Posts: 52
Threads: 15
Joined: Oct 2006
Reputation:
0
OK, a hacker broke into my CSS server, and he can now change anything he wants. I started talking to him, and he said to me that as long as I have my server on Linux, he will be always able to hack into the server, even without loggin into it (or to steam at all), and with no need to know my rCon password. What does that mean? Is there any fix to Linux servers that I don't know about?
Posts: 2,270
Threads: 45
Joined: May 2007
Reputation:
11
Wow that guy is a nice hacker to stop and talk to the guy he is stealing from.
realchamp Wrote:Hazz Wrote:Has someone helped you on these forums? If so, help someone else
Mooga Wrote:OrangeBox is a WHORE.
Posts: 52
Threads: 15
Joined: Oct 2006
Reputation:
0
lol, he is... but after that he gave me ban
What is that bug in linux server files???
Posts: 25
Threads: 1
Joined: Nov 2005
Reputation:
0
Think about it for a second. If the haxxor had a "magic key" that allowed access to any linux inserver, wouldn't the boards be flooded with the info (bitching)? Wouldn't the steam boards be full of rightfully PO'ed people as well?
Do you have any mods installed? Mani, Beetle and the like? Do you have a good RCON password? Start with the obvious stuff first. Like a good root password on your *nix box.
-woody.
Posts: 52
Threads: 15
Joined: Oct 2006
Reputation:
0
I know he does have a hack, but it is a private hack, and I saw him doing that in other servers...
But I thought about deleting Mani, and use something from EventScripts instead, maybe he lied and he must have Mani in the server for breaking it... Maybe with only EventScripts installed in my server, he won't be able to hack. But he does have full control, no matter what the rcon (I had a really hard rcon password, and I changed it every couple of days, and he still could do anything). He said that he can see the server log too, and if I am not wrong, he said that the hack is built in C++ (But I don't think that helps =\ )
Posts: 4
Threads: 0
Joined: Nov 2007
Reputation:
0
What you describe is someone who's broken into your linux box. He could do anything to anything on that linux machine if that's the case. Like someone mentioned, there's no security bug in the linux srcds that I've heard of. (such a thing would be hard to keep quiet) The problem is more likely related to your linux setup. (or the lock on the door of the room your server is in, or something)
Posts: 52
Threads: 15
Joined: Oct 2006
Reputation:
0
Acctually, he can't do anything to my computer, he tried to get a script that I used on my server and he couldn't. By the way, if there are private hacks, I don't think that everybody knows about them, it is more likely that only few people, who probably built it, will know about it while others won't.
Posts: 4
Threads: 0
Joined: Nov 2007
Reputation:
0
I'm nowhere close to being an expert, but I know enough to get my hands dirty. If you can find this guy doing things on your server again, you might run netstat -an to try and see what he's connected to. (and maybe his ip, which could help) If I had the time, I'd go lookup a way to save or find some logs.
Also be sure to check out any machine you connect to your server thru. A simple keylogger would be more than enough to defeat anything you try to stop him with. Also, don't trust much or anything of what he told you. If he was talking to you, it probably wasn't to be nice and help you figure out how he actually did what he did.
Posts: 52
Threads: 15
Joined: Oct 2006
Reputation:
0
Posts: 2,270
Threads: 45
Joined: May 2007
Reputation:
11
Yeah, trace his IP and give it to the cops. Kick his sorry hacker ass.
realchamp Wrote:Hazz Wrote:Has someone helped you on these forums? If so, help someone else
Mooga Wrote:OrangeBox is a WHORE.
Posts: 52
Threads: 15
Joined: Oct 2006
Reputation:
0
Well, I did a script in Event Scripts that kick him every time he join - meaning - he think that he is banned, but he can't cancel it. The only problem is that he can still control the server outside the game... =\
Posts: 14
Threads: 2
Joined: Nov 2007
Reputation:
0
dont forget
lsof -i
either .. it would also show you whats going on ..
also ... you may want to change your script to do a
tcpdump -vvvv >> hacker.txt
and a sleep 5 , THEN kick him ( then exit the script else the tcpdump would run forever ).. that will give you at least a little bit more to go on , of course if he is doing stuff scripted , 5 seconds may be plenty of time for him to play.
for some server hardening
apf ( http://rfxnetworks.com/apf.php ) , bfd ( http://rfxnetworks.com/bfd.php ) and sim ( http://rfxnetworks.com/sim.php ) to beef up your system a little bit.
once you get his ip block ( do a whois on his ip # and you should get somthing like 123.456.789.0/24 ) you can block him fully , this should stop him in game also.
Posts: 14
Threads: 2
Joined: Nov 2007
Reputation:
0
11-15-2007, 09:54 PM
(This post was last modified: 11-15-2007, 09:55 PM by lucindrea.)
oh if you do any of the above ( apf , bfd , sim ) please please read all the instructions .. if you really make mistakes you can lock yourself out ( not a big deal if you have direct console access , just a pain )
Posts: 52
Threads: 15
Joined: Oct 2006
Reputation:
0
Posts: 5,178
Threads: 65
Joined: Mar 2005
Reputation:
22
11-19-2007, 09:21 AM
(This post was last modified: 11-19-2007, 09:22 AM by Drocona.)
Try changing your rcon password and remote control password
also be sure you dont have any keyloggers on both the server machine and your computer
|