Hey,
Long story short, one of my clients servers was hacked and we have managed to find the IP and alias as they got caught on the console_mp.cfg with the "rcon_from "ip" ". However as client kept restarting servers etc to get rid of the hacker who was playing about with the server and constantly changing p/ws and server settings the console_mp.cfg file kept getting overwritten.
I was speaking to Admin Duality on the IRC and he stated :
<team-eG|pingU> the concole_mp.cfg
<team-eG|pingU> console*
<team-eG|pingU> does tht save anywere else ?
<Duality> no, there is only one copy of that
<team-eG|pingU> like previous records of it..or does it jsut overwrite straight away
<Duality> actually
<Duality> im not sure
<Duality> i think it may archive
<team-eG|pingU> damn it...thats what we got copies of, but as cleint had to restart the server so much it overwrote it
<team-eG|pingU> any idea where?
<Duality> no clue, im afraid
<Duality> been a while for me since i worked on servers myself
<Duality> you could post in our forums though
<Duality> a good few thousand SGAs there who can help a lot better than me
<team-eG|pingU> ahh ok......
So here i am asking if this can be done so we can pull the evidence to prove that this was done, as copies apparently which haven't been tampered with do not count :S
And is there any other places I can look for my client to try and find in the .cfgs or other files when our friendly hacker tampered with the rcon?!
Many thanks..sorry to droan on :(
Any help will be greatly appreciated
Alex//eG-servers.co.uk