hi ! is there a way to see if the server got hacked ??
:) -----Ursprüngliche Nachricht----- Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Auftrag von Sven Gesendet: Saturday, December 13, 2003 12:06 An: [EMAIL PROTECTED] Betreff: Re: Re[2]: [hlds_linux] root-exploit through hlds? Be careful... I've seen bindings from passwd to the ip and port of hlds... Better set up your box again and change every password. Regards, Sven ----- Original Message ----- From: "HalfLife" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Saturday, December 13, 2003 2:58 AM Subject: Re: Re[2]: [hlds_linux] root-exploit through hlds? > Hi all. > > I've been hacked too, since my HLDM server frozee or crashed after 3-16 > hours run time. I even had found some of those mentioned hack files and > deleted em. > > Im running RH8.0 and upgraded the kernel from > https://rhn.redhat.com/errata/RHSA-2003-392.html which is 2.4.20-24.8 > > My HLDM versions is: > > Protocol version 46 > Exe version 3.1.1.0 > Exe build: 14:46:34 Jun 11 2002 (2056) > > If I set the allowdownload = 0 are my server "secure" now, untill the patch > file from valve are released (If they will make it) ????? > > Regards > > Tuffy > > > > > > ----- Original Message ----- > From: "Josephus" <[EMAIL PROTECTED]> > To: "Sven" <[EMAIL PROTECTED]> > Sent: Wednesday, December 10, 2003 1:45 PM > Subject: Re[2]: [hlds_linux] root-exploit through hlds? > > > > > > > > > > I'm using 2.4.23-grsec and 3110c-boffix > > everything is just fine :) > > > > S> Could be a mistake from our side... the kernel wasn't the newest, but > we are > > S> building a new kernel at the moment... the only question is: what was > the > > S> way the exploid uses to come on the system ? > > > > > > S> ----- Original Message ----- > > S> From: "jwm" <[EMAIL PROTECTED]> > > S> To: <[EMAIL PROTECTED]> > > S> Sent: Wednesday, December 10, 2003 12:14 PM > > S> Subject: RE: [hlds_linux] root-exploit through hlds? > > > > > > >> Sven <mailto:[EMAIL PROTECTED]> wrote: > > >> > The password for the console is definetly NOT in any log file > > >> > or something and totally different. > > >> > The rcon also was changed days before. I don't have any ideas... > > >> > > > >> > In fact that km3 (http://august.v-lo.krakow.pl/~anszom/km3.c) > > >> > was placed in the gameserver-directory and the user was the > > >> > local customer, finally the passwd was binded to the > > >> > gameserver ip and port (all gameservers have different ip's) > > >> > I think there is a connection between that. > > >> > Every customer have also different folders (gameserver, web and irc). > > >> > > >> Is your kernel patched against the very old kmod/ptrace-bug? Cause > that's > > >> just what the exploit uses: > > >> > > >> /* lame, oversophisticated local root exploit for kmod/ptrace bug in > linux > > >> * 2.2 and 2.4 > > >> * > > >> * have fun > > >> */ > > >> > > >> See also: > > >> -> http://www.kb.cert.org/vuls/id/176888 > > >> > > >> jwm > > >> > > >> > > >> _______________________________________________ > > >> To unsubscribe, edit your list preferences, or view the list archives, > > S> please visit: > > >> http://list.valvesoftware.com/mailman/listinfo/hlds_linux > > >> > > > > > > S> _______________________________________________ > > S> To unsubscribe, edit your list preferences, or view the list archives, > please visit: > > S> http://list.valvesoftware.com/mailman/listinfo/hlds_linux > > > > ------ > > Udv: > > Josephus > > mailto:[EMAIL PROTECTED] > > ---=[ "It doesn't protect from that" - Sandor Szalacsi ]=--- > > > > > > > > > > _______________________________________________ > > To unsubscribe, edit your list preferences, or view the list archives, > please visit: > > http://list.valvesoftware.com/mailman/listinfo/hlds_linux > > > > > _______________________________________________ > To unsubscribe, edit your list preferences, or view the list archives, please visit: > http://list.valvesoftware.com/mailman/listinfo/hlds_linux > _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux