lfnetwork.com mark read register faq members calendar

Thread: Weird way they entered my server, need help.
Thread Tools Display Modes
Post a new thread. Add a reply to this thread. Indicate all threads in this forum as read. Subscribe to this forum. RSS feed: this forum RSS feed: all forums
Old 05-16-2007, 07:25 AM   #1
jedi-Guard
Rookie
 
Join Date: Sep 2005
Posts: 207
Weird way they entered my server, need help.

I need help again, got only few details on it.
I had my none mod server runing like more then 1 year, safe and secured, virus scanner and firewall installed, also updated Windows XP.
I can say for sure am kind of very safe and i am a "System Administrator".
Someone got the password to my server and started to change timelimits and map and so on.
I changed the password, and restarted the server.
He got back in and downloaded the server.cfg file. How can you download server.cfg ?
It gets weirder, i went to the base folder, i know which files exists there, but there was 1 file that got there some how and i dont know how it got there.
file was called 1.cfg and had a different rconpassword and alot of other settings too.
I turned off Allowdownload, i deleted the 1.cfg file and i renamed the server.cfg to something something.
If this helps, then do the same as i did. If it doesnt help, report and i will also keep an eye on my server too and report bugs.
jedi-Guard is offline   you may: quote & reply,
Old 05-29-2007, 08:21 AM   #2
darkecho05
Rookie
 
darkecho05's Avatar
 
Join Date: May 2007
Location: Sweden
Posts: 48
Mm, disturbing.. maybe it was someone you know? a friend perhaps, that opened your server.cfg file while you were away and stole the pass.
The 1.cfg file.. someone must have written it, in conole you say "write "x"" and it writes a cfg file, have you accessed it and looked what's written inside?
Could also be a keylogger, clean your computer from spy wares and not viruses.
Host as normal, I'm pretty confident nothing will happen, if it does then I'm not much of use
anyway, hope everything turns well


Error is our enemy!
darkecho05 is offline   you may: quote & reply,
Old 05-30-2007, 07:17 AM   #3
jedi-Guard
Rookie
 
Join Date: Sep 2005
Posts: 207
Well i can say am clean from viruses and other stuff.
I suspect that someone stole the password from my friend that also was dedicated administrator, but something very weird was that, when i changed the password, he could download the server.cfg file from my server, what is the command for that, i didnt know it was possible.
I disabled allowdownload cause it was enabled.
that 1.cfg file is not being executed, it was just in the base folder.
jedi-Guard is offline   you may: quote & reply,
Old 05-31-2007, 05:59 AM   #4
darkecho05
Rookie
 
darkecho05's Avatar
 
Join Date: May 2007
Location: Sweden
Posts: 48
Neither did i know that it was possible, but now it seems it is. If you suspect it, ask him if he gave it to somebody else, if he did just change it, second thought, change it now and you wont have to worry about some stranger that have got your rcon.
Since he stole the server.cfg file.. he will host the same server as yours, look for it, if he is hosting with your cfg file the chances are good that you'll find it. Good luck.


Error is our enemy!
darkecho05 is offline   you may: quote & reply,
Old 06-01-2007, 03:51 AM   #5
jedi-Guard
Rookie
 
Join Date: Sep 2005
Posts: 207
I dont think he gave it, i think someone stole it from him, i dont use rcon, i type directly from the server. I also have secured my server for now. Lets see whats next.
:P
May the force be with my server.
jedi-Guard is offline   you may: quote & reply,
Old 06-21-2007, 01:41 AM   #6
Spiderz
Rookie
 
Join Date: Jun 2007
Posts: 17
Turn: sv_allowdownload 0 (off) so they can't download the server.cfg
Its a bug which is still used lately.
If its on people can download ur server.cfg..
But if you don't want to do that, u have to rename the server.cfg to something else (and change the settings for the launch of it)
Gl.
Spiderz is offline   you may: quote & reply,
Old 06-29-2007, 09:18 AM   #7
jedi-Guard
Rookie
 
Join Date: Sep 2005
Posts: 207
Read the first thread again, i did turn it off and renamed it.
jedi-Guard is offline   you may: quote & reply,
Post a new thread. Add a reply to this thread. Indicate all threads in this forum as read. Subscribe to this forum. RSS feed: this forum RSS feed: all forums
Go Back   LucasForums > Network > JediKnight Series > Help Center > Dedicated Server > Weird way they entered my server, need help.

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -4. The time now is 03:07 AM.

LFNetwork, LLC ©2002-2011 - All rights reserved.
Powered by vBulletin®
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.