RCON Password Stealer

[SickPuppy]

Has anyone been hit with this hack yet and is there a fix for it

[jcroom]

For what game?

[SickPuppy]

Looks like Wolf ET right now but I think it can also be used on other games

[jcroom]

There are several exploits with the Q3 Engine for gaining the rcon password. The most common two are 1. An exploit that allows you to download the server config file (therefore being able to see the rcon password) and 2. an rcon brute forcer.

 

To fix 1. turn off auto downloading. To fix 2. You will need to modify the game executable to limit rcon commands to a half second. ( I do not have this patched for ET.)

Hope that helps.

[{-SMAKU-}_MotorMouth]

There are several exploits with the Q3 Engine for gaining the rcon password. The most common two are 1. An exploit that allows you to download the server config file (therefore being able to see the rcon password) and 2. an rcon brute forcer.

 

To fix 1. turn off auto downloading. To fix 2. You will need to modify the game executable to limit rcon commands to a half second. ( I do not have this patched for ET.)

Hope that helps.

 

I tried the exe patch but that didn't work. It seems to be a problem with 2.55 more that 2.60b.

[KP-Dallas]

There is an exploit in etadmin_mod and it allows you to gain access with certin user names but,i wont say in public forums here

[Todd Holley]

Just for reference;

 

Luigi Auriemma has made many patches for the quake engine. And although he has addressed this problem he has NOT made a patch for this. The rcon stealing problem CAN be fixed in games such as the Call of Duty 1 series if you disable downloading, or just create a dummy server config that isn't used. The second option I listed always worked for me. Note that this problem died as quickly as it began as it led to the banning of many users, guilty or not and was not looked upon highly by many members of the gaming community.

[Andy @ UVGaming.co.uk]

As others have said there is no direct fix for this apart from disabling the auto downloader.

 

However it is suggested that when this isn't possible you make it more difficult by making a dummy server.cfg or setting up the servers to use a different config name i.e instead of using server.cfg you use xxx8.cfg. This just makes it harder for the hacker to find the file but doesn't stop it.

[Steven Crothers]

The hack doesn't really seem to work in 2.60, though I notice it in 2.55 and 2.56....

 

Why people don't upgrade there FREE game is beyond me, because us hosts are stuck hosting it.

[Creed3020]

We had an issue with someone stealing the rcon password but this was in CSS and caused by a security hole in EventScripts, though there is a fix available.

[KP-Dallas]

There is a fix for this,

 

If you guys are in need please let me know and i can try to post the fix here if its no problem with ECF there are a couple ways 1st being in ETAdminMod were someuser names gives them admin powers and 2nd being were they just download your server.cfg file all work in 2.60b and 2.55 2.60 is harder

[Todd Holley]

Just to update and bring this to light... you need to be extremely careful with games that have the downloading exploit unpatched. I suggest using non default tca userfiles locations. These kids have nothing else to do, and could possibly get ahold of some files that you'd rather them not have.