[cod] Cfg download hacking

Tue Sep 14 18:44:07 EDT 2010

The only deterrent/options I had available to me at that time was to 
remove the rcon password which as we all know makes server managment a 
real drag or be very vigilent  and locate the intuders ip-address in 
your log files and ban there entire subnet so that if they reboot or 
shut down their modem dsl or cable they can't use that address to attack 
you.  Of course keep in mind when you ban a subnet you ban all users 
from that subnet so if the bad guy has a address of say 24.16.xxx.xxx 
and you ban that subnet net every one that try's to access your server 
from with address within the xxx.xxx octets will be banned as well.  
Yeah the deal is the pitts and those that make the problem have a great 
need of what I'll never know.

On 9/14/2010 2:14 PM, Marco Padovan wrote:
> I see...
>
> will take the "random cfg filename" path as all other workarounds are
> not acceptable for my use :(
>
> On Tue, Sep 14, 2010 at 8:01 PM, Morpheus<morpheus at clantoc.org>  wrote:
>    
>>   I think iptables is too low-level to deal with such specific hack attempts.
>> At least you can use it to ban IP addresses you catch... It's sad it has not
>> been fixed since discovery, with all the games that are using the
>> codebase...
>>
>> Le 14/09/2010 19:32, Marco Padovan a écrit :
>>      
>>> I'm aware of the exploits... was looking for some suggestion on how to
>>> fix them... even via iptables eventually...
>>>
>>> On Tue, Sep 14, 2010 at 6:56 PM, James Landi<jim at landi.net>    wrote:
>>>        
>>>>   The exploit I just posted about could be an older version or not the
>>>> same
>>>> as described in this mail list thread.
>>>>
>>>> using the second link should give you a good list of quake based exploits
>>>> you may want to watch for.
>>>>
>>>> Sorry for the wrong ling
>>>>
>>>> Jim Landi
>>>> Rudedog
>>>> FPSadmin.com
>>>> Microsoft MVP, Games for Windows | Twitter@ therealrudedog
>>>>
>>>>
>>>> On 9/14/10 12:25 PM, Morpheus wrote:
>>>>          
>>>>> We're talking about the built-in download system, not the http redirect
>>>>> one, which you can control with symlinks and htaccess features. It's
>>>>> about a
>>>>> security hole that virtually exists in all q3-based games (at least for
>>>>> the
>>>>> net code).
>>>>>
>>>>> Le 14/09/2010 18:21, Mavrick a écrit :
>>>>>            
>>>>>> Anyone tried symbolic links?
>>>>>>
>>>>>> On 14/09/2010 3:11 AM, Nosjp Nosjp wrote:
>>>>>>              
>>>>>>> The only one solution:  set sv_allowDownload "0"
>>>>>>>
>>>>>>> On Mon, Sep 13, 2010 at 7:45 PM, Marco
>>>>>>> Padovan<evolutioncrazy at gmail.com
>>>>>>> <mailto:evolutioncrazy at gmail.com>>    wrote:
>>>>>>>
>>>>>>>     We are having major hack attempts that consist in people
>>>>>>>     downloading the cfg files....  currently we had to use random
>>>>>>>     file names...
>>>>>>>
>>>>>>>     is there any solid work around?
>>>>>>>
>>>>>>>
>>>>>>>     _______________________________________________
>>>>>>>     cod mailing list
>>>>>>>     cod at icculus.org<mailto:cod at icculus.org>
>>>>>>>     http://icculus.org/mailman/listinfo/cod
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> cod mailing list
>>>>>>> cod at icculus.org
>>>>>>> http://icculus.org/mailman/listinfo/cod
>>>>>>>                
>>>>>> _______________________________________________
>>>>>> cod mailing list
>>>>>> cod at icculus.org
>>>>>> http://icculus.org/mailman/listinfo/cod
>>>>>>              
>>>>> _______________________________________________
>>>>> cod mailing list
>>>>> cod at icculus.org
>>>>> http://icculus.org/mailman/listinfo/cod
>>>>>            
>>>> _______________________________________________
>>>> cod mailing list
>>>> cod at icculus.org
>>>> http://icculus.org/mailman/listinfo/cod
>>>>
>>>>          
>>> _______________________________________________
>>> cod mailing list
>>> cod at icculus.org
>>> http://icculus.org/mailman/listinfo/cod
>>>        
>> _______________________________________________
>> cod mailing list
>> cod at icculus.org
>> http://icculus.org/mailman/listinfo/cod
>>
>>      
> _______________________________________________
> cod mailing list
> cod at icculus.org
> http://icculus.org/mailman/listinfo/cod
>
>    