Have a link to that plugin?
Some used mani on my server to spam TIMELEFT all thetime via the console It's a script and uses @ commands like they were admins I simply used / as prefix instead and haven't seen it since.. (if somebody could use that info) Again, dos attack.. Look google for ddosattackerfix :) Fixes flood Right now i just need something to fix these crash joiners. It makes me so aggresive that people are so bored > From: [email protected] > To: [email protected] > Date: Sun, 15 Nov 2009 13:56:41 -0800 > Subject: Re: [hlds_linux] Serious new CSS crash exploit, possible other games > affected? > > Actually, Ronny, this is a pretty well known exploit. Some commands, > including "say", will treat commands coming from players with no entity as > having come from the console. The reference to a players entity is null > until he or she has "joined the game" (the step after connecting, when the > client has loaded everything. There should be a log line or console message > when it happens). > > This affected TF2 and there were commands that would crash the server since > the command expected a valid entity but the entity was null. The solution > for me was to write a plugin that blocks all commands coming from players > who are not yet in the game except for a known few like vban and vmodenable. > > There was a script floating around a while back on either this list or the > hlds one that showed exactly how to do this exploit. > > I don't know the command the guy is using to crash your server, but for TF2, > I think it was physics_select. There should be a Sourcemod plugin that can > show you every command players are running which will give you an idea as to > what the exploiter is doing. > > -----Original Message----- > From: [email protected] > [mailto:[email protected]] On Behalf Of Ronny > Schedel > Sent: Sunday, November 15, 2009 9:23 AM > To: Half-Life dedicated Linux server mailing list > Subject: Re: [hlds_linux] Serious new CSS crash exploit, possible other > games affected? > > > Please don't tell me this is a well known exploit. Sorry, but I don't see > malformed packets in the syslog related to this. > > > > Check the DMESG. You should see a bunch of malformed packets or UDP > > checksum errors. That's what I see when that stuff happens. It > > sometimes takes quite a few malformed packets/checksum errors before the > > server segfaults. > > > > Ronny Schedel wrote: > >> Hello, > >> > >> there is a new spam and crash exploit out there, we have seen it today on > >> our CS:S server. What happend? A player connected and was able to send > >> some > >> spam messages which looked like they came from the server console, the > >> players name is "h 4 x" in the following log. It seems the messages where > >> spammed during the connection, so I suppose he used a proxy to send > >> malformed packets during connection. After his spam, he connected again > >> and > >> crashed the server. > >> > >> Here the console spam: > >> > >> L 11/15/2009 - 17:22:38: "h 4 x<552><STEAM_ID_PENDING><>" connected, > >> address > >> "87.122.42.104:27005" > >> L 11/15/2009 - 17:22:38: "Console<0><Console><Console>" say "SPAM" > >> L 11/15/2009 - 17:22:38: "Console<0><Console><Console>" say "OWNED" > >> L 11/15/2009 - 17:22:38: "Console<0><Console><Console>" say "SPAM" > >> L 11/15/2009 - 17:22:38: "Console<0><Console><Console>" say "SPAM" > >> L 11/15/2009 - 17:22:38: "Console<0><Console><Console>" say "Wollt ihr > >> dieses Script kaufen?" > >> L 11/15/2009 - 17:22:38: "Console<0><Console><Console>" say "Dann added > >> ruhsi643 in Steam" > >> L 11/15/2009 - 17:22:38: "Console<0><Console><Console>" say "SPAM" > >> L 11/15/2009 - 17:22:38: "Console<0><Console><Console>" say "HACKED" > >> L 11/15/2009 - 17:22:38: "Console<0><Console><Console>" say "SPAM" > >> L 11/15/2009 - 17:22:38: "Console<0><Console><Console>" say "OWNED" > >> L 11/15/2009 - 17:22:38: "Console<0><Console><Console>" say "SPAM" > >> L 11/15/2009 - 17:22:38: "Console<0><Console><Console>" say "SPAM" > >> L 11/15/2009 - 17:22:38: "Console<0><Console><Console>" say "Wollt ihr > >> dieses Script kaufen?" > >> L 11/15/2009 - 17:22:38: "Console<0><Console><Console>" say "Dann added > >> ruhsi643 in Steam" > >> L 11/15/2009 - 17:22:38: "Console<0><Console><Console>" say "SPAM" > >> L 11/15/2009 - 17:22:38: "Console<0><Console><Console>" say "HACKED" > >> L 11/15/2009 - 17:22:38: "Console<0><Console><Console>" say "SPAM" > >> L 11/15/2009 - 17:22:39: "Console<0><Console><Console>" say "OWNED" > >> L 11/15/2009 - 17:22:39: "Console<0><Console><Console>" say "SPAM" > >> L 11/15/2009 - 17:22:39: "Console<0><Console><Console>" say "SPAM" > >> L 11/15/2009 - 17:22:39: "Console<0><Console><Console>" say "Wollt ihr > >> dieses Script kaufen?" > >> L 11/15/2009 - 17:22:39: "Console<0><Console><Console>" say "Dann added > >> ruhsi643 in Steam" > >> L 11/15/2009 - 17:22:39: "Console<0><Console><Console>" say "SPAM" > >> L 11/15/2009 - 17:22:39: "Console<0><Console><Console>" say "HACKED" > >> L 11/15/2009 - 17:22:39: "Console<0><Console><Console>" say "SPAM" > >> L 11/15/2009 - 17:22:39: "Console<0><Console><Console>" say "OWNED" > >> L 11/15/2009 - 17:22:39: "Console<0><Console><Console>" say "SPAM" > >> L 11/15/2009 - 17:22:39: "Console<0><Console><Console>" say "SPAM" > >> L 11/15/2009 - 17:22:39: "h 4 x<552><STEAM_0:0:17742854><>" STEAM USERID > >> validated > >> L 11/15/2009 - 17:22:39: "Console<0><Console><Console>" say "SPAM" > >> L 11/15/2009 - 17:22:39: "Console<0><Console><Console>" say "SPAM" > >> L 11/15/2009 - 17:22:39: "Console<0><Console><Console>" say "Wollt ihr > >> dieses Script kaufen?" > >> L 11/15/2009 - 17:22:39: "Console<0><Console><Console>" say "Dann added > >> ruhsi643 in Steam" > >> L 11/15/2009 - 17:22:39: "Console<0><Console><Console>" say "SPAM" > >> L 11/15/2009 - 17:22:39: "Console<0><Console><Console>" say "HACKED" > >> L 11/15/2009 - 17:22:39: "Console<0><Console><Console>" say "SPAM" > >> L 11/15/2009 - 17:22:39: "Console<0><Console><Console>" say "OWNED" > >> L 11/15/2009 - 17:22:39: "Console<0><Console><Console>" say "SPAM" > >> L 11/15/2009 - 17:22:39: "Console<0><Console><Console>" say "SPAM" > >> L 11/15/2009 - 17:22:39: "Console<0><Console><Console>" say "Wollt ihr > >> dieses Script kaufen?" > >> L 11/15/2009 - 17:22:39: "Console<0><Console><Console>" say "Dann added > >> ruhsi643 in Steam" > >> L 11/15/2009 - 17:22:39: "Console<0><Console><Console>" say "SPAM" > >> L 11/15/2009 - 17:22:39: "Console<0><Console><Console>" say "HACKED" > >> L 11/15/2009 - 17:22:39: "Console<0><Console><Console>" say "SPAM" > >> L 11/15/2009 - 17:22:39: "Console<0><Console><Console>" say "OWNED" > >> L 11/15/2009 - 17:22:39: "Console<0><Console><Console>" say "SPAM" > >> L 11/15/2009 - 17:22:39: "Console<0><Console><Console>" say "SPAM" > >> L 11/15/2009 - 17:22:39: "Console<0><Console><Console>" say "Wollt ihr > >> dieses Script kaufen?" > >> L 11/15/2009 - 17:22:39: "Console<0><Console><Console>" say "Dann added > >> ruhsi643 in Steam" > >> L 11/15/2009 - 17:22:40: "h 4 x<552><STEAM_0:0:17742854><>" disconnected > >> (reason "Disconnect by user.") > >> > >> The last log line is: > >> > >> L 11/15/2009 - 17:27:00: "CRASHED BY ruhsi643 ADDET > >> ruhsi<557><STEAM_ID_PENDING><>" connected, address "87.122.42.104:27005" > >> > >> After this line, the server crashed. This is the last line, because we > >> run > >> our server with logflush. > >> > >> Best regards > >> > >> Ronny Schedel > >> > >> > >> _______________________________________________ > >> To unsubscribe, edit your list preferences, or view the list archives, > >> please visit: > >> http://list.valvesoftware.com/mailman/listinfo/hlds_linux > >> > >> > > > > _______________________________________________ > > To unsubscribe, edit your list preferences, or view the list archives, > > please visit: > > http://list.valvesoftware.com/mailman/listinfo/hlds_linux > > > > > _______________________________________________ > To unsubscribe, edit your list preferences, or view the list archives, > please visit: > http://list.valvesoftware.com/mailman/listinfo/hlds_linux > > > _______________________________________________ > To unsubscribe, edit your list preferences, or view the list archives, please > visit: > http://list.valvesoftware.com/mailman/listinfo/hlds_linux _________________________________________________________________ Nej, det er ikke svært at samle alle vennerne fra Hotmail, Myspace og Facebook på Messenger. Læs mere her http://www.microsoft.com/danmark/windows/windowslive/import-friends/ _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
