Jump to content

WARNING - Gmod Servers


Benheryet

Recommended Posts

Make sure you keep an eye on your restrictions for clients to upload (.dll, .bat, .cmd, .exe etc).

 

I recently had a client use GMOD Lua script to open command prompt, remove/change the password for the dedicated server. Then they logged into the server using remote desktop, and uninstall TCAdmin and all client files. They then removed a ton of system files (including boot.ini) which meant when I rebooted to recover the password, the system would not evan boot. Resulting in me having to reformat the hard drive and start for scratch.

 

Don't let this happen to you.

Link to comment
Share on other sites

dll, .bat, .cmd, .exe are restricted by default in TCA. Removing those restrictions is asking for trouble as we can see by your results. ;)

 

Yeah, but then with GMOD servers a lot of clients require .dlls upload.

 

I removed all restrictions which was a bad idea.

 

Im not sure if they can do the same results with dll's (they used exe + bat with me), so you goto watch out.

Link to comment
Share on other sites

I have installed mods for rFactor that had a bad .dll file. When it was installed it completely took the server offline when the server crashed. It took us for ever to find out the cause. When customers ask me to open it I say nope. They don't like it but they will get over it or go somewhere else.

Link to comment
Share on other sites

The best thing to do is configure all mods for installation via TCA mod installation packages. This way you know what is going is is legit.

 

Yeah it's a pain in the ass but a small inconvenience is better than knocking the entire box offline or worse have to reload it. ;)

Link to comment
Share on other sites

Yeah, but then with GMOD servers a lot of clients require .dlls upload.

 

I removed all restrictions which was a bad idea.

 

Im not sure if they can do the same results with dll's (they used exe + bat with me), so you goto watch out.

 

Not true you do not have to allow dll's with gmod. And yes there are a couple dll mods out there that will allow client full control of your box. There is a very good reason for those files being restricted by default.

Link to comment
Share on other sites

The best thing to do is configure all mods for installation via TCA mod installation packages. This way you know what is going is is legit.

 

Yeah it's a pain in the ass but a small inconvenience is better than knocking the entire box offline or worse have to reload it. ;)

 

 

That's what I always do. The problem is it also installed the file on about 7 boxes. dll files can be a headache that's why we will not allow customers to upload them.

Link to comment
Share on other sites

The best solution is to run the servers as a restricted user, hence they can only damage their own server. Until then though, restricting DLL files is the way to go. We recently did it and after we got most of the popular addons on and verified we've had no complaints. If a customer asks for a specific DLL, ask for the source code and compile it yourself to be sure.

Link to comment
Share on other sites

  • 2 weeks later...

I had one GMOD guy that loaded a hack with the restrictions all on.

Somehow he changed the filename to an exe and started it with LUA scripts.

He was looking around at all the files in the server box when I busted him,

I just happened to be on that box and saw it running.

Link to comment
Share on other sites

I read on one of the security forums recently that today's "hackers" are far less sophisticated but accomplish far more in light of this. The chief reason being the amount of systems online with either zero protection or clueless sys. admins.

 

 

TCAdmin is a control panel, It won't guard your server or wash your car. It's only purpose is to launch game servers.. Sure it has certain security features built in but it shouldn't be used as your servers protection.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

  • Who's Online   0 Members, 0 Anonymous, 5 Guests (See full list)

    • There are no registered users currently online
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue. Terms of Use