Invalid 76561197968465515 (Regen)

Victim:
|steamID: [OBC] Oliver. ¤{Norway}¤
|steamID32: STEAM_0:1:4099893
|steamID64: http://steamcommunity.com/profiles/76561197968465515
|customURL: http://steamcommunity.com/id/76561197968465515
|steamrepURL: http://steamrep.com/profiles/76561197968465515

Scammer:
|steamID: Regen
|steamID32: STEAM_0:1:23013129
|steamID64: http://steamcommunity.com/profiles/76561198006291987
|customURL: http://steamcommunity.com/id/Regen123
|steamrepURL: http://steamrep.com/profiles/76561198006291987

Screenshots: The .zip file contains .log file (unmodified) and .docx (Highlighted). .log file is from our server 2. .docx is highlighted with red text + bold text.


Description:
This user: http://steamrep.com/profiles/76561198006291987

Did hijack our server’s trough HLSW and banned all moderators and Admins at out servers.
He also run server commands like sm_unban @all and used all commands possible to mess up our servers. That made our servers to close down for several hours and a lot of work to get the servers up again and to work property. He did this on 3 of our TF2 servers.

I went to our log files on servers.log files and did find the proof for this. You find it under here.
He is Admin on other servers like Tf2 Outposts servers, is that how TF2OP Admins are attacking others servers this days?

Very heavy trouble in there, in my opinion, i don't actually think a TF2Outpost admin did this, was the guy on your servers a impersonator using the real Regen's name to make trouble to the real Regen?

SR Actually doesn't solves problems about servers i guess, server hijacking is very serious, contact Valve about it: https://support.steampowered.com/kb_article.php?ref=1223-qroc-4460

Anyways, this report was the most heavy i ever seen on SteamRep history, i'll try to contact a SR admin quickiest as possible to solve this C:

1. The steam_id and ip adress does match the steam profile to regen. 100% match!
2. We have already reportet this to steam as well.
3. I have run [OBC] servers for over 2 years now, and never experiense a Admin from others communety did something like this before.

No, Regen used to be a [YBC] member. There have been issues between TF2Outpost and [YBC]/[OBC] but the issues may not be discussed right now.
When Regen was leaving [YBC] and joined TF2Outpost some anger was shown but it cooled off almost straight away.
But then Regen was showing some unrespective behavior at our servers and was straight up a bit childish.

This led to that we banned him and since he is a donator to our servers he may have reacted strongly to this and things lead to other things. Which probably led him to "hacking" our servers while noone was there to fix them at the moments.

Also another proof is when me and Regen spoke a long time ago while he was still in [YBC] we discussed internet and IP-adresses.
Since my dads work does not want to pay extra for my family to have one IP-Adress I get a new one everytime our internet is turned off.
Afterwards he told me his IP-Adress is the same all the time because his family paid for it to be that way. Unless he would want to change it that is.

-Percioz

So.... let me cauculate,
You guys banned Regen because of his childish behavior and maybe he got way too angry with you guys and in a form of revenge he hacked your servers and messed it up, that's it i guess.

We really need to contact TF2Outpost and other admins because that's a really, really big problem.

Contact me anytime, because i do want to help in this case.

Also: i apologise thinking it was a impersonator, i didn't remember the IP thingy :c

-Zombine

I think this would be an issue to bring up with TF2Outpost staff instead of here. Did he scam anyone? Are you absolutely 100% sure it's him?

How did he gain access to your servers? Were your server files leaked to the public? Are they protected? Etc.

Your servers didn't even go down long enough for it to be picked up by gametracker.

True, do you have an email or contact with the head admin there?

No he did not scam anyone but he messed up our server. If you read the .log file it says everything he did. Ban us from our server, unbanned himself, unloaded every plugin and so on.

He even tried at the end to remove the log file, which failed.

The added .log file is straight from the server logs. In there you can see 1 ip address messing around with our server.

Down in the .log you can see that Regen connects from the same IP as the IP that messed around.

The IP, himself, unbanned Regen. If you trace his IP you can find that it's in Norway, where Regen lives.

We were confused first but if you read the .log file it says that he runs rcon command.

Our guess is that he probably cracked the Rcon password and probably used HLSW type of program.

He didn't have access to the server files but he had access to every rcon command.

They were not leaked. Yes they are protected with Unique Login and Unique Password to server files and rcon. Completely different password.

I have no experience about gametracker but the server was taken down. We shutdown the server, removed his access to rcon (change pass), unbanned ourselves, gave back the ban to him then the server was up and running while we fixed the other problems. Server uptime was only a few minutes each since we had to restart to apply the changed we made to the server files. It wasn't down straight hours in row but with a uptime with a few only minutes and restarts it added up to hours. It took hours to go through the logs to finally find what he did and restore it. He removed everyone on our banlist so we had to find the right backup/check out forum logs and so on. Everything is there in the .log, It's all there black and white, clear as crystal. What other proof do we have to give if the server .log isn't enough?

Side note:
I'm one of the server Admin at OBC servers.

He most likely guessed the rcon password or that he was told of the rcon passwords before he was kicked out. Either way its a flaw on your end for not regularly changing or making your rcon password complex enough. Either way this should be something you should be speaking to Sneeza directly about, not dumping the link on every admins page.

And I don't take any files that can be edited by notepad or word to be any form of evidence.

As per the request of admins I'm going to be closing this report as no scam actually occurred.

If you still think this issue must be brought up, you may do so here:
http://steamcommunity.com/groups/tf2outpost
http://steamcommunity.com/groups/tf2opstaff

Marking as invalid.