While not a good solution at all. Have you tried aliasing status to nothing?
"alias status" This will obviously disable the status command entirely. But perhaps it won't kill the server then? On Tue, Jun 12, 2012 at 7:49 PM, Alvaro Gutierrez Lorenzo < [email protected]> wrote: > Sorry for the "double mail", I just though that if the fix for that > removed the cooldown time for status, there would be no protection over > this command, making possible this attack. > Invalid Protocol mentionned this protection on an earlier mail. > > Is it a silly idea? I've never experienced such cooldown protection, that > would explain why. > > > El 13/06/2012 1:31, Joe Brown escribió: > >> This was used (and may still be) in hacks as a way to stop admins from >> using the status command to see your STEAMID in the client console. >> Spamming it like that blocked all clients connected to the server from >> being able to use the status command, preventing or extending the time it >> takes to ban someone. >> >> Correct me if I'm wrong but I thought the was fixed in an update. >> >> Date: Wed, 13 Jun 2012 01:23:23 +0200 >>> From: [email protected] >>> To: [email protected].**com<[email protected]> >>> Subject: Re: [hlds_linux] Overflow attack to Source servers >>> >>> That's a critical detail I forgot to mention, so sorry: RCON is port >>> closed, so every attempt to access RCON gives a "Time Out". >>> >>> I'm totally sure it's "status", here I paste an excerpt from the SMAC >>> log, made just by the same plugin you suggest: >>> >>> Sat Mar 31 14:56:34 2012: Console<0><Console><Console> executes: status >>> Sat Mar 31 14:56:34 2012: Console<0><Console><Console> executes: status >>> Sat Mar 31 14:56:34 2012: Console<0><Console><Console> executes: status >>> Sat Mar 31 14:56:34 2012: Console<0><Console><Console> executes: status >>> Sat Mar 31 14:56:34 2012: Console<0><Console><Console> executes: status >>> Sat Mar 31 14:56:34 2012: Console<0><Console><Console> executes: status >>> Sat Mar 31 14:56:34 2012: Console<0><Console><Console> executes: status >>> Sat Mar 31 14:56:34 2012: Console<0><Console><Console> executes: status >>> Sat Mar 31 14:56:34 2012: Console<0><Console><Console> executes: status >>> ... >>> >>> (Well an this goes on for thousands and thousands of lines, making >>> pretty ~1GB files each day XD) >>> >>> I added status as a SMAC blocked command, still no luck. (used >>> smac_addcmd as stated in the link you provided, but as you say SMAC wont >>> block commands coming from the server). >>> >>> The command can be captured and processed prom a plugin, but in every >>> teast I made I always got client 0 (console) as the triggerer, (of >>> course testing from the game, through a clean client account, not from >>> console). I think the server has never blocked me from executing status, >>> even reproducing the attack (which is just spamming status from a game's >>> client console). >>> >>> The server would block it surely if it was marked as client triggered. >>> At least where I can personally try (TF2 dedicated, Linux), it's always >>> executed as from console. Some other server owners are working with me >>> on this, and this works like this on their's too (CSS and CSGO confirmed >>> to be vulnerable to this attack too). >>> >>> Something that comes to my mind is if some "lower" addon like Metamod >>> is actually always deflecting this command through the console; I need >>> to try again on a clean install to check it. >>> >> >> ______________________________**_________________ >> To unsubscribe, edit your list preferences, or view the list archives, >> please visit: >> https://list.valvesoftware.**com/cgi-bin/mailman/listinfo/**hlds_linux<https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux> >> > > > ______________________________**_________________ > To unsubscribe, edit your list preferences, or view the list archives, > please visit: > https://list.valvesoftware.**com/cgi-bin/mailman/listinfo/**hlds_linux<https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux> > _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux
