Sorry for the cross post I confused 2 different discussions in different threads while doing this on my mobile. My apologies. On Sep 4, 2015 9:49 AM, "Weasels Lair" <[email protected]> wrote:
> I don't run add at all on my servers any more, but in defense of MOTGgd, I > must say that when I was using ads, they have me the most options (such as > disabling video ads all together). I never saw any option to hide the ads > in the background. However there were some server-side plugins that could > be used to run other ads hidden in the background. This was not an MOTDgd > thing. I don't recall the ad network, but the thread may still be on the > SourceMod forums. In the end I decided that (as a player in my own servers) > I really didn't like the advertising, so I dropped all forms of it. > > More on topic, will setting sv_allowuploads on mods (like Fistful of Frags > as an example) actually accomplish anything? Or is this some deeper > underlying issue that requires Valve to update their SDK so that mod > authors may then have that option work as expected? > > PS: to each his own on liking or not liking the spray feature in various > games. I happen to host a least politically correct community, so it's kind > of ingrained in our "culture" in our case. :-) > On Sep 4, 2015 5:51 AM, "HD" <[email protected]> wrote: > > > > Then delete them? I just created a cron to flush certain folders on my > servers and even my client. If you do it manually for a client it takes > seconds, big deal. Sprays won’t disappear so you may as well get used to > the hentai or familiar with the process of delete. > > > > > > > > From: [email protected] [mailto: > [email protected]] On Behalf Of Valentin Puscoi > > Sent: Friday, September 04, 2015 7:41 AM > > > > To: Half-Life dedicated Win32 server mailing list > > Subject: Re: [hlds] PSA: Severe Source SDK 2013 Multiplayer exploit > found, can be used to hijack steam accounts. > > > > > > > > hopefully valve removes sprays all together, my downloads folder is > filled with hentai > > > > > > > > 2015-09-03 22:59 GMT+03:00 Refeek Yeglek <[email protected]>: > > > > Hi, I'm one of the developers for Team Fortress 2 Classic, a source mod > project. Recently, someone abused a bug present in Source SDK 2013 MP to > distribute viruses to quite a few of our players and developers. The way > they did it was by abusing a spray exploit present in the SDK 2013 MP > edition to upload a file pretending to be a spray to all players and > executing it. The technical info on how it works from one of our other > coders will be posted at the end of this email, but here's what you need to > know as a server owner: > > > > > > > > We don't know how many source games are vulnerable. The big name VALVe > ones aren't, but any sourcemod probably is. This includes ones on steam > like Fortress Forever, or Fistful of Frags. > > > > > > > > If you're running a server for a non-VALVe or bigname(Titanfall, GMOD, > etc.) Source Engine game, then here's what you need to do: > > > > > > > > 1. Set sv_upload to 0 on your server. > > > > > > > > 2. If you are a TF2C server host, shut your server down and start > scanning your server for viruses. > > > > > > > > 3. Pester valve to fix this ASAP. > > > > > > > > TL;DR: > > > > Sprays can be exploited to run code on people's systems and break into > accounts, we've had quite a few CS:GO and TF2 items lifted from accounts > and moved to trade alts and disappearing after that. Disable sprays ASAP if > you host a sourcemod multiplayer server. > > > > > > > > Here's the technical info for how stuff works: > > > > > > > > "The vulnerability is triggered by a missing check to see if a memory > allocation succeded in the loading of VTFs. When the material is loaded, > there is space allocated for the material. The crucial option in the using > of this exploit is the option to skip Mipmaps from the material. If, for > instance, the first mipmap is skipped, the game will copy the mipmap data > to buffer + size of first mipmap. When the memory allocation fails, the > buffer will be 0, because thats what malloc returns on out of memory. This > means, that the only factor determining where the block is put is > determined by the size of the first mipmap. This way you can put the data > in the second mipmap whereever you want, meaning you can write to a > predictable location in memory. This is additionally encouraged due to the > fact that ASLR is disabled for the module in question. From that point on > ROP is used to mark a controlled memory location executable and transfer > control to it, bypassing DEP. The distribution of the malicious material > file can be easily done through the use of the spray system, which uploads > a custom material to the server and distributes it. This is of course not > the only way to distribute it, but one used in this case. This is not > absolutely accurate and technical details have been left out due to them > not influencing this exploit." > > > > > > _______________________________________________ > > To unsubscribe, edit your list preferences, or view the list archives, > please visit: > > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds > > > > > > > > > > _______________________________________________ > > To unsubscribe, edit your list preferences, or view the list archives, > please visit: > > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds > > >
_______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds
