[MiD]Arcticman-TPF- has just reminded me of an important potential security hole for all rented servers that run statsme. He notes that this line in statsme.cfg can cause a serious security risk:
// Set password for StatsMe Menu (no password disables menu)
sm_menupassword "root" // To display menu type as player in the console: statsme_menu root
If you have this line in your statsme.cfg file with the password "root", I recommend that you change that password immediately, to something difficult to guess. This is a widely exploited problem with the default configuration of statsme, and it can allow outsiders to do things on your server that you definitely wouldn't want!
Possible security hole
- Edge100x
- Founder
- Posts: 12948
- https://www.youtube.com/channel/UC40BgXanDqOYoVCYFDSTfHA
- Joined: Thu Apr 18, 2002 11:04 pm
- Location: Seattle
- Contact: