SRCDS Steam group


Server attack - crash
#1
So, for a few days there is this kid bugging our server with some stupid script or a program or something, with which he can crash the server. I'm not completely sure if he must connect to the server to crash it, but most likely not as he was able to crash it when he was banned, so obviously he doesn't have to be on the server. This is what we got from the logs:

1st log:
Quote:L 12/29/2009 - 21:59:49: World triggered "Round_Start"
L 12/29/2009 - 21:59:59: "KeKeC |Killing Machine| |SLO|<78><STEAM_0:0:209459591><>" entered the game
L 12/29/2009 - 22:00:01: "KeKeC |Killing Machine| |SLO|<78><STEAM_0:0:209459591><Unassigned>" joi

As you can see, the log suddenly fails in the middle of something, and doesn't give out any errors. I can't get anything from debug.log either.

2nd log:
Quote:L 12/29/2009 - 18:31:12: "»ρŕσ«cσвяα |я3|<3><STEAM_0:1:24824020><TERRORIST>" say "to ej reku"
L 12/29/2009 - 18:31:24: "»ρŕσ«cσвяα |я3|<3><STEAM_0:1:24824020><TERRORIST>" say "ja"
L 12/29/2009 - 18:31:25: "fusionâ„¢ Cleaner<11><STEAM_0:0:1699626235><CT>" committed suicide with "world"
L 12/29/2009 - 18:31:27: "Crashing The Server Down<15><STEAM_ID_PENDING><>" connected, address "92.37.96.10:63465"
L 12/29/2009 - 18:31:27: "Crashing The Server Down<15><STEAM_ID_PENDING><>" disconnected (reason "Connection closing")
L 12/29/2009 - 18:31:28: "Crashed<16><STEAM_ID_PENDING><>" connected, address "92.37.96.10:63465"
L 12/29/2009 - 18:31:28: "Crashed<16><STEAM_ID_PENDING><>" disconnected (reason "Disconnect by user.")
L 12/29/2009 - 18:31:28: "Crashed<17><

It's definately not the known DoS attack, because the server is protected. It's also safe from that known connect exploit, as it has some ES addon installed
Reply
#2
Please let me know what you find that fixes it.
Looking for a game server? Visit fullfrag.com and pick one up as low as $2.50 / mo!
Reply
#3
(12-30-2009, 06:19 PM)loopyman Wrote:  Please let me know what you find that fixes it.

Will do, if anyone on this forum has a clue. Seems like a new exploit or something? And it's bugging me real bad. This retarded kid decided to crash all servers of our company, and I don't want to lose customers because of this 13 year old kid that was banned from one of the servers.

Help ASAP please...
Reply
#4
Temp solution would be to block his Ip? In the firewall
Reply
#5
(12-30-2009, 08:26 PM)Nisd Wrote:  Temp solution would be to block his Ip? In the firewall

Useless, he has a dynamic IP and can change it with a simple restart of his modem.
Reply
#6
True, but as said, Temp fix
Reply
#7
Are you using Mani Admin? Things like that happened to me a long time ago when I used Mani. Mani is so bad in security its not even funny. Try using Sourcemod and see if you get attacked.
Reply
#8
(12-31-2009, 06:23 AM)Beaverbeliever Wrote:  Mani is so bad in security its not even funny. Try using Sourcemod and see if you get attacked.
True, just google for mani exploits and you will find something working in 5 min.
I've been running a server with sourcemod for almost a year and it was never crashed by some random faggot.
Reply
#9
Ah yes, makes sense. Yea, Mani admin is crap... Highly exploitable :/
Looking for a game server? Visit fullfrag.com and pick one up as low as $2.50 / mo!
Reply
#10
Yes actually, the server is using Mani. Ok thanks, I'll advise the owners to replace it with SourceMod, thanks.
Reply
#11
Hi all,
I'm also running Mani but it seems the problem was not related to it. I was facing the same problem:
- banned user connects to server with STEAM_ID_PENDING
- before it gets kicked by VAC the server is already crashed

I solved the problem by running Miauw Mizx's Anti-Exploits eventscripts addon (here goes the link: http://addons.eventscripts.com/addons/view/mizx_exploits). Works like a charm :-) Additionally you might want to try ServSecurity (I use only some of its capabilites): http://addons.eventscripts.com/addons/view/servsecurity

None of those addons requires SM.

I hope it will fix the issue for you.
Reply


Forum Jump:


Users browsing this thread: 2 Guest(s)