SRCDS Steam group


Strange occurrences and random map changes
#1
I run a counter-strike source surfing server with mani and eventscripts2(via the old version of metamod), and thus the maps should never be anything other than something surf_xxxxxx. Today I had a very strange occurrence, the maps were seemingly randomly being changed from non-surf maps to stuff like de_dust, etc. I have checked the mani logs as well as the clients file and there are no unauthorized entries there, and the srcds logs do not seem to indicate how the map was being changed when these non-standard changes happened. For Example:

When I use mani to change a map, this is shown in my srcds logfile:
Code:
L 04/16/2008 - 22:11:00: [MANI_ADMIN_PLUGIN] Admin [[ғ¹º]Lobster Man (Y)°_°(Y)] [STEAM_0:0:14162673] Executed :  changelevel surf_ny_bigloop_2008a
L 04/16/2008 - 22:11:01: [META] Loaded 0 plugins from file (2 already loaded)
L 04/16/2008 - 22:11:01: [META] Loaded 0 plugins from file (2 already loaded)
L 04/16/2008 - 22:11:01: Log file closed

Yet when these unknown changes occur, the end of the logfile looks only like this:
Code:
L 04/16/2008 - 22:03:46: "Avril Lavigne<46><STEAM_0:0:7666233><>" entered the game
L 04/16/2008 - 22:03:50: "Avril Lavigne<46><STEAM_0:0:7666233><Unassigned>" joined team "CT"
L 04/16/2008 - 22:03:50: "{GFC} Rawr [ғ¹º]<19><STEAM_0:0:13057816><CT>" say "GAY GAY GAY I GOT STUCK"
L 04/16/2008 - 22:03:51: "Minnesota fing<3><STEAM_0:0:8699734><CT>" disconnected (reason "Disconnect by user.")
L 04/16/2008 - 22:03:51: "[ғ¹º] ๖ۣۜK.O.man |PL|™<44><STEAM_0:0:18002187><TERRORIST>" say "yes"
L 04/16/2008 - 22:03:52: "junkie xL<41><STEAM_0:1:12383414><CT>" say "wtf is g-mod?/"
L 04/16/2008 - 22:03:57: [META] Loaded 0 plugins from file (2 already loaded)
L 04/16/2008 - 22:03:57: [META] Loaded 0 plugins from file (2 already loaded)
L 04/16/2008 - 22:03:57: Log file closed

I am sure the rcon password is not known (it was disabled up until the time of the incident, so I enabled it and made a random password but it did not seem to prevent anything) and everything else is reasonable secure as far as I can conclude.

I am wondering if anyone has experienced anything similar, and if so, how it was prevented from occurring in the future. Is is possible that there is some unknown vulnerability in mani or the source server itself which would allow such things to happen?

Interestingly, my ventrilo server (which I run on the same box as my css server) started acting up at about the same time of the above events.
Reply
#2
After further investigation it seems a user is able to somehow do this from in-game

when I banned both the steamid and ip from the entry below, all such activity ceased in the meantime
Tavore : STEAM_0:1:5623388 : 96.228.142.145 : 821
Which leads me to believe that metamod or mani, or perhaps even eventscripts has some sort of exploit which allows one to do this type of thing...
Reply


Forum Jump:


Users browsing this thread: 2 Guest(s)