ULX
« previous next »
Pages: [1]   Go Down

Author Topic: How did this happen  (Read 1834 times)

0 Members and 1 Guest are viewing this topic.

Offline JabbaTheWut

  • Newbie
  • *
  • Posts: 35
  • Karma: -3
  • The Noob.
How did this happen
« on: February 10, 2015, 07:26:42 PM »
So I am running ULX and I got on my server and some I looked at the chat and it said "(Console) added =|TF|= TiggyTheTiger to group superadmin" Me and the other owner have no idea who he is. We have perma banned and removed him but, how did this happen. I didnt even know something like this is even possible. And how can I prevent it from happening in the future?
Logged
I might be one of the stupidest people you will ever meet.

Offline Megiddo

  • Ulysses Team Member
  • Hero Member
  • *****
  • Posts: 6213
  • Karma: 394
  • Project Lead
Re: How did this happen
« Reply #1 on: February 10, 2015, 07:35:31 PM »
My guess would be your rcon password was easy to guess or was compromised. The message is telling you that the command was executed from the server console.

Back in the old days, you could exploit sv_cheats pretty easily to do this too, can't remember if Garry "patched" it or not.
Logged
Experiencing God's grace one day at a time.

Offline Caustic Soda-Senpai

  • Sr. Member
  • ****
  • Posts: 469
  • Karma: 54
  • <Insert something clever here>
    • Steam Page
Re: How did this happen
« Reply #2 on: February 11, 2015, 11:51:03 AM »
Make 100% sure your RCON Password is NOT in your server.cfg Put it in the Startup line of your server.
Logged
Once you get to know me, you'll find you'll have never met me at all.

Offline Bite That Apple

  • Hero Member
  • *****
  • Posts: 858
  • Karma: 416
  • Apple Innovations 2010®
    • Fun 4 Everyone Gaming
Re: How did this happen
« Reply #3 on: February 12, 2015, 12:16:22 AM »
My suggestion is just not have a rcon password.
Logged
Quote from: John F. Kennedy 1963
A man may die, nations may rise and fall, but an idea lives on.

Offline Caustic Soda-Senpai

  • Sr. Member
  • ****
  • Posts: 469
  • Karma: 54
  • <Insert something clever here>
    • Steam Page
Re: How did this happen
« Reply #4 on: February 12, 2015, 01:16:59 AM »
Quote from: Bite That Apple on February 12, 2015, 12:16:22 AM
My suggestion is just not have a rcon password.

Or that.
Logged
Once you get to know me, you'll find you'll have never met me at all.

Offline MrPresident

  • Ulysses Team Member
  • Hero Member
  • *****
  • Posts: 2728
  • Karma: 430
    • |G4P| Gman4President
Re: How did this happen
« Reply #5 on: February 12, 2015, 07:18:44 PM »
Depending on how you administer your server, that's not an acceptable suggestion.
I rely HEAVILY on HLSW which is an RCON application. I absolutely need RCON.

But yes, make sure you don't set your rcon password in your config file.
Some hosts don't let you change the command line, in which case you would have to set it in the config file, but do that at your own risk because there are plenty of exploits out there that grant users access to that file for viewing.
Logged

Offline PwndKilled

  • Newbie
  • *
  • Posts: 19
  • Karma: -1
Re: How did this happen
« Reply #6 on: February 12, 2015, 10:50:57 PM »
You downloaded a backdoor leak for sure :D
Logged
Pages: [1]   Go Up
« previous next »