PDA

View Full Version : Hi, protections by passed


Niko Bellic
01-03-2010, 19:33
Hi,

My server's protections got by passed by something I already had to deal with, but never found how to stop it.

Here is my server protections :

Write access managements
Firewall on TCP 27015
Anti-upload metamod plugin
Kigen A.C 1.1.9
Rcon Locker
DaF

All those protections got by passed by this exploit.
Console was flooded with :

CModelLoader::Map_IsValid: 'de_dust2' is not a valid BSP file
CModelLoader::Map_IsValid: 'de_dust2' is not a valid BSP file

(Happenned on 2 of my other servers in the same hour) Those error message are from a only D2 server running fine.

All clients trying to connect was dropped by server. Simple fix was this command : changelevel de_dust2 and everything was working again. Server did not crash, and seems like that lags wasn't so big for user playing on the servers, but as soon as they retry, they get dropped too.

The only things I can imagine to create this error and drop clients :

1) Flood with a connexion flood script, even trough ip ban (attackers connected 4 times in 20 minutes, because their ID was banned, and getting re-ip-banned every 5 minutes, that makes me think that they flooded connections while 20 minutes (and the goal of this script is to drop clients too))

2) Find a way to exec the changelevel command, server was flooded even with no one connected on it. I tested it with a cfg file on my server, and it dropped me the same way.

3) Find a way to edit the next map name, adding charmap or some invisible characters so it's not reconized, and flood it.

4) Use hacked CS:S DLL.


They did not use the easy way to by pass kigen anti-cheat & rcon locker lags protections (every version of KAC), because it wouldn't flood changelevel. Any idea on how they managed to do it ?

Kigen
01-03-2010, 19:53
Get D-FENS.

http://forums.alliedmods.net/showthread.php?t=109453

Niko Bellic
01-03-2010, 19:57
Anti-upload metamod plugin



Sorry I didn't remember the name when I was writing the post so I worte it like that, but it's already installed + read only files & directories (only logs can be writed)

And in DFENS logs no one tryed to upload illegal files, and even if it was the case they couldn't hit any maps or cfg files.

egor1908
01-04-2010, 06:26
This exploit was discussed somewhere, and there were few fixes suggested .. Google?

Please post following:

plugin_print
meta list
sm plugins list

Also, do you have eventscripts or Mani or anything else?