PDA

View Full Version : WE GOT A CRASHER! Without adminmod too!



Bob-o
08-01-2002, 10:10 PM
...and I got proof, lots of proof, and information about the guy.
Note: when I post wonid's and log data of people, it's serious. this guy is crashing my server repeatidly without adminmod running on it!
OK, here's how I cought him... I came back and started working on my computer, On avrage, the server crashes every 3 hours or more... Suddenly the server crashes, no bigie, I hit the ok box to make it get out of my way.. and the server restarts normally.. about 3 mins later, it crashes again... this isn't normal unless the map is messed up... I hit ok and passively watch the console while I script something for my TFC server.
2 mins later, it crashes AGAIN... This isn't normal, especialy when some guy with "l337" name text says "crashy crashy" right before it does crash.... I didn't get the person's name, but I saw it started with a G in it and stuff..
So i went to the logs, (flushed them, moved the previous logs not up untill the 8th to a different folder) and looked at the latest ones.. got that guy's wonid that said crashy crashy, and did a full log search on it.
I basicly went log scouring and found he had used different names bla bla.
Anyways, look at the attachment yourself to see the log snipits I included (including every previous connection he made to server2, I havent searched server1's logdata, dont really need it since I have his wonid and host, BT...)

You might want to check it out and ban him off your server if you run one. if anyone wants the actuall logs for themselves, I'll post them too (even the ones where he did nothing, I'll post them anyways) oh, in a .zip, duh.

djmrmagic
09-01-2002, 07:46 AM
Thanks Bob ive have also seen suspicious activity in my logs from this guy. Using the l337 name too.

HES BANNED !!!!!!!

(GIT)r-man
09-01-2002, 01:33 PM
Sniper uses |337 as a name sometimes :D

djmrmagic
09-01-2002, 01:48 PM
Whoops........wait for the blast then!!!!!

Bob-o
09-01-2002, 03:37 PM
sniper also spams the IM A SVENCOOP TEAM MEMBER csay built intothe mod.... he kept doing it after I told him to stop... (well, he did PAUSE for a while)

WaRgAsMo
10-01-2002, 01:45 AM
Bob-o, if you use win2k use IPSEC to firewall his entire subnet from connecting and ban his wonid for good measure. I have done that already.

If you use linux, then use the *nix equivlant because i dont know what it is.

Bob-o
10-01-2002, 03:47 AM
I dont feel like baning subnets unless somone is a VERY big problem who keeps coming back no matter what I do..
usually an IP and WONID ban works just fine, if not, most of the time 2nd time works fine. if not that, he's a problem, it's subnet time...

Mr. Chris
10-01-2002, 12:04 PM
his wonID is 145439? He's banned

Hey Bob can you post your latest banlist?

I want my servers to be asshole free also :)

Bob-o
10-01-2002, 02:09 PM
sure...
just a reminder.. ADMIN_UNBAN WILL ERASE THE ENTIRE BANLIST..
I f***ed up and lost the last 5 or so people on the list :rolleyes: so either change unban's access level to some really really high number... (131072 level effectively disables it...) or erase the comments and move the addip commands to a serperate file and store only the wonid's in banned.cfg...
or else your screwed!
note: the bans that say (banned via-logs) mean that adminmod wasn't working and I generated the ban in the file manually.... which means the ones that were baned via logdata were the ones banned in 2.0 public beta... just if you wanna know...
also, I really spent some time finding that crasher guy.. I spent about an hour surfing through the logdata looking for any instance where either his name, one of his IP's, or wonid appeared. ANYWHERE... Also, there is a bug with HLDS.exe where it writes logdata later than things happened, I think it will write things to the files when an event is pushed up beyond the buffer (IE: it gets pushed up to the point were you can't scroll any higher)
I set HLDS to have a buffer of 50, so the last 50 lines are gone when an instant crash happens... I sugest you right click the titlebar of HLDS and set the screen buffer size much lower than 300, you dont need much more than 50 unless you went AFK for a while, come back, and want to see what just happened... (even though holding the scrollbar in HLDS lags everyone indefinately when a new event happens...)

if you want me to rant some more and elaborate about this stuff... ask

Mr. Chris
10-01-2002, 02:52 PM
I don't use adminmod

puff the magic dog
12-01-2002, 04:38 AM
i thought i saw a person just before it crashed say crashy crashy and his name was G-man.

I REMEBER IT ALL I WAS JUST RECRUTING MR ANDRESON AND THEN IT WAS g-man (i think) who when crashy crashy!!