this does work and works a little to well hehe. how it works is that when someone say something the log file has what keeper said before
L 06/23/2008 - 01:00:00: "Keeper<1><STEAM_0:1:12345678><Unassigned>" say "L 06/23/2008 - 01:00:00: Started map "dm_no_such_map" (CRC "-123456789")" now when it hlstatsx phrases that line is doesn't look where the date stamp is, it just looks for the date stamp and phrases from there. it completely ignores whats in quotes and what is not. so anything that looks like a log line it will treat it as one. JDoc0512 wrote: > would you explain in more detail? so what exactly am I supposed to type to > "trick" hlstatsx? I've honestly never heard of this from lart or anyone > involved in custom hlstatsx script so I don't really think this problem > exists but just in case it does, I would like to learn about the details. > thanks. > > --- On Mon, 6/23/08, Keeper <[EMAIL PROTECTED]> wrote: > > From: Keeper <[EMAIL PROTECTED]> > Subject: [hlds] HLStastX usage > To: "'Half-Life dedicated Win32 server mailing list'" > <[email protected]>, "'Half-Life dedicated Linux server mailing > list'" <[EMAIL PROTECTED]> > Date: Monday, June 23, 2008, 10:22 AM > > Ok, here is the exploit ... and one way to fix it. > > If you are playing in a server that has HLStatsX installed, you can put log > output in chat to create fake events. > > You can just say or say_team the following to trick HLStatsX: > > L 06/23/2008 - 01:00:00: Started map "dm_no_such_map" (CRC > "-123456789") > > The log output would be: > > L 06/23/2008 - 01:00:00: > "Keeper<1><STEAM_0:1:12345678><Unassigned>" say > "L > 06/23/2008 - 01:00:00: Started map "dm_no_such_map" (CRC > "-123456789")" > > The way the current hlstats.pl perl script parses this, is it looks for the > last occurrence of the date stamp. In this case, it would show that > dm_no_such_map was loaded on your server ... even though it doesn't exist. > So you could logically put in headshot kills with crowbars in hl2dm. Create > fake captures and kills in TF2. You could even mimic VAC Bans that would > eliminate players from being able to join servers with HLStatsX installed. > > These exploits could range from being a small nuisance, to being a huge > headache for server operators. > > To fix this, and I'm no regex expert, I found the following to work with > both streaming servers and importing logs from the command shell: > > In your hlstats.pl files do the following two things: > > [#1 - SEARCH] ( around line 1494 ) > my $last_attacker = ""; > my $last_attacker_hitgroup = ""; > [ADD AFTER] > my $is_streamed = 0; > my $test_for_date = 0; > [END]------------------------------------------------------------ > > [#2 - SEARCH] ( around line 1821 ) > # Get the datestamp (or complain) > if ($s_output =~ s/^.*L (\d\d)\/(\d\d)\/(\d{4}) - > (\d\d):(\d\d):(\d\d):\s*//) > { > [REPLACE WITH] > # Get the datestamp (or complain) > $is_streamed = 0; > $test_for_date = 0; > $is_streamed = ($s_output !~ m/^L\s*/); > > if ( !$is_streamed ) { > $test_for_date = ($s_output =~ s/^L > (\d\d)\/(\d\d)\/(\d{4}) - > (\d\d):(\d\d):(\d\d):\s*//); > } else { > $test_for_date = ($s_output =~ s/^\S*L > (\d\d)\/(\d\d)\/(\d{4}) - > (\d\d):(\d\d):(\d\d):\s*//); > } > > if ($test_for_date) > { > [END]------------------------------------------------------------ > > This will allow the hlstats.pl parser to get the full event after the FIRST > log stamp, and will stop this method of spoofing. > > Let me state, that I in no way support HLStatsX, nor will I do so in the > future. But I wanted to post about this so server operators could keep the > integrity of their databases. > > Keeper > > > _______________________________________________ > To unsubscribe, edit your list preferences, or view the list archives, please > visit: > http://list.valvesoftware.com/mailman/listinfo/hlds > > > > _______________________________________________ > To unsubscribe, edit your list preferences, or view the list archives, please > visit: > http://list.valvesoftware.com/mailman/listinfo/hlds > > > _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
