TeeCee 0 Posted February 20, 2009 [EDIT - Panic not, no exploit - my stupidity - but instead a query about running public servers but denying free vote-able admin access 'out of hours'] [FINAL EDIT - Solution = set "voteThreshold=1.1" and this will disable all admin voting] Hi all, I am running a Windows-based beta 1.15 dedicated server with the ACE 1.04 addon. Today I remote-desktopped onto my server to discover the following little gem from the console: 13:12:41 Player XXXX connecting. 13:12:44 Player XXXX connected (id=YYYY). 13:13:03 Admin XXXX logged in. 13:13:08 Game restarted 13:13:08 Waiting for next game. 13:13:16 Player XXXX disconnected. 13:13:16 Admin XXXX logged out. In short, within 20 seconds of connecting, an unknown player to my server and 1 other colleague managed to login as admin and re-start the game (a long running Domination game, thanks). Is there a known exploit to gain admin access? Or is it just that I haven't locked down the server.cfg excessively as I should? For example, I dumped the signed/hacked sig checking last ngiht after the server repeatedly banned friends with crashes/connection-interruptions mid-game or upon connecting. However, I can't see that some modified PBO's would allow someone to gain admin access to the core server binary... Thoughts and feedback welcome, and watch your server for this unscrupulous individual. Regards, TeeCee Share this post Link to post Share on other sites
mr.g-c 6 Posted February 20, 2009 He maybe voted himself as admin? Share this post Link to post Share on other sites
ck-claw 1 Posted February 20, 2009 (mr.g-c @ Feb. 20 2009,16:56) said: He maybe voted himself as admin? Ftw! Â Share this post Link to post Share on other sites
TeeCee 0 Posted February 20, 2009 Well this could be embarrassing... Does "voteMissionPlayers=0" not prevent this? Is there any addition server.cfg controls I have foolishly missed to prevent self-admin voting? Or is it something everyone has to tolerate? Ta for the swift pointer, TeeCee. Share this post Link to post Share on other sites
ck-claw 1 Posted February 20, 2009 The minute you login in with the server password-you would over-ride him and become admin. Edit :- You could try adjusting: <table border="0" align="center" width="95%" cellpadding="0" cellspacing="0"><tr><td>Code Sample </td></tr><tr><td id="CODE">voteThreshold=1 So that almost everyone would have to vote him to make him admin? Although im not quite sure which number it would be '1' ? Edit2:- That wont work-lol if he was the only one on! Share this post Link to post Share on other sites
TeeCee 0 Posted February 20, 2009 I realise this, but that's not the point. I want to run a public open server, but when I go to bed I want my perpetual mission (domination in this case) to keep running without some insomniac/foreigner joining at 4am and voting the mission and all it's progress away. I just reviewed the commands sticky and web but still cannot see anyway of preventing free admin rights to admin-less / empty servers. So again, is this something everyone has tolerated to date and not been questioned before? Regards, TeeCee Share this post Link to post Share on other sites
ck-claw 1 Posted February 20, 2009 Yeah i know what you mean! Afaik dont think there's anyway round it bar keeping yourself in the game over night tabbed out. Share this post Link to post Share on other sites
TeeCee 0 Posted February 20, 2009 The answer to my query has been provided by another admin here (Deady): set "voteThreshold=1.1" and this will disable admin voting (effectively 120% of all player votes required, impossible). Case closed.... now if I could burn up this thread.... Cheers, TeeCee Share this post Link to post Share on other sites
ck-claw 1 Posted February 20, 2009 (TeeCee @ Feb. 20 2009,17:23) said: The answer to my query has been provided by another admin here (Deady):set "voteThreshold=1.1" and this will disable admin voting (effectively 120% of all player votes required, impossible). Case closed.... now if I could burn up this thread.... Cheers, TeeCee Clever thinking! Nice one Deady Share this post Link to post Share on other sites
Eagle99 0 Posted February 27, 2009 *S* make a file called ban.txt and put it in your ArmA folder or its server ArmA folder. The add the game id # only then close. Here's my old OFP "ban.txt" 0 10 100 1000 10000 100000 1000000 10000000 00000000 0000000 00000 000 00 1054501 480414 2868045 2967375 3362781 3196583 3775515 518635 3425200 126073 3103284 601480 3211852 3028018 3607862 760936 3775515 70718 365156 972177 1155472 1267235 2952054 3085762 2955558 2974248 3276427 3451517 2923276 3366105 225987 2923276 100010784 2735357 3358984 1213708 2923276 1080495 306372 3478451 3593666 1399881 3447713 3173808 2717537 102391 239140 262195 432850 2996129 3211852 3340595 3499786 3362771 2717537 2935117 1128515 2731445 3699403 140224 1326245 120746 526117 156750 3644395 873453 175466 3370003 598009 42169702 26461651 691690 598009 42169702 26461651 691690 1275330 3921443 931729 754991 3463944 1315546 2807178 3246836 53084 3817103 3844260 2726484 100020611 100041766 230099 736406 599264 2983111 3709989 3496084 8767 565797 1292608 3453010 3727677 3718071 3458699 1308242 100256098 6787 100271224 100039591 3718475 Now you can ban them as you see fit just keep reviewing your server log to catch them. Good luck. Share this post Link to post Share on other sites