!!! Admin Takeover Workaround - Installationsanleitung enthalten. !!!
Inkl. Redirect Dateien - für Server Admins!.
Alle Rechte und Lizenzen gehören den jeweiligen Inhabern der Software und liegen den Paketen bei!
Admin Takeover Workaround
==========================
for UT2004 by Wormbo
http://www.koehler-homepage.de/Wormbo/
Description
-----------
This small server actor performs a failsafe reset when an attacker attempts to
inject his/her own admin account to take over control. This could happen when
using features with insufficient security checks, such as the voting in UTComp.
When a takeover attempt is detected, this workaround logs the attempt and tries
to reset the server to kick out the attacker again.
Installation
------------
In UT2004.ini (or whichever main configuration file your server uses) add the
following line in the [Engine.GameEngine] section:
ServerActors=AdminTakeoverWorkaround.AdminTakeoverWorkaround URLOverride=map?option1=value1?option2=value2?etc.
The URLOverride parameter is optional. If you specify it (and I recommend doing
so), make sure you include your preferred fallback map and any required URL
options. For example, it may be a good idea to include the ?password=
parameter, either empty or with a default password, to ensure your server stays
accessible to the players. You may also want to reset other limits, such as the
maximum number of players and spectators.
Additional Security Considerations
----------------------------------
When the failsafe reset kicks in, some damage may already be done.
If you are using Anti TCC or some other tool that monitors invalid admin login
attempts, keep an eye out for attempts to log in under the account the Admin
Takeover Workaround just disabled. The workaround cannot detect the attacker,
only the attempt itself. Banning attackers needs to be done manually based on
the info of the other tool monitoring login attempts.
Keep in mind that UTComp voting might not the only mod feature with such a
severe security hole. The 3SPN mod (TAM/Freon) also had a similar loop hole,
but it was fixed for version 3.141. The UTComp voting bug was likely a major
factor in the death of at least one popular server community. If you see
unexplainable changes to your server settings, make sure you check all the mods
you use on your server - one of them might have another of those critical
security issues.
UNREAL TOURNAMENT 2004(c)Epic Megagames, Inc. All Rights Reserved.
Distributed by Atari, Inc. under license. UNREAL TOURNAMENT 2004 and the UNREAL TOURNAMENT 2004 logo are registered trademarks of Epic, Inc.