Ulysses
Ulysses Stuff => General Chat & Help and Support => Topic started by: JabbaTheWut on February 10, 2015, 07:26:42 PM
-
So I am running ULX and I got on my server and some I looked at the chat and it said "(Console) added =|TF|= TiggyTheTiger to group superadmin" Me and the other owner have no idea who he is. We have perma banned and removed him but, how did this happen. I didnt even know something like this is even possible. And how can I prevent it from happening in the future?
-
My guess would be your rcon password was easy to guess or was compromised. The message is telling you that the command was executed from the server console.
Back in the old days, you could exploit sv_cheats pretty easily to do this too, can't remember if Garry "patched" it or not.
-
Make 100% sure your RCON Password is NOT in your server.cfg Put it in the Startup line of your server.
-
My suggestion is just not have a rcon password.
-
My suggestion is just not have a rcon password.
Or that.
-
Depending on how you administer your server, that's not an acceptable suggestion.
I rely HEAVILY on HLSW which is an RCON application. I absolutely need RCON.
But yes, make sure you don't set your rcon password in your config file.
Some hosts don't let you change the command line, in which case you would have to set it in the config file, but do that at your own risk because there are plenty of exploits out there that grant users access to that file for viewing.
-
You downloaded a backdoor leak for sure :D