All Server Owners READ!!

Talk about anything related with the servers

Moderator: Core Staff

Stagno
CJ Wannabe
CJ Wannabe
Posts: 1
Joined: August 9th, 2010, 12:46 pm

Re: All Server Owners READ!!

Post by Stagno » August 9th, 2010, 12:50 pm

Is it possible to save the rcon password in a cfg in the main folder? Is the main folder unacessable with the hack?

User avatar
R4d0xZz
CJ Fan
CJ Fan
Posts: 199
Joined: August 24th, 2009, 2:08 am
Location: Berlin
Contact:

Re: All Server Owners READ!!

Post by R4d0xZz » August 9th, 2010, 1:19 pm

Stagno wrote:Is it possible to save the rcon password in a cfg in the main folder? Is the main folder unacessable with the hack?
you can download pretty much all if you know the name of the file you want to get from the server.
thats why you need to rename your server.cfg to something random.

Edit: Drofder.
Please do not gives hints at the method of it.
Removed some wording.
Image|Image
Image|Image
Image|Image

User avatar
Hoogie
Core Staff
Core Staff
Posts: 3974
Joined: September 2nd, 2008, 10:22 am
Location: Holland

Re: All Server Owners READ!!

Post by Hoogie » August 9th, 2010, 2:09 pm

Well i wasn't even looking for the tool and still i got it. I had no interest in it at all. So the people who actually want it defintely will be able to get it.

Still 90% of the people don't know how to use it and let's keep it that way. That's why i don't find it smart to post all of this but w/e.
-=[[CoDJumper.com Movies]]=-
[[Ambush]] || [[Backlot]] || [[Bloc]] || [[Bog]] || [[Broadcast]] || [[Chinatown]] || [[Countdown]]
[[Crash]] || [[Creek]] || [[Crossfire]] || [[District]] || [[Downpour]] || [[Killhouse]] || [[Overgrown]]
[[Pipeline]] || [[Shipment & Wetwork]] || [[Showdown]] || [[Strike]] || [[Vacant]]


A woman can fake an orgasm, but a man can fake an entire relationship

User avatar
Drofder2004
Core Staff
Core Staff
Posts: 13313
Joined: April 13th, 2005, 8:22 pm
Location: UK, London

Re: All Server Owners READ!!

Post by Drofder2004 » August 9th, 2010, 3:09 pm

Hoogie wrote:Well i wasn't even looking for the tool and still i got it. I had no interest in it at all. So the people who actually want it defintely will be able to get it.

Still 90% of the people don't know how to use it and let's keep it that way. That's why i don't find it smart to post all of this but w/e.
The tool has built in instructions. The only instruction not provided is what I have edited from the posts above.

This has existed since 2008. This is NOT new, IW has no intention of fixing it, the tool is not going away, it is NOT a PURCHASE tool but a free tool made for bug analysis.

Educate the server owners (and server providers) and the tool will only be able to be used in its original use, bug testing and not hacking.
Image
Virgin Media 20Mb Broadband:
"Perfect for families going online at the same time, downloading movies, online gaming and more."
Borked internet since: 22-07-2010

User avatar
R4d0xZz
CJ Fan
CJ Fan
Posts: 199
Joined: August 24th, 2009, 2:08 am
Location: Berlin
Contact:

Re: All Server Owners READ!!

Post by R4d0xZz » August 9th, 2010, 5:36 pm

#1 and #4 - #12 are secure. i could get the server.cfg but the rcon wasnt working so gj on that.
try to talk with leviate now.
Image|Image
Image|Image
Image|Image

User avatar
MasterThomy
CJ Wannabe
CJ Wannabe
Posts: 42
Joined: December 23rd, 2008, 5:14 pm

Re: All Server Owners READ!!

Post by MasterThomy » August 14th, 2010, 6:37 pm

It took me like an our to successfully hack my own servers...xD
The worst part is that you can download ANYTHING (if you know me you know why that pisses me off).

But I found a way to disable that, just set:

sv_allowdownload 0
sv_wwwdowload 1

in your cfg file, if you put your iwds on a webserver, players can still download them, but cant use the hack to download anything else. :)
Ex CoD2 mapper/modder.

User avatar
Hoogie
Core Staff
Core Staff
Posts: 3974
Joined: September 2nd, 2008, 10:22 am
Location: Holland

Re: All Server Owners READ!!

Post by Hoogie » August 14th, 2010, 6:39 pm

Good Job if it works!
-=[[CoDJumper.com Movies]]=-
[[Ambush]] || [[Backlot]] || [[Bloc]] || [[Bog]] || [[Broadcast]] || [[Chinatown]] || [[Countdown]]
[[Crash]] || [[Creek]] || [[Crossfire]] || [[District]] || [[Downpour]] || [[Killhouse]] || [[Overgrown]]
[[Pipeline]] || [[Shipment & Wetwork]] || [[Showdown]] || [[Strike]] || [[Vacant]]


A woman can fake an orgasm, but a man can fake an entire relationship

User avatar
Drofder2004
Core Staff
Core Staff
Posts: 13313
Joined: April 13th, 2005, 8:22 pm
Location: UK, London

Re: All Server Owners READ!!

Post by Drofder2004 » August 14th, 2010, 7:13 pm

This does work, but the server must have a redirect ftp.
Image
Virgin Media 20Mb Broadband:
"Perfect for families going online at the same time, downloading movies, online gaming and more."
Borked internet since: 22-07-2010

User avatar
Husker
CJ Worshipper
CJ Worshipper
Posts: 240
Joined: June 26th, 2010, 11:29 am

Re: All Server Owners READ!!

Post by Husker » August 14th, 2010, 7:35 pm

Well it doesnt work cause if you do that nobody can download the mod from the server.... so nobody can join :O
My Youtube---->http://www.youtube.com/user/BSGhusker
Add me as a friend on Xfire---->username: Husker3011

PeЧĐuĐe@CoDJumper.com: hairdresser in my house
PeЧĐuĐe@CoDJumper.com: she comes round to cut my mum's hair
HuÅŸker@DeadMouse: your mum's "hair" xD
PeЧĐuĐe@CoDJumper.com: oh dear.


PeЧĐuĐe@CoDJumper.com: I'm making a joint map with KS
HuÅŸker@DeadMouse: joint?
PeЧĐuĐe@CoDJumper.com: fine, weed map

User avatar
Drofder2004
Core Staff
Core Staff
Posts: 13313
Joined: April 13th, 2005, 8:22 pm
Location: UK, London

Re: All Server Owners READ!!

Post by Drofder2004 » August 14th, 2010, 8:41 pm

Husker wrote:Well it doesnt work cause if you do that nobody can download the mod from the server.... so nobody can join :O
Which is why you need redirect, so they download the mod off the internet, not the server.
Image
Virgin Media 20Mb Broadband:
"Perfect for families going online at the same time, downloading movies, online gaming and more."
Borked internet since: 22-07-2010

User avatar
MORGOTH
CJ Newbie
CJ Newbie
Posts: 82
Joined: July 30th, 2009, 4:41 pm

Re: All Server Owners READ!!

Post by MORGOTH » August 30th, 2010, 5:12 pm

MasterThomy wrote:It took me like an our to successfully hack my own servers...xD
The worst part is that you can download ANYTHING (if you know me you know why that pisses me off).

But I found a way to disable that, just set:

sv_allowdownload 0
sv_wwwdowload 1

in your cfg file, if you put your iwds on a webserver, players can still download them, but cant use the hack to download anything else. :)
dunno why this doesn't work on my server... people keep downloading my cfg and making the good or the bad time in the server :(

and seems that you, husker, are involved......

User avatar
MORGOTH
CJ Newbie
CJ Newbie
Posts: 82
Joined: July 30th, 2009, 4:41 pm

Re: All Server Owners READ!!

Post by MORGOTH » August 30th, 2010, 5:26 pm

KillerSam wrote: Why not just rename your config to something really random then? very easy fix.
i can't do that because i do not own the server. The gameservers are hosted by an hosting company that doesn't give me the rights to change the command line.

User avatar
Infinite
PC Team
PC Team
Posts: 2385
Joined: April 11th, 2008, 4:39 pm
Location: Roswell, Georgia

Re: All Server Owners READ!!

Post by Infinite » August 30th, 2010, 6:35 pm

Drofder2004 wrote:To find the tools, you do need to know a little more information than what has been provided here.
Drofder2004 wrote:I was able to find, locate and use the tools successfully within an hour of being notified of the 'hack'.
Drofder2004 wrote:The tool has built in instructions.
About these posts, I would just like to bring up that with the information in this thread and NO knowledge of this hack beforehand, I was able to get it within 5 minutes by googling it. It does have built-in instructions, and it's quite scary how easily I was able to obtain it :/.

The fix looks quite simple and seems to work (the dvar one, not the renaming one), and I would suggest doing this immediately for any server owners who haven't already done so. There does appear to be some error with the dvar one (as shown in the last few posts), but if it seems to work for others, I would suggest using that over the other one. I'd rather not explain here as to why the renaming one may still put you at risk because it would give an idea to hackers as to how to get around it, but I thought that I'd at least share my thoughts on this.

EDIT: Just thought I'd throw this in there. The author of the "hack" states that the renaming method makes you 100% safe from this hack. Only I think otherwise as of right now.

2nd EDIT: Within 30 minutes of finding the hack, I have successfully gotten an RCON password. I will be alerting the owner of the server as soon as I see them (since it's a server that I actually like), and I'm only posting this to personally confirm that it's extremely easy to understand how this hack works, and it's EXTREMELY important that any server owner who hasn't attempted a fix should do so IMMEDIATELY. That is all for now.
Image
"The beauty of a living thing is not the atoms that go into it, but the way those atoms are put together."
"A still more glorious dawn awaits- not a sun rise, but a galaxy rise. A morning filled with four hundred billion suns: the rising of The Milky Way." - Carl Sagan

[15:19] _MattyTÒ£eFarmer_: infinate
[15:19] _MattyTÒ£eFarmer_: u r smarter than me

User avatar
Drofder2004
Core Staff
Core Staff
Posts: 13313
Joined: April 13th, 2005, 8:22 pm
Location: UK, London

Re: All Server Owners READ!!

Post by Drofder2004 » August 30th, 2010, 7:08 pm

If we pretend it doesn't exist then those who have the tool, will use it freely without being stopped. If you provide awareness of the tool, then eventually the server admins (and hopefully, the server providers) will start to fix the problem by allowing people to change their command line (and if your server provider does not have custom or will not allow to change command line, point them in the direction of this thread or tell them to fuck off and get a better provider).

The renaming method is the best solution, the simple reason being you need the knowledge from the file names to be able to grab the files. To my knowledge their is no way of getting this information.

Ofcourse changing the DVAR is the number one method because it simply stops the hack from working, but it also stops other things working... As long as you have redirectional downloads, this will always be the best way.
Image
Virgin Media 20Mb Broadband:
"Perfect for families going online at the same time, downloading movies, online gaming and more."
Borked internet since: 22-07-2010

User avatar
MORGOTH
CJ Newbie
CJ Newbie
Posts: 82
Joined: July 30th, 2009, 4:41 pm

Re: All Server Owners READ!!

Post by MORGOTH » August 30th, 2010, 7:49 pm

Drofder2004 wrote:
Ofcourse changing the DVAR is the number one method because it simply stops the hack from working, but it also stops other things working... As long as you have redirectional downloads, this will always be the best way.
I don't know why but the dvar thing doesn't worked for my server. One of my mates tried and can't download the server.cfg with sv_allowdownload 0 but people keeps hacking (two times today)
so i finally realised that i can rename the server.cfg from ftp with the server already running. So they can't download anything.

Post Reply

Who is online

Users browsing this forum: No registered users and 7 guests