Weird way they entered my server, need help.
I need help again, got only few details on it.
I had my none mod server runing like more then 1 year, safe and secured, virus scanner and firewall installed, also updated Windows XP.
I can say for sure am kind of very safe and i am a "System Administrator".
Someone got the password to my server and started to change timelimits and map and so on.
I changed the password, and restarted the server.
He got back in and downloaded the server.cfg file. How can you download server.cfg ?
It gets weirder, i went to the base folder, i know which files exists there, but there was 1 file that got there some how and i dont know how it got there.
file was called 1.cfg and had a different rconpassword and alot of other settings too.
I turned off Allowdownload, i deleted the 1.cfg file and i renamed the server.cfg to something something.
If this helps, then do the same as i did. If it doesnt help, report and i will also keep an eye on my server too and report bugs.
Mm, disturbing.. maybe it was someone you know? a friend perhaps, that opened your server.cfg file while you were away and stole the pass.
The 1.cfg file.. someone must have written it, in conole you say "write "x"" and it writes a cfg file, have you accessed it and looked what's written inside?
Could also be a keylogger, clean your computer from spy wares and not viruses.
Host as normal, I'm pretty confident nothing will happen, if it does then I'm not much of use
anyway, hope everything turns well
Well i can say am clean from viruses and other stuff.
I suspect that someone stole the password from my friend that also was dedicated administrator, but something very weird was that, when i changed the password, he could download the server.cfg file from my server, what is the command for that, i didnt know it was possible.
I disabled allowdownload cause it was enabled.
that 1.cfg file is not being executed, it was just in the base folder.
Neither did i know that it was possible, but now it seems it is. If you suspect it, ask him if he gave it to somebody else, if he did just change it, second thought, change it now and you wont have to worry about some stranger that have got your rcon.
Since he stole the server.cfg file.. he will host the same server as yours, look for it, if he is hosting with your cfg file the chances are good that you'll find it. Good luck.
I dont think he gave it, i think someone stole it from him, i dont use rcon, i type directly from the server. I also have secured my server for now. Lets see whats next.
May the force be with my server.
Turn: sv_allowdownload 0 (off) so they can't download the server.cfg
Its a bug which is still used lately.
If its on people can download ur server.cfg..
But if you don't want to do that, u have to rename the server.cfg to something else (and change the settings for the launch of it)
Read the first thread again, i did turn it off and renamed it.
|All times are GMT -4. The time now is 08:36 PM.|
Powered by vBulletin®
Copyright ©2000 - 2015, Jelsoft Enterprises Ltd.
LFNetwork, LLC ©2002-2011 - All rights reserved.