CS:R-associated threat actors strike fragMt. again.
2026-04-11 00:00:00 -
We’ve been SQL injected oncemore.
In fragMount’s beginning, January 18th-January 28th, we suffered a series of SQL injection attacks from unknown sources that had truncated many of our player inventories – truncated, in SQL, meaning just straight up wiped with the skeleton structure left. I took security measures, frequent back-ups, and fixes towards trade-ups and case openings that had been revealed to me in feburary.
Dear Mysterious Opsec Femboy, I appreciate your efforts.
Thankfully, the precautions have led to minimal player damage to the database – no skins were deleted. However, left by said opsec femboy, was a large amount of bloated skins have been added to the database, and the risk of potential editing of other player’s items remains. For the next forseeable hopefully I can get it done in 1, maybe 2 days-ish, unfortunately all fragMount servers will be down ...:
fragMount NA (na.fragmount.net)
fragMount EU (eu.fragmount.net)
larkMt. (Game Coordinator)
fragDB (The MariaDB, holds inventory+profiles)
fragSocial (fragmount.net \ social features)
fragStatic (fragmount.net \ static content)
d4e (frytt’s CDN for fragMount)
... so that I may audit, remove the category of items added (all untradeables*), patch the exploit they used** and ban those responsible.
Now, to speak on those stars.
I know of many people who recieved custom admin items for their service in the community. Unfortunately – we are going nuclear. Many of your custom items are set as untradeable, and due to the scale of these bloat items on the DB, we’ll have to get rid of them all. You will indeed be able to recieve those back. Examples of people I know that might be affected: Shelbo, b0xyy, kit, cxr_reave, etc.
I knew exactly what exploit they’ve been using. Only three people I knew, knew it. I never thought it would see the light of day – and the reason why I didn’t patch it, was that it was complicated but method kept safe.
EDIT: The projekt is indeed back up. The hacks were futile and many were repaired.