Jump to content

TCAdmin non administrator

Derek

By Derek
in Support Discussions

Recommended Posts

dimitrifrom31 Super Member

dimitrifrom31

Posted
Posted

do u mean run all ur servers as another user?

 

edit :

 

if you want to run each game server under a specific user account (1 user per service) I can work something out for you based on my current project, should take a couple of hours max to adapt it to ur needs however you would have to edit each of your games install scripts so idk if that would be "fast" enough as you seem to want to make it quick but doing that takes about 30 mins for about 60 games and is just a copy paste job.

 

edit2 : the extra benefit would be that all your future game servers would also be automatically created using a new user account.

Link to comment
Share on other sites
Derek Super Member

Derek

Posted
  • Author
Posted
do u mean run all ur servers as another user?

 

edit :

 

if you want to run each game server under a specific user account (1 user per service) I can work something out for you based on my current project, should take a couple of hours max to adapt it to ur needs however you would have to edit each of your games install scripts so idk if that would be "fast" enough as you seem to want to make it quick but doing that takes about 30 mins for about 60 games and is just a copy paste job.

 

If you can get on msn it would be great, regarding something else.

Link to comment
Share on other sites
adamnp Super Member

adamnp

Posted
Posted

TCAdmin running the gameservers as administrators is resulting in the upload/download exploit hole in the source engine to be penetrated and the system compromised. They are utilizing a plugin they upload, and execute on map change. The result can be used to do many naughty things....Use your imagination.

 

A workaround is definately needed, at the moment we also are working on adapting and fixing this issue...Any help from TCA would be great.

 

Proof of exploit, and POC was supplied to TCA via support ticket.

 

This patch here will help stop the exploit on servers running metamod 1.8.0

 

https://forums.alliedmods.net/showthread.php?t=109453

 

Other actions that can deter the issue from happening is setting your rcon password in your startupline as opposed to in your configuration file, aswell as setting your configuration file in the startupline and using something other than server.cfg such as noob-galore-rox-1911.cfg

 

Hopefully this helps, but hopefully some other issue can be worked upon to help work this out.

 

-Adam

 

-Adam

Link to comment
Share on other sites
CrimsonGT Veteran Member

CrimsonGT

Posted
Posted

This plugin really just means your not vulernable to outside users. You need to make sure your running all game servers on a very limited account, because even with that exploit fixed, any person renting a game server from you can still create a remote desktop account. I wrote a small plugin last night that basically lets me create a user account from SRCDS, then add it to Administrators (or whatever group I want) and log into it from Remote Desktop. This is probably doable with other engines as well, that use .dll's for plugins, as all it really requires is for the plugin to be loaded, then it's game over.

 

If the servers are ran under a low privledged basic user, this isn't too much of a big deal as they can't create new accounts and so on.

 

A lot of people have been blamming Sourcemod, Metamod, Valve, etc. Really any game that allows for c++ plugins can cause this to happen. Although that file upload/download exploit is Valve's fault, and I can't believe they still haven't fixed it.

 

TCAdmin running the gameservers as administrators is resulting in the upload/download exploit hole in the source engine to be penetrated and the system compromised. They are utilizing a plugin they upload, and execute on map change. The result can be used to do many naughty things....Use your imagination.

 

A workaround is definately needed, at the moment we also are working on adapting and fixing this issue...Any help from TCA would be great.

 

Proof of exploit, and POC was supplied to TCA via support ticket.

 

This patch here will help stop the exploit on servers running metamod 1.8.0

 

https://forums.alliedmods.net/showthread.php?t=109453

 

Other actions that can deter the issue from happening is setting your rcon password in your startupline as opposed to in your configuration file, aswell as setting your configuration file in the startupline and using something other than server.cfg such as noob-galore-rox-1911.cfg

 

Hopefully this helps, but hopefully some other issue can be worked upon to help work this out.

 

-Adam

 

-Adam

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue. Terms of Use