Page 1 of 1
UPDATE YOUR SERVERS! file exploit is being actively abused
Posted: Mon Jul 31, 2006 1:31 pm
by ReyalP
We have had several reports that people are actively exploiting the download vulnerability that exists in et prior to 2.60b and ETTV prior to beta-10. This exploit allows anyone who can connect to your server to download your server.cfg files (and thus obtain your passwords) and depending on your server configuration, may allow them to download other sensitive files outside of the et directory.
Anyone running a server with downloads enabled should update to 2.60b or the latest ettv.
you
DO NOT have to update to the new etpro, or require the clients to update. Just update the server.
The bug:
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-2082
ET 2.60b binaries (all platforms):
ftp://ftp.idsoftware.com/idstuff/et/ET-2.60b.zip
Posted: Tue Aug 01, 2006 7:12 am
by mortis
Updated and running 3.2.6 beta 1 on 2.60b patch at newcastle.devrandom.net
--Mortis
Posted: Tue Aug 01, 2006 1:07 pm
by deej
I took the liberty of copying your post on the following sites:
- ETPub
- Jaymod
- Xfire.be
- Gamestv.org
I suggest other big news sites should be poked with the same information.
Posted: Tue Aug 01, 2006 1:20 pm
by ReyalP
mortis wrote:Updated and running 3.2.6 beta 1 on 2.60b patch at newcastle.devrandom.net
--Mortis
I'm sure mortis already knew this, but just to pre-empt the inevitable confusion
YOU DO NOT HAVE TO UPDATE ETPRO TO USE THE 2.60b or ETTV-B11 SERVER!
Posted: Tue Aug 01, 2006 2:43 pm
by mortis
Yep, but it pays to be thorough, methinks.
Posted: Wed Aug 09, 2006 5:39 pm
by Roadie
My server got hacked in just this manner, as did a close buddy clan's server.
Mine is being updated as I type here.
I've taken the time to post this link on my own website and forums, as well on that of my server host's site.
Posted: Sat Aug 26, 2006 12:38 am
by Toxicdave
Lo all
Upgraded to 2.60b running etpro 3.2.5 due to netcoder/nixcoder tards grabbing the rcon passwords and generally being annoying gimps. All worked fine for a couple of weeks, but now the problems have occurred again.
The server was reset, and the rcon pw was changed. There was no record of it anywhere other than on a piece of paper on a desk, it was in no server config files, or in any password caches.
2 minutes later they had changed the rcon pw again. Any ideas about this? Do we have a new exploit that forces a change in the rcon pw?
Thanks,
Toxic.
Posted: Sat Aug 26, 2006 12:59 am
by bani
proabably installed a backdoor on your server. wipe and reinstall from scratch, change passwords, etc.
i'd just file criminal charges with the police. done it before, it works. amazingly enough ISPs do respond to subpoenas. skript kiddies mighty suprised when police officers show up on their doorstep.
Posted: Fri Sep 29, 2006 9:07 pm
by Herf
what charges did you file bani? Like what was the name of the crime? I guess crashing or attacking any server even a game server is illegal right now.
I would think, with WOW being a billion dollar business, that soon rather than later, they will make hacking games and such also illegal somehow. Probably would have to go after the coders who sell the hacks, I cant see much political/business support for criminal charges against the users.....
But if someone is selling 100 hacks, that mess with a game thats is sold, then that should be illegal. Heck it may even be illegal now? As one cannot make like an ET mod, even though its given away, and sell it right? So if Bani, selling his Banimod, would that be a criminal or just a civil offence?
Posted: Fri Sep 29, 2006 10:03 pm
by bani
A while back a script kiddie from the colorado school of mines was attacking a server of mine. I tracked him down, reported him to the police. The police subpoena'd the school, the school provided evidence confirming the attacks. Apparently he had a prior history of script kiddiness and was lready on probation by the school. The police showed up on his doorstep and he confessed on the spot. They confiscated his computers, he was caught with stolen credit cards and was expelled from school. I'm guessing he's probably still in prison.
Did a similar thing with a kiddie at some australian university. Never heard back from the school but the attacks did stop permanently. Which proves that just being in another country is no guarantee you wont get busted.
Posted: Sat Sep 30, 2006 12:25 pm
by Fusen
I'll never get busted
BECAUSE i DELETED MY IP SO YOU CAN'T FIND ME!!11
pwoned!!
________
Anime tube
Posted: Sat Sep 30, 2006 1:26 pm
by Deus
Fusen wrote:I'll never get busted
BECAUSE i DELETED MY IP SO YOU CAN'T FIND ME!!11
pwoned!!
I know that is was 127.0.0.1
There is no way to escape evar!
Posted: Sun Oct 01, 2006 1:02 am
by deej
Deus wrote:I know that is was 127.0.0.1
There is no way to escape evar!
OMG this guy had the same IP,
look what happened to him!