I run a counter-strike source surfing server with mani and eventscripts2(via the old version of metamod), and thus the maps should never be anything other than something surf_xxxxxx. Today I had a very strange occurrence, the maps were seemingly randomly being changed from non-surf maps to stuff like de_dust, etc. I have checked the mani logs as well as the clients file and there are no unauthorized entries there, and the srcds logs do not seem to indicate how the map was being changed when these non-standard changes happened. For Example:
When I use mani to change a map, this is shown in my srcds logfile:
Yet when these unknown changes occur, the end of the logfile looks only like this:
I am sure the rcon password is not known (it was disabled up until the time of the incident, so I enabled it and made a random password but it did not seem to prevent anything) and everything else is reasonable secure as far as I can conclude.
I am wondering if anyone has experienced anything similar, and if so, how it was prevented from occurring in the future. Is is possible that there is some unknown vulnerability in mani or the source server itself which would allow such things to happen?
Interestingly, my ventrilo server (which I run on the same box as my css server) started acting up at about the same time of the above events.
When I use mani to change a map, this is shown in my srcds logfile:
Code:
L 04/16/2008 - 22:11:00: [MANI_ADMIN_PLUGIN] Admin [[ғ¹º]Lobster Man (Y)°_°(Y)] [STEAM_0:0:14162673] Executed : changelevel surf_ny_bigloop_2008a
L 04/16/2008 - 22:11:01: [META] Loaded 0 plugins from file (2 already loaded)
L 04/16/2008 - 22:11:01: [META] Loaded 0 plugins from file (2 already loaded)
L 04/16/2008 - 22:11:01: Log file closedYet when these unknown changes occur, the end of the logfile looks only like this:
Code:
L 04/16/2008 - 22:03:46: "Avril Lavigne<46><STEAM_0:0:7666233><>" entered the game
L 04/16/2008 - 22:03:50: "Avril Lavigne<46><STEAM_0:0:7666233><Unassigned>" joined team "CT"
L 04/16/2008 - 22:03:50: "{GFC} Rawr [ғ¹º]<19><STEAM_0:0:13057816><CT>" say "GAY GAY GAY I GOT STUCK"
L 04/16/2008 - 22:03:51: "Minnesota fing<3><STEAM_0:0:8699734><CT>" disconnected (reason "Disconnect by user.")
L 04/16/2008 - 22:03:51: "[ғ¹º] ๖ۣۜK.O.man |PL|™<44><STEAM_0:0:18002187><TERRORIST>" say "yes"
L 04/16/2008 - 22:03:52: "junkie xL<41><STEAM_0:1:12383414><CT>" say "wtf is g-mod?/"
L 04/16/2008 - 22:03:57: [META] Loaded 0 plugins from file (2 already loaded)
L 04/16/2008 - 22:03:57: [META] Loaded 0 plugins from file (2 already loaded)
L 04/16/2008 - 22:03:57: Log file closedI am sure the rcon password is not known (it was disabled up until the time of the incident, so I enabled it and made a random password but it did not seem to prevent anything) and everything else is reasonable secure as far as I can conclude.
I am wondering if anyone has experienced anything similar, and if so, how it was prevented from occurring in the future. Is is possible that there is some unknown vulnerability in mani or the source server itself which would allow such things to happen?
Interestingly, my ventrilo server (which I run on the same box as my css server) started acting up at about the same time of the above events.