Guad
commented
8 years ago Can you post more details? The chat log would be appreciated.
Open adambh opened 8 years ago
Guad
commented
8 years ago Can you post more details? The chat log would be appreciated.
adambh
commented
8 years ago So.. this is the part where the exploiters receive what's on '/root' but it isn't clear using "cat server_logs.txt" http://pastebin.com/DgCcjp1C And this is using grep and outputting it out to a txt file... http://pastebin.com/qfretsLb
"mbox root txt" files that exist in /root...
there were other cases where they saw my ts3bot folder in /root but i thought it was a bug in my script so this isn't a brute force or coincidence... I've also had much of these... http://pastebin.com/1iTyhTqw like alot... that it looks like a file transfer or something..
Guad
commented
8 years ago What filterscripts were you running?
adambh
commented
8 years ago No filterscripts, i used the Racing script and added features to it that have nothing to do with stuff like these..
Guad
commented
8 years ago That's very little info, but I'll look into what could have caused that.
adambh
commented
8 years ago As you may have noticed.. they wrote in some language that it couldn't be logged.. could it be russian?
Guad
commented
8 years ago Yeah probably russian or chinese.
adambh
commented
8 years ago In that case, this type of exploit can be avoided by restricting users to write only in latin alphabets, numbers and some other chars but that's just a workaround..
Guad
commented
8 years ago I doubt the exploit was caused by unicode characters
I have been logging chat on my server and i have noticed some of my /root files written in chat log by some player while the folder was in /root/gtaserver (Yes, my bad, i ran the server as root in root folder).. this has raised my attention and as a result i have locked my serverhost for security measures.. so this zeroday exploit reminds me of stagefreight exploits and is very severe. I am writing this from my phone, i will update this once at home.