tf2_GameServer/193.46.236.246:27015/GIGN_Team_Fo rtress_2__tf2.gign.lv-Variables.html The sv_contact is [EMAIL PROTECTED] And your name just so happens to be Kaspars ([EMAIL PROTECTED]) To show that this server, is a cracked server, this is a output of the status command on the server: hostname: GIGN Team Fortress 2 | tf2.gign.lv version : 1.0.2.3/14 3434 secure udp/ip : 193.46.236.246:27015 map : tc_hydro at: 0 x, 0 y, 0 z players : 31 (32 max) # userid name uniqueid connected ping loss state # 385 russman087 STEAM_0:0:7896881 00:14 231 73 spawning # 117 FroZen STEAM_666:88_666 2:43:07 190 0 active # 244 HyDE STEAM_0:0:4411810 1:27:48 180 0 active # 367 [GGP] tenochtitlan STEAM_0:0:17337278 11:44 199 0 active # 305 Grenade STEAM_666:88_666 49:01 444 0 active # 374 Unicefs STEAM_0:0:18971438 04:43 61 0 active # 265 [BEBRI] BulleT STEAM_0:1:1365 1:06:26 44 0 active # 337 Farnsworth STEAM_0:1:16598480 33:39 280 0 active # 384 Archeoptrix -V- STEAM_0:1:8149645 00:29 691 32 active # 288 [BEBRI] LongMan STEAM_0:0:18860784 55:02 63 0 active # 386 Steses STEAM_0:0:16557404 00:13 148 76 active # 382 Thief -V- STEAM_0:1:223130 01:09 205 0 active # 376 eBatas STEAM_0:0:18646857 03:14 153 0 active # 273 mara_spb STEAM_0:1:18877348 59:35 142 0 active # 364 Drept STEAM_666:88_666 13:44 140 0 active # 338 yang257 STEAM_0:1:16620122 33:34 442 0 active # 324 unnamed STEAM_666:88_666 42:05 110 0 active # 354 Dojacek STEAM_0:1:4573064 23:48 134 0 active # 378 [Merc]Kato STEAM_0:1:17449079 02:51 102 0 active # 331 Karuse STEAM_0:1:16652263 37:40 54 0 active # 346 Scratch STEAM_0:1:18647825 28:32 163 0 active # 330 RIkkY STEAM_666:88_666 38:17 53 0 active # 380 [RTFM] naziic STEAM_666:88_666 01:44 49 0 active # 339 Sharingan STEAM_666:88_666 32:41
Re: [hlds] ***DHSPAM*** Re: New server exploit (not nuking)
http://www.nephyrin.net/NephCVUH_1.0.zip Its a linux/windows plugin that adds the ncp command, which flags any cvar you want as a cheat. So once you have the plugin loaded: ncp sv_benchmark_force_start will make that cvar cheat only, stopping players from using it in a non-cheat server. Make sure you add that to your server.cfg. - Neph On Tue, Apr 29, 2008 at 1:12 PM, Darren [EMAIL PROTECTED] wrote: Seconded. Maybe I missed it in one of the emails but there's been a ton of activity today making it difficult to keep up. -Darren On Apr 29, 2008, at 1:07 PM, Don Williams wrote: Can I get a link to fix that exploit? - Original Message - From: voogru [EMAIL PROTECTED] To: 'Half-Life dedicated Win32 server mailing list' hlds@list.valvesoftware.com Sent: 2008-04-29 12:01 PM Subject: Re: [hlds] New server exploit (not nuking) Sorry mate, that's not me. I live in the United States, Not Chile. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kaspars Sent: Tuesday, April 29, 2008 11:56 AM To: Half-Life dedicated Win32 server mailing list Subject: Re: [hlds] New server exploit (not nuking) looks like you are really desperate my friend :D Apr 29 18:33:10 pussy sshd[28148]: Invalid user nfsnobody from 200.111.157.187 Apr 29 18:33:10 pussy sshd[28148]: Failed password for invalid user nfsnobody from 200.111.157.187 port 57265 ssh2 Apr 29 18:33:12 pussy sshd[28155]: Invalid user aptproxy from 200.111.157.187 Apr 29 18:33:12 pussy sshd[28155]: Failed password for invalid user aptproxy from 200.111.157.187 port 32977 ssh2 Apr 29 18:33:12 pussy sshd[28158]: Invalid user rpcuser from 200.111.157.187 Apr 29 18:33:12 pussy sshd[28158]: Failed password for invalid user rpcuser from 200.111.157.187 port 57525 ssh2 Apr 29 18:33:14 pussy sshd[28168]: Failed password for rpc from 200.111.157.187 port 57890 ssh2 Apr 29 18:33:15 pussy sshd[28165]: Invalid user desktop from 200.111.157.187 Apr 29 18:33:15 pussy sshd[28165]: Failed password for invalid user desktop from 200.111.157.187 port 8 ssh2 Apr 29 18:33:16 pussy sshd[28174]: Invalid user gopher from 200.111.157.187 Apr 29 18:33:16 pussy sshd[28174]: Failed password for invalid user gopher from 200.111.157.187 port 58160 ssh2 Apr 29 18:33:17 pussy sshd[28178]: Invalid user workshop from 200.111.157.187 Apr 29 18:33:17 pussy sshd[28178]: Failed password for invalid user workshop from 200.111.157.187 port 33734 ssh2 Apr 29 18:33:20 pussy sshd[28183]: Invalid user mailnull from 200.111.157.187 Apr 29 18:33:20 pussy sshd[28183]: Failed password for invalid user mailnull from 200.111.157.187 port 34115 ssh2 Apr 29 18:33:22 pussy sshd[28189]: Invalid user nfsnobody from 200.111.157.187 Apr 29 18:33:22 pussy sshd[28189]: Failed password for invalid user nfsnobody from 200.111.157.187 port 34375 ssh2 Apr 29 18:33:24 pussy sshd[28195]: Invalid user rpcuser from 200.111.157.187 Apr 29 18:33:24 pussy sshd[28195]: Failed password for invalid user rpcuser from 200.111.157.187 port 34711 ssh2 Apr 29 18:33:27 pussy sshd[28201]: Failed password for rpc from 200.111.157.187 port 35017 ssh2 Apr 29 18:33:29 pussy sshd[28207]: Invalid user gopher from 200.111.157.187 Quoting voogru [EMAIL PROTECTED]: Well, that sure makes me accusing you of being a pirate a lot easier. But I found your server anyway. It appears that this server, also has a member who happens to be named Kaspars. IP: 193.46.236.246:27015 http://www.game-monitor.com/tf2_GameServer/193.46.236.246:27015/GIGN_Team_Fo rtress_2__tf2.gign.lv-Variables.html The sv_contact is [EMAIL PROTECTED] And your name just so happens to be Kaspars ([EMAIL PROTECTED]) To show that this server, is a cracked server, this is a output of the status command on the server: hostname: GIGN Team Fortress 2 | tf2.gign.lv version : 1.0.2.3/14 3434 secure udp/ip : 193.46.236.246:27015 map : tc_hydro at: 0 x, 0 y, 0 z players : 31 (32 max) # userid name uniqueid connected ping loss state # 385 russman087 STEAM_0:0:7896881 00:14 231 73 spawning # 117 FroZen STEAM_666:88_666 2:43:07 190 0 active # 244 HyDE STEAM_0:0:4411810 1:27:48 180 0 active # 367 [GGP] tenochtitlan STEAM_0:0:17337278 11:44 199 0 active # 305 Grenade STEAM_666:88_666 49:01 444 0 active # 374 Unicefs STEAM_0:0:18971438 04:43 61 0 active # 265 [BEBRI] BulleT STEAM_0:1:1365 1:06:26 44 0 active # 337 Farnsworth STEAM_0:1:16598480 33:39 280 0 active # 384 Archeoptrix -V- STEAM_0:1:8149645 00:29 691 32 active # 288 [BEBRI] LongMan STEAM_0:0:18860784 55:02 63 0 active # 386 Steses STEAM_0:0:16557404 00:13 148 76 active # 382 Thief -V- STEAM_0:1:223130 01:09 205 0 active # 376 eBatas
Re: [hlds] New server exploit (not nuking)
Get some brain. STOP SPAM ME From: [EMAIL PROTECTED] To: hlds@list.valvesoftware.com Date: Tue, 29 Apr 2008 16:07:44 -0400 Subject: Re: [hlds] New server exploit (not nuking) Can I get a link to fix that exploit? - Original Message - From: voogru [EMAIL PROTECTED] To: 'Half-Life dedicated Win32 server mailing list' hlds@list.valvesoftware.com Sent: 2008-04-29 12:01 PM Subject: Re: [hlds] New server exploit (not nuking)Sorry mate, that's not me. I live in the United States, Not Chile. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kaspars Sent: Tuesday, April 29, 2008 11:56 AM To: Half-Life dedicated Win32 server mailing list Subject: Re: [hlds] New server exploit (not nuking) looks like you are really desperate my friend :D Apr 29 18:33:10 pussy sshd[28148]: Invalid user nfsnobody from 200.111.157.187 Apr 29 18:33:10 pussy sshd[28148]: Failed password for invalid user nfsnobody from 200.111.157.187 port 57265 ssh2 Apr 29 18:33:12 pussy sshd[28155]: Invalid user aptproxy from 200.111.157.187 Apr 29 18:33:12 pussy sshd[28155]: Failed password for invalid user aptproxy from 200.111.157.187 port 32977 ssh2 Apr 29 18:33:12 pussy sshd[28158]: Invalid user rpcuser from 200.111.157.187 Apr 29 18:33:12 pussy sshd[28158]: Failed password for invalid user rpcuser from 200.111.157.187 port 57525 ssh2 Apr 29 18:33:14 pussy sshd[28168]: Failed password for rpc from 200.111.157.187 port 57890 ssh2 Apr 29 18:33:15 pussy sshd[28165]: Invalid user desktop from 200.111.157.187 Apr 29 18:33:15 pussy sshd[28165]: Failed password for invalid user desktop from 200.111.157.187 port 8 ssh2 Apr 29 18:33:16 pussy sshd[28174]: Invalid user gopher from 200.111.157.187 Apr 29 18:33:16 pussy sshd[28174]: Failed password for invalid user gopher from 200.111.157.187 port 58160 ssh2 Apr 29 18:33:17 pussy sshd[28178]: Invalid user workshop from 200.111.157.187 Apr 29 18:33:17 pussy sshd[28178]: Failed password for invalid user workshop from 200.111.157.187 port 33734 ssh2 Apr 29 18:33:20 pussy sshd[28183]: Invalid user mailnull from 200.111.157.187 Apr 29 18:33:20 pussy sshd[28183]: Failed password for invalid user mailnull from 200.111.157.187 port 34115 ssh2 Apr 29 18:33:22 pussy sshd[28189]: Invalid user nfsnobody from 200.111.157.187 Apr 29 18:33:22 pussy sshd[28189]: Failed password for invalid user nfsnobody from 200.111.157.187 port 34375 ssh2 Apr 29 18:33:24 pussy sshd[28195]: Invalid user rpcuser from 200.111.157.187 Apr 29 18:33:24 pussy sshd[28195]: Failed password for invalid user rpcuser from 200.111.157.187 port 34711 ssh2 Apr 29 18:33:27 pussy sshd[28201]: Failed password for rpc from 200.111.157.187 port 35017 ssh2 Apr 29 18:33:29 pussy sshd[28207]: Invalid user gopher from 200.111.157.187 Quoting voogru [EMAIL PROTECTED]: Well, that sure makes me accusing you of being a pirate a lot easier. But I found your server anyway. It appears that this server, also has a member who happens to be named Kaspars. IP: 193.46.236.246:27015 http://www.game-monitor.com/tf2_GameServer/193.46.236.246:27015/GIGN_Team_Fo rtress_2__tf2.gign.lv-Variables.html The sv_contact is [EMAIL PROTECTED] And your name just so happens to be Kaspars ([EMAIL PROTECTED]) To show that this server, is a cracked server, this is a output of the status command on the server: hostname: GIGN Team Fortress 2 | tf2.gign.lv version : 1.0.2.3/14 3434 secure udp/ip : 193.46.236.246:27015 map : tc_hydro at: 0 x, 0 y, 0 z players : 31 (32 max) # userid name uniqueid connected ping loss state # 385 russman087 STEAM_0:0:7896881 00:14 231 73 spawning # 117 FroZen STEAM_666:88_666 2:43:07 190 0 active # 244 HyDE STEAM_0:0:4411810 1:27:48 180 0 active # 367 [GGP] tenochtitlan STEAM_0:0:17337278 11:44 199 0 active # 305 Grenade STEAM_666:88_666 49:01 444 0 active # 374 Unicefs STEAM_0:0:18971438 04:43 61 0 active # 265 [BEBRI] BulleT STEAM_0:1:1365 1:06:26 44 0 active # 337 Farnsworth STEAM_0:1:16598480 33:39 280 0 active # 384 Archeoptrix -V- STEAM_0:1:8149645 00:29 691 32 active # 288 [BEBRI] LongMan STEAM_0:0:18860784 55:02 63 0 active # 386 Steses STEAM_0:0:16557404 00:13 148 76 active # 382 Thief -V- STEAM_0:1:223130 01:09 205 0 active # 376 eBatas STEAM_0:0:18646857 03:14 153 0 active # 273 mara_spb STEAM_0:1:18877348 59:35 142 0 active # 364 Drept STEAM_666:88_666 13:44 140 0 active # 338 yang257 STEAM_0:1:16620122 33:34 442 0 active # 324 unnamed STEAM_666:88_666 42:05 110 0 active # 354 Dojacek STEAM_0:1:4573064 23:48 134 0 active # 378 [Merc]Kato STEAM_0:1:17449079 02:51 102 0 active # 331 Karuse STEAM_0:1:16652263 37:40 54 0 active # 346 Scratch STEAM_0:1:18647825 28:32 163 0 active # 330 RIkkY STEAM_666:88_666 38:17 53
Re: [hlds] Nuke Exploit Info and Prevention
Indeed, if you know the IPs you're going to be rconning from, it's easier to just use whitelisting and not hashlimits at all. You can also raise the hashlimit-burst setting from 1 to like 5, which which make rcon a lot more responsive from non-whitelisted ips. On Tue, Apr 29, 2008 at 1:41 PM, Andrew DeMerse [EMAIL PROTECTED] wrote: As a note, the iptables fix seems to be screwing with anyone running HLStatsx that runs on a machine that isn't local. Run the following command to whitelist your hlstatsx server. Of course, replace 123.456.789.0 with your hlstatsx IP. sudo iptables -I INPUT 1 -p tcp --dport 27015 --source 123.456.789.0 -j ACCEPT You can also use the same command to whitelist your own IP (in case HLSW or other RCON tools seem slow or unresponsive). Date: Tue, 29 Apr 2008 13:18:05 -0700 From: [EMAIL PROTECTED] To: hlds@list.valvesoftware.com Subject: Re: [hlds] Nuke Exploit Info and Prevention Only RCON uses TCP, it looks like it chews too much CPU throwing away the garbage data, we are fixing that up. - Alfred -Original Message- From: [EMAIL PROTECTED] [mailto:hlds- [EMAIL PROTECTED] On Behalf Of Nephyrin Zey Sent: Monday, April 28, 2008 10:26 PM To: Half-Life dedicated Win32 server mailing list; Half-Life dedicated Linux server mailing list Subject: [hlds] Nuke Exploit Info and Prevention The nuke exploit works as follows: Connect to a server via TCP (rcon, does anything else use TCP? I have no idea.) on its port. Send a million garbage packets ??? Profit The server goes insane handling them. Solution: Limit incoming TCP packets to ~1/second from any given IP on that port, *OR* Block TCP access to the server's port except from trusted people. Linux IPtables rules: iptables -A INPUT -p tcp --dport 27015 -m hashlimit --hashlimit-mode srcip,dstip,dstport --hashlimit 1/sec --hashlimit-burst 1 --hashlimit-name TF_PACKET_LIMIT -j ACCEPT iptables -A INPUT -p tcp --dport 27015 -j DROP /etc/init.d/iptables save /etc/init.d/iptables start (Note: you probably shouldn't enable iptables blindly if you don't know what you're doing) Windows: Block TCP to 27015 except for trusted people. Or something. Someone who admins window servers will need to guide you! - Neph (sv_benchmark_force_start fix coming in a few minutes) ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds _ Make i'm yours. Create a custom banner to support your cause. http://im.live.com/Messenger/IM/Contribute/Default.aspx?source=TXT_TAGHM_MSN_Make_IM_Yours ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] New server exploit (not nuking)
You are the one spamming us. We were never spamming you. On Tue, Apr 29, 2008 at 4:18 PM, Sebastian Hilding [EMAIL PROTECTED] wrote: STOP SPAM ME From: [EMAIL PROTECTED] To: hlds@list.valvesoftware.com Date: Tue, 29 Apr 2008 16:07:44 -0400 Subject: Re: [hlds] New server exploit (not nuking) Can I get a link to fix that exploit? - Original Message - From: voogru [EMAIL PROTECTED] To: 'Half-Life dedicated Win32 server mailing list' hlds@list.valvesoftware.com Sent: 2008-04-29 12:01 PM Subject: Re: [hlds] New server exploit (not nuking)Sorry mate, that's not me. I live in the United States, Not Chile. -Original Message- From: [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED] On Behalf Of Kaspars Sent: Tuesday, April 29, 2008 11:56 AM To: Half-Life dedicated Win32 server mailing list Subject: Re: [hlds] New server exploit (not nuking) looks like you are really desperate my friend :D Apr 29 18:33:10 pussy sshd[28148]: Invalid user nfsnobody from 200.111.157.187 Apr 29 18:33:10 pussy sshd[28148]: Failed password for invalid user nfsnobody from 200.111.157.187 port 57265 ssh2 Apr 29 18:33:12 pussy sshd[28155]: Invalid user aptproxy from 200.111.157.187 Apr 29 18:33:12 pussy sshd[28155]: Failed password for invalid user aptproxy from 200.111.157.187 port 32977 ssh2 Apr 29 18:33:12 pussy sshd[28158]: Invalid user rpcuser from 200.111.157.187 Apr 29 18:33:12 pussy sshd[28158]: Failed password for invalid user rpcuser from 200.111.157.187 port 57525 ssh2 Apr 29 18:33:14 pussy sshd[28168]: Failed password for rpc from 200.111.157.187 port 57890 ssh2 Apr 29 18:33:15 pussy sshd[28165]: Invalid user desktop from 200.111.157.187 Apr 29 18:33:15 pussy sshd[28165]: Failed password for invalid user desktop from 200.111.157.187 port 8 ssh2 Apr 29 18:33:16 pussy sshd[28174]: Invalid user gopher from 200.111.157.187 Apr 29 18:33:16 pussy sshd[28174]: Failed password for invalid user gopher from 200.111.157.187 port 58160 ssh2 Apr 29 18:33:17 pussy sshd[28178]: Invalid user workshop from 200.111.157.187 Apr 29 18:33:17 pussy sshd[28178]: Failed password for invalid user workshop from 200.111.157.187 port 33734 ssh2 Apr 29 18:33:20 pussy sshd[28183]: Invalid user mailnull from 200.111.157.187 Apr 29 18:33:20 pussy sshd[28183]: Failed password for invalid user mailnull from 200.111.157.187 port 34115 ssh2 Apr 29 18:33:22 pussy sshd[28189]: Invalid user nfsnobody from 200.111.157.187 Apr 29 18:33:22 pussy sshd[28189]: Failed password for invalid user nfsnobody from 200.111.157.187 port 34375 ssh2 Apr 29 18:33:24 pussy sshd[28195]: Invalid user rpcuser from 200.111.157.187 Apr 29 18:33:24 pussy sshd[28195]: Failed password for invalid user rpcuser from 200.111.157.187 port 34711 ssh2 Apr 29 18:33:27 pussy sshd[28201]: Failed password for rpc from 200.111.157.187 port 35017 ssh2 Apr 29 18:33:29 pussy sshd[28207]: Invalid user gopher from 200.111.157.187 Quoting voogru [EMAIL PROTECTED]: Well, that sure makes me accusing you of being a pirate a lot easier. But I found your server anyway. It appears that this server, also has a member who happens to be named Kaspars. IP: 193.46.236.246:27015 http://www.game-monitor.com/tf2_GameServer/193.46.236.246:27015/GIGN_Team_Fo rtress_2__tf2.gign.lv-Variables.html The sv_contact is [EMAIL PROTECTED] And your name just so happens to be Kaspars ([EMAIL PROTECTED]) To show that this server, is a cracked server, this is a output of the status command on the server: hostname: GIGN Team Fortress 2 | tf2.gign.lv version : 1.0.2.3/14 3434 secure udp/ip : 193.46.236.246:27015 map : tc_hydro at: 0 x, 0 y, 0 z players : 31 (32 max) # userid name uniqueid connected ping loss state # 385 russman087 STEAM_0:0:7896881 00:14 231 73 spawning # 117 FroZen STEAM_666:88_666 2:43:07 190 0 active # 244 HyDE STEAM_0:0:4411810 1:27:48 180 0 active # 367 [GGP] tenochtitlan STEAM_0:0:17337278 11:44 199 0 active # 305 Grenade STEAM_666:88_666 49:01 444 0 active # 374 Unicefs STEAM_0:0:18971438 04:43 61 0 active # 265 [BEBRI] BulleT STEAM_0:1:1365 1:06:26 44 0 active # 337 Farnsworth STEAM_0:1:16598480 33:39 280 0 active # 384 Archeoptrix -V- STEAM_0:1:8149645 00:29 691 32 active # 288 [BEBRI] LongMan STEAM_0:0:18860784 55:02 63 0 active # 386 Steses STEAM_0:0:16557404 00:13 148 76 active # 382 Thief -V- STEAM_0:1:223130 01:09 205 0 active # 376 eBatas STEAM_0:0:18646857 03:14 153 0 active # 273 mara_spb STEAM_0:1:18877348 59:35 142 0 active # 364 Drept STEAM_666:88_666 13:44 140 0 active # 338 yang257 STEAM_0:1:16620122 33:34 442 0 active # 324 unnamed STEAM_666:88_666 42:05 110 0 active # 354 Dojacek STEAM_0:1:4573064 23:48 134 0 active # 378 [Merc]Kato STEAM_0:1:17449079 02:51 102 0 active # 331 Karuse STEAM_0:1:16652263 37:40 54 0 active # 346 Scratch STEAM_0:1:18647825 28:32 163 0 active #
Re: [hlds] New server exploit (not nuking)
Sorry, but I don't host any patches or cracked games... and I'm not anyway related to the torrent links previously posted. I do respect game developers and if people find cracked tf2 and patches somewhere, thats not my responsibility Quoting Rodge Stumbaugh [EMAIL PROTECTED]: And you also host non-steam patches for download,right? I have to tell you, I've seen voogru on this list a lot and he does help several people. You though, are a waste of space. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kaspars Sent: Tuesday, April 29, 2008 1:05 PM To: Half-Life dedicated Win32 server mailing list Subject: Re: [hlds] New server exploit (not nuking) Sorry to spam this list again, I just wanted to state that I own a legit copy of tf2 because I really think it is a great value for the money Quoting voogru [EMAIL PROTECTED]: I'm not doing anything to your server, I gone through a few short lengths to see if you're a pirate and left it at that. I found it quite ironic you were whining about your poor server when you don't even pay for the damned game. I mean, valve can't win can they? Even the people who STEAL the game find stuff to whine about. Oh my god! This game that I stole isn't working properly! OMG SOMEONE PLZ FIX NOW NOW VALVE WTF U SUCK URE NOT WORKING FAST ENOUGH WTF I DESERVE SUPER SUPPORT EVEN THOUGH I STOLE THEIR GAME I help the public with problems, I don't help freeloaders and people who steal the game, and that means you. Now go crawl back into your little hole. - voogru. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kaspars Sent: Tuesday, April 29, 2008 12:19 PM To: Half-Life dedicated Win32 server mailing list Subject: Re: [hlds] New server exploit (not nuking) Right... and if you somehow would get into my server and launch from me an attach somewhere else, you wouldn't live in Latvia... I wonder... what is your purpose here? To help general public with bugs/problems or to frame nosteam users? Your hacking toy arsenal tells about you enough... Quoting voogru [EMAIL PROTECTED]: Sorry mate, that's not me. I live in the United States, Not Chile. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kaspars Sent: Tuesday, April 29, 2008 11:56 AM To: Half-Life dedicated Win32 server mailing list Subject: Re: [hlds] New server exploit (not nuking) looks like you are really desperate my friend :D Apr 29 18:33:10 pussy sshd[28148]: Invalid user nfsnobody from 200.111.157.187 Apr 29 18:33:10 pussy sshd[28148]: Failed password for invalid user nfsnobody from 200.111.157.187 port 57265 ssh2 Apr 29 18:33:12 pussy sshd[28155]: Invalid user aptproxy from 200.111.157.187 Apr 29 18:33:12 pussy sshd[28155]: Failed password for invalid user aptproxy from 200.111.157.187 port 32977 ssh2 Apr 29 18:33:12 pussy sshd[28158]: Invalid user rpcuser from 200.111.157.187 Apr 29 18:33:12 pussy sshd[28158]: Failed password for invalid user rpcuser from 200.111.157.187 port 57525 ssh2 Apr 29 18:33:14 pussy sshd[28168]: Failed password for rpc from 200.111.157.187 port 57890 ssh2 Apr 29 18:33:15 pussy sshd[28165]: Invalid user desktop from 200.111.157.187 Apr 29 18:33:15 pussy sshd[28165]: Failed password for invalid user desktop from 200.111.157.187 port 8 ssh2 Apr 29 18:33:16 pussy sshd[28174]: Invalid user gopher from 200.111.157.187 Apr 29 18:33:16 pussy sshd[28174]: Failed password for invalid user gopher from 200.111.157.187 port 58160 ssh2 Apr 29 18:33:17 pussy sshd[28178]: Invalid user workshop from 200.111.157.187 Apr 29 18:33:17 pussy sshd[28178]: Failed password for invalid user workshop from 200.111.157.187 port 33734 ssh2 Apr 29 18:33:20 pussy sshd[28183]: Invalid user mailnull from 200.111.157.187 Apr 29 18:33:20 pussy sshd[28183]: Failed password for invalid user mailnull from 200.111.157.187 port 34115 ssh2 Apr 29 18:33:22 pussy sshd[28189]: Invalid user nfsnobody from 200.111.157.187 Apr 29 18:33:22 pussy sshd[28189]: Failed password for invalid user nfsnobody from 200.111.157.187 port 34375 ssh2 Apr 29 18:33:24 pussy sshd[28195]: Invalid user rpcuser from 200.111.157.187 Apr 29 18:33:24 pussy sshd[28195]: Failed password for invalid user rpcuser from 200.111.157.187 port 34711 ssh2 Apr 29 18:33:27 pussy sshd[28201]: Failed password for rpc from 200.111.157.187 port 35017 ssh2 Apr 29 18:33:29 pussy sshd[28207]: Invalid user gopher from 200.111.157.187
[hlds] Looping racist sound loops
Normally I'd assume that my rcon was compromised, change it, and move on. I can't tell if this is related to the latest influx of exploits for source games, but basically my community members informed me today that: Twice today The Tempest servers were flooded with Bot players. Everyone would be recalled to their battlement resupply while these Bots (of the opposing team) would kill them and a wav of niggers looped repeatedly. Eventually the continuous stream of Bots hammering the server would cause it to freeze/crash. Pretty annoying and it doesn't look good for the server either. I'd think that a group using Tux the penguin (or some variation of him) as their logo would be a little more concerned with server security. I know you guys run this as a free service to other gamers etc., but I'm just saying it how it is... it looks really bad on your part and discourages the average player from using your servers or even considering donating. Now this sounds like the benchmark exploit, but the looping wav sound disturbs me. Even if the rcon was compromised, how would everyone be able to hear a sound that we don't have on our servers? Unless it's been renamed that is, but even then it would have to be on the http webserver, and it's not. Any ideas? ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] Looping racist sound loops
Are you sure it wasn't just the offending player spamming a sound over voicechat? It doesn't seem likely someone with rcon access would have to resort to using the force benchmark exploit to crash it.. - Neph On Tue, Apr 29, 2008 at 3:42 PM, James McKenna [EMAIL PROTECTED] wrote: Normally I'd assume that my rcon was compromised, change it, and move on. I can't tell if this is related to the latest influx of exploits for source games, but basically my community members informed me today that: Twice today The Tempest servers were flooded with Bot players. Everyone would be recalled to their battlement resupply while these Bots (of the opposing team) would kill them and a wav of niggers looped repeatedly. Eventually the continuous stream of Bots hammering the server would cause it to freeze/crash. Pretty annoying and it doesn't look good for the server either. I'd think that a group using Tux the penguin (or some variation of him) as their logo would be a little more concerned with server security. I know you guys run this as a free service to other gamers etc., but I'm just saying it how it is... it looks really bad on your part and discourages the average player from using your servers or even considering donating. Now this sounds like the benchmark exploit, but the looping wav sound disturbs me. Even if the rcon was compromised, how would everyone be able to hear a sound that we don't have on our servers? Unless it's been renamed that is, but even then it would have to be on the http webserver, and it's not. Any ideas? ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] Looping racist sound loops
They were probably using voice chat. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of James McKenna Sent: Tuesday, April 29, 2008 3:43 PM To: hlds@list.valvesoftware.com Subject: [hlds] Looping racist sound loops Normally I'd assume that my rcon was compromised, change it, and move on. I can't tell if this is related to the latest influx of exploits for source games, but basically my community members informed me today that: Twice today The Tempest servers were flooded with Bot players. Everyone would be recalled to their battlement resupply while these Bots (of the opposing team) would kill them and a wav of niggers looped repeatedly. Eventually the continuous stream of Bots hammering the server would cause it to freeze/crash. Pretty annoying and it doesn't look good for the server either. I'd think that a group using Tux the penguin (or some variation of him) as their logo would be a little more concerned with server security. I know you guys run this as a free service to other gamers etc., but I'm just saying it how it is... it looks really bad on your part and discourages the average player from using your servers or even considering donating. Now this sounds like the benchmark exploit, but the looping wav sound disturbs me. Even if the rcon was compromised, how would everyone be able to hear a sound that we don't have on our servers? Unless it's been renamed that is, but even then it would have to be on the http webserver, and it's not. Any ideas? ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] Looping racist sound loops
Tux the Penguin does not care about black people. On Apr 29, 2008, at 3:42 PM, James McKenna wrote: Normally I'd assume that my rcon was compromised, change it, and move on. I can't tell if this is related to the latest influx of exploits for source games, but basically my community members informed me today that: Twice today The Tempest servers were flooded with Bot players. Everyone would be recalled to their battlement resupply while these Bots (of the opposing team) would kill them and a wav of niggers looped repeatedly. Eventually the continuous stream of Bots hammering the server would cause it to freeze/crash. Pretty annoying and it doesn't look good for the server either. I'd think that a group using Tux the penguin (or some variation of him) as their logo would be a little more concerned with server security. I know you guys run this as a free service to other gamers etc., but I'm just saying it how it is... it looks really bad on your part and discourages the average player from using your servers or even considering donating. Now this sounds like the benchmark exploit, but the looping wav sound disturbs me. Even if the rcon was compromised, how would everyone be able to hear a sound that we don't have on our servers? Unless it's been renamed that is, but even then it would have to be on the http webserver, and it's not. Any ideas? ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] Nuke Exploit Info and Prevention
Ya someone just took my 32 man server down.. Loyal players just rejoined and it filled back up. We have to assume that the questionable people are on this list and just a FYI for them I have a packet sniffer in place and will log your IP for further action I suggest that everyone else do the same. Date: Tue, 29 Apr 2008 13:18:05 -0700 From: [EMAIL PROTECTED] To: hlds@list.valvesoftware.com Subject: Re: [hlds] Nuke Exploit Info and Prevention Only RCON uses TCP, it looks like it chews too much CPU throwing away the garbage data, we are fixing that up. - Alfred ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
[hlds] Team Fortress 2 Update Coming
The long-waited required Team Fortress 2 update will be arriving soon. Should be live in about an hour from now. Jason ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] Team Fortress 2 Update Coming
*Something vibrates in my pocket* /me goes to Gmail. OOOH I'll be waiting :D (That's a phone by the way) On Tue, Apr 29, 2008 at 7:30 PM, Jason Ruymen [EMAIL PROTECTED] wrote: The long-waited required Team Fortress 2 update will be arriving soon. Should be live in about an hour from now. Jason ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] Team Fortress 2 Update Coming
Thanks for the update! On Tue, Apr 29, 2008 at 4:37 PM, James McKenna [EMAIL PROTECTED] wrote: Thanks for the update! On Tue, Apr 29, 2008 at 4:30 PM, Jason Ruymen [EMAIL PROTECTED] wrote: The long-waited required Team Fortress 2 update will be arriving soon. Should be live in about an hour from now. Jason ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] Team Fortress 2 Update Coming
soon ... I hope that I don't have to think in valve time? :D -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jason Ruymen Sent: Wednesday, April 30, 2008 1:30 AM To: hlds@list.valvesoftware.com; [EMAIL PROTECTED] Subject: [hlds] Team Fortress 2 Update Coming The long-waited required Team Fortress 2 update will be arriving soon. Should be live in about an hour from now. Jason ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] Team Fortress 2 Update Coming
There's no Valve Time entry for about an hour from now! - Neph On Tue, Apr 29, 2008 at 4:30 PM, Jason Ruymen [EMAIL PROTECTED] wrote: The long-waited required Team Fortress 2 update will be arriving soon. Should be live in about an hour from now. Jason ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] Team Fortress 2 Update Coming
Good to hear, rumors have started that we will have to wait again haha. Thanks for the heads up as always! :) - Original Message The long-waited required Team Fortress 2 update will be arriving soon. Should be live in about an hour from now. Jason Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now. http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] Team Fortress 2 Update Coming
If need be, I'm sure one of us will add one once/if Valve misses it ;). On Tue, Apr 29, 2008 at 7:40 PM, Nephyrin Zey [EMAIL PROTECTED] wrote: There's no Valve Time entry for about an hour from now! - Neph On Tue, Apr 29, 2008 at 4:30 PM, Jason Ruymen [EMAIL PROTECTED] wrote: The long-waited required Team Fortress 2 update will be arriving soon. Should be live in about an hour from now. Jason ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] Team Fortress 2 Update Coming
Is that in hours or business hours cause they are probably going to close soon anyways. Nephyrin Zey wrote: There's no Valve Time entry for about an hour from now! - Neph On Tue, Apr 29, 2008 at 4:30 PM, Jason Ruymen [EMAIL PROTECTED] wrote: The long-waited required Team Fortress 2 update will be arriving soon. Should be live in about an hour from now. Jason ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] New server exploit (not nuking)
I plan to post the names and IPs of everyone found hacking my server with the Nuke attack so here we go. FrontHoe 171.65.103.231 ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] New server exploit (not nuking)
It might be more productive to just setup your firewall ;-P On Tue, Apr 29, 2008 at 4:49 PM, Mike Stiehm [EMAIL PROTECTED] wrote: I plan to post the names and IPs of everyone found hacking my server with the Nuke attack so here we go. FrontHoe 171.65.103.231 ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] New server exploit (not nuking)
I was on a couple of servers earlier, nearly all of them crashed (Timed out). Surely VALVe can rollout a hotfix for the rcon bug and those two cheat commands pretty darn quick... Their game is getting owned by 2 commands that should be FCVAR_CHEAT and an rcon bug... Nephyrin Zey wrote: It might be more productive to just setup your firewall ;-P On Tue, Apr 29, 2008 at 4:49 PM, Mike Stiehm [EMAIL PROTECTED] wrote: I plan to post the names and IPs of everyone found hacking my server with the Nuke attack so here we go. FrontHoe 171.65.103.231 ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] New server exploit (not nuking)
It has also affected our 2 servers today4 times I had to restart themkeeping fingers crossed the update will fix it. I ran Neph's plugin...seems to help except when it changes map. On Tue, Apr 29, 2008 at 7:13 PM, Tom Leighton [EMAIL PROTECTED] wrote: I was on a couple of servers earlier, nearly all of them crashed (Timed out). Surely VALVe can rollout a hotfix for the rcon bug and those two cheat commands pretty darn quick... Their game is getting owned by 2 commands that should be FCVAR_CHEAT and an rcon bug... Nephyrin Zey wrote: It might be more productive to just setup your firewall ;-P On Tue, Apr 29, 2008 at 4:49 PM, Mike Stiehm [EMAIL PROTECTED] wrote: I plan to post the names and IPs of everyone found hacking my server with the Nuke attack so here we go. FrontHoe 171.65.103.231 ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] New server exploit (not nuking)
Wait, people are still running this command on map change? Or are you talking about the Nuker? The plugin only fixes the benchmark thing.. -Neph On Tue, Apr 29, 2008 at 5:32 PM, Fudgstu [EMAIL PROTECTED] wrote: It has also affected our 2 servers today4 times I had to restart themkeeping fingers crossed the update will fix it. I ran Neph's plugin...seems to help except when it changes map. On Tue, Apr 29, 2008 at 7:13 PM, Tom Leighton [EMAIL PROTECTED] wrote: I was on a couple of servers earlier, nearly all of them crashed (Timed out). Surely VALVe can rollout a hotfix for the rcon bug and those two cheat commands pretty darn quick... Their game is getting owned by 2 commands that should be FCVAR_CHEAT and an rcon bug... Nephyrin Zey wrote: It might be more productive to just setup your firewall ;-P On Tue, Apr 29, 2008 at 4:49 PM, Mike Stiehm [EMAIL PROTECTED] wrote: I plan to post the names and IPs of everyone found hacking my server with the Nuke attack so here we go. FrontHoe 171.65.103.231 ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] New server exploit (not nuking)
Maybe put it in your autoexec.cfg ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] New server exploit (not nuking)
IIRC, autoexec.cfg only runs on server startup, and server.cfg runs on every map change. From: [EMAIL PROTECTED] To: hlds@list.valvesoftware.com Date: Tue, 29 Apr 2008 19:41:30 -0500 Subject: Re: [hlds] New server exploit (not nuking) Maybe put it in your autoexec.cfg ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds _ Make i'm yours. Create a custom banner to support your cause. http://im.live.com/Messenger/IM/Contribute/Default.aspx?source=TXT_TAGHM_MSN_Make_IM_Yours ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] Team Fortress 2 Update Coming
I'm waiting Jason Ruymen wrote: The long-waited required Team Fortress 2 update will be arriving soon. Should be live in about an hour from now. Jason ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] Team Fortress 2 Update Coming
You scared me there haha. Thought it said it was out :P Engi achievements FTW! - Original Message From: Tom Leighton [EMAIL PROTECTED] To: Half-Life dedicated Win32 server mailing list hlds@list.valvesoftware.com Sent: Tuesday, April 29, 2008 5:52:34 PM Subject: Re: [hlds] Team Fortress 2 Update Coming I'm waiting Jason Ruymen wrote: The long-waited required Team Fortress 2 update will be arriving soon. Should be live in about an hour from now. Jason ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now. http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] Team Fortress 2 Update Coming
It's out 2008/4/30 Tom Leighton [EMAIL PROTECTED]: I'm waiting Jason Ruymen wrote: The long-waited required Team Fortress 2 update will be arriving soon. Should be live in about an hour from now. Jason ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds -- J McBroom ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] Team Fortress 2 Update Coming
It's out! On Tue, Apr 29, 2008 at 8:57 PM, DontWannaName! [EMAIL PROTECTED] wrote: You scared me there haha. Thought it said it was out :P Engi achievements FTW! - Original Message From: Tom Leighton [EMAIL PROTECTED] To: Half-Life dedicated Win32 server mailing list hlds@list.valvesoftware.com Sent: Tuesday, April 29, 2008 5:52:34 PM Subject: Re: [hlds] Team Fortress 2 Update Coming I'm waiting Jason Ruymen wrote: The long-waited required Team Fortress 2 update will be arriving soon. Should be live in about an hour from now. Jason ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now. http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] Team Fortress 2 Update Coming
It is? My client isn't updating (restarted numerous times) On Tue, Apr 29, 2008 at 6:04 PM, 1nsane . [EMAIL PROTECTED] wrote: It's out! On Tue, Apr 29, 2008 at 8:57 PM, DontWannaName! [EMAIL PROTECTED] wrote: You scared me there haha. Thought it said it was out :P Engi achievements FTW! - Original Message From: Tom Leighton [EMAIL PROTECTED] To: Half-Life dedicated Win32 server mailing list hlds@list.valvesoftware.com Sent: Tuesday, April 29, 2008 5:52:34 PM Subject: Re: [hlds] Team Fortress 2 Update Coming I'm waiting Jason Ruymen wrote: The long-waited required Team Fortress 2 update will be arriving soon. Should be live in about an hour from now. Jason ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now. http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] Team Fortress 2 Update Coming
Its out this is for sure :) - Original Message - From: James McKenna [EMAIL PROTECTED] To: Half-Life dedicated Win32 server mailing list hlds@list.valvesoftware.com Sent: Tuesday, April 29, 2008 6:07 PM Subject: Re: [hlds] Team Fortress 2 Update Coming It is? My client isn't updating (restarted numerous times) On Tue, Apr 29, 2008 at 6:04 PM, 1nsane . [EMAIL PROTECTED] wrote: It's out! On Tue, Apr 29, 2008 at 8:57 PM, DontWannaName! [EMAIL PROTECTED] wrote: You scared me there haha. Thought it said it was out :P Engi achievements FTW! - Original Message From: Tom Leighton [EMAIL PROTECTED] To: Half-Life dedicated Win32 server mailing list hlds@list.valvesoftware.com Sent: Tuesday, April 29, 2008 5:52:34 PM Subject: Re: [hlds] Team Fortress 2 Update Coming I'm waiting Jason Ruymen wrote: The long-waited required Team Fortress 2 update will be arriving soon. Should be live in about an hour from now. Jason ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now. http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] Team Fortress 2 Update Coming
Ya same with me just hangs Date: Tue, 29 Apr 2008 18:07:53 -0700 From: [EMAIL PROTECTED] To: hlds@list.valvesoftware.com Subject: Re: [hlds] Team Fortress 2 Update Coming It is? My client isn't updating (restarted numerous times) ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds