banimod / etpro / ettv forums Forum Index banimod / etpro / ettv forums
Bani's Discussion Forums
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

UPDATE YOUR SERVERS! file exploit is being actively abused

 
Post new topic   Reply to topic    banimod / etpro / ettv forums Forum Index -> ET Server Admins
View previous topic :: View next topic  
Author Message
ReyalP



Joined: 25 Jul 2003
Posts: 1663

PostPosted: Mon Jul 31, 2006 1:31 pm    Post subject: UPDATE YOUR SERVERS! file exploit is being actively abused Reply with quote

We have had several reports that people are actively exploiting the download vulnerability that exists in et prior to 2.60b and ETTV prior to beta-10. This exploit allows anyone who can connect to your server to download your server.cfg files (and thus obtain your passwords) and depending on your server configuration, may allow them to download other sensitive files outside of the et directory.

Anyone running a server with downloads enabled should update to 2.60b or the latest ettv.

you DO NOT have to update to the new etpro, or require the clients to update. Just update the server.

The bug: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-2082
ET 2.60b binaries (all platforms): ftp://ftp.idsoftware.com/idstuff/et/ET-2.60b.zip
_________________
send lawyers, guns and money


Last edited by ReyalP on Tue Aug 01, 2006 4:30 pm; edited 1 time in total
Back to top
View user's profile Send private message
mortis



Joined: 06 Jul 2004
Posts: 360
Location: at the center of the e-universe

PostPosted: Tue Aug 01, 2006 7:12 am    Post subject: Reply with quote

Updated and running 3.2.6 beta 1 on 2.60b patch at newcastle.devrandom.net

--Mortis
_________________
http://forums.quakewarsterritory.com/
Back to top
View user's profile Send private message Visit poster's website
deej



Joined: 19 Mar 2004
Posts: 743
Location: Belgium!

PostPosted: Tue Aug 01, 2006 1:07 pm    Post subject: Reply with quote

I took the liberty of copying your post on the following sites:

- ETPub
- Jaymod
- Xfire.be
- Gamestv.org

I suggest other big news sites should be poked with the same information.
_________________
Our servers now run on 64 bit steroids. Point your ET to:
- Forgotten Ground StopWatch Server with occasional wolfrof 1
- Fraggle Rock ETPub Server - Mix up ET/UT & Duke Nukem
Back to top
View user's profile Send private message Send e-mail Visit poster's website
ReyalP



Joined: 25 Jul 2003
Posts: 1663

PostPosted: Tue Aug 01, 2006 1:20 pm    Post subject: Reply with quote

mortis wrote:
Updated and running 3.2.6 beta 1 on 2.60b patch at newcastle.devrandom.net

--Mortis

I'm sure mortis already knew this, but just to pre-empt the inevitable confusion YOU DO NOT HAVE TO UPDATE ETPRO TO USE THE 2.60b or ETTV-B11 SERVER!
_________________
send lawyers, guns and money
Back to top
View user's profile Send private message
mortis



Joined: 06 Jul 2004
Posts: 360
Location: at the center of the e-universe

PostPosted: Tue Aug 01, 2006 2:43 pm    Post subject: Reply with quote

Yep, but it pays to be thorough, methinks.
_________________
http://forums.quakewarsterritory.com/
Back to top
View user's profile Send private message Visit poster's website
Roadie



Joined: 19 Sep 2005
Posts: 17

PostPosted: Wed Aug 09, 2006 5:39 pm    Post subject: Reply with quote

My server got hacked in just this manner, as did a close buddy clan's server.

Mine is being updated as I type here.

I've taken the time to post this link on my own website and forums, as well on that of my server host's site.
Back to top
View user's profile Send private message
Toxicdave



Joined: 04 Sep 2005
Posts: 1
Location: Bath, UK

PostPosted: Sat Aug 26, 2006 12:38 am    Post subject: Reply with quote

Lo all Smile

Upgraded to 2.60b running etpro 3.2.5 due to netcoder/nixcoder tards grabbing the rcon passwords and generally being annoying gimps. All worked fine for a couple of weeks, but now the problems have occurred again.

The server was reset, and the rcon pw was changed. There was no record of it anywhere other than on a piece of paper on a desk, it was in no server config files, or in any password caches.

2 minutes later they had changed the rcon pw again. Any ideas about this? Do we have a new exploit that forces a change in the rcon pw?

Thanks,

Toxic.
Back to top
View user's profile Send private message
bani
Site Admin


Joined: 21 Jul 2002
Posts: 3685

PostPosted: Sat Aug 26, 2006 12:59 am    Post subject: Reply with quote

proabably installed a backdoor on your server. wipe and reinstall from scratch, change passwords, etc.

i'd just file criminal charges with the police. done it before, it works. amazingly enough ISPs do respond to subpoenas. skript kiddies mighty suprised when police officers show up on their doorstep.
Back to top
View user's profile Send private message Send e-mail Visit poster's website
Herf



Joined: 14 Jun 2004
Posts: 99

PostPosted: Fri Sep 29, 2006 9:07 pm    Post subject: Reply with quote

what charges did you file bani? Like what was the name of the crime? I guess crashing or attacking any server even a game server is illegal right now.

I would think, with WOW being a billion dollar business, that soon rather than later, they will make hacking games and such also illegal somehow. Probably would have to go after the coders who sell the hacks, I cant see much political/business support for criminal charges against the users.....

But if someone is selling 100 hacks, that mess with a game thats is sold, then that should be illegal. Heck it may even be illegal now? As one cannot make like an ET mod, even though its given away, and sell it right? So if Bani, selling his Banimod, would that be a criminal or just a civil offence?
Back to top
View user's profile Send private message
bani
Site Admin


Joined: 21 Jul 2002
Posts: 3685

PostPosted: Fri Sep 29, 2006 10:03 pm    Post subject: Reply with quote

A while back a script kiddie from the colorado school of mines was attacking a server of mine. I tracked him down, reported him to the police. The police subpoena'd the school, the school provided evidence confirming the attacks. Apparently he had a prior history of script kiddiness and was lready on probation by the school. The police showed up on his doorstep and he confessed on the spot. They confiscated his computers, he was caught with stolen credit cards and was expelled from school. I'm guessing he's probably still in prison.

Did a similar thing with a kiddie at some australian university. Never heard back from the school but the attacks did stop permanently. Which proves that just being in another country is no guarantee you wont get busted.
Back to top
View user's profile Send private message Send e-mail Visit poster's website
Fusen



Joined: 11 Feb 2004
Posts: 275

PostPosted: Sat Sep 30, 2006 12:25 pm    Post subject: Reply with quote

I'll never get busted

BECAUSE i DELETED MY IP SO YOU CAN'T FIND ME!!11

pwoned!!
________
Anime tube


Last edited by Fusen on Thu Mar 17, 2011 1:16 pm; edited 1 time in total
Back to top
View user's profile Send private message Visit poster's website
Deus



Joined: 12 Mar 2004
Posts: 1053
Location: Germany

PostPosted: Sat Sep 30, 2006 1:26 pm    Post subject: Reply with quote

Fusen wrote:
I'll never get busted

BECAUSE i DELETED MY IP SO YOU CAN'T FIND ME!!11

pwoned!!


I know that is was 127.0.0.1
There is no way to escape evar!
_________________

http://spielwelt15.monstersgame.net/?ac=vid&vid=39033566
Back to top
View user's profile Send private message Visit poster's website
deej



Joined: 19 Mar 2004
Posts: 743
Location: Belgium!

PostPosted: Sun Oct 01, 2006 1:02 am    Post subject: Reply with quote

Deus wrote:
I know that is was 127.0.0.1
There is no way to escape evar!


OMG this guy had the same IP, look what happened to him!
_________________
Our servers now run on 64 bit steroids. Point your ET to:
- Forgotten Ground StopWatch Server with occasional wolfrof 1
- Fraggle Rock ETPub Server - Mix up ET/UT & Duke Nukem
Back to top
View user's profile Send private message Send e-mail Visit poster's website
Display posts from previous:   
Post new topic   Reply to topic    banimod / etpro / ettv forums Forum Index -> ET Server Admins All times are GMT - 8 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group