I guess be careful?
I guess be careful?
I know that this exploit is as old as Source itself and wanted to ask if the Dev's are aware and plan to stop it in the future? This can severely harm the public's perspective of this mod if not addressed post haste.
Apparently the only suspect server is the fake vaultf4 server. It doesn't have any of the tags the others do and is hosted in a different region, according to vincentor.
While you're at it, try not to join any servers that look uneasy/shady.
The real VaultF4 ips are
So its just right there nestled inside. You should probably do a virus scan of your steam folder.
i guess that's what happens if you use an old tf2 build and don't iron out the server exploits
there's TONS of these exploits about in the 2008 version, you guys better start looking into them
i've did some research about the fake vaultf4 server, comparing IP's and looking up info, and i ended up finding something very interesting:
the fake server is hosted by OVH, montreal canada. i looked around a bit, looked at unfgaming's server ip's and they're hosted by the OVH aswell, montreal. few ip's recieved reports about bruteforcing FTP's.
my conclusion is that 404 tries to lure people affiliated with the project into the fake server with malicious intentions.
I got ninjad
Additionally, 404 is the salty-est person, and would have more to gain if servers were marked as malicious in a community mod that he was kicked out of.
he recently made a podcast where he said he don't hate us so even as bipolar person as he would be unlikely to do something like that
404 getting the blame for everything bad that happens to tf2c is kinda silly, it reminds me of Animal Farm and how they blame that one pig that escaped at the beginning for all that happened on the farm for the rest of the book
Likewise I'm coming to 404's defence here,
Remember playing some deathmatch with him on a server and he seemed pretty chill, was impressed at the work and said no hard feelings and that things were in the past.
Was on the rage weapon creation stream as well again, relaxed, friendly and helpful to other users..so unless something would cause this backlash, I'm saying its unlikely to be him.
I remember playing with 404 just yesterday on a VaultF4 server yet he seemed pretty remorseful over the whole thing.
Kibbleknight, Rara (a.k.a the now perma'd Yiffy Fox who also had his PC hacked) and Moonrat can back me up on that, too.
I still don't believe him by the way for various factors and if this stunt is truly his doing then he's just iredeemable.
Makes me wonder, what are the odds of some-one trying to push the blame on 404 so they can do their malicous things without being suspected?
Nobody knows really, it's the internet.
Pretty sure this was an episode of Diagnosis Murder, only instead of a trojan and a hacked tf2c server, it was a car bomb.
The fake server is still up at the moment.
For those who didn't bother to check the Pastebin put this IP into your Blacklisted Servers list now.
We're currently trying to contact Valve to update the Source 2013 MP base engine code with the fixed engine code, as we believe this exploit is affecting every Source 2013 MP mod.
Please refrain from joining the server under the IP listed below.
If you've connected to the server in the past, PLEASE do a virus scan of yourfolder. The virus is named svchost.exe
As I've said, we believe that this virus is affecting every Source 2013 MP mod currently running on the latest source code, so please be careful while playing other mods too.
Turns out Windows Defender doesn't see anything wrong with my PC. What a load of ass.
Is there an alert system set up? I recall seeing it in a preview MR Modez showed off. Perhaps make a blogpost about it and make an alert on the main menu over it??
This svchost.exe file seems to remain undetected in almost all anti-virus programs, not even Malwarebytes found anything.
Spybot search and destroy or the more aggressive combofix will do if you're really paranoid
It appears MalwareBytes DID remove the file, so that's a relief.
Thanks again, everyone!
I am really paranoid right now. Going to stay off of TF2Classic for a while. Virus scan is running in the background as I'm typing this.
Just out of curiosity, did anyone report those two accounts to Valve?
I think its pretty safe to assume its not 404 that is responsible for this:
Now if there was a way to get Rara Wolf unbanned from here since his ban me thread was the result of him being hacked. He was the one that pretty much blew this whole thing out in the open and saved a lot of people some trouble.
Looks like Rageguy fell victim to it too. The thread he was banned in even harbors a download link to the virus. They might want to delete/edit those links.
Orkel was the admin that banned him. He's offline now, but the issue was brought up both in PM and in the refugee camp.
If anyone has a sample of the malware, zip it up and PM it to me please.
Thanks for the support guys, I've removed the download links to TF2C and posted a blog post while we work things out. We are hoping to be able to get back up and online as soon as possible.
Please take care and virus scan if you've joined the server or if you are paranoid at all.