TCAdmin  - The Game Hosting Control Panel  

Go Back   TCAdmin - The Game Hosting Control Panel > Total Control Admin Panel > TCAdmin Version 1

Reply
 
Thread Tools Search this Thread Display Modes
  #1  
Old 04-26-2012, 03:15 PM
LFA LFA is offline
Administrator
 
Join Date: Oct 2004
Posts: 1,873
Default Hack for source games affecting tcadmin v1 and gamecp

There is mention in a hacking forum about hacking source games running under tcadmin v1 and gamecp. They specifically mention it is not possible in v2.

I don't know how this hack works. It could be a custom source mod or a remote exploit. I assume v2 is not affected because in v2 all game servers run as a guest by default. I recommend you configure your game servers to run as a guest using method 1 explained here: http://clients.tcadmin.com/knowledge...yarticle&id=37 or this method: http://clientforums.tcadmin.com/showthread.php?t=6428
__________________
Reply With Quote
  #2  
Old 04-27-2012, 07:31 AM
anup_123 anup_123 is offline
Junior Member
 
Join Date: Dec 2010
Posts: 2
Default Re: Hack for source games affecting tcadmin v1 and gamecp

I saw the post
This guy seems to be using the newly found windows rdp exploit as per his other threads
Reply With Quote
  #3  
Old 04-27-2012, 10:30 AM
Bubka3 Bubka3 is offline
Senior Member
 
Join Date: Dec 2009
Location: New York, NY
Posts: 243
Default Re: Hack for source games affecting tcadmin v1 and gamecp

This post alerted me as well, however we are half-way on TCA v2, and our TCA v1 servers run using dimitri user per server method. I can say this post increased our migration to TCA v2 and I think we're almost done.

Oh yea, this works by customers not securing their server. Instead of uploading a spray, he can upload a virus, which will therefore exploit GameCP and TCA v1 by default because of the service running as Local System, at which point he gains control of the box.

The fix is easy:
sv_download 0
sv_upload 0

If you run SourceMod, installing this extension is a good idea as well.
http://forums.alliedmods.net/showthread.php?t=142249

And you should remind customers to never share the rcon password and rcon command.

Last edited by Bubka3; 04-27-2012 at 07:04 PM.
Reply With Quote
  #4  
Old 04-27-2012, 11:46 AM
Ben-EdgeGameServers.com Ben-EdgeGameServers.com is offline
Member
 
Join Date: Oct 2011
Posts: 69
Default Re: Hack for source games affecting tcadmin v1 and gamecp

Yep! I alerted allot of people Just like I warned Bubka3. Watch out people I have been hacked while I was a GameCP User. Trust me Secure your things ASAP You don't want to be the next Victim.
Reply With Quote
  #5  
Old 04-29-2012, 06:15 PM
{-SMAKU-}_MotorMouth {-SMAKU-}_MotorMouth is offline
Senior Member
 
Join Date: Jul 2007
Location: Granite Falls, NC
Posts: 215
Default Re: Hack for source games affecting tcadmin v1 and gamecp

We had someone installing CS 1.6 on one of our boxes. It was only 1.6 no other game servers. After we deleted the CS 1.6 no other servers were installed.
Reply With Quote
  #6  
Old 04-30-2012, 02:15 PM
ECF ECF is offline
Administrator
 
Join Date: Oct 2004
Location: Massachusettes
Posts: 6,169
Default Re: Hack for source games affecting tcadmin v1 and gamecp

This is due to uploading of a bad mod. Companies that allow uploading of mods should NOT do it.

Huge security risk!
__________________
How many servers is TCAdmin powering?
Reply With Quote
  #7  
Old 04-30-2012, 06:23 PM
ViolentCrimes ViolentCrimes is offline
Senior Member
 
Join Date: Apr 2009
Location: Michigan
Posts: 179
Default Re: Hack for source games affecting tcadmin v1 and gamecp

No offense or anything LFA but shouldn't this be an update you guys send out automatically? Why are we paying for updates if we have to do them manually ourselves? I know per say it is not an issue with tcadmin. But you can argue that tcadmin 1 should have used a different user from the start. What if we don't read the forums and have no clue about this, wouldn't this make you guys no better then cod4 devs for not fixing the exploit ddros attacks.
__________________

Last edited by ViolentCrimes; 04-30-2012 at 06:25 PM.
Reply With Quote
  #8  
Old 04-30-2012, 07:38 PM
{-SMAKU-}_MotorMouth {-SMAKU-}_MotorMouth is offline
Senior Member
 
Join Date: Jul 2007
Location: Granite Falls, NC
Posts: 215
Default Re: Hack for source games affecting tcadmin v1 and gamecp

We test and only allow mods for certain games. If it requires an upload of .bat, .exe, .dll or any other file that can be used to get into out systems we make the installer.
Reply With Quote
  #9  
Old 04-30-2012, 07:59 PM
Trevor Trevor is offline
Junior Member
 
Join Date: Aug 2011
Posts: 7
Default Re: Hack for source games affecting tcadmin v1 and gamecp

Quote:
Originally Posted by {-SMAKU-}_MotorMouth View Post
We test and only allow mods for certain games. If it requires an upload of .bat, .exe, .dll or any other file that can be used to get into out systems we make the installer.
This is a great start but i am pretty sure that this exploit is triggered by an uploaded .cfg file and then the server runs it during startup.
__________________
Reply With Quote
  #10  
Old 05-01-2012, 02:55 AM
LFA LFA is offline
Administrator
 
Join Date: Oct 2004
Posts: 1,873
Default Re: Hack for source games affecting tcadmin v1 and gamecp

Quote:
Originally Posted by ViolentCrimes View Post
No offense or anything LFA but shouldn't this be an update you guys send out automatically? Why are we paying for updates if we have to do them manually ourselves? I know per say it is not an issue with tcadmin. But you can argue that tcadmin 1 should have used a different user from the start. What if we don't read the forums and have no clue about this, wouldn't this make you guys no better then cod4 devs for not fixing the exploit ddros attacks.
Instructions for running as a guest user has been in the product email for years. It takes less than 5 minutes to setup. TCAdmin blocks dll and exe by default. If the admin chooses to remove this restriction instead of taking the time to add them to the mod installer they should know what they are getting into. Running as a guest user is built in to v2.
__________________
Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -4. The time now is 06:50 PM.


Copyright 2004-2017 Balance Servers