Hey everyone.
I hate having to write posts like this, but I’ve had a few people come to me over the past few days warning me about a new Source Engine Server exploit that is making the rounds across various games. There has been some reports that Black Mesa MP Servers could be the target of the exploit, if someone with malicious intent wants it to. Until Valve (and then us) patch a fix in, I’ve made this post to inform everyone of potential danger and steps on how to avoid infection.
What is the exploit?
I don’t want to go into details on how to replicate the exploit, but I will say what it does, as I understand it. If you load up into an infected Source Server, the exploit allows the server to inject a file into your computers start up folder. You won’t know this happens. When you launch your computer again (ie, it starts up again) the file will be executed and bad stuff happens. This exploit/infection can only occur if the server is set up to do it, that is someone needs to set up the server to cause it to happen.
How do I know if a server is infected?
As far as I know, there is nothing that says “THIS SERVER IS INFECTED!” I don’t know of any current ways to check. Your best bet is to make sure that you are connecting to our official servers, or servers where you know that the server host has personally checked to make sure the exploit is not active. A list of our official servers are listed below, with IP. Additionally, when you connect to a server, connect to it directly via IP, not via the server browser list.
What can I do to prevent getting hit by this exploit?
Like I mentioned before, only connect to trusted servers via the console command “connect .” Additionally, make sure that the server you’re connected to is trusted to not be infected and if you can check with the server admin to check, that is even better. Since it’s very easy to make a server with the same name as your favourite server, this will ensure that you are connecting to the server you want to connect to. Also, check to see if the server you’re connecting to has a name that is an exact copy. If there are two servers with the same name, it’s possible that one could be infected. Use caution or avoid the server entirely.
What should I do if I think I’ve been infected?
Immediately run a virus scan. There are many free antivirus scanners online. I personally have used AVG and Avast! but if you have a favourite, then you can use that. Additionally check your start up folder to make sure that any files in there are not suspicious or malicious.
While we all know that Black Mesa has the biggest MP population of any MP game ever (that was sarcasm and a joke, by the way), we can make sure everyone stays safe. If everyone is vigilant and careful with the servers they connect to, follow the steps I’ve provided above and just use a little bit of common sense, no one will be infected.
If you have any questions, please ask them in this thread.
- Joe
Full list of Official, Crowbar Collective Black Mesa Multiplayer Servers:
New York City:
nyc3.game.blackmesagame.com:27015 - Deathmatch
nyc3.game.blackmesagame.com:27016 - Team Deathmatch
nyc2.game.blackmesagame.com:27015 - Deathmatch (Beta)
nyc2.game.blackmesagame.com:27016 - Team Deathmatch (Beta)
San Francisco:
sfo1.game.blackmesagame.com:27015 - Deathmatch
sfo1.game.blackmesagame.com:27016 - Team Deathmatch
London:
lon1.game.blackmesagame.com:27015 - Deathmatch
lon1.game.blackmesagame.com:27016 - Team Deathmatch
Amsterdam:
ams2.game.blackmesagame.com:27015 - Deathmatch
ams2.game.blackmesagame.com:27016 - Team Deathmatch
