Exploit

Realadmin · Post by **Realadmin** » Wed Sep 13, 2006 4:17 pm

Hi there, I run a CSS server runing the 2.6 beta of mani mod, 1.3a meta and the latest zombie mod build.

Yesterday for about an hour everyone was getting randomly teleported and burnt on the server, i changed FTP password and RCON pass and it still happened, afterwards a guy was bragging that he was doing it, he was banned and it all stopped.

Does anyone know what exploit he was using to do this?
afterwards one of the guys found a line i think was in gameinfo? or a similiar file to the effect of ma_burn 0 or something like that cant remember exactly what he said but it was to burn everyone. again its been removed now.

Anyone know what im talking about or seen this before?

Would really appreciate anything on this, cos dont know how but he was unbanned and started doing it again last night, when i banned him again.

Posted this into the mani forums, and someone else had the same issue yesterday and he said when he took of zombie mod it stopped happening...

Thank you

Post by **Spinner** » Wed Sep 13, 2006 4:52 pm

We have now had this happen In our server, plz give me the Id of that fellow so i may ban him as well.

ebola · Post by **ebola** » Wed Sep 13, 2006 5:30 pm

The real question is: is this a a mani problem or zombiemod problem?

Glitched System · Post by **Glitched System** » Wed Sep 13, 2006 6:17 pm

My guess it is a MANI problem because this hasn't happaned on our servers at all, we are using like the update mani came up with after the radar one.

Realadmin · Post by **Realadmin** » Wed Sep 13, 2006 7:01 pm

it may just be that he hasnt done it on your server yet.

I am not 100% sure which one of the mods its happened on.
All i have to go on is that one person took off zombie mod and it stopped.

Steam id i banned was

STEAM_0:0:12128577

if you have any others which u are sure can do this as well pls do tell us.

Glitched System · Post by **Glitched System** » Wed Sep 13, 2006 7:05 pm

Thanks, I'll be sure to bann em on my servers

Glitched System · Post by **Glitched System** » Wed Sep 13, 2006 7:26 pm

Look through your logs on your server

cstrike/logs

Do a Search for STEAM_0:0:12128577

Post by **Spinner** » Wed Sep 13, 2006 7:45 pm

I did, and In the log where It happened that steamId Is not found, meaning more then one person knows how. We need to find out If this Is mani only Im sure It Is... I have an old version running Ill update to newest to see If It helps.

Vincent90 · Post by **Vincent90** » Wed Sep 13, 2006 9:20 pm

STEAM_0:0:12128577

OMG, has soon has he entered the game it started to burn everyone, he even said that it was him) later he said its a joke, but hes bizzare) . his name was GGGGGGGGGGGGGGGG

Im gonna ban him now.

Realadmin · Post by **Realadmin** » Wed Sep 13, 2006 9:25 pm

is there no way to get steam to ban his vac account?

datalon · Post by **datalon** » Wed Sep 13, 2006 10:36 pm

Same guy hit our server 4 times. Same Steam ID, same IP addy. Everytime was with zombie mod enabled.

L 08/29/2006 - 14:54:26: "Jack Bauer<302><STEAM_ID_PENDING><>" connected, address "74.67.25.119:27005"
L 08/29/2006 - 14:54:27: "Jack Bauer<302><STEAM_0:0:12128577><>" STEAM USERID validated

L 09/04/2006 - 12:13:55: "offBalance * Jack Bauer<193><STEAM_ID_PENDING><>" connected, address "74.67.25.119:27005"
L 09/04/2006 - 12:13:56: "offBalance * Jack Bauer<193><STEAM_0:0:12128577><>" STEAM USERID validated

L 09/12/2006 - 17:05:26: "WTDFFA<93><STEAM_ID_PENDING><>" connected, address "74.67.25.119:27005"
L 09/12/2006 - 17:05:27: "WTDFFA<93><STEAM_0:0:12128577><>" STEAM USERID validated

L 09/12/2006 - 17:28:08: "WTDFFA<11><STEAM_ID_PENDING><>" connected, address "74.67.25.119:27005"
L 09/12/2006 - 17:28:09: "WTDFFA<11><STEAM_0:0:12128577><>" STEAM USERID validated
L 09/12/2006 - 17:28:12: "WTDFFA<11><STEAM_0:0:12128577><>" entered the game

I'm running Linux SRCDS via Colo Rackmount with iptables Firewall enabled. So getting through another port isnt an option, unless he spoofs the packates.

Mani 1.2BetaN Rc2.7
Metamod Source 1.3
Zombie mod 1.2.2
Gore mod 3.2.5

I tested this yesterday, he never got back on the server after zombie was disabled. I checked through all the logs for my clans other 9 servers and he didnt not get on any of them. Just zombie server, besides my clans other 8 CS:S servers and Dod:s server, he did not touch them.

That would lead me to believe either he likes to play on zombie servers only, or its an exploit in zombiemod. I took off goremod and left zombie on, at first and he hit it.

Some of my clans other servers run just mani mod, some run Deathmatch mod, some run gungame mod.

I'm thinking it may be zombie mod, or just a really good script hacker.

kizzbizz · Post by **kizzbizz** » Wed Sep 13, 2006 10:46 pm

He just hit our server, name was "u", same ID.

We even UNLOADED Mani completley (commented it out in the metamods .txt) and it still happened. Everybody add his IP/ID to your zombie servers. Hopefully we can fix this in a couple days before it gets too out of hand.

Vincent90 · Post by **Vincent90** » Wed Sep 13, 2006 10:48 pm

Ok, so its official.

BAN ; STEAM_0:0:12128577

Realadmin · Post by **Realadmin** » Wed Sep 13, 2006 11:09 pm

that IP is someone based in Virginia(USA) and his hosts site is www.rr.com

i have been speaking to him/his mate and told him imma callin the cops on his ass he laughed it of saying its not illigal, i said his hack modyfies a file on my server, doing so without my express permission is regarded as illigal, hence yes they can be called.

this guys KNOWN steam id is

STEAM_0:1:7008840

ive also banned him, but it seems they have ways of clearing ban files, surely there must be a way to circumvent this, can i rename the files and still use them?

I am fairly certain this is limited to Zombie mod servers, seems like he is 12-15/16 yrs old, and in for a laugh ...

Theres got to be a way to stop this twit.

Glitched System · Post by **Glitched System** » Wed Sep 13, 2006 11:12 pm

ZombieMod 4.0

Exploit

Exploit

Who is online