Login

rozenman · 11-14-2007, 08:03 AM

OK, a hacker broke into my CSS server, and he can now change anything he wants. I started talking to him, and he said to me that as long as I have my server on Linux, he will be always able to hack into the server, even without loggin into it (or to steam at all), and with no need to know my rCon password. What does that mean? Is there any fix to Linux servers that I don't know about?

**Spartanfrog** · 11-14-2007, 09:02 AM

Wow that guy is a nice hacker to stop and talk to the guy he is stealing from.

rozenman · 11-14-2007, 09:58 AM

lol, he is... but after that he gave me ban Sad

What is that bug in linux server files??? Sad

woody · 11-14-2007, 11:22 PM

Think about it for a second. If the haxxor had a "magic key" that allowed access to any linux inserver, wouldn't the boards be flooded with the info (bitching)? Wouldn't the steam boards be full of rightfully PO'ed people as well?

Do you have any mods installed? Mani, Beetle and the like? Do you have a good RCON password? Start with the obvious stuff first. Like a good root password on your *nix box.

rozenman · 11-15-2007, 12:41 AM

I know he does have a hack, but it is a private hack, and I saw him doing that in other servers...
But I thought about deleting Mani, and use something from EventScripts instead, maybe he lied and he must have Mani in the server for breaking it... Maybe with only EventScripts installed in my server, he won't be able to hack. But he does have full control, no matter what the rcon (I had a really hard rcon password, and I changed it every couple of days, and he still could do anything). He said that he can see the server log too, and if I am not wrong, he said that the hack is built in C++ (But I don't think that helps =\ )

tyroney · 11-15-2007, 05:49 AM

What you describe is someone who's broken into your linux box. He could do anything to anything on that linux machine if that's the case. Like someone mentioned, there's no security bug in the linux srcds that I've heard of. (such a thing would be hard to keep quiet) The problem is more likely related to your linux setup. (or the lock on the door of the room your server is in, or something)

rozenman · 11-15-2007, 08:00 AM

Acctually, he can't do anything to my computer, he tried to get a script that I used on my server and he couldn't. By the way, if there are private hacks, I don't think that everybody knows about them, it is more likely that only few people, who probably built it, will know about it while others won't.

tyroney · 11-15-2007, 09:50 AM

I'm nowhere close to being an expert, but I know enough to get my hands dirty. If you can find this guy doing things on your server again, you might run netstat -an to try and see what he's connected to. (and maybe his ip, which could help) If I had the time, I'd go lookup a way to save or find some logs.

Also be sure to check out any machine you connect to your server thru. A simple keylogger would be more than enough to defeat anything you try to stop him with. Also, don't trust much or anything of what he told you. If he was talking to you, it probably wasn't to be nice and help you figure out how he actually did what he did.

rozenman · 11-15-2007, 10:02 AM

k, thanks...

**Spartanfrog** · 11-15-2007, 12:06 PM

Yeah, trace his IP and give it to the cops. Kick his sorry hacker ass.

rozenman · 11-15-2007, 01:17 PM

Well, I did a script in Event Scripts that kick him every time he join - meaning - he think that he is banned, but he can't cancel it. The only problem is that he can still control the server outside the game... =\

lucindrea · 11-15-2007, 09:53 PM

dont forget
lsof -i
either .. it would also show you whats going on ..
also ... you may want to change your script to do a
tcpdump -vvvv >> hacker.txt
and a sleep 5 , THEN kick him ( then exit the script else the tcpdump would run forever ).. that will give you at least a little bit more to go on , of course if he is doing stuff scripted , 5 seconds may be plenty of time for him to play.

for some server hardening

apf ( http://rfxnetworks.com/apf.php ) , bfd ( http://rfxnetworks.com/bfd.php ) and sim ( http://rfxnetworks.com/sim.php ) to beef up your system a little bit.
once you get his ip block ( do a whois on his ip # and you should get somthing like 123.456.789.0/24 ) you can block him fully , this should stop him in game also.

lucindrea · (This post was last modified: 11-15-2007, 09:55 PM by lucindrea.)

oh if you do any of the above ( apf , bfd , sim ) please please read all the instructions .. if you really make mistakes you can lock yourself out ( not a big deal if you have direct console access , just a pain )

rozenman · 11-15-2007, 10:39 PM

ok, thanks

Drocona · (This post was last modified: 11-19-2007, 09:22 AM by Drocona.)

Try changing your rcon password and remote control password
also be sure you dont have any keyloggers on both the server machine and your computer

Login
Username:
Password:	Lost Password?
	Remember me