Hmmm, you’re right. I did the test again and now the listdeaths command can’t even be executed from server’s console.
From: Invalid Protocol [mailto:[email protected]] Sent: Tuesday, June 19, 2012 11:08 PM To: 'Half-Life dedicated Win32 server mailing list' Subject: RE: [hlds] New Exploit to crash a server [Console flooding] I did a test before sending the email and after the alias was created the listdeaths command did nothing. Is same fix suggested by 1nsane for floods using status command. You only need a plugin if you want to log or to ban the players… From: [email protected] [mailto:[email protected]] On Behalf Of Petar Obradovic Sent: Tuesday, June 19, 2012 9:45 PM To: Half-Life dedicated Win32 server mailing list Subject: Re: [hlds] New Exploit to crash a server [Console flooding] I just tried the alias listdeaths "" command, executed it via RCON but I was still able to crash my server even by entering the listdeaths command once on client side. It didn't seem to matter how long the server was up, it would still crash regardless. I ended up making a small SourceMod plugin which blocks the command and logs the client who did it. That seemed to do the trick for me. Feel free to look at the source code and compile it yourself. http://pastebin.com/kdYz3nuF On Tue, Jun 19, 2012 at 7:44 PM, Jason <[email protected]> wrote: So that line in the server.cfg is all that's needed until this is patched? If so, thank you very much for that. On Tue, Jun 19, 2012 at 3:38 AM, Invalid Protocol <[email protected]> wrote: Add this line to server’s config for a fast/easy fix: alias listdeaths "" Type the alias command to server’s console too, otherwise the server will be vulnerable until map changes. From: [email protected] [mailto:[email protected]] On Behalf Of Bobby Light Sent: Tuesday, June 19, 2012 8:41 AM To: [email protected] Subject: [hlds] New Exploit to crash a server [Console flooding] Saw this via Reddit, and this can crash a server within seconds. I hope this can be patched soon. Steps: This is all done in the console, or it can be done in autoexec alias crash "listdeaths;listdeaths;listdeaths;listdeaths;listdeaths;listdeaths;listdeaths;listdeaths;listdeaths;listdeaths;listdeaths;listdeaths;listdeaths;listdeaths;listdeaths;listdeaths;listdeaths;listdeaths;listdeaths;listdeaths;listdeaths" then you simply bind u "crash" This will display a lot of crap in the console of all the deaths that have occurred so far. Especially on 24/7 servers. _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds
_______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds
