Text only | Text with Images

Tremulous Forum

General => General Discussion => Topic started by: BeerBastard on February 27, 2007, 06:17:31 AM

Title: Rcon command without Rcon. Interesting.
Post by: BeerBastard on February 27, 2007, 06:17:31 AM
Ok we had a griefer come into the game.  And set us past stage 3, meaning nothing can be built, no one can evolve and it says you have no eggs. I set us back after kicking the known griefer.

I thought the only way to do this is with rcon g_humanstage and g_alienstage
Which require you to know rcon password.  

How do you do this without rcon? We just changed our rcon password, and it happened again.  If its a bug, is there a fix? It happened again when the griefer came back the 2nd time.
Title: Rcon command without Rcon. Interesting.
Post by: dodo1122 on February 27, 2007, 09:25:49 AM
maybe he hax00r'd to the machine running your server and just looked in server.cfg? :P



dodo
Title: Rcon command without Rcon. Interesting.
Post by: DoorKnob on February 27, 2007, 11:47:11 AM
i've also had this happen, he would come in, change all the server setttings thrn i'd kick him, but before i know that he was doing it, i was going crazy cause i'm the only with rcon, but he told me it was him and told me he uses leeches to hax my server.... Perm ban :P
Title: Rcon command without Rcon. Interesting.
Post by: Odin on February 27, 2007, 03:47:57 PM
Maybe he knew the password?
Title: Rcon command without Rcon. Interesting.
Post by: Caveman on February 27, 2007, 04:05:40 PM
Most server I've seen this happening on do offer maps via a webserver and link their /base in order to save some time in setting up, not realizing that they give read-access to their confs...
Title: Rcon command without Rcon. Interesting.
Post by: vcxzet on February 27, 2007, 04:20:55 PM
type
/class level4
/name blah
Title: Rcon command without Rcon. Interesting.
Post by: DASPRiD on February 27, 2007, 04:54:15 PM
Quote from: CavemanMost server I've seen this happening on do offer maps via a webserver and link their /base in order to save some time in setting up, not realizing that they give read-access to their confs...

I did nearly the same. It's quite simple:

Code Select

#Tremulous map download
<VirtualHost>
 ServerName tremulous.servers.dasprids.de
 DocumentRoot /srv/www/tremulous/

 AliasMatch ^/(.*)\.pk3$ /usr/local/games/tremulous/$1.pk3

 <directory>
   Allow from all
 </directory>

 <directory>
   Allow from all

   Options +Indexes
 </directory>
</VirtualHost>


-edit-
Gnaa, damn forum, here's the right paste:
http://pastebin.us/15387
Title: Rcon command without Rcon. Interesting.
Post by: BeerBastard on February 27, 2007, 07:32:04 PM
We used the mg mappack so we linked that from our forums, We didnt link our server base folder.
Title: Rcon command without Rcon. Interesting.
Post by: beerbitch on February 27, 2007, 07:45:31 PM
Quote from: DoorKnobi've also had this happen, he would come in, change all the server setttings thrn i'd kick him, but before i know that he was doing it, i was going crazy cause i'm the only with rcon, but he told me it was him and told me he uses leeches to hax my server.... Perm ban :P

What do you mean by "leeches" ?? You mean the naruto downloaders that got the gnaa fake fansub ? Maybe they were trojaned, but I don't see how a denial of service attack on a q3 based engine server gives them rcon........


I want to know how somebody without rcon password, and without access to the files on the server can bump aliens to s4.
Text only | Text with Images