Exploit server?

Black Mesa Archive Help!
#1

Hello. I was browsing through multiplayer servers list and connected a server named White Mesa. It had 4 of 8 players connected. When connection was finally established, I spawned on a map that was similar to default one from Garry’s Mod (flatgrass, I guess, not sure though). One of the players texted me in gamechat:
— “Hey, Lisa”
— “Hi there”, - I answered
— “Shoot the doll”
— “What doll”?
— “Spawn a doll for her”, - he said to someone else
Then a little doll prop appeared on the floor, I shot it and after that something crazy happened: there were fancy colored console-like texts all over the screen, weird graphs, etc. I didn’t even catch what happened, cause 2 seconds afterwards I lagged and got disconnected. As soon as I reconnected, he said:
— “Hey, Lisa, we uploaded a troyan into your pc”
Another guy said:
— “Say goodbye to your account, it is the last time you play”

This situation scared all the shit out of me, I quitted the game instantly and now I’m here. Is it possible to get into my PC through Black Mesa?
I remember it was possible to penetrate user’s PC through CS 1.6 MOTD screen in the past; are there any security holes in source engine nowadays?

#2

Pretty sure you just stumbled upon a couple kids who wanted to scare you, and they succeeded.

#3

I’ve almost reassured myself the same way until I stumbled across this thread: SERVER_CAN_EXECUTE

#4

That won’t allow anyone to download anything on your machine. You’re fine.

#5

Any application connected to the internet is exploitable.

There are no wide spread exploits for source games that would grant one access or the ability to execute files on a target’s PC at the time of this posting.

Downloading stuff on a target’s PC is not a problem if the server he connects to is yours.

Executing the downloaded file is a totally different story though.

In your case Lisa they were just people trolling you that were looking for a laugh, if they had access to your PC via the imaginary trojan they’ve put on it you would have known by now since their entire reasoning behind it was to make fun of you, they would have started writing stuff on your screen, opening your CD-ROM drive, doing general stuff to scare you.

Run antivirus+firewall, keep all your installed programs updated, use common sense & you’ll be safe, at least from little kids in video games.

#6

Thank you a lot for your feedback. Anti-virus check detected no malicious stuff on my hard drive. Seems like I got pranked in a weird way. :slight_smile:

#7

If it would make you feel any safer you can also run an additional scanner to get a second opinion on the cleanliness of your system.

Can give https://www.emsisoft.com/en/software/eek/ a try, it’s free & you don’t even need to install it, just extract it to a folder & run Start Emergency Kit Scanner.exe , make sure you update it before running the scan.

Also, a general rule you should keep in mind: don’t tell anyone what protects your PC, what antivirus you have, router, OS, nothing, if potential adversaries try to target you with an attack or exploit they will have a Much easier job if they know what protects you.

If they don’t know what security application/s protect you it is considerably more work for them to successfully compromise your machine.

Realistically speaking though, i doubt you will ever bump into someone with the right knowledge that doesn’t have better stuff to do than waste time trying to compromise video game players, don’t worry too much about it.

Ways you are most likely to get compromised are; visiting malicious sites, installing applications from shady sources, using weak passwords, using the same password on multiple accounts, clicking links from emails that seem to be from reputable sources, but in reality redirect you to a fake login page that captures your credentials, answering truthfully security questions on websites (when answering truthfully security questions on websites people that have info about you can easily know the answers & reset your password, thus compromising your account).

If you use the same password on more accounts, if one gets compromised, there is a high probability that your other accounts that share the password will also be at risk.

In a lot of cases, companies you have the accounts with are the ones that got hacked, not you.

If you’re curious to check if some of your existing accounts are already floating around the web, you can check here:

https://haveibeenpwned.com/

I’d also advise you to install these addons in your browser:

For Firefox:
https://addons.mozilla.org/En-us/firefox/addon/ublock-origin/
https://addons.mozilla.org/En-us/firefox/addon/wot-safe-browsing-tool/

For Chrome:
https://chrome.google.com/webstore/detail/ublock-origin/cjpalhdlnbpafiamejdnhcphjbkeiagm
https://chrome.google.com/webstore/detail/wot/bhmmomiinigofkjcapegjjndpbikblnp

Stay safe :slight_smile:

Founded in 2004, Leakfree.org became one of the first online communities dedicated to Valve’s Source engine development. It is more famously known for the formation of Black Mesa: Source under the 'Leakfree Modification Team' handle in September 2004.