DemiGod666 Posted July 5, 2003 Posted July 5, 2003 Is anyone aware of a security hole that would allow an attacker to change server settings? I recent had an attack on my server, and the attacker was able to change the timelimit and fraglimit. I am certain the RCON was not compromised. Timelimit was changed to "-1234794079" effectively putting the server in permanent intermission mode. Fraglimit was changed to "Owned_Bitch" Nothing else was messed with. Network ops has checked and confirmed that the box was not compromised or penetrated. So I conclude that somehow, an attacker is able to penetrate the process and cause changes to certain settings and cause a server restart to effect them. I have the log and have ID the guy. But I'm more concerned with the possibility of a hole that would allow more of this. The box is a P4 Xeon running latest RH Linux, and also runs JA mod. I note that JA mod does not allow changes to timelimit or fraglimit, so I'm also sure the attack didn't come through the mod or was caused by a leaked JA mod password. Thx for your time,
Recommended Posts
Archived
This topic is now archived and is closed to further replies.