The command block plugin is a Lua script I wrote for my SourceOP plugin and
wouldn't help since the released version of SourceOP doesn't have that
functionality.
But, if you meant the Sourcemod plugin to see all commands run by users, I
don't have a link, but Nephyrin said he wrote this:
public Action:OnClientCommand(client, args)
{
decl String:argstr[1024];
decl String:cmd[256];
GetCmdArg(0, cmd, sizeof(cmd));
GetCmdArgString(argstr, sizeof(argstr));
LogAction(client, -1, "%L issued client command \"%s\" with args
\"%s\"", client, cmd, argstr);
return Plugin_Continue;
}
This is his entire plugin:
http://pastebin.com/m1a64b18f
You could probably extend it to block commands from players with null
entities.
-----Original Message-----
From: [email protected]
[mailto:[email protected]] On Behalf Of Jacob Juul
Sent: Sunday, November 15, 2009 2:29 PM
To: [email protected]
Subject: Re: [hlds_linux] Serious new CSS crash exploit, possible other
games affected?
Have a link to that plugin?
Some used mani on my server to spam TIMELEFT all thetime via the console
It's a script and uses @ commands like they were admins
I simply used / as prefix instead and haven't seen it since.. (if somebody
could use that info)
Again, dos attack.. Look google for ddosattackerfix :) Fixes flood
Right now i just need something to fix these crash joiners. It makes me so
aggresive that people are so bored
> From: [email protected]
> To: [email protected]
> Date: Sun, 15 Nov 2009 13:56:41 -0800
> Subject: Re: [hlds_linux] Serious new CSS crash exploit, possible other
games affected?
>
> Actually, Ronny, this is a pretty well known exploit. Some commands,
> including "say", will treat commands coming from players with no entity as
> having come from the console. The reference to a players entity is null
> until he or she has "joined the game" (the step after connecting, when the
> client has loaded everything. There should be a log line or console
message
> when it happens).
>
> This affected TF2 and there were commands that would crash the server
since
> the command expected a valid entity but the entity was null. The solution
> for me was to write a plugin that blocks all commands coming from players
> who are not yet in the game except for a known few like vban and
vmodenable.
>
> There was a script floating around a while back on either this list or the
> hlds one that showed exactly how to do this exploit.
>
> I don't know the command the guy is using to crash your server, but for
TF2,
> I think it was physics_select. There should be a Sourcemod plugin that can
> show you every command players are running which will give you an idea as
to
> what the exploiter is doing.
>
> -----Original Message-----
> From: [email protected]
> [mailto:[email protected]] On Behalf Of Ronny
> Schedel
> Sent: Sunday, November 15, 2009 9:23 AM
> To: Half-Life dedicated Linux server mailing list
> Subject: Re: [hlds_linux] Serious new CSS crash exploit, possible other
> games affected?
>
>
> Please don't tell me this is a well known exploit. Sorry, but I don't see
> malformed packets in the syslog related to this.
>
>
> > Check the DMESG. You should see a bunch of malformed packets or UDP
> > checksum errors. That's what I see when that stuff happens. It
> > sometimes takes quite a few malformed packets/checksum errors before the
> > server segfaults.
> >
> > Ronny Schedel wrote:
> >> Hello,
> >>
> >> there is a new spam and crash exploit out there, we have seen it today
on
> >> our CS:S server. What happend? A player connected and was able to send
> >> some
> >> spam messages which looked like they came from the server console, the
> >> players name is "h 4 x" in the following log. It seems the messages
where
> >> spammed during the connection, so I suppose he used a proxy to send
> >> malformed packets during connection. After his spam, he connected again
> >> and
> >> crashed the server.
> >>
> >> Here the console spam:
> >>
> >> L 11/15/2009 - 17:22:38: "h 4 x<552><STEAM_ID_PENDING><>" connected,
> >> address
> >> "87.122.42.104:27005"
> >> L 11/15/2009 - 17:22:38: "Console<0><Console><Console>" say "SPAM"
> >> L 11/15/2009 - 17:22:38: "Console<0><Console><Console>" say "OWNED"
> >> L 11/15/2009 - 17:22:38: "Console<0><Console><Console>" say "SPAM"
> >> L 11/15/2009 - 17:22:38: "Console<0><Console><Console>" say "SPAM"
> >> L 11/15/2009 - 17:22:38: "Console<0><Console><Console>" say "Wollt ihr
> >> dieses Script kaufen?"
> >> L 11/15/2009 - 17:22:38: "Console<0><Console><Console>" say "Dann added
> >> ruhsi643 in Steam"
> >> L 11/15/2009 - 17:22:38: "Console<0><Console><Console>" say "SPAM"
> >> L 11/15/2009 - 17:22:38: "Console<0><Console><Console>" say "HACKED"
> >> L 11/15/2009 - 17:22:38: "Console<0><Console><Console>" say "SPAM"
> >> L 11/15/2009 - 17:22:38: "Console<0><Console><Console>" say "OWNED"
> >> L 11/15/2009 - 17:22:38: "Console<0><Console><Console>" say "SPAM"
> >> L 11/15/2009 - 17:22:38: "Console<0><Console><Console>" say "SPAM"
> >> L 11/15/2009 - 17:22:38: "Console<0><Console><Console>" say "Wollt ihr
> >> dieses Script kaufen?"
> >> L 11/15/2009 - 17:22:38: "Console<0><Console><Console>" say "Dann added
> >> ruhsi643 in Steam"
> >> L 11/15/2009 - 17:22:38: "Console<0><Console><Console>" say "SPAM"
> >> L 11/15/2009 - 17:22:38: "Console<0><Console><Console>" say "HACKED"
> >> L 11/15/2009 - 17:22:38: "Console<0><Console><Console>" say "SPAM"
> >> L 11/15/2009 - 17:22:39: "Console<0><Console><Console>" say "OWNED"
> >> L 11/15/2009 - 17:22:39: "Console<0><Console><Console>" say "SPAM"
> >> L 11/15/2009 - 17:22:39: "Console<0><Console><Console>" say "SPAM"
> >> L 11/15/2009 - 17:22:39: "Console<0><Console><Console>" say "Wollt ihr
> >> dieses Script kaufen?"
> >> L 11/15/2009 - 17:22:39: "Console<0><Console><Console>" say "Dann added
> >> ruhsi643 in Steam"
> >> L 11/15/2009 - 17:22:39: "Console<0><Console><Console>" say "SPAM"
> >> L 11/15/2009 - 17:22:39: "Console<0><Console><Console>" say "HACKED"
> >> L 11/15/2009 - 17:22:39: "Console<0><Console><Console>" say "SPAM"
> >> L 11/15/2009 - 17:22:39: "Console<0><Console><Console>" say "OWNED"
> >> L 11/15/2009 - 17:22:39: "Console<0><Console><Console>" say "SPAM"
> >> L 11/15/2009 - 17:22:39: "Console<0><Console><Console>" say "SPAM"
> >> L 11/15/2009 - 17:22:39: "h 4 x<552><STEAM_0:0:17742854><>" STEAM
USERID
> >> validated
> >> L 11/15/2009 - 17:22:39: "Console<0><Console><Console>" say "SPAM"
> >> L 11/15/2009 - 17:22:39: "Console<0><Console><Console>" say "SPAM"
> >> L 11/15/2009 - 17:22:39: "Console<0><Console><Console>" say "Wollt ihr
> >> dieses Script kaufen?"
> >> L 11/15/2009 - 17:22:39: "Console<0><Console><Console>" say "Dann added
> >> ruhsi643 in Steam"
> >> L 11/15/2009 - 17:22:39: "Console<0><Console><Console>" say "SPAM"
> >> L 11/15/2009 - 17:22:39: "Console<0><Console><Console>" say "HACKED"
> >> L 11/15/2009 - 17:22:39: "Console<0><Console><Console>" say "SPAM"
> >> L 11/15/2009 - 17:22:39: "Console<0><Console><Console>" say "OWNED"
> >> L 11/15/2009 - 17:22:39: "Console<0><Console><Console>" say "SPAM"
> >> L 11/15/2009 - 17:22:39: "Console<0><Console><Console>" say "SPAM"
> >> L 11/15/2009 - 17:22:39: "Console<0><Console><Console>" say "Wollt ihr
> >> dieses Script kaufen?"
> >> L 11/15/2009 - 17:22:39: "Console<0><Console><Console>" say "Dann added
> >> ruhsi643 in Steam"
> >> L 11/15/2009 - 17:22:39: "Console<0><Console><Console>" say "SPAM"
> >> L 11/15/2009 - 17:22:39: "Console<0><Console><Console>" say "HACKED"
> >> L 11/15/2009 - 17:22:39: "Console<0><Console><Console>" say "SPAM"
> >> L 11/15/2009 - 17:22:39: "Console<0><Console><Console>" say "OWNED"
> >> L 11/15/2009 - 17:22:39: "Console<0><Console><Console>" say "SPAM"
> >> L 11/15/2009 - 17:22:39: "Console<0><Console><Console>" say "SPAM"
> >> L 11/15/2009 - 17:22:39: "Console<0><Console><Console>" say "Wollt ihr
> >> dieses Script kaufen?"
> >> L 11/15/2009 - 17:22:39: "Console<0><Console><Console>" say "Dann added
> >> ruhsi643 in Steam"
> >> L 11/15/2009 - 17:22:40: "h 4 x<552><STEAM_0:0:17742854><>"
disconnected
> >> (reason "Disconnect by user.")
> >>
> >> The last log line is:
> >>
> >> L 11/15/2009 - 17:27:00: "CRASHED BY ruhsi643 ADDET
> >> ruhsi<557><STEAM_ID_PENDING><>" connected, address
"87.122.42.104:27005"
> >>
> >> After this line, the server crashed. This is the last line, because we
> >> run
> >> our server with logflush.
> >>
> >> Best regards
> >>
> >> Ronny Schedel
> >>
> >>
> >> _______________________________________________
> >> To unsubscribe, edit your list preferences, or view the list archives,
> >> please visit:
> >> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
> >>
> >>
> >
> > _______________________________________________
> > To unsubscribe, edit your list preferences, or view the list archives,
> > please visit:
> > http://list.valvesoftware.com/mailman/listinfo/hlds_linux
> >
>
>
> _______________________________________________
> To unsubscribe, edit your list preferences, or view the list archives,
> please visit:
> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>
>
> _______________________________________________
> To unsubscribe, edit your list preferences, or view the list archives,
please visit:
> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
_________________________________________________________________
Nej, det er ikke svært at samle alle vennerne fra Hotmail, Myspace og
Facebook på Messenger. Læs mere her
http://www.microsoft.com/danmark/windows/windowslive/import-friends/
_______________________________________________
To unsubscribe, edit your list preferences, or view the list archives,
please visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux
_______________________________________________
To unsubscribe, edit your list preferences, or view the list archives, please
visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux
