I guess the shadow update has fixed the exploit now?
It definitely looks like they didn't go quite far with the exploit (we
were hit by it aswell). I assume they downloaded the server.cfg to get
a hold of the rcon password, correct? And there probably is no trace
of any of this happening.
Would
A fix was released for this issue. I'm not completely satisfied with
their resolution, but if you're paranoid there are a couple of
mitigations worth considering:
1. Using a strict whitelist such as:
https://forums.alliedmods.net/showthread.php?t=142249 (currently
broken, no plans to update
So was this used to obtain rcon passwords in other games such as TF2?
On Sat, Apr 19, 2014 at 9:45 PM, Tyrone parablac...@gmail.com wrote:
The exploit works on all source based games according to Garry.
On Fri, Apr 18, 2014 at 11:11 PM, wickedplayer494 wickedplayer...@gmail.com
wrote:
Yes, this unfortunately impacted a lot of European CS:S servers
(L4D(2) and other engines will forever be compromised). Based on the
scope, everything the server's user was running as is compromised.
However, the running guess is that people were still only after quick
wins; such as changing the
The exploit works on all source based games according to Garry.
On Fri, Apr 18, 2014 at 11:11 PM, wickedplayer494 wickedplayer...@gmail.com
wrote:
http://facepunch.com/showthread.php?t=1386818
If your clients are complaining about *cough* spam or similar through
Steam chat, this is what's
http://facepunch.com/showthread.php?t=1386818
If your clients are complaining about *cough* spam or similar through
Steam chat, this is what's causing it. It may be wise to just completely
kill your server until the Facepunch folks release an update to fix this
(even though it's 3 AM in the
6 matches
Mail list logo
