Re: [hlds] console: server is damaged (update)
Maybe you should chat with one of your admins... if indeed he added himself. What length are your rcon / ftp passwords, TC ADmin passwords, etc. Maybe he guessed one, or the host box has been compromised by another server. Dabosman wrote: > Finding more info about what happened - someone hacked our server last > night. > > Here is what I found in Mani admin log file console.log: > > M 04/21/2008 - 21:39:06: [MANI_ADMIN_PLUGIN] Admin [4th.redskull] > [STEAM_0:1:15945575] Executed : ma_rcon alias kill "SAY SERVER IS DAMAGED" > M 04/21/2008 - 21:39:06: [MANI_ADMIN_PLUGIN] Admin [4th.redskull] > [STEAM_0:1:15945575] Executed : ma_rcon alias quit "SAY SERVER IS DAMAGED" > M 04/21/2008 - 21:39:38: [MANI_ADMIN_PLUGIN] Admin [4th.redskull] > [STEAM_0:1:15945575] Executed : (ALL) o rly o rly > M 04/21/2008 - 21:40:55: [MANI_ADMIN_PLUGIN] Admin [4th.redskull] > [STEAM_0:1:15945575] Executed : @rr => mp_restartgame 2 > M 04/21/2008 - 21:41:28: [MANI_ADMIN_PLUGIN] Admin [4th.redskull] > [STEAM_0:1:15945575] Executed : Banned (By Admin) [SourceTV -=$$=- Rockzor > me] [STEAM_0:1:17600890] banid 0 654 kick > M 04/21/2008 - 21:42:03: [MANI_ADMIN_PLUGIN] Admin [4th.redskull] > [STEAM_0:1:15945575] Executed : rcon command [exec server.cfg] > M 04/21/2008 - 21:43:04: [MANI_ADMIN_PLUGIN] Admin [4th.redskull] > [STEAM_0:1:15945575] Executed : ma_rcon sv_cheats 1 > > > Looks like an exploit to gain either rcon or admin. Anyone seen or know > about this yet? > > Kevin > > > ___ > To unsubscribe, edit your list preferences, or view the list archives, please > visit: > http://list.valvesoftware.com/mailman/listinfo/hlds > > ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] console: server is damaged (update)
Sounds more like a misconfiguration of Mani, either giving blanket IP-admins or having an easy password. It's possible there's an exploit in Mani, though it seems like it would get out quicker. - Neph On Tue, Apr 22, 2008 at 12:46 PM, Dabosman <[EMAIL PROTECTED]> wrote: > Finding more info about what happened - someone hacked our server last > night. > > Here is what I found in Mani admin log file console.log: > > M 04/21/2008 - 21:39:06: [MANI_ADMIN_PLUGIN] Admin [4th.redskull] > [STEAM_0:1:15945575] Executed : ma_rcon alias kill "SAY SERVER IS DAMAGED" > M 04/21/2008 - 21:39:06: [MANI_ADMIN_PLUGIN] Admin [4th.redskull] > [STEAM_0:1:15945575] Executed : ma_rcon alias quit "SAY SERVER IS DAMAGED" > M 04/21/2008 - 21:39:38: [MANI_ADMIN_PLUGIN] Admin [4th.redskull] > [STEAM_0:1:15945575] Executed : (ALL) o rly o rly > M 04/21/2008 - 21:40:55: [MANI_ADMIN_PLUGIN] Admin [4th.redskull] > [STEAM_0:1:15945575] Executed : @rr => mp_restartgame 2 > M 04/21/2008 - 21:41:28: [MANI_ADMIN_PLUGIN] Admin [4th.redskull] > [STEAM_0:1:15945575] Executed : Banned (By Admin) [SourceTV -=$$=- Rockzor > me] [STEAM_0:1:17600890] banid 0 654 kick > M 04/21/2008 - 21:42:03: [MANI_ADMIN_PLUGIN] Admin [4th.redskull] > [STEAM_0:1:15945575] Executed : rcon command [exec server.cfg] > M 04/21/2008 - 21:43:04: [MANI_ADMIN_PLUGIN] Admin [4th.redskull] > [STEAM_0:1:15945575] Executed : ma_rcon sv_cheats 1 > > > Looks like an exploit to gain either rcon or admin. Anyone seen or know > about this yet? > > Kevin > > > ___ > To unsubscribe, edit your list preferences, or view the list archives, > please visit: > http://list.valvesoftware.com/mailman/listinfo/hlds > ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
[hlds] console: server is damaged (update)
Finding more info about what happened - someone hacked our server last night. Here is what I found in Mani admin log file console.log: M 04/21/2008 - 21:39:06: [MANI_ADMIN_PLUGIN] Admin [4th.redskull] [STEAM_0:1:15945575] Executed : ma_rcon alias kill "SAY SERVER IS DAMAGED" M 04/21/2008 - 21:39:06: [MANI_ADMIN_PLUGIN] Admin [4th.redskull] [STEAM_0:1:15945575] Executed : ma_rcon alias quit "SAY SERVER IS DAMAGED" M 04/21/2008 - 21:39:38: [MANI_ADMIN_PLUGIN] Admin [4th.redskull] [STEAM_0:1:15945575] Executed : (ALL) o rly o rly M 04/21/2008 - 21:40:55: [MANI_ADMIN_PLUGIN] Admin [4th.redskull] [STEAM_0:1:15945575] Executed : @rr => mp_restartgame 2 M 04/21/2008 - 21:41:28: [MANI_ADMIN_PLUGIN] Admin [4th.redskull] [STEAM_0:1:15945575] Executed : Banned (By Admin) [SourceTV -=$$=- Rockzor me] [STEAM_0:1:17600890] banid 0 654 kick M 04/21/2008 - 21:42:03: [MANI_ADMIN_PLUGIN] Admin [4th.redskull] [STEAM_0:1:15945575] Executed : rcon command [exec server.cfg] M 04/21/2008 - 21:43:04: [MANI_ADMIN_PLUGIN] Admin [4th.redskull] [STEAM_0:1:15945575] Executed : ma_rcon sv_cheats 1 Looks like an exploit to gain either rcon or admin. Anyone seen or know about this yet? Kevin ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
