search

azalty / sm-no-dupe-account

No Dupe Account is a plugin that prevents players from joining the server if they have a duplicate or recent account
https://forums.alliedmods.net/showthread.php?t=330779
GNU General Public License v3.0
7 stars 2 forks source link

Players without the requirements are not being kicked #39

Closed crashzk closed 1 year ago

crashzk commented 1 year ago

Describe the bug Players apparently without the necessary requirements were able to enter the servers and play normally.

Players would be those, none have the necessary hours, they should be kicked.

"aaaaa" STEAM_1:1:752976154 - https://steamcommunity.com/profiles/76561199466218037 "Yukki" STEAM_1:0:298048327- https://steamcommunity.com/profiles/76561198556362382

Error logs

No Dupe Account - Player aaaaa

Linha 288187: L 01/04/2023 - 23:55:19: [no_dupe_account.smx] aaaaa (STEAM_1:1:752976154) database status: Checked and doesn't exist
Linha 288189: L 01/04/2023 - 23:55:20: [no_dupe_account.smx] Updated aaaaa (STEAM_1:1:752976154) [Checked and doesn't exist] into the database: csgo_level=-1, csgo_coin=0, prime=0, csgo_playtime=-1 (minutes), steam_level=-1, steam_age=-1 (minutes), last_check=1672887320 (timestamp)
Linha 288204: L 01/04/2023 - 23:55:54: [no_dupe_account.smx] aaaaa (STEAM_1:1:752976154) database status: Checked
Linha 288206: L 01/04/2023 - 23:55:54: [no_dupe_account.smx] Updated aaaaa (STEAM_1:1:752976154) [Checked] into the database: csgo_level=-1, csgo_coin=0, prime=0, csgo_playtime=568 (minutes), steam_level=-1, steam_age=-1 (minutes), last_check=1672887320 (timestamp)
Linha 288433: L 01/04/2023 - 23:57:11: [no_dupe_account.smx] aaaaa (STEAM_1:1:752976154) database status: Checked
Linha 288435: L 01/04/2023 - 23:57:11: [no_dupe_account.smx] Updated aaaaa (STEAM_1:1:752976154) [Checked] into the database: csgo_level=-1, csgo_coin=0, prime=0, csgo_playtime=568 (minutes), steam_level=-1, steam_age=-1 (minutes), last_check=1672887320 (timestamp)

No Dupe Account - Player Yukki

Linha 297256: L 01/05/2023 - 14:17:13: [no_dupe_account.smx] Yukki (STEAM_1:0:298048327) database status: Checked
Linha 297258: L 01/05/2023 - 14:17:13: [no_dupe_account.smx] Updated Yukki (STEAM_1:0:298048327) [Checked] into the database: csgo_level=-1, csgo_coin=0, prime=0, csgo_playtime=-1 (minutes), steam_level=-1, steam_age=-1 (minutes), last_check=1672938687 (timestamp)

Setup I'm currently using would be this: (Removed Steam and Discord API data) Config No Dupe Accounts.zip

azalty commented 1 year ago

Thanks for reporting! I'm assuming you're using the latest version (1.5.0 or 1.5.1) and I'll check for this bug.

azalty commented 1 year ago

I haven't found anything that could indicate this sort of problem. Do you receive any error or any other message?

crashzk commented 1 year ago

Plugin version would be this:

  30 "No Dupe Account" (1.5.1) by azalty

Error logs don't log anything, any type of messages.

crashzk commented 1 year ago

One note, I don't know if it helps. But these two players apparently managed to carry out an attack on my servers, they invaded.

They would be able to change the sv_cheats cvar and with that they would use all kinds of commands on the servers, they would be able to ban other players, they could remove bans from them even when I applied them.

Anyway, they had root access to the servers even without having any privileges. I believe that may have been it, they must have disabled the plugins and then managed to enter. Today I'll be checking in depth, changing the RCON password and seeing if that solves the problem.

I just kept thinking that they shouldn't even enter the servers, since they don't have the requirements that I configured in the plugin.

Em qui., 5 de jan. de 2023 9:38 PM, crashzk @.***> escreveu:

Plugin version would be this:

30 "No Dupe Account" (1.5.1) by azalty

Error logs don't log anything, any type of messages.

— Reply to this email directly, view it on GitHub https://github.com/azalty/sm-no-dupe-account/issues/39#issuecomment-1372980349, or unsubscribe https://github.com/notifications/unsubscribe-auth/AH3JNNJLFAYPB7EPRG3PKE3WQ5SRPANCNFSM6AAAAAATSNEDBE . You are receiving this because you are subscribed to this thread.Message ID: @.***>

azalty commented 1 year ago

They might have set themselves as root before joining. Afaik there's no sv_cheats serverside bypass for csgo. Did you whitelist players with the 'z' flag by any chance?

My best guess is that you have a backdoored plugin OR they managed to find the rcon password (maybe you leaked it somewhere).

crashzk commented 1 year ago

They might have set themselves as root before joining. Afaik there's no sv_cheats serverside bypass for csgo. Did you whitelist players with the 'z' flag by any chance?

No, no players with flag z in the whitelist, only players with flag a and only for bans in games and that's it.

My best guess is that you have a backdoored plugin OR they managed to find the rcon password (maybe you leaked it somewhere). Plugin I haven't had any new plugins installed on the server for over 6 months, I just update the plugins I already use to the latest versions. All plugins from active authors on the alliedmodders and well-known forums.

I even reported it there on the forum to see if someone could give me a light.

https://forums.alliedmods.net/showthread.php?t=341170

I will now be changing the RCON password as I mentioned and checking if it solves the problem.

If you have anything else you can provide and such just let me know.

crashzk commented 1 year ago

I believe this issues can be closed, I believe that the sm plugins unload_all command was used before entering the server and disabled all plugins.

Anyway, it was an invasion on my server, I solved the problem, changing the RCON password in case.