Jump to content

Home

Weird way they entered my server, need help.


jedi-Guard

Recommended Posts

I need help again, got only few details on it.

I had my none mod server runing like more then 1 year, safe and secured, virus scanner and firewall installed, also updated Windows XP.

I can say for sure am kind of very safe and i am a "System Administrator".

Someone got the password to my server and started to change timelimits and map and so on.

I changed the password, and restarted the server.

He got back in and downloaded the server.cfg file. How can you download server.cfg ?

It gets weirder, i went to the base folder, i know which files exists there, but there was 1 file that got there some how and i dont know how it got there.

file was called 1.cfg and had a different rconpassword and alot of other settings too.

I turned off Allowdownload, i deleted the 1.cfg file and i renamed the server.cfg to something something.

If this helps, then do the same as i did. If it doesnt help, report and i will also keep an eye on my server too and report bugs.

Link to comment
Share on other sites

  • 2 weeks later...

Mm, disturbing.. maybe it was someone you know? a friend perhaps, that opened your server.cfg file while you were away and stole the pass.

The 1.cfg file.. someone must have written it, in conole you say "write "x"" and it writes a cfg file, have you accessed it and looked what's written inside?

Could also be a keylogger, clean your computer from spy wares and not viruses.

Host as normal, I'm pretty confident nothing will happen, if it does then I'm not much of use

anyway, hope everything turns well

Link to comment
Share on other sites

Well i can say am clean from viruses and other stuff.

I suspect that someone stole the password from my friend that also was dedicated administrator, but something very weird was that, when i changed the password, he could download the server.cfg file from my server, what is the command for that, i didnt know it was possible.

I disabled allowdownload cause it was enabled.

that 1.cfg file is not being executed, it was just in the base folder.

Link to comment
Share on other sites

Neither did i know that it was possible, but now it seems it is. If you suspect it, ask him if he gave it to somebody else, if he did just change it, second thought, change it now and you wont have to worry about some stranger that have got your rcon.

Since he stole the server.cfg file.. he will host the same server as yours, look for it, if he is hosting with your cfg file the chances are good that you'll find it. Good luck.

Link to comment
Share on other sites

  • 3 weeks later...

Turn: sv_allowdownload 0 (off) so they can't download the server.cfg

Its a bug which is still used lately.

If its on people can download ur server.cfg..

But if you don't want to do that, u have to rename the server.cfg to something else (and change the settings for the launch of it)

Gl.

Link to comment
Share on other sites

  • 2 weeks later...

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...