SECURITY RISK <-----------

[ClanPikachu]

Hey guys I need help like right now. We just had a person come into our server. He had no flags and was not ranked above a normal player. He was able to type some stuff into the game so everyone could see it. Then he typed in chat a persons ID like 143 or what not and boom that person got kicked. Then he typed reset and it reset the map.

I don't see anythink in my logs that show any rcon command being executed. Here is my log file showing what he did.

L 11/07/2004 - 22:53:29: "[IFC] Promega<161><STEAM_ID_PENDING><>" connected, address "24.21.154.139:60030"

L 11/07/2004 - 22:53:30: "[IFC] Promega<161><STEAM_0:1:341686><>" STEAM USERID validated

L 11/07/2004 - 22:54:13: "[IFC] Promega<161><STEAM_0:1:341686><>" entered the game

L 11/07/2004 - 22:54:19: "[IFC] Promega<161><STEAM_0:1:341686><>" joined team "TERRORIST"

L 11/07/2004 - 22:55:06: "[IFC] Promega<161><STEAM_0:1:341686><TERRORIST>" say "honey come t its better"

L 11/07/2004 - 22:55:28: "[IFC] Promega<161><STEAM_0:1:341686><TERRORIST>" say "160" (dead)

L 11/07/2004 - 22:55:36: Kick: "Sitka<160><STEAM_0:1:3407879><>" was kicked by "Console"

L 11/07/2004 - 22:55:39: "[IFC] Promega<161><STEAM_0:1:341686><TERRORIST>" say "ersety" (dead)

L 11/07/2004 - 22:55:41: "[IFC] Promega<161><STEAM_0:1:341686><TERRORIST>" say_team "resest" (dead)

L 11/07/2004 - 22:55:42: "[IFC] Headshot Honey<162><STEAM_0:0:339283><TERRORIST>" committed suicide with "world"

L 11/07/2004 - 22:55:42: "[IFC] Headshot Honey<162><STEAM_0:0:339283><TERRORIST>" joined team "TERRORIST"

L 11/07/2004 - 22:55:42: "[IFC] Promega<161><STEAM_0:1:341686><TERRORIST>" committed suicide with "world"

L 11/07/2004 - 22:55:42: "[IFC] Promega<161><STEAM_0:1:341686><TERRORIST>" joined team "TERRORIST"

L 11/07/2004 - 22:55:44: World triggered "Game_Commencing"

L 11/07/2004 - 22:55:44: World triggered "Game_Commencing"

(CT "12") (T "5")

L 11/07/2004 - 22:55:44: World triggered "Round_End"

L 11/07/2004 - 22:55:45: Server cvar "public_slots_free" = "15"

L 11/07/2004 - 22:55:50: World triggered "Round_Start"

L 11/07/2004 - 22:56:16: "[IFC] Promega<161><STEAM_0:1:341686><TERRORIST>" say_team "sitka go ct"

L 11/07/2004 - 22:56:20: "[IFC] Promega<161><STEAM_0:1:341686><TERRORIST>" say_team "du"

L 11/07/2004 - 22:56:32: "[IFC] Promega<161><STEAM_0:1:341686><TERRORIST>" say "163"

L 11/07/2004 - 22:56:36: Kick: "Sitka<163><STEAM_0:1:3407879><>" was kicked by "Console"

L 11/07/2004 - 22:57:28: "[IFC] Promega<161><STEAM_0:1:341686><TERRORIST>" say_team "sitka you going to get kicked again go ct"

L 11/07/2004 - 22:57:35: "[IFC] Promega<161><STEAM_0:1:341686><TERRORIST>" say "164"

L 11/07/2004 - 22:57:37: "[IFC] Promega<161><STEAM_0:1:341686><TERRORIST>" say_team "bye"

L 11/07/2004 - 22:57:38: Kick: "Sitka<164><STEAM_0:1:3407879><>" was kicked by "Console"

L 11/07/2004 - 22:58:36: "[IFC] Promega<161><STEAM_0:1:341686><TERRORIST>" say "he is a quick learner only took 8 kicks"

L 11/07/2004 - 22:59:14: "[IFC] Promega<161><STEAM_0:1:341686><TERRORIST>" say_team "reset" (dead)

L 11/07/2004 - 22:59:17: "[IFC] Promega<161><STEAM_0:1:341686><TERRORIST>" committed suicide with "world"

L 11/07/2004 - 22:59:17: "[IFC] Promega<161><STEAM_0:1:341686><TERRORIST>" joined team "TERRORIST"

L 11/07/2004 - 22:59:18: "[IFC] Headshot Honey<162><STEAM_0:0:339283><TERRORIST>" say_team "m0"

L 11/07/2004 - 22:59:18: World triggered "Round_Start"

L 11/07/2004 - 22:59:20: "[IFC] Headshot
Honey<162><STEAM_0:0:339283><TERRORIST>" committed suicide with "world"

L 11/07/2004 - 22:59:20: "[IFC] Headshot Honey<162><STEAM_0:0:339283><TERRORIST>" joined team "TERRORIST"

L 11/07/2004 - 22:59:36: "[IFC] Promega<161><STEAM_0:1:341686><TERRORIST>" say "didnt go ct"

L 11/07/2004 - 22:59:45: "[IFC] Promega<161><STEAM_0:1:341686><TERRORIST>" say "167"

L 11/07/2004 - 22:59:48: Kick: "PEPSI<167><STEAM_0:0:1410650><>" was kicked by "Console"

L 11/07/2004 - 22:59:49: "[IFC] Promega<161><STEAM_0:1:341686><TERRORIST>" say "duh"

L 11/07/2004 - 23:00:11: "[IFC] Promega<161><STEAM_0:1:341686><TERRORIST>" say "DUH"

L 11/07/2004 - 23:01:13: "[IFC] Headshot Honey<162><STEAM_0:0:339283><TERRORIST>" say_team "nice you gay homo"

L 11/07/2004 - 23:01:17: "[IFC] Promega<161><STEAM_0:1:341686><TERRORIST>" say_team "lol"

L 11/07/2004 - 23:03:47: "[IFC] Promega<161><STEAM_0:1:341686><TERRORIST>" say "scared/"

L 11/07/2004 - 23:04:13: "[IFC] Promega<161><STEAM_0:1:341686><TERRORIST>" say "died to typing"

L 11/07/2004 - 23:05:18: "[IFC] Promega<161><STEAM_0:1:341686><TERRORIST>" say "fucking lag" (dead)

L 11/07/2004 - 23:05:23: World triggered "Round_Start"

L 11/07/2004 - 23:05:23: "[IFC] Promega<161><STEAM_0:1:341686><TERRORIST>" committed suicide with "world"

L 11/07/2004 - 23:05:23: "[IFC] Promega<161><STEAM_0:1:341686><TERRORIST>" joined team "TERRORIST"

L 11/07/2004 - 23:05:25: "[IFC] Headshot Honey<162><STEAM_0:0:339283><TERRORIST>" committed suicide with "world"

L 11/07/2004 - 23:05:25: "[IFC] Headshot Honey<162><STEAM_0:0:339283><TERRORIST>" joined team "TERRORIST"

L 11/07/2004 - 23:05:26: World triggered "Game_Commencing"

L 11/07/2004 - 23:05:26: World triggered "Game_Commencing" (CT "5") (T "4")

L 11/07/2004 - 23:05:26: World triggered "Round_End"

L 11/07/2004 - 23:05:32: World triggered "Round_Start"

L 11/07/2004 - 23:10:24: "[IFC] Promega<161><STEAM_0:1:341686><TERRORIST>" say_team "ug"

L 11/07/2004 - 23:11:02: "[IFC] Promega<161><STEAM_0:1:341686><TERRORIST>" say "time to try allin"

L 11/07/2004 - 23:12:19: "[IFC] Promega<161><STEAM_0:1:341686><TERRORIST>" say "169"

L 11/07/2004 - 23:12:23: Kick: "ArchAngel [Soundless]<169><STEAM_0:1:1508984><>" was kicked by "Console"

L 11/07/2004 - 23:13:33: "[IFC] Promega<161><STEAM_0:1:341686><TERRORIST>" say_team "behind"

L 11/07/2004 - 23:15:07: [ADMIN] INFO: '[IFC] Promega' attempted to use command 'say' without proper access.

L 11/07/2004 - 23:15:07: "[IFC] Promega<161><STEAM_0:1:341686><TERRORIST>" say "170"

L 11/07/2004 - 23:15:12: Kick: "Larry<170><STEAM_0:1:4507379><>" was kicked by "Console"

L 11/07/2004 - 23:16:33: [ADMIN] INFO: '[IFC] Promega' attempted to use command 'say_team' without proper access.

L 11/07/2004 - 23:16:37: [ADMIN] INFO: '[IFC] Promega' attempted to use command 'say' without proper access.

L 11/07/2004 - 23:16:38: [ADMIN] INFO: '[IFC] Promega' attempted to use command 'say_team' without proper access.

L 11/07/2004 - 23:16:43: [ADMIN] INFO: '[IFC] Promega' attempted to use command 'say' without proper access.

L 11/07/2004 - 23:16:43: "[IFC] Promega<161><STEAM_0:1:341686><TERRORIST>" say "172"

L 11/07/2004 - 23:20:05: [ADMIN] INFO: '[IFC] Promega' attempted to use command 'say_team' without proper access.

L 11/07/2004 - 23:21:14: [ADMIN] INFO: '[IFC] Headshot Honey' attempted to use command 'say_team' without proper access.

L 11/07/2004 - 23:21:38: [ADMIN] INFO: '[IFC] Headshot Honey' attempted to use command 'say_team' without proper access.

L 11/07/2004 - 23:21:40: [ADMIN] INFO: '[IFC] Promega' attempted to use command 'say' without proper access.

L 11/07/2004 - 23:21:40: "[IFC] Promega<161><STEAM_0:1:341686><TERRORIST>" say "bored"

L 11/07/2004 - 23:21:49: [ADMIN] INFO: '[IFC] Headshot Honey' attempted to use command 'say_team' without proper access.

L 11/07/2004 - 23:21:52: [ADMIN] INFO: '[IFC] Headshot Honey' attempted to use command 'say' without proper access.

L 11/07/2004 - 23:21:52: "[IFC] Headshot Honey<162><STEAM_0:0:339283><TERRORIST>" say "where"

L 11/07/2004 - 23:22:00: "[IFC] Promega<161><STEAM_0:1:341686><TERRORIST>" disconnected

L 11/07/2004 - 23:22:58: "[IFC] Headshot Honey<162><STEAM_0:0:339283><TERRORIST>" disconnected

Please assit as this is very important and posses a MAJOR SECURITY RISK to our servers!

I have amxx, adminmod, metamod, statsme installed on my CS 1.6 server.

[bOoya]

ok that is pretty weird
must be some type of bug with one of your mods (looks like adminmod). i would try disabling adminmod or at least custom plugins for adminmod that could be creating this bug.
ive never seen anything like that on servers with default mods on them (or any server really) so you might want to cut back on loading tons of custom plugins to your server. either way we will monitor the forums for those mod's to see if anything pops up.

[ClanPikachu]

the only thing that is not a dufault install is the AMXX mod. Admin mod is the default install that NFO put on for us. I tried loggin onto our server with another steam id that had same access as the ifc guys and type what they typed but nothing happend. No commands where executed. For the mean time we have been those two user and are now looking for a plugin that will auto ban any user with the clan tag of [IFC]

[Nick|NFo]

hlguard will ban the tag if you set it in namebans.cfg

also, what booya is talking about is the PLUGINS that you installed for adminmod, you have a ton of custom ones in your adminmod/configs/plugins.ini, one of those probably faulty and giving access.

[ClanPikachu]

Is there anyway you might be able to suggest what plugins may cause this? I am running amxx and admin mod. Take a look at my plugins that I have commented out and let me know what you might think the issue is. Thanks.


Also I don't think we are running hlgaurd... not sure though and if not does it cost to add it? also will it cause ping loss? or any noticable lag on the server?

[LLLL]

Is there anyway you might be able to suggest what plugins may cause this? I am running amxx and admin mod. Take a look at my plugins that I have commented out and let me know what you might think the issue is. Thanks.


Also I don't think we are running hlgaurd... not sure though and if not does it cost to add it? also will it cause ping loss? or any noticable lag on the server?

No it doesent cost any money, and it does not cause a ping, and it doesent cause the server to lag.

[ClanPikachu]

I have been through the mod's forums and could not seem to find any help on how and why this happend. I am at a loss here if anyone has any idea how this could have happend besides listing a responce of must have been a faulty plug in please post here.