Now a days, many game server owners complain about their servers getting hacked.

No matter how much strong RCON password you choose, your server can still be hacked.

Antivirus Protections and Firewalls are of no use in this case!

 
Symptoms:
If you own a Counter Strike 1.6 Server, you should have faced weird problems like:

  • Your server’s name getting changed.
  • All your players getting redirected to some strange servers.
  • RCON Password getting changed.
  • Strange admins appearing in your admin list.
  • Strange plugins running on your server.

If you find any of the above symptoms, it means your server is insecure!

 
Problem A:

  • The most commonly used technique to hack a server is by hacking any of the Server Admins
  • If someone knows the password of any admin having Full Access Flags, they can hack your server (They will be able to change your RCON Password, Server Name, Password Protect it, Make Admins, etc)
  • This happens when your admins visits the server of the hacker
  • Remember that the value of _pw variable is visible to the Server Owner (Will cover that in an other post)
  • Another way is by hacking the computer of server admin using a RAT or simple keyloggers.

 
Solution / Fix
To prevent your server from being hacked, never ever give full access flags to the admins. Only give acdeijuvw Access Flags and tell your admins to follow below rules strictly:

  • Don’t player in random servers or before joining other servers, change your password by writing setinfo _pw ANYTHING in game console.
  • Never ever share your admin password with anyone. No matter know much you trust that person.
  • Never ever run Files or Links that unknown people send you online, there is a good chance they will Steal All Your Online Passwords.
  • If you suspect that someone else is using your password, change it immediately and inform the server owner.
  • If you failed to follow the above rules, you will lose your admin powers!
  • Keep the above rules in mind and no one will be able to hack your password :)
  •  
    Problem B:

    • In Counter Strike 1.6 (and possibly in other valve based games too), there is a feature which allows a player to upload files on the server. For example, in CS1.6 players can upload their Custom Spray Logos on the server.
    • Imagine if some player uploads a server.cfg file instead of the Spray Logo? All of your server configurations will be replaced by configurations of their choice! Now your server belongs to them! They can do what ever they want with your server.
    • Exploiting this bug, a tool named Raiz0 was released to automate the whole process.
    • Bad guys are using that tool (in combination with network scanning tools) to hack large number of servers daily.

     
    Solution / Fix
    The fix to this vulnerability is fairly simple. Most of the famous servers are already patched! Below are the steps for Windows bases servers:

    • You have to change the permissions of cstrike/addons/amxmodx/configs folder.
    • Counter Strike 1.6 Configs Folder

    • Goto the cstrike/addons/amxmodx folder, right click on configs folder and click on properties.
    • Counter Strike 1.6 Advanced Properties

    • In the Security Tab, click on Advanced, a new dialog will appear, click on Add, type in Administrators and click Ok.
    • A new dialog will appear. Tick the Deny check boxes in front of Create Files/Write Data and Create Folders/Append Data. Then click Ok.
    • Counter Strike 1.6 Advanced Permissions

    • Tick both the check boxes in Advanced Security Settings dialog. Click Ok. And again click Ok.
    • Counter Strike 1.6 Advanced Security

    • Now your server is secure from Raiz0 hack attacks :)

     
    If you have any questions please feel free to ask in comments!