www.amxmodx.org Open in urlscan Pro
2a06:98c1:3121::3  Public Scan

Form analysis
1 forms found in the DOM

/search.php

<form action="/search.php" id="cse-search-box">
  <div>
    <input type="hidden" name="cx" value="partner-pub-9829192557293856:xk2j4kmvksq">
    <input type="hidden" name="cof" value="FORID:11">
    <input type="hidden" name="ie" value="ISO-8859-1">
    <input type="text" name="q" size="31" placeholder="" style="background: rgb(255, 255, 255);">
    <input type="submit" name="sa" value="Search">
  </div>
  <input name="siteurl" value="www.amxmodx.org/" type="hidden"><input name="ref" value="" type="hidden"><input name="ss" value="" type="hidden">
</form>

Text Content

Main
> News
> About

Files
> Downloads
> Dev Builds
> Plugins

Resources
> Compiler
> Report Bugs
> Addon Stats
> Cross-Reference
> Scripting API
> Documentation

Community
> Forums
> Discord
> IRC

Who
> Link us
> Credits








Development Roundup, We need you! Sep 09, 2018 11:37 Hey everyone, long time no
see!

Today, we would like to talk about the next AMX Mod X version, what is
happening, and what our future plans are.


What was taking so long?

As you may already understand, AMXX as a project is past its prime. Not many
people are actively working on the code base, a direct result of reduced
interest in the project specifically and GoldSrc games in general. Since we
moved the project to GitHub, development has become quite a bit more active, but
the pace is ultimately still slow. Our primary goal still is to once again
provide an up-to-date release, including many bug fixes and long-awaited
features.

Due to the waning interest in the games it supports, it is only natural that
contributors would dip in and out of active development. So without a core team
available to push through issues and keep the project on track, the
contributions became a bit chaotic from a scheduling perspective.

My mistake as a maintainer was not setting clear targets that could be achieved
with the limited time that both our contributors and I could put into the
project. This meant that the number of changes got larger and larger as time
passed (and oh how quickly it passes). I failed to get help from the community
to process and test new changes and failed to tighten the scope of what we could
ultimately deliver as an official release.

However, please keep in mind that all of the contributors are volunteers, and we
can't force anybody to devote more time to AMXX than they are comfortable with.


Where we are now

As of 1.9, we have put the development version of AMXX into a feature-frozen
state. This means that no new functionality and improvements will be accepted
into what is going to eventually be the next release of AMX Mod X. Development
will now focus on bug fixes and our time spent preparing for the next release.

We know that we still have a few exciting improvements and even the odd new
feature in the pipelines, but we have to make a commitment to a release at some
point. Once we have wrapped up the past couple of years into an official
release, it will be much easier for our small team to get new stuff into the
hands of users.


What is new?

AMX Mod X has had numerous fixes and improvements across all facets of the
project:


 * Stability and performance improvements
   
 * Official support for ReHLDS and ReGameDLL
   
 * Much improved UTF-8 support across the project
   
 * Significant improvements to modules and the official plugins
   
 * (Almost) completely revised and completed documentation
   
 * Tons of new functionalities for plugin developers and admins



The full detailed release notes are currently work in progress, and can be found
in the Wiki: https://wiki.alliedmods.net/AMX_Mod_X_1.9_Release_Notes.


What is next?

We need you!

As outlined above, this release has gotten pretty large, and we somewhat
neglected including the community in the development. We are in sore need of
more people that are willing to test and verify the new version.

Check out the release notes and give our new features a try, if something does
not work as you expect it should, please let us know.
AMXX 1.9 latest build can be downloaded here:
https://www.amxmodx.org/downloads-new.php.

As usual, AMXX should retain full backward compatibility, so if existing
functionality breaks after upgrading, file a bug report.


How to report bugs or request features?

We've decided to complete our switch to GitHub and use their integrated issue
tracker for all future bug reports and feature requests.

While this will require you to create a GitHub account to get in touch with
contributors, we hope that it provides us with similar benefits as moving our
code there. Having everything in one place for development should be more
intuitive and get more eyes on the project. Also, quite frankly, the old issue
tracker was barely used and still contains numerous outdated tickets that might
not have been relevant for years.

The old tracker will still be publicly available, but new AMXX tickets will no
longer be accepted.

The forum will remain the place for general support, help, and discussion.


The Future

First, starting from the next AMX Mod X release we will follow SourceMod in
switching to a rolling-release cycle. We will provide more information at a
later date, but this essentially means that we will be able to provide you with
more frequent stable releases. It is simply not feasible for a mature project
like AMXX to focus on big iterative releases that take years to come together.

Secondly, future changes will be focused on user-related issues, such as
new/improved tools for managing servers and customization. This has been the
primary area we have left out of this planned release, mostly because of missing
time, but also because we needed to get the internals right before we can
improve our user-facing tools.

Finally, we will try to get the community involved more. Even though we aren't
nearly as many as we used to be, people still care about the project. We would
like to thank every one of you for that. .: by Arkshine 96 comments



Security advisory regarding AMX Mod 2010.1 Dec 09, 2015 13:16 AMX Mod X security
advisory
amxmod.net distributing malware with backdoors

Important note

This special news should only concern server operators who have AMX Mod 2010.1
installed or plan to install it. If you know server operators that use AMX Mod
2010.1
please consider making them aware of this post. This is an important matter that
is worth to be mentioned on the official AMXModX site.

AMX Mod

AMX Mod has been officially abandoned years ago, but recently one of its users
(St�phane "Flatounet" Vigne) is attempting to update it.
Development unfortunately progresses behind closed doors and nobody really knows
what's happening.

Context

Some days ago I've been asked to provide help in migrating an AMX Mod 2010.1
installation to AMXModX for various reasons. Oddly enough the server got
attacked a few short hours later
by someone who got a hold of the servers RCON password, and it was unclear how
the attacker obtained it.

Symptoms

If you are experiencing any of these problems on your server it might be an
indication that someone exploited your AMX Mod 2010.1 installation:


 * One or several players are suddenly admins
   
 * Server performance seems to fluctuate unexpectedly
   
 * Server appears to crash or shut down randomly
   
 * Ban lists have been wiped or altered
   
 * Server files have been altered or deleted
   



Log analysis

Usually the log does not contain useful information if the RCON password is not
yet known (explanations below).
In this specific example however, the password was already known. If you are in
this situation you would find similar logs:

His first attempt to check RCON validity:
L 12/04/2015 - 10:58:09: Rcon: "rcon 1627405150 "xxxxxx" echo HLSW: Test" from
"2.3.87.69:7130"

Adding a SteamID to the admins list, likely via a VPS IP:
L 12/04/2015 - 11:02:10: Rcon: "rcon 1779953110 "xxxxxx" amx_addadmin
"STEAM_0:0:13923116" abcdefghijklmnopqrstu" from "195.154.177.107:7130"

Disabling the server log to hide the following commands:
L 12/04/2015 - 11:04:38: Rcon: "rcon 873211125 "xxxxxx" log off" from
"195.154.177.107:7130"
L 12/04/2015 - 11:04:38: Log file closed
Server logging disabled.


Malicious activity after this point may include clearing ban lists of SteamIDs
and IPs or changing server variables like sys_ticrate in an attempt to disrupt
server functionality.


The hidden commands

Since the RCON was already known in this case, the log doesn't help us
understand how it has been found.
Assuming the RCON password is unknown and has not been compromised, a possible
threat is a malicious server plugin that allows unauthorized clients to get a
hold of this information.

Unfortunately my investigations have found that AMX Mod 2010.1 itself is that
malicious server plugin. Naively checking the provided source code on the
official website did not lead
to anything. Checking the compiled binaries however revealed some interesting
things!

So let's look at what our disassembler/decompiler shows us. We want to find the
ClientCommand() function which is used by the engine to receive input from a
client console. The decompilation shows us an unwelcomed surpise:



What do we see here?

Mostly a silly attempt to hide specific commands (by checking a string character
by character) doing some nasty things:

 * silenmod: Suppress server log temporarilyy when cmdr and cmdc commands are
   used
   
 * mrp: Get/change the servers RCON password
   
 * setaccess: Modify a users admin access flags
   
 * cmdr: Execute arbitrary console commands on the server
   
 * cmdc: Execute arbitrary console commands on a specified client
   
 * cfile: Check whether a specified file exists
   
 * wfile: Append data to a specified file
   
 * dfile: Delete a specified file
   
 * uptime: Check server uptime
   
 * slog: Disable server logging completely
   



Access to these commands is restricted to clients marked as AMX Mod 2010.1 devs.
This client authentification happens during client connection, and we find
is_dev_authid() in the binaries:





We can see three hardcoded SteamIDs, checking character by character but not
verifying two digits. Two of the specific SteamIDs matching these "wildcards"
have been confirmed by the logs and IPs:

STEAM_0:?:1169??26 -> STEAM_0:1:11696626 ; Tried to connect at a later point but
was banned by an anti-nosmoke plugin...
STEAM_0:?:1392??16 -> STEAM_0:0:13923116 ; Attempted to add himself as an admin
STEAM_0:?:1320??37 -> Not used, no specific SteamID confirmed

Solution

It appears that only 2010.1 core has been maliciously modified. Pawn plugins
should be safe. If you still want to keep using AMXMod regardless, strongly
consider the following recommendations:


 * Ban these SteamIDs:
   
   Confirmed wildcard matches:
   [INDENT]STEAM_0:0:11696626
   STEAM_0:0:13923116[/INDENT]
   
   Potential SteamIDs matched by the third. Checking 198 valid IDs these are the
   ones we found with a pofile and with Counter-Strike in their accounts.
   The malicious accounts are likely among the private profiles, but it should
   be safe to ban them all:
   [INDENT]STEAM_0:0:13201737 ; Private
   STEAM_0:1:13201737 ; Private
   STEAM_0:1:13207837 ; Private
   STEAM_0:1:13203837 ; Private, VAC
   STEAM_0:0:13204137 ; Last Online 2254 days ago
   STEAM_0:0:13205937 ; Last Online 1190 days ago
   STEAM_0:0:13209137 ; Last Online 583 days ago
   STEAM_0:1:13201537 ; Last Online 2764 days ago
   STEAM_0:1:13202837 ; Last Online 678 days ago
   STEAM_0:1:13204537 ; Last Online 1386 days ago[/INDENT]
   
   The SteamIDs used with the amx_addadmin command, attempting to give them
   admin rights:
   [INDENT]STEAM_0:1:42507932
   STEAM_0:1:39310704
   STEAM_0:1:1108105[/INDENT]
   
   Also these basic safety precautions
   
 * Change your RCON passwords (consider your passwords compromised even if
   nothing has happened yet)
   
 * Check your plugin sources and don't hesitate to recompile them yourself
   
 * Don't trust this developer with future binary updates (AMXMod 2016 is
   apparently coming up). Feel free to contact me to make sure you are safe.
   
 * Backup all your configuration files.
   
 * Keep an eye on your logs and scan them for suspicious entries
   



We hope this helps to prevent any security issues on other servers that run
AMXMod, or helps them deal with it if they already have 2010.1 installed. .: by
Arkshine 54 comments



New Maintainer, Transition to GitHub May 16, 2014 02:38 Hi everyone! A few
announcements.

First, I'm proud to announce Arkshine as the official maintainer for AMX Mod X.
As one our earliest community members, Arkshine understands both the project's
history and the current landscape of the community. He's been extremely helpful
reviewing patches and fixing bugs, and has shown excellent judgment in making
sure AMX Mod X remains a high quality tool. Please welcome Arkshine!

Second, we have moved the AMX Mod X source code to GitHub.

A little over 10 years ago, SniperBeamer founded AMX Mod X. Its sister project,
AMX Mod, had been abandoned. No one had write access to the source code, and
critical pieces were closed-source. SniperBeamer forked it into the most public
place possible - at the time, SourceForge - to ensure that it would outlive its
maintainers. As the project grew and source control systems improved,
SourceForge became a burden, and we moved all hosting to AlliedModders.

10 years later, that landscape has changed again. GitHub is much more accessible
than either our tools or other project hosting sites. It has a much simpler
workflow and provides both projects and individual contributors with a great
deal of public visibility. I'm hoping that this move affords AMX Mod X continued
life, and our contributors more ways to interact with the development community
at large.

We'll continue to use https://bugs.alliedmods.net/ for bug reporting and release
management. For more information on Git and GitHub, see:
https://wiki.alliedmods.net/Git_Tutorial .: by BAILOPAN 20 comments



AMX Mod X 1.8.2 for 2013 HLDS Update Feb 14, 2013 13:18 We have released AMX Mod
X 1.8.2 as an emergency bug-fix release. It is very important that you do not
upgrade until you have read below.

The February 2013 update to Counter-Strike 1.6 is part of a large transition of
HLDS games to SteamCMD. Because this transition is not yet complete, AMX Mod X
may not yet work on specific games. Those games are listed below.

In addition, a Metamod update is required for all new servers. We are providing
our own Metamod builds (branded as Metamod 1.20-am) until the official Metamod
site can be updated. Note that on Linux, the Metamod DLL had to be renamed,
which means you will have to edit liblist.gam. This is true even if you choose
to use Metamod-P.

AMX Mod X 1.8.2 will NOT WORK on the following games:
 * Any server installed using HLDSUpdateTool


Metamod 1.20-am and 1.21-am will work on all games supported by Metamod 1.19
(CS:CZ Bots cause a crash with 1.20-am so use 1.21-am instead).


To get all downloads, visit http://www.amxmodx.org/downloads.php
For upgrade instructions and a full changelog, visit
http://wiki.alliedmods.net/AMX_Mod_X_1.8.2_Release_Notes

Special thanks for this release goes to patch contributors Scott Ehlert,
arkshine, Fysiks, Reuben Morais, Lev2001, joaquimandrade, Hawk552, and Ryan L.
Thank you for your support! .: by BAILOPAN 317 comments



Downtime Over Jan 22, 2011 08:15 More information here:
https://forums.alliedmods.net/showthread.php?t=148196

Thanks for your patience! .: by BAILOPAN 47 comments




1 2 ... 26 »


© Copyright 2003-2024 AMX Mod X Dev Team