rehlds
rehlds copied to clipboard
dreamstalker
New Exploit?!
Good night people.
So, I'm guessing what's happening to me is "Exploit", follow the information below: On September 02 or 03, two servers of a friend got the name Half-Life with 0 players in the servers, in the report of their forum players could not connect. I thought they had misunderstood and deleted everything they know ...
So far so good.
Except that between yesterday and today, my server is happening the same thing and I went to see that some files are deleted, it follows the list:
/cstrike/steam.inf /cstrike/server.cfg /cstrike/config.cfg
/cstrike/addons/metamod/plugins.ini
/cstrike/addons/amxmodx/dlls/amxmodx_mm_i386.so /cstrike/addons/amxmodx/modules/cstrike_amxx_i386.so /cstrike/addons/amxmodx/modules/fakemeta_amxx_i386.so /cstrike/addons/amxmodx/modules/fun_amxx_i386.so /cstrike/addons/amxmodx/modules/hamsandwich_amxx_i386.so /cstrike/addons/amxmodx/configs/core.ini /cstrike/addons/amxmodx/configs/hamdata.ini /cstrike/addons/amxmodx/configs/plugins.ini /cstrike/addons/amxmodx/configs/users.ini
The server disconnects all players and I think it restarts and gets the name Half-Life because it does not find the server.cfg of cstrike (so using that of /valve/server.cfg) and is asking to update the HLDS due to lack of steam.inf
Follow the latest consolse records in the attachment. qconsole-lastlogs.log
At first I thought it was AMX Mod X requesting an UPDATE for amxx 1.9.0-dev, so I upgraded, but it does not solve anything ...
It happened again. But since I have backup of these files now, it was easy to upload the server again in a short time.
Is someone experiencing the same problem? Do you know how to solve it?
Thank you.
Could be AMXX plugin backdoor.
сб, 8 сент. 2018 г., 6:06 Guilherme Pinheiro Rozini < [email protected]>:
Good night people.
So, I'm guessing what's happening to me is "Exploit", follow the information below: On September 02 or 03, two servers of a friend got the name Half-Life with 0 players in the servers, in the report of their forum players could not connect. I thought they had misunderstood and deleted everything they know ...
So far so good.
Except that between yesterday and today, my server is happening the same thing and I went to see that some files are deleted, it follows the list:
/cstrike/steam.inf /cstrike/server.cfg /cstrike/config.cfg
/cstrike/addons/metamod/plugins.ini
/cstrike/addons/amxmodx/dlls/amxmodx_mm_i386.so /cstrike/addons/amxmodx/modules/cstrike_amxx_i386.so /cstrike/addons/amxmodx/modules/fakemeta_amxx_i386.so /cstrike/addons/amxmodx/modules/fun_amxx_i386.so /cstrike/addons/amxmodx/modules/hamsandwich_amxx_i386.so /cstrike/addons/amxmodx/configs/plugins.ini /cstrike/addons/amxmodx/configs/users.ini
The server disconnects all players and I think it restarts and gets the name Half-Life because it does not find the server.cfg of cstrike (so using that of /valve/server.cfg) and is asking to update the HLDS due to lack of steam.inf
Follow the latest consolse records in the attachment. qconsole-lastlogs.log https://github.com/dreamstalker/rehlds/files/2362871/qconsole-lastlogs.log
At first I thought it was AMX Mod X requesting an UPDATE for amxx 1.9.0-dev, so I upgraded, but it does not solve anything ...
It happened again. But since I have backup of these files now, it was easy to upload the server again in a short time.
Is someone experiencing the same problem? Do you know how to solve it?
Thank you.
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/dreamstalker/rehlds/issues/650, or mute the thread https://github.com/notifications/unsubscribe-auth/ADTOE3uMTmaCoN45XEgV8C5oxpH16lGtks5uYxgWgaJpZM4WfpvL .
are you using a metamod-plugin called 'SRdetector' ? perhaps i'm paranoid but while having this mm-plugin enabled i've found one additional mm-module running which was not installed by myself. couldnt even find it on the server itself afterwards on that time :/
are you using a metamod-plugin called 'SRdetector' ? perhaps i'm paranoid but while having this mm-plugin enabled i've found one additional mm-module running which was not installed by myself. couldnt even find it on the server itself afterwards on that time :/
Plugins without source code attached, except for few well-known such as WHBlocker, ReUnion or even stuff like AMX and such (those are all safe), are very dangerous. Most of the time the source is not given for various reasons, one of them being that such plugins contain backdoors to gain rcon access and more. Now, in case of such plugins, this is bad, not because such backdoors exist, but because they are always used with bad intentions. (by Romanians, Turks and Russians usually)
