Re: [hlds_linux] Public rcon_password query. Opens rcon to everyone.
So, if someone just hacking cracked servers ( and legit servers when hacker got mistake ) is everything ok? What will be next? Someone will use exploit to copy Conflicker trought all TF2 servers? Will legit game protect you? 2009/6/7 Brian Rak d...@devicenull.org: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 It's fairly obvious the servers are cracked when I connect to them and do status, and see.. Steam_ID_Cracked, STEAM_666:x:x, or an entire server full of STEAM_ID_PENDING. I'm not going to try to trick whoever is doing this into exploiting my server, since I really don't care anymore. Even if this is an exploit in legit versions of the game, it's only being used against pirated versions right now. The simple solution is to.. actually buy the game. Problem solved! I have to say, you get what you deserve if you pirate the game and get hacked - - Brian Rak -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkorzPMACgkQdYIfzEQqW+mGkwCglXCUKkRJUR6vrWJjQpmv51D7 5OsAnjEjVVVmmZDRfibf070HzXlNGUHC =6C3w -END PGP SIGNATURE- ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
Re: [hlds_linux] Public rcon_password query. Opens rcon to everyone.
Paranoia, paranoia, everybody's comin to get mee! Seriously, if you're thinking like that, just give up now. Cause even if there's no exploit in the game, chances are something is exploitable for root access on the box its running on. If not now, its just a matter of time until someone finds in. There's no use in being so paranoid about something you probably can't do anything about. Just keep an eye on your servers, and make sure you have a good backup schema. On 6/9/09, w4rezz w4r...@gmail.com wrote: So, if someone just hacking cracked servers ( and legit servers when hacker got mistake ) is everything ok? What will be next? Someone will use exploit to copy Conflicker trought all TF2 servers? Will legit game protect you? 2009/6/7 Brian Rak d...@devicenull.org: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 It's fairly obvious the servers are cracked when I connect to them and do status, and see.. Steam_ID_Cracked, STEAM_666:x:x, or an entire server full of STEAM_ID_PENDING. I'm not going to try to trick whoever is doing this into exploiting my server, since I really don't care anymore. Even if this is an exploit in legit versions of the game, it's only being used against pirated versions right now. The simple solution is to.. actually buy the game. Problem solved! I have to say, you get what you deserve if you pirate the game and get hacked - - Brian Rak -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkorzPMACgkQdYIfzEQqW+mGkwCglXCUKkRJUR6vrWJjQpmv51D7 5OsAnjEjVVVmmZDRfibf070HzXlNGUHC =6C3w -END PGP SIGNATURE- ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux -- Sent from my mobile device ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
Re: [hlds_linux] Public rcon_password query. Opens rcon to everyone.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 It's fairly obvious the servers are cracked when I connect to them and do status, and see.. Steam_ID_Cracked, STEAM_666:x:x, or an entire server full of STEAM_ID_PENDING. I'm not going to try to trick whoever is doing this into exploiting my server, since I really don't care anymore. Even if this is an exploit in legit versions of the game, it's only being used against pirated versions right now. The simple solution is to.. actually buy the game. Problem solved! I have to say, you get what you deserve if you pirate the game and get hacked - - Brian Rak -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkorzPMACgkQdYIfzEQqW+mGkwCglXCUKkRJUR6vrWJjQpmv51D7 5OsAnjEjVVVmmZDRfibf070HzXlNGUHC =6C3w -END PGP SIGNATURE- ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
Re: [hlds_linux] Public rcon_password query. Opens rcon to everyone.
As i stated in my last mail. That´s not a nonsteam only exploid. The exploid is just yet used only to take over nosteam servers, but in general it can be used too to take over legit servers in the same way. Oh, ok, you mean No Steam by NS. I thought it was Natural Selection too. So, I guess it's very nice that No Steam servers got an exploit. I hope this guy hack a lot of those and keep the exploit! People should stop pirating the game and buy it. 2009/6/5 StevoTVR stevo...@sbcglobal.net I think NS means No Steam. I was also confused about that at first. Steve Jackson wrote: What does SourceMOD (HL2) have to do with NS? (HL1) For all we know, it could be a nosteam exploit. On Fri, Jun 5, 2009 at 12:48 PM, Maximilian L. mail...@ml86.de wrote: 1st) there´s a selfish nonsteam hater who does this hack on those NS servers. http://steamcommunity.com/profiles/76561198004893338 STEAM_0:0:22313805 http://steamcommunity.com/profiles/76561198004893338%0ASTEAM_0:0:22313805 ^that dude spams,in general, on the server that NS sux, after he hacked the server. Wich is, at this point good for legit, but exploids mostly never last long private, and then hell knows what happens next... But honestly i have to say that this guy is doing his work since over a month now. So lets hope he really just hate´s NS and does not touch legits or relese the exploid in public. 2nd) it´s not bad to stay in contact with guys running nonsteam. alot stuff got covered there first before on any legit servers. like many spottet crash vars valve has fixed already. BTW: I just heard now that the SM team seems have one eye on that issue. So there will be a fix if this is a legit exploid. But that´s unconfirmed by now. Then how do you explain that most of those servers ips are on Non Steam sites? How can you be so sure that it is not the admins uploading the plugin to the server? 2009/6/5 Maximilian L. mail...@ml86.de No, they havent out this plugin there themselve! This plugin is 100% placed from outside and also NOT through FTP! It´s open if there´s a exploid wich only appears on NS server, or if there´s a valid exploid wich didn´t got used yet for hacking legit servers. Anyway, here´s a selfish nonsteam hater who does this hack on those NS servers. http://steamcommunity.com/profiles/76561198004893338 STEAM_0:0:22313805 http://steamcommunity.com/profiles/76561198004893338%0ASTEAM_0:0:22313805 Belive me or not by that. I #care since i´m not running NS anymore. But remember me on the day when somone says that this, yet unknown, exploid also exists on legit too. However, for now it would be kind enough from VALVE to fix the rcon IP banning not working issue, from wich would benefit everyone i think. Don't you think that the guys who own those servers just put those NoSteam plugins? 2009/6/4 Brian Rak d...@devicenull.org -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I spent a little while looking into this, and found a few things: 1) The servers with rcon_password=1 are fine, and don't seem to have been hacked. This is caused by the eventscripts rcon_lock plugin. Aside from showing the rcon_password as 1 it doesn't seem to have any negative effects. 2) The servers with actual rcon passwords have been hacked in some way. See http://forums.alliedmods.net/showthread.php?t=93937 for more details on this. Note that this is NOT an exploit in Sourcemod. Anyone running a server with files as described in that topic should email me the malicious plugins. - - Brian Rak -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkooNb4ACgkQdYIfzEQqW+mUAgCgyOlA+h8ur7xvMKoJTQRl/6nG xUEAoMGtzzoymi1hcpB0LAvUv8RtpFye =sACC -END PGP SIGNATURE- ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux __ Information from ESET NOD32 Antivirus, version of virus signature database 4132 (20090604) __ The message was checked by ESET NOD32 Antivirus. http://www.eset.com -- Mailing List Conversations -
Re: [hlds_linux] Public rcon_password query. Opens rcon to everyone.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Maximilian, do you actually have proof this effects normal servers? Every server I see in the server list that has it's rcon password visible is nonsteam. This appears to be a nonissue if you actually own the game. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkoqt8EACgkQdYIfzEQqW+m2rgCgp2QXkIXqmMe/tsGcE/uv/cwV apwAnRer8iocPzRrvjFy1hTf8Brr9Dz3 =rVGq -END PGP SIGNATURE- ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
Re: [hlds_linux] Public rcon_password query. Opens rcon to everyone.
How do you know that the server IS actually cracked? ;) Some servers from the *SETTi* list aren´t NoSteam and still got hacked cause they just appeared on *SETTi* NoSteam list. Why? Simple, *SETTi* queries the Steam master for reciving a full global list of all servers and then checks each one for NoSteam compatibillity, but the detection isn´t 100% failsafe, like legit servers also appear in the list if they, for example, have lost steam connection at the time *SETTi* scans the server, So the server wrongly last 12-24h in the NoSteam list, even this is a 100% legit one. You can also try to do fishing him by fireing up a TF2 server, Put NoSteam in the name and wait 24h. -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Maximilian, do you actually have proof this effects normal servers? Every server I see in the server list that has it's rcon password visible is nonsteam. This appears to be a nonissue if you actually own the game. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkoqt8EACgkQdYIfzEQqW+m2rgCgp2QXkIXqmMe/tsGcE/uv/cwV apwAnRer8iocPzRrvjFy1hTf8Brr9Dz3 =rVGq -END PGP SIGNATURE- ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux __ Information from ESET NOD32 Antivirus, version of virus signature database 4135 (20090606) __ The message was checked by ESET NOD32 Antivirus. http://www.eset.com -- Mailing List Conversations - mail...@ml86.de - Please don´t spam :) ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
Re: [hlds_linux] Public rcon_password query. Opens rcon to everyone.
You are talking of him as though he's an animal that can be lured... Hahaha. Now back to the question. Do you actually have proof that this happens on legit servers? Why aren't people complaining? It's not an actual problem so there's nothing for Valve to fix. On Sat, Jun 6, 2009 at 6:08 PM, Maximilian L. mail...@ml86.de wrote: How do you know that the server IS actually cracked? ;) Some servers from the *SETTi* list aren´t NoSteam and still got hacked cause they just appeared on *SETTi* NoSteam list. Why? Simple, *SETTi* queries the Steam master for reciving a full global list of all servers and then checks each one for NoSteam compatibillity, but the detection isn´t 100% failsafe, like legit servers also appear in the list if they, for example, have lost steam connection at the time *SETTi* scans the server, So the server wrongly last 12-24h in the NoSteam list, even this is a 100% legit one. You can also try to do fishing him by fireing up a TF2 server, Put NoSteam in the name and wait 24h. -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Maximilian, do you actually have proof this effects normal servers? Every server I see in the server list that has it's rcon password visible is nonsteam. This appears to be a nonissue if you actually own the game. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkoqt8EACgkQdYIfzEQqW+m2rgCgp2QXkIXqmMe/tsGcE/uv/cwV apwAnRer8iocPzRrvjFy1hTf8Brr9Dz3 =rVGq -END PGP SIGNATURE- ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux __ Information from ESET NOD32 Antivirus, version of virus signature database 4135 (20090606) __ The message was checked by ESET NOD32 Antivirus. http://www.eset.com -- Mailing List Conversations - mail...@ml86.de - Please don´t spam :) ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
Re: [hlds_linux] Public rcon_password query. Opens rcon to everyone.
have been hacked in some way? Don't you think that the guys who own those servers just put those NoSteam plugins? 2009/6/4 Brian Rak d...@devicenull.org -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I spent a little while looking into this, and found a few things: 1) The servers with rcon_password=1 are fine, and don't seem to have been hacked. This is caused by the eventscripts rcon_lock plugin. Aside from showing the rcon_password as 1 it doesn't seem to have any negative effects. 2) The servers with actual rcon passwords have been hacked in some way. See http://forums.alliedmods.net/showthread.php?t=93937 for more details on this. Note that this is NOT an exploit in Sourcemod. Anyone running a server with files as described in that topic should email me the malicious plugins. - - Brian Rak -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkooNb4ACgkQdYIfzEQqW+mUAgCgyOlA+h8ur7xvMKoJTQRl/6nG xUEAoMGtzzoymi1hcpB0LAvUv8RtpFye =sACC -END PGP SIGNATURE- ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
Re: [hlds_linux] Public rcon_password query. Opens rcon to everyone.
These are all nosteam servers. Interesting. On Fri, Jun 5, 2009 at 6:24 AM, AnAkIn . anakin...@gmail.com wrote: have been hacked in some way? Don't you think that the guys who own those servers just put those NoSteam plugins? 2009/6/4 Brian Rak d...@devicenull.org -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I spent a little while looking into this, and found a few things: 1) The servers with rcon_password=1 are fine, and don't seem to have been hacked. This is caused by the eventscripts rcon_lock plugin. Aside from showing the rcon_password as 1 it doesn't seem to have any negative effects. 2) The servers with actual rcon passwords have been hacked in some way. See http://forums.alliedmods.net/showthread.php?t=93937 for more details on this. Note that this is NOT an exploit in Sourcemod. Anyone running a server with files as described in that topic should email me the malicious plugins. - - Brian Rak -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkooNb4ACgkQdYIfzEQqW+mUAgCgyOlA+h8ur7xvMKoJTQRl/6nG xUEAoMGtzzoymi1hcpB0LAvUv8RtpFye =sACC -END PGP SIGNATURE- ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
Re: [hlds_linux] Public rcon_password query. Opens rcon to everyone.
No, they havent out this plugin there themselve! This plugin is 100% placed from outside and also NOT through FTP! It´s open if there´s a exploid wich only appears on NS server, or if there´s a valid exploid wich didn´t got used yet for hacking legit servers. Anyway, here´s a selfish nonsteam hater who does this hack on those NS servers. http://steamcommunity.com/profiles/76561198004893338 STEAM_0:0:22313805 Belive me or not by that. I #care since i´m not running NS anymore. But remember me on the day when somone says that this, yet unknown, exploid also exists on legit too. However, for now it would be kind enough from VALVE to fix the rcon IP banning not working issue, from wich would benefit everyone i think. Don't you think that the guys who own those servers just put those NoSteam plugins? 2009/6/4 Brian Rak d...@devicenull.org -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I spent a little while looking into this, and found a few things: 1) The servers with rcon_password=1 are fine, and don't seem to have been hacked. This is caused by the eventscripts rcon_lock plugin. Aside from showing the rcon_password as 1 it doesn't seem to have any negative effects. 2) The servers with actual rcon passwords have been hacked in some way. See http://forums.alliedmods.net/showthread.php?t=93937 for more details on this. Note that this is NOT an exploit in Sourcemod. Anyone running a server with files as described in that topic should email me the malicious plugins. - - Brian Rak -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkooNb4ACgkQdYIfzEQqW+mUAgCgyOlA+h8ur7xvMKoJTQRl/6nG xUEAoMGtzzoymi1hcpB0LAvUv8RtpFye =sACC -END PGP SIGNATURE- ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux __ Information from ESET NOD32 Antivirus, version of virus signature database 4132 (20090604) __ The message was checked by ESET NOD32 Antivirus. http://www.eset.com -- Mailing List Conversations - mail...@ml86.de - Please don´t spam :) ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
Re: [hlds_linux] Public rcon_password query. Opens rcon to everyone.
Then how do you explain that most of those servers ips are on Non Steam sites? How can you be so sure that it is not the admins uploading the plugin to the server? 2009/6/5 Maximilian L. mail...@ml86.de No, they havent out this plugin there themselve! This plugin is 100% placed from outside and also NOT through FTP! It´s open if there´s a exploid wich only appears on NS server, or if there´s a valid exploid wich didn´t got used yet for hacking legit servers. Anyway, here´s a selfish nonsteam hater who does this hack on those NS servers. http://steamcommunity.com/profiles/76561198004893338 STEAM_0:0:22313805http://steamcommunity.com/profiles/76561198004893338%0ASTEAM_0:0:22313805 Belive me or not by that. I #care since i´m not running NS anymore. But remember me on the day when somone says that this, yet unknown, exploid also exists on legit too. However, for now it would be kind enough from VALVE to fix the rcon IP banning not working issue, from wich would benefit everyone i think. Don't you think that the guys who own those servers just put those NoSteam plugins? 2009/6/4 Brian Rak d...@devicenull.org -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I spent a little while looking into this, and found a few things: 1) The servers with rcon_password=1 are fine, and don't seem to have been hacked. This is caused by the eventscripts rcon_lock plugin. Aside from showing the rcon_password as 1 it doesn't seem to have any negative effects. 2) The servers with actual rcon passwords have been hacked in some way. See http://forums.alliedmods.net/showthread.php?t=93937 for more details on this. Note that this is NOT an exploit in Sourcemod. Anyone running a server with files as described in that topic should email me the malicious plugins. - - Brian Rak -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkooNb4ACgkQdYIfzEQqW+mUAgCgyOlA+h8ur7xvMKoJTQRl/6nG xUEAoMGtzzoymi1hcpB0LAvUv8RtpFye =sACC -END PGP SIGNATURE- ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux __ Information from ESET NOD32 Antivirus, version of virus signature database 4132 (20090604) __ The message was checked by ESET NOD32 Antivirus. http://www.eset.com -- Mailing List Conversations - mail...@ml86.de - Please don´t spam :) ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
Re: [hlds_linux] Public rcon_password query. Opens rcon to everyone.
1st) there´s a selfish nonsteam hater who does this hack on those NS servers. http://steamcommunity.com/profiles/76561198004893338 STEAM_0:0:22313805 ^that dude spams,in general, on the server that NS sux, after he hacked the server. Wich is, at this point good for legit, but exploids mostly never last long private, and then hell knows what happens next... But honestly i have to say that this guy is doing his work since over a month now. So lets hope he really just hate´s NS and does not touch legits or relese the exploid in public. 2nd) it´s not bad to stay in contact with guys running nonsteam. alot stuff got covered there first before on any legit servers. like many spottet crash vars valve has fixed already. BTW: I just heard now that the SM team seems have one eye on that issue. So there will be a fix if this is a legit exploid. But that´s unconfirmed by now. Then how do you explain that most of those servers ips are on Non Steam sites? How can you be so sure that it is not the admins uploading the plugin to the server? 2009/6/5 Maximilian L. mail...@ml86.de No, they havent out this plugin there themselve! This plugin is 100% placed from outside and also NOT through FTP! It´s open if there´s a exploid wich only appears on NS server, or if there´s a valid exploid wich didn´t got used yet for hacking legit servers. Anyway, here´s a selfish nonsteam hater who does this hack on those NS servers. http://steamcommunity.com/profiles/76561198004893338 STEAM_0:0:22313805http://steamcommunity.com/profiles/76561198004893338%0ASTEAM_0:0:22313805 Belive me or not by that. I #care since i´m not running NS anymore. But remember me on the day when somone says that this, yet unknown, exploid also exists on legit too. However, for now it would be kind enough from VALVE to fix the rcon IP banning not working issue, from wich would benefit everyone i think. Don't you think that the guys who own those servers just put those NoSteam plugins? 2009/6/4 Brian Rak d...@devicenull.org -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I spent a little while looking into this, and found a few things: 1) The servers with rcon_password=1 are fine, and don't seem to have been hacked. This is caused by the eventscripts rcon_lock plugin. Aside from showing the rcon_password as 1 it doesn't seem to have any negative effects. 2) The servers with actual rcon passwords have been hacked in some way. See http://forums.alliedmods.net/showthread.php?t=93937 for more details on this. Note that this is NOT an exploit in Sourcemod. Anyone running a server with files as described in that topic should email me the malicious plugins. - - Brian Rak -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkooNb4ACgkQdYIfzEQqW+mUAgCgyOlA+h8ur7xvMKoJTQRl/6nG xUEAoMGtzzoymi1hcpB0LAvUv8RtpFye =sACC -END PGP SIGNATURE- ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux __ Information from ESET NOD32 Antivirus, version of virus signature database 4132 (20090604) __ The message was checked by ESET NOD32 Antivirus. http://www.eset.com -- Mailing List Conversations - mail...@ml86.de - Please don´t spam :) ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux __ Information from ESET NOD32 Antivirus, version of virus signature database 4132 (20090604) __ The message was checked by ESET NOD32 Antivirus. http://www.eset.com -- Mailing List Conversations - mail...@ml86.de - Please don´t spam :) ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
Re: [hlds_linux] Public rcon_password query. Opens rcon to everyone.
What does SourceMOD (HL2) have to do with NS? (HL1) For all we know, it could be a nosteam exploit. On Fri, Jun 5, 2009 at 12:48 PM, Maximilian L. mail...@ml86.de wrote: 1st) there´s a selfish nonsteam hater who does this hack on those NS servers. http://steamcommunity.com/profiles/76561198004893338 STEAM_0:0:22313805http://steamcommunity.com/profiles/76561198004893338%0ASTEAM_0:0:22313805 ^that dude spams,in general, on the server that NS sux, after he hacked the server. Wich is, at this point good for legit, but exploids mostly never last long private, and then hell knows what happens next... But honestly i have to say that this guy is doing his work since over a month now. So lets hope he really just hate´s NS and does not touch legits or relese the exploid in public. 2nd) it´s not bad to stay in contact with guys running nonsteam. alot stuff got covered there first before on any legit servers. like many spottet crash vars valve has fixed already. BTW: I just heard now that the SM team seems have one eye on that issue. So there will be a fix if this is a legit exploid. But that´s unconfirmed by now. Then how do you explain that most of those servers ips are on Non Steam sites? How can you be so sure that it is not the admins uploading the plugin to the server? 2009/6/5 Maximilian L. mail...@ml86.de No, they havent out this plugin there themselve! This plugin is 100% placed from outside and also NOT through FTP! It´s open if there´s a exploid wich only appears on NS server, or if there´s a valid exploid wich didn´t got used yet for hacking legit servers. Anyway, here´s a selfish nonsteam hater who does this hack on those NS servers. http://steamcommunity.com/profiles/76561198004893338 STEAM_0:0:22313805 http://steamcommunity.com/profiles/76561198004893338%0ASTEAM_0:0:22313805 Belive me or not by that. I #care since i´m not running NS anymore. But remember me on the day when somone says that this, yet unknown, exploid also exists on legit too. However, for now it would be kind enough from VALVE to fix the rcon IP banning not working issue, from wich would benefit everyone i think. Don't you think that the guys who own those servers just put those NoSteam plugins? 2009/6/4 Brian Rak d...@devicenull.org -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I spent a little while looking into this, and found a few things: 1) The servers with rcon_password=1 are fine, and don't seem to have been hacked. This is caused by the eventscripts rcon_lock plugin. Aside from showing the rcon_password as 1 it doesn't seem to have any negative effects. 2) The servers with actual rcon passwords have been hacked in some way. See http://forums.alliedmods.net/showthread.php?t=93937 for more details on this. Note that this is NOT an exploit in Sourcemod. Anyone running a server with files as described in that topic should email me the malicious plugins. - - Brian Rak -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkooNb4ACgkQdYIfzEQqW+mUAgCgyOlA+h8ur7xvMKoJTQRl/6nG xUEAoMGtzzoymi1hcpB0LAvUv8RtpFye =sACC -END PGP SIGNATURE- ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux __ Information from ESET NOD32 Antivirus, version of virus signature database 4132 (20090604) __ The message was checked by ESET NOD32 Antivirus. http://www.eset.com -- Mailing List Conversations - mail...@ml86.de - Please don´t spam :) ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux __ Information from ESET NOD32 Antivirus, version of virus signature database 4132 (20090604) __ The message was checked by ESET NOD32 Antivirus. http://www.eset.com -- Mailing List Conversations - mail...@ml86.de - Please don´t spam :) ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux ___ To unsubscribe, edit your list preferences, or view the list
Re: [hlds_linux] Public rcon_password query. Opens rcon to everyone.
Sorry. We are talking about SRCDS NS - NoSteam BTW: Latest test show that this exploid obviously exists on legit side too! What does SourceMOD (HL2) have to do with NS? (HL1) For all we know, it could be a nosteam exploit. On Fri, Jun 5, 2009 at 12:48 PM, Maximilian L. mail...@ml86.de wrote: 1st) there´s a selfish nonsteam hater who does this hack on those NS servers. http://steamcommunity.com/profiles/76561198004893338 STEAM_0:0:22313805http://steamcommunity.com/profiles/76561198004893338%0ASTEAM_0:0:22313805 ^that dude spams,in general, on the server that NS sux, after he hacked the server. Wich is, at this point good for legit, but exploids mostly never last long private, and then hell knows what happens next... But honestly i have to say that this guy is doing his work since over a month now. So lets hope he really just hate´s NS and does not touch legits or relese the exploid in public. 2nd) it´s not bad to stay in contact with guys running nonsteam. alot stuff got covered there first before on any legit servers. like many spottet crash vars valve has fixed already. BTW: I just heard now that the SM team seems have one eye on that issue. So there will be a fix if this is a legit exploid. But that´s unconfirmed by now. Then how do you explain that most of those servers ips are on Non Steam sites? How can you be so sure that it is not the admins uploading the plugin to the server? 2009/6/5 Maximilian L. mail...@ml86.de No, they havent out this plugin there themselve! This plugin is 100% placed from outside and also NOT through FTP! It´s open if there´s a exploid wich only appears on NS server, or if there´s a valid exploid wich didn´t got used yet for hacking legit servers. Anyway, here´s a selfish nonsteam hater who does this hack on those NS servers. http://steamcommunity.com/profiles/76561198004893338 STEAM_0:0:22313805 http://steamcommunity.com/profiles/76561198004893338%0ASTEAM_0:0:22313805 Belive me or not by that. I #care since i´m not running NS anymore. But remember me on the day when somone says that this, yet unknown, exploid also exists on legit too. However, for now it would be kind enough from VALVE to fix the rcon IP banning not working issue, from wich would benefit everyone i think. Don't you think that the guys who own those servers just put those NoSteam plugins? 2009/6/4 Brian Rak d...@devicenull.org -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I spent a little while looking into this, and found a few things: 1) The servers with rcon_password=1 are fine, and don't seem to have been hacked. This is caused by the eventscripts rcon_lock plugin. Aside from showing the rcon_password as 1 it doesn't seem to have any negative effects. 2) The servers with actual rcon passwords have been hacked in some way. See http://forums.alliedmods.net/showthread.php?t=93937 for more details on this. Note that this is NOT an exploit in Sourcemod. Anyone running a server with files as described in that topic should email me the malicious plugins. - - Brian Rak -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkooNb4ACgkQdYIfzEQqW+mUAgCgyOlA+h8ur7xvMKoJTQRl/6nG xUEAoMGtzzoymi1hcpB0LAvUv8RtpFye =sACC -END PGP SIGNATURE- ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux __ Information from ESET NOD32 Antivirus, version of virus signature database 4132 (20090604) __ The message was checked by ESET NOD32 Antivirus. http://www.eset.com -- Mailing List Conversations - mail...@ml86.de - Please don´t spam :) ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux __ Information from ESET NOD32 Antivirus, version of virus signature database 4132 (20090604) __ The message was checked by ESET NOD32 Antivirus. http://www.eset.com -- Mailing List Conversations - mail...@ml86.de - Please don´t spam :) ___ To unsubscribe, edit
Re: [hlds_linux] Public rcon_password query. Opens rcon to everyone.
What does sourcemod, ns1 or nosteam have to do with a mailing list for the Linux srcds application? ___ Shane Arnold- clontar...@iinet.net.au For want of a nail, the horseshoe was lost. For want of a horseshoe, the horse was lost. For want of a horse, the messenger was lost. For want of a messenger, the message was not delivered. For want of an undelivered message the war was lost. Steve Jackson wrote: What does SourceMOD (HL2) have to do with NS? (HL1) For all we know, it could be a nosteam exploit. On Fri, Jun 5, 2009 at 12:48 PM, Maximilian L. mail...@ml86.de wrote: 1st) there´s a selfish nonsteam hater who does this hack on those NS servers. http://steamcommunity.com/profiles/76561198004893338 STEAM_0:0:22313805http://steamcommunity.com/profiles/76561198004893338%0ASTEAM_0:0:22313805 ^that dude spams,in general, on the server that NS sux, after he hacked the server. Wich is, at this point good for legit, but exploids mostly never last long private, and then hell knows what happens next... But honestly i have to say that this guy is doing his work since over a month now. So lets hope he really just hate´s NS and does not touch legits or relese the exploid in public. 2nd) it´s not bad to stay in contact with guys running nonsteam. alot stuff got covered there first before on any legit servers. like many spottet crash vars valve has fixed already. BTW: I just heard now that the SM team seems have one eye on that issue. So there will be a fix if this is a legit exploid. But that´s unconfirmed by now. Then how do you explain that most of those servers ips are on Non Steam sites? How can you be so sure that it is not the admins uploading the plugin to the server? 2009/6/5 Maximilian L. mail...@ml86.de No, they havent out this plugin there themselve! This plugin is 100% placed from outside and also NOT through FTP! It´s open if there´s a exploid wich only appears on NS server, or if there´s a valid exploid wich didn´t got used yet for hacking legit servers. Anyway, here´s a selfish nonsteam hater who does this hack on those NS servers. http://steamcommunity.com/profiles/76561198004893338 STEAM_0:0:22313805 http://steamcommunity.com/profiles/76561198004893338%0ASTEAM_0:0:22313805 Belive me or not by that. I #care since i´m not running NS anymore. But remember me on the day when somone says that this, yet unknown, exploid also exists on legit too. However, for now it would be kind enough from VALVE to fix the rcon IP banning not working issue, from wich would benefit everyone i think. Don't you think that the guys who own those servers just put those NoSteam plugins? 2009/6/4 Brian Rak d...@devicenull.org -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I spent a little while looking into this, and found a few things: 1) The servers with rcon_password=1 are fine, and don't seem to have been hacked. This is caused by the eventscripts rcon_lock plugin. Aside from showing the rcon_password as 1 it doesn't seem to have any negative effects. 2) The servers with actual rcon passwords have been hacked in some way. See http://forums.alliedmods.net/showthread.php?t=93937 for more details on this. Note that this is NOT an exploit in Sourcemod. Anyone running a server with files as described in that topic should email me the malicious plugins. - - Brian Rak -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkooNb4ACgkQdYIfzEQqW+mUAgCgyOlA+h8ur7xvMKoJTQRl/6nG xUEAoMGtzzoymi1hcpB0LAvUv8RtpFye =sACC -END PGP SIGNATURE- ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux __ Information from ESET NOD32 Antivirus, version of virus signature database 4132 (20090604) __ The message was checked by ESET NOD32 Antivirus. http://www.eset.com -- Mailing List Conversations - mail...@ml86.de - Please don´t spam :) ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
Re: [hlds_linux] Public rcon_password query. Opens rcon to everyone.
I think NS means No Steam. I was also confused about that at first. Steve Jackson wrote: What does SourceMOD (HL2) have to do with NS? (HL1) For all we know, it could be a nosteam exploit. On Fri, Jun 5, 2009 at 12:48 PM, Maximilian L. mail...@ml86.de wrote: 1st) there´s a selfish nonsteam hater who does this hack on those NS servers. http://steamcommunity.com/profiles/76561198004893338 STEAM_0:0:22313805http://steamcommunity.com/profiles/76561198004893338%0ASTEAM_0:0:22313805 ^that dude spams,in general, on the server that NS sux, after he hacked the server. Wich is, at this point good for legit, but exploids mostly never last long private, and then hell knows what happens next... But honestly i have to say that this guy is doing his work since over a month now. So lets hope he really just hate´s NS and does not touch legits or relese the exploid in public. 2nd) it´s not bad to stay in contact with guys running nonsteam. alot stuff got covered there first before on any legit servers. like many spottet crash vars valve has fixed already. BTW: I just heard now that the SM team seems have one eye on that issue. So there will be a fix if this is a legit exploid. But that´s unconfirmed by now. Then how do you explain that most of those servers ips are on Non Steam sites? How can you be so sure that it is not the admins uploading the plugin to the server? 2009/6/5 Maximilian L. mail...@ml86.de No, they havent out this plugin there themselve! This plugin is 100% placed from outside and also NOT through FTP! It´s open if there´s a exploid wich only appears on NS server, or if there´s a valid exploid wich didn´t got used yet for hacking legit servers. Anyway, here´s a selfish nonsteam hater who does this hack on those NS servers. http://steamcommunity.com/profiles/76561198004893338 STEAM_0:0:22313805 http://steamcommunity.com/profiles/76561198004893338%0ASTEAM_0:0:22313805 Belive me or not by that. I #care since i´m not running NS anymore. But remember me on the day when somone says that this, yet unknown, exploid also exists on legit too. However, for now it would be kind enough from VALVE to fix the rcon IP banning not working issue, from wich would benefit everyone i think. Don't you think that the guys who own those servers just put those NoSteam plugins? 2009/6/4 Brian Rak d...@devicenull.org -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I spent a little while looking into this, and found a few things: 1) The servers with rcon_password=1 are fine, and don't seem to have been hacked. This is caused by the eventscripts rcon_lock plugin. Aside from showing the rcon_password as 1 it doesn't seem to have any negative effects. 2) The servers with actual rcon passwords have been hacked in some way. See http://forums.alliedmods.net/showthread.php?t=93937 for more details on this. Note that this is NOT an exploit in Sourcemod. Anyone running a server with files as described in that topic should email me the malicious plugins. - - Brian Rak -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkooNb4ACgkQdYIfzEQqW+mUAgCgyOlA+h8ur7xvMKoJTQRl/6nG xUEAoMGtzzoymi1hcpB0LAvUv8RtpFye =sACC -END PGP SIGNATURE- ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux __ Information from ESET NOD32 Antivirus, version of virus signature database 4132 (20090604) __ The message was checked by ESET NOD32 Antivirus. http://www.eset.com -- Mailing List Conversations - mail...@ml86.de - Please don´t spam :) ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux __ Information from ESET NOD32 Antivirus, version of virus signature database 4132 (20090604) __ The message was checked by ESET NOD32 Antivirus. http://www.eset.com -- Mailing List Conversations - mail...@ml86.de - Please don´t spam :) ___ To unsubscribe, edit your list preferences, or view the
Re: [hlds_linux] Public rcon_password query. Opens rcon to everyone.
No, it's clearly Natural Selection. It's also clear that legit servers don't have this issue. Who knows what code is in those crackers. Also just because you removed the cracked doesn't mean you're safe from it's side effects and or backdoors. Try removing the OS as well. On Fri, Jun 5, 2009 at 1:45 PM, StevoTVR stevo...@sbcglobal.net wrote: I think NS means No Steam. I was also confused about that at first. Steve Jackson wrote: What does SourceMOD (HL2) have to do with NS? (HL1) For all we know, it could be a nosteam exploit. On Fri, Jun 5, 2009 at 12:48 PM, Maximilian L. mail...@ml86.de wrote: 1st) there´s a selfish nonsteam hater who does this hack on those NS servers. http://steamcommunity.com/profiles/76561198004893338 STEAM_0:0:22313805 http://steamcommunity.com/profiles/76561198004893338%0ASTEAM_0:0:22313805 ^that dude spams,in general, on the server that NS sux, after he hacked the server. Wich is, at this point good for legit, but exploids mostly never last long private, and then hell knows what happens next... But honestly i have to say that this guy is doing his work since over a month now. So lets hope he really just hate´s NS and does not touch legits or relese the exploid in public. 2nd) it´s not bad to stay in contact with guys running nonsteam. alot stuff got covered there first before on any legit servers. like many spottet crash vars valve has fixed already. BTW: I just heard now that the SM team seems have one eye on that issue. So there will be a fix if this is a legit exploid. But that´s unconfirmed by now. Then how do you explain that most of those servers ips are on Non Steam sites? How can you be so sure that it is not the admins uploading the plugin to the server? 2009/6/5 Maximilian L. mail...@ml86.de No, they havent out this plugin there themselve! This plugin is 100% placed from outside and also NOT through FTP! It´s open if there´s a exploid wich only appears on NS server, or if there´s a valid exploid wich didn´t got used yet for hacking legit servers. Anyway, here´s a selfish nonsteam hater who does this hack on those NS servers. http://steamcommunity.com/profiles/76561198004893338 STEAM_0:0:22313805 http://steamcommunity.com/profiles/76561198004893338%0ASTEAM_0:0:22313805 Belive me or not by that. I #care since i´m not running NS anymore. But remember me on the day when somone says that this, yet unknown, exploid also exists on legit too. However, for now it would be kind enough from VALVE to fix the rcon IP banning not working issue, from wich would benefit everyone i think. Don't you think that the guys who own those servers just put those NoSteam plugins? 2009/6/4 Brian Rak d...@devicenull.org -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I spent a little while looking into this, and found a few things: 1) The servers with rcon_password=1 are fine, and don't seem to have been hacked. This is caused by the eventscripts rcon_lock plugin. Aside from showing the rcon_password as 1 it doesn't seem to have any negative effects. 2) The servers with actual rcon passwords have been hacked in some way. See http://forums.alliedmods.net/showthread.php?t=93937 for more details on this. Note that this is NOT an exploit in Sourcemod. Anyone running a server with files as described in that topic should email me the malicious plugins. - - Brian Rak -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkooNb4ACgkQdYIfzEQqW+mUAgCgyOlA+h8ur7xvMKoJTQRl/6nG xUEAoMGtzzoymi1hcpB0LAvUv8RtpFye =sACC -END PGP SIGNATURE- ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux __ Information from ESET NOD32 Antivirus, version of virus signature database 4132 (20090604) __ The message was checked by ESET NOD32 Antivirus. http://www.eset.com -- Mailing List Conversations - mail...@ml86.de - Please don´t spam :) ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux __ Information from ESET NOD32 Antivirus,
Re: [hlds_linux] Public rcon_password query. Opens rcon to everyone.
I don't think so, if this kind of thing was possible on legit servers there would be an avalanche of complaints.Not just from nosteam users. The only people complaining are nosteam users. If you run nosteam servers, quite frankly you're not entitled to any support cause you're supporting thieves. Reinstall a clean install of srcds, don't apply the nosteam crack, then let us know if it happens again. Until then, it's a non-issue. - Steve On Fri, Jun 5, 2009 at 1:40 PM, Maximilian L. mail...@ml86.de wrote: Sorry. We are talking about SRCDS NS - NoSteam BTW: Latest test show that this exploid obviously exists on legit side too! What does SourceMOD (HL2) have to do with NS? (HL1) For all we know, it could be a nosteam exploit. On Fri, Jun 5, 2009 at 12:48 PM, Maximilian L. mail...@ml86.de wrote: 1st) there´s a selfish nonsteam hater who does this hack on those NS servers. http://steamcommunity.com/profiles/76561198004893338 STEAM_0:0:22313805 http://steamcommunity.com/profiles/76561198004893338%0ASTEAM_0:0:22313805 ^that dude spams,in general, on the server that NS sux, after he hacked the server. Wich is, at this point good for legit, but exploids mostly never last long private, and then hell knows what happens next... But honestly i have to say that this guy is doing his work since over a month now. So lets hope he really just hate´s NS and does not touch legits or relese the exploid in public. 2nd) it´s not bad to stay in contact with guys running nonsteam. alot stuff got covered there first before on any legit servers. like many spottet crash vars valve has fixed already. BTW: I just heard now that the SM team seems have one eye on that issue. So there will be a fix if this is a legit exploid. But that´s unconfirmed by now. Then how do you explain that most of those servers ips are on Non Steam sites? How can you be so sure that it is not the admins uploading the plugin to the server? 2009/6/5 Maximilian L. mail...@ml86.de No, they havent out this plugin there themselve! This plugin is 100% placed from outside and also NOT through FTP! It´s open if there´s a exploid wich only appears on NS server, or if there´s a valid exploid wich didn´t got used yet for hacking legit servers. Anyway, here´s a selfish nonsteam hater who does this hack on those NS servers. http://steamcommunity.com/profiles/76561198004893338 STEAM_0:0:22313805 http://steamcommunity.com/profiles/76561198004893338%0ASTEAM_0:0:22313805 Belive me or not by that. I #care since i´m not running NS anymore. But remember me on the day when somone says that this, yet unknown, exploid also exists on legit too. However, for now it would be kind enough from VALVE to fix the rcon IP banning not working issue, from wich would benefit everyone i think. Don't you think that the guys who own those servers just put those NoSteam plugins? 2009/6/4 Brian Rak d...@devicenull.org -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I spent a little while looking into this, and found a few things: 1) The servers with rcon_password=1 are fine, and don't seem to have been hacked. This is caused by the eventscripts rcon_lock plugin. Aside from showing the rcon_password as 1 it doesn't seem to have any negative effects. 2) The servers with actual rcon passwords have been hacked in some way. See http://forums.alliedmods.net/showthread.php?t=93937 for more details on this. Note that this is NOT an exploit in Sourcemod. Anyone running a server with files as described in that topic should email me the malicious plugins. - - Brian Rak -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkooNb4ACgkQdYIfzEQqW+mUAgCgyOlA+h8ur7xvMKoJTQRl/6nG xUEAoMGtzzoymi1hcpB0LAvUv8RtpFye =sACC -END PGP SIGNATURE- ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux __ Information from ESET NOD32 Antivirus, version of virus signature database 4132 (20090604) __ The message was checked by ESET NOD32 Antivirus. http://www.eset.com -- Mailing List Conversations - mail...@ml86.de - Please don´t spam :) ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux ___ To
Re: [hlds_linux] Public rcon_password query. Opens rcon to everyone.
Oh, ok, you mean No Steam by NS. I thought it was Natural Selection too. So, I guess it's very nice that No Steam servers got an exploit. I hope this guy hack a lot of those and keep the exploit! People should stop pirating the game and buy it. 2009/6/5 StevoTVR stevo...@sbcglobal.net I think NS means No Steam. I was also confused about that at first. Steve Jackson wrote: What does SourceMOD (HL2) have to do with NS? (HL1) For all we know, it could be a nosteam exploit. On Fri, Jun 5, 2009 at 12:48 PM, Maximilian L. mail...@ml86.de wrote: 1st) there´s a selfish nonsteam hater who does this hack on those NS servers. http://steamcommunity.com/profiles/76561198004893338 STEAM_0:0:22313805 http://steamcommunity.com/profiles/76561198004893338%0ASTEAM_0:0:22313805 ^that dude spams,in general, on the server that NS sux, after he hacked the server. Wich is, at this point good for legit, but exploids mostly never last long private, and then hell knows what happens next... But honestly i have to say that this guy is doing his work since over a month now. So lets hope he really just hate´s NS and does not touch legits or relese the exploid in public. 2nd) it´s not bad to stay in contact with guys running nonsteam. alot stuff got covered there first before on any legit servers. like many spottet crash vars valve has fixed already. BTW: I just heard now that the SM team seems have one eye on that issue. So there will be a fix if this is a legit exploid. But that´s unconfirmed by now. Then how do you explain that most of those servers ips are on Non Steam sites? How can you be so sure that it is not the admins uploading the plugin to the server? 2009/6/5 Maximilian L. mail...@ml86.de No, they havent out this plugin there themselve! This plugin is 100% placed from outside and also NOT through FTP! It´s open if there´s a exploid wich only appears on NS server, or if there´s a valid exploid wich didn´t got used yet for hacking legit servers. Anyway, here´s a selfish nonsteam hater who does this hack on those NS servers. http://steamcommunity.com/profiles/76561198004893338 STEAM_0:0:22313805 http://steamcommunity.com/profiles/76561198004893338%0ASTEAM_0:0:22313805 Belive me or not by that. I #care since i´m not running NS anymore. But remember me on the day when somone says that this, yet unknown, exploid also exists on legit too. However, for now it would be kind enough from VALVE to fix the rcon IP banning not working issue, from wich would benefit everyone i think. Don't you think that the guys who own those servers just put those NoSteam plugins? 2009/6/4 Brian Rak d...@devicenull.org -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I spent a little while looking into this, and found a few things: 1) The servers with rcon_password=1 are fine, and don't seem to have been hacked. This is caused by the eventscripts rcon_lock plugin. Aside from showing the rcon_password as 1 it doesn't seem to have any negative effects. 2) The servers with actual rcon passwords have been hacked in some way. See http://forums.alliedmods.net/showthread.php?t=93937 for more details on this. Note that this is NOT an exploit in Sourcemod. Anyone running a server with files as described in that topic should email me the malicious plugins. - - Brian Rak -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkooNb4ACgkQdYIfzEQqW+mUAgCgyOlA+h8ur7xvMKoJTQRl/6nG xUEAoMGtzzoymi1hcpB0LAvUv8RtpFye =sACC -END PGP SIGNATURE- ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux __ Information from ESET NOD32 Antivirus, version of virus signature database 4132 (20090604) __ The message was checked by ESET NOD32 Antivirus. http://www.eset.com -- Mailing List Conversations - mail...@ml86.de - Please don´t spam :) ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux __ Information from ESET NOD32 Antivirus, version of virus signature database 4132 (20090604)
[hlds_linux] Public rcon_password query. Opens rcon to everyone.
I just had some fun on game-monitor.com and i fellt over this http://www.game-monitor.com/search.php?search=rcon_passwordtype=variablegame=tf2 All seem to run with sourcemod... is there an exploid? - Mailing List Conversations - mail...@ml86.de - Please don´t spam :) ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
Re: [hlds_linux] Public rcon_password query. Opens rcon to everyone.
That's scary. And if you take the game=tf2 off the end of that URL, you get the rcon passwords for a ton of servers running a variety of games (TF2, CS:S, etc.) - Dave Maximilian L. wrote: I just had some fun on game-monitor.com and i fellt over this http://www.game-monitor.com/search.php?search=rcon_passwordtype=variablegame=tf2 All seem to run with sourcemod... is there an exploid? - Mailing List Conversations - mail...@ml86.de - Please don´t spam :) ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux -- Dave Parker Utica College Integrated Information Technology Services (315) 792-3229 Registered Linux User #408177 ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
Re: [hlds_linux] Public rcon_password query. Opens rcon to everyone.
Jesus Christ... that needs to be fixed ASAP On Thu, Jun 4, 2009 at 6:55 AM, David A. Parker dpar...@utica.edu wrote: That's scary. And if you take the game=tf2 off the end of that URL, you get the rcon passwords for a ton of servers running a variety of games (TF2, CS:S, etc.) - Dave Maximilian L. wrote: I just had some fun on game-monitor.com and i fellt over this http://www.game-monitor.com/search.php?search=rcon_passwordtype=variablegame=tf2 All seem to run with sourcemod... is there an exploid? - Mailing List Conversations - mail...@ml86.de - Please don´t spam :) ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux -- Dave Parker Utica College Integrated Information Technology Services (315) 792-3229 Registered Linux User #408177 ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
Re: [hlds_linux] Public rcon_password query. Opens rcon to everyone.
Nice one. They probably have some buggy plugins on their servers. 2009/6/4 David A. Parker dpar...@utica.edu That's scary. And if you take the game=tf2 off the end of that URL, you get the rcon passwords for a ton of servers running a variety of games (TF2, CS:S, etc.) - Dave Maximilian L. wrote: I just had some fun on game-monitor.com and i fellt over this http://www.game-monitor.com/search.php?search=rcon_passwordtype=variablegame=tf2 All seem to run with sourcemod... is there an exploid? - Mailing List Conversations - mail...@ml86.de - Please don´t spam :) ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux -- Dave Parker Utica College Integrated Information Technology Services (315) 792-3229 Registered Linux User #408177 ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
Re: [hlds_linux] Public rcon_password query. Opens rcon to everyone.
Lol. That No Steam servers. I just connected to one through HLSW, did a status and they almost have all STEAM_0:0:0 SteamIDs Also, sm plugins list: NOSTEAM (1.2.0) by Rin Good for them I guess, they shouldn't be using nosteam :p 2009/6/4 Craig H robolea...@gmail.com Jesus Christ... that needs to be fixed ASAP On Thu, Jun 4, 2009 at 6:55 AM, David A. Parker dpar...@utica.edu wrote: That's scary. And if you take the game=tf2 off the end of that URL, you get the rcon passwords for a ton of servers running a variety of games (TF2, CS:S, etc.) - Dave Maximilian L. wrote: I just had some fun on game-monitor.com and i fellt over this http://www.game-monitor.com/search.php?search=rcon_passwordtype=variablegame=tf2 All seem to run with sourcemod... is there an exploid? - Mailing List Conversations - mail...@ml86.de - Please don´t spam :) ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux -- Dave Parker Utica College Integrated Information Technology Services (315) 792-3229 Registered Linux User #408177 ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
Re: [hlds_linux] Public rcon_password query. Opens rcon to everyone.
Fixed by who? Obviously caused by some plugin or script running on some plugin and not Valve. -ics Craig H kirjoitti: Jesus Christ... that needs to be fixed ASAP On Thu, Jun 4, 2009 at 6:55 AM, David A. Parker dpar...@utica.edu wrote: That's scary. And if you take the game=tf2 off the end of that URL, you get the rcon passwords for a ton of servers running a variety of games (TF2, CS:S, etc.) - Dave Maximilian L. wrote: I just had some fun on game-monitor.com and i fellt over this http://www.game-monitor.com/search.php?search=rcon_passwordtype=variablegame=tf2 All seem to run with sourcemod... is there an exploid? - Mailing List Conversations - mail...@ml86.de - Please don´t spam :) ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux -- Dave Parker Utica College Integrated Information Technology Services (315) 792-3229 Registered Linux User #408177 ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
Re: [hlds_linux] Public rcon_password query. Opens rcon to everyone.
Wow, this is a reply to a thread with a new topic which already was a reply to a thread with a new topic. A few more and I have to get Guiness on the phone. Maximilian L. wrote: I just had some fun on game-monitor.com and i fellt over this http://www.game-monitor.com/search.php?search=rcon_passwordtype=variablegame=tf2 All seem to run with sourcemod... is there an exploid? - Mailing List Conversations - mail...@ml86.de - Please don´t spam :) ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
Re: [hlds_linux] Public rcon_password query. Opens rcon to everyone.
Seem like the TF2.LT guy running cracked servers is on this list, he just removed the rcon passwords :) 2009/6/4 ics i...@ics-base.net Fixed by who? Obviously caused by some plugin or script running on some plugin and not Valve. -ics Craig H kirjoitti: Jesus Christ... that needs to be fixed ASAP On Thu, Jun 4, 2009 at 6:55 AM, David A. Parker dpar...@utica.edu wrote: That's scary. And if you take the game=tf2 off the end of that URL, you get the rcon passwords for a ton of servers running a variety of games (TF2, CS:S, etc.) - Dave Maximilian L. wrote: I just had some fun on game-monitor.com and i fellt over this http://www.game-monitor.com/search.php?search=rcon_passwordtype=variablegame=tf2 All seem to run with sourcemod... is there an exploid? - Mailing List Conversations - mail...@ml86.de - Please don´t spam :) ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux -- Dave Parker Utica College Integrated Information Technology Services (315) 792-3229 Registered Linux User #408177 ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
Re: [hlds_linux] Public rcon_password query. Opens rcon to everyone.
Doesnt matter if it admin running cracked server, also legit servers are hacked. Who the hell is doing it?? ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
Re: [hlds_linux] Public rcon_password query. Opens rcon to everyone.
No, it's only on servers using a plugin to make them cracked servers. Please, don't defend them, even if you are from cs.rin.ru. 2009/6/4 w4rezz w4r...@gmail.com Doesnt matter if it admin running cracked server, also legit servers are hacked. Who the hell is doing it?? ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
Re: [hlds_linux] Public rcon_password query. Opens rcon to everyone.
moldvaian server :D 2009/6/4 AnAkIn . anakin...@gmail.com No, it's only on servers using a plugin to make them cracked servers. Please, don't defend them, even if you are from cs.rin.ru. 2009/6/4 w4rezz w4r...@gmail.com Doesnt matter if it admin running cracked server, also legit servers are hacked. Who the hell is doing it?? ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
Re: [hlds_linux] Public rcon_password query. Opens rcon to everyone.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I spent a little while looking into this, and found a few things: 1) The servers with rcon_password=1 are fine, and don't seem to have been hacked. This is caused by the eventscripts rcon_lock plugin. Aside from showing the rcon_password as 1 it doesn't seem to have any negative effects. 2) The servers with actual rcon passwords have been hacked in some way. See http://forums.alliedmods.net/showthread.php?t=93937 for more details on this. Note that this is NOT an exploit in Sourcemod. Anyone running a server with files as described in that topic should email me the malicious plugins. - - Brian Rak -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkooNb4ACgkQdYIfzEQqW+mUAgCgyOlA+h8ur7xvMKoJTQRl/6nG xUEAoMGtzzoymi1hcpB0LAvUv8RtpFye =sACC -END PGP SIGNATURE- ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
