Closed crashzk closed 1 year ago
Thanks for reporting! I'm assuming you're using the latest version (1.5.0 or 1.5.1) and I'll check for this bug.
I haven't found anything that could indicate this sort of problem. Do you receive any error or any other message?
Plugin version would be this:
30 "No Dupe Account" (1.5.1) by azalty
Error logs don't log anything, any type of messages.
One note, I don't know if it helps. But these two players apparently managed to carry out an attack on my servers, they invaded.
They would be able to change the sv_cheats
cvar and with that they would
use all kinds of commands on the servers, they would be able to ban other
players, they could remove bans from them even when I applied them.
Anyway, they had root access to the servers even without having any privileges. I believe that may have been it, they must have disabled the plugins and then managed to enter. Today I'll be checking in depth, changing the RCON password and seeing if that solves the problem.
I just kept thinking that they shouldn't even enter the servers, since they don't have the requirements that I configured in the plugin.
Em qui., 5 de jan. de 2023 9:38 PM, crashzk @.***> escreveu:
Plugin version would be this:
30 "No Dupe Account" (1.5.1) by azalty
Error logs don't log anything, any type of messages.
— Reply to this email directly, view it on GitHub https://github.com/azalty/sm-no-dupe-account/issues/39#issuecomment-1372980349, or unsubscribe https://github.com/notifications/unsubscribe-auth/AH3JNNJLFAYPB7EPRG3PKE3WQ5SRPANCNFSM6AAAAAATSNEDBE . You are receiving this because you are subscribed to this thread.Message ID: @.***>
They might have set themselves as root before joining. Afaik there's no sv_cheats serverside bypass for csgo. Did you whitelist players with the 'z' flag by any chance?
My best guess is that you have a backdoored plugin OR they managed to find the rcon password (maybe you leaked it somewhere).
They might have set themselves as root before joining. Afaik there's no sv_cheats serverside bypass for csgo. Did you whitelist players with the 'z' flag by any chance?
No, no players with flag z
in the whitelist, only players with flag a
and only for bans in games and that's it.
My best guess is that you have a backdoored plugin OR they managed to find the rcon password (maybe you leaked it somewhere). Plugin I haven't had any new plugins installed on the server for over 6 months, I just update the plugins I already use to the latest versions. All plugins from active authors on the alliedmodders and well-known forums.
I even reported it there on the forum to see if someone could give me a light.
https://forums.alliedmods.net/showthread.php?t=341170
I will now be changing the RCON password as I mentioned and checking if it solves the problem.
If you have anything else you can provide and such just let me know.
I believe this issues can be closed, I believe that the sm plugins unload_all
command was used before entering the server and disabled all plugins.
Anyway, it was an invasion on my server, I solved the problem, changing the RCON password in case.
Describe the bug Players apparently without the necessary requirements were able to enter the servers and play normally.
Players would be those, none have the necessary hours, they should be kicked.
"aaaaa" STEAM_1:1:752976154 - https://steamcommunity.com/profiles/76561199466218037 "Yukki" STEAM_1:0:298048327- https://steamcommunity.com/profiles/76561198556362382
Error logs
No Dupe Account - Player
aaaaa
No Dupe Account - Player
Yukki
Setup I'm currently using would be this: (Removed Steam and Discord API data) Config No Dupe Accounts.zip