Odd person...

[infestor1]

Well i am admin on a server called ATCS|Wonderland, and today someone weird came on.

On wonderland there are 6 admin levels, I am level 5. 5 is the highest someone can get (6 is for console admin). Today I logged on and there was someone, and people immediately started going into admin chat to report them. I kicked the person, and i later adjusted the ban to 1 hour. 5 minutes later the person comes back, and i check the showbans, and the ban is gone. I was on the whole time so I would have known if someone unbans or there was a rcon !unban. But during that 5 minutes, my friend (also an admin) came on. I filled him in on what happened via a private chat channel (the server has p-g-qvm). Then I got banned for 5 years from the person, with no reason. Then I tried to reconnect and I could. It turns out my friend unbanned me. Once I came on I checked admin list, and the person who banned me was level 6. And there was no !setlevel message or anything.

Then that person disconnected. About an hour later, he is back, and level 0. Then suddenly he starts banning people. my friend starts unbanning them and then the guy bans himself. I adjusted the ban to permanent.

Thats the story. Can you please tell me what could have happened. (Is there a way to give yourself admin other than rcon, like a hacking way?) I need to report to the owner what happened, but I need a simple explanation for what could of happened.

Thanks.

[Archangel]

somebody guessed your rcon

[infestor1]

somebody guessed your rcon

Not my server.... xD


But is it possible to do a silent !setlevel, like a !specme s?

[spectator]

please don't give such specific details about bugs on the forums (this bug was fixed by dumb luck by the way) - kev

[Amanieu]

The only way I know of silently giving yourself admin is editing admin.dat and running !readconfig.

[Archangel]

bug details removed -kev

That bug was fixed in 1.1.0 and hasn't been valid for more or less 3 years.
actually it exists in 1.1 still, but not in anything people would actually use (even tjw's old game.qvm) -kev

[danmal]

There did exist a variety of bugs in the Tremulous QVM that could allow someone to either change or access your RCON. These bugs should have all been fixed in fairly recent QVMs however. I'd suggest upgrading your QVM if this continues to be a problem as well as changing your rcon and other server details (aka ftp pass as well).

Of course this person could have guessed your rcon or it could be a new vulnerability.

[infestor1]

There did exist a variety of bugs in the Tremulous QVM that could allow someone to either change or access your RCON. These bugs should have all been fixed in fairly recent QVMs however. I'd suggest upgrading your QVM if this continues to be a problem as well as changing your rcon and other server details (aka ftp pass as well).

Of course this person could have guessed your rcon or it could be a new vulnerability.

I am using P-G-QVM. Does this still have this "bug" that you were talking about?

[Archangel]

no, as it says up above in red. thx kev.

[danmal]

I was referring to a different bug actually. I can't tell you without knowing the version number and even then I wouldn't really know. I'd suggest that you upgrade to the latest version of P-G-QVM assuming it's still being mantained otherwise it might be a good idea to change to a QVM like Lakitu7's QVM.