I don't want to give the impression i'm trying to flame anyone or anything I just don't want to leave people with TCAdmin thinking they are SOL because they are not.
Anyone that leaves anything at default settings is not security aware and is going to be at risk no matter what you run. If you run a GSP it's your job to be aware and security conscious. However people have to know they the only option is not linux with custom software. We don't want everything thinking they need to run out and hire a programmer to reinvent the wheel. We run windows with TCadmin and have never once had an issue (2+ years) I would say stick with what you know and make sure you know everything you can about security. You're always going to have the linux guys po poing windows and visa-versa with the windows guys. None of the listed exploits would have worked on our servers not because we run windows or because we run tcadmin. It's because we what treats are out and about and we know how to secure ourselves agents them. -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Steven Crothers Sent: Tuesday, March 02, 2010 4:45 PM To: 'Half-Life dedicated Win32 server mailing list' Subject: Re: [hlds] Eventscripts - Creating Windows Account Well this can easily turn into a "Flame TCAdmin" thread, but I'll simply leave it with this: TCAdmin is NOT a secure panel, people who are reading this that are running TCAdmin - if you haven't gone above and beyond with your setup, you ARE at risk everyday to losing 100% of your machines. Let's not forget that that many GSPs run games on their master server, which means their entire database is at risk. Gameserver security can only truly be obtained with a proper custom control panel, nothing off the shelf provides any type of security, and this thread is a great example of that. When was the last time a server at Gameservers.com was hacked? I can't recall once when it ever happened. Gameserver hosting should be done on Linux with SELinux + GRSEC. -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Mike Stiehm Sent: Tuesday, March 02, 2010 5:28 PM To: 'Half-Life dedicated Win32 server mailing list' Subject: Re: [hlds] Eventscripts - Creating Windows Account This is true for the default setting. However TCAdmin can be set to use a specific user for all game servers created from that point on and you can go back in the windows services control panel and change the user that the service executes under. It's really easy and didn't take me much more than 20 min for 20 servers and I have no issues (well over a year running like this) -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Lane Eckley Sent: Tuesday, March 02, 2010 4:11 PM To: 'Half-Life dedicated Win32 server mailing list' Subject: Re: [hlds] Eventscripts - Creating Windows Account That is a simple solution to the problem. However if you are a GSP or otherwise using TCAdmin like many do, there are some side issues that go along with setting a game server to use a limited access. (Important note on TCAdmin: TCAdmin runs as system and so do all the services it powers - FYI in case you are unaware.) This was mainly a warning going out before anyone got completely hacked and lost access to their machines. -Lane -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Saul Rennison Sent: Tuesday, March 02, 2010 5:03 PM To: Half-Life dedicated Win32 server mailing list Subject: Re: [hlds] Eventscripts - Creating Windows Account If you run the server as a limited user, then it can't touch the registry or create other users... simple :/ Thanks, - Saul. On 2 March 2010 20:51, ics <[email protected]> wrote: > What do you mean by upload mods? If _anyone_ can upload files to the > server without having access to the machine itself, then there is > nothing mod makers can do if someone can overwrite the files that their > mods have. > > -ics > > 2.3.2010 22:44, Steven Crothers kirjoitti: > > The answer isn't to stop people from being able to upload mods... the > answer > > is for mod makers to make their mods secure. > > > > -----Original Message----- > > From: [email protected] > > [mailto:[email protected]] On Behalf Of w4rezz > > Sent: Tuesday, March 02, 2010 3:14 PM > > To: Half-Life dedicated Win32 server mailing list > > Subject: Re: [hlds] Eventscripts - Creating Windows Account > > > > Nothing new, Everybody can upload files to your server, becouse Valve > > dont wanna to use whitelist system, to allow only specific file > > extensions to be downloaded to only specific game directories. > > > > _______________________________________________ > > To unsubscribe, edit your list preferences, or view the list archives, > > please visit: > > http://list.valvesoftware.com/mailman/listinfo/hlds > > > > > > _______________________________________________ > > To unsubscribe, edit your list preferences, or view the list archives, > please visit: > > http://list.valvesoftware.com/mailman/listinfo/hlds > > > > > _______________________________________________ > To unsubscribe, edit your list preferences, or view the list archives, > please visit: > http://list.valvesoftware.com/mailman/listinfo/hlds > _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds __________ Information from ESET Smart Security, version of virus signature database 4910 (20100302) __________ The message was checked by ESET Smart Security. http://www.eset.com __________ Information from ESET Smart Security, version of virus signature database 4910 (20100302) __________ The message was checked by ESET Smart Security. http://www.eset.com _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
