NOT NEEDED ANYMORE

Example output:
http://i.imgur.com/h9hUP.png

Install:
-Download the binary according to your platform and place it in your extensions folder
-Download the .txt and place it in your gamedata
-Create a blank file called fileprotect.autoload in your extensions folder

It won't tell you who uploaded the file (altho with more reverse-engineering I may be able to come up with a method to tell that) but at least it will protect against uploads and also log the blocked files. After spending hours this seemed to be the best way to do it as there's no function BEFORE the file is put in it's correct location to tell it's final path.

Credit goes to AzuiSleet for the IsValidFile function.

Changelog:
2012.10.28
-Code cleanup (already...), older version still works
2012.10.29
-Added protection against file downloads
2013.02.14
-Updated gamedata thanks to Peace-Maker

-Reserved-

The extension is considered done for now and fully working. By detouring CGameClient::FileRequested I would be able to tell who tried to download a specific file although unless I come up with something for uploads I won't do that.

AWESOME !!

Works flawlessly! Thank you so much :)

Nice! It seems to work with CS:GO, although my logs are getting spammed with this message:

L 10/31/2012 - 11:10:10: [FileProtect] Downloading file 'downloads/1ab72a88.dat' has been blocked.

Nice! It seems to work with CS:GO, although my logs are getting spammed with this message:

L 10/31/2012 - 11:10:10: [FileProtect] Downloading file 'downloads/1ab72a88.dat' has been blocked.

i will look into it altho this line:

(len == 22 && strncmp(filename, "downloads/", 10) == 0 && strncmp(filename + len - 4, ".dat", 4) == 0)

should allow such files rather than blocking them

i will look into it altho this line:

(len == 22 && strncmp(filename, "downloads/", 10) == 0 && strncmp(filename + len - 4, ".dat", 4) == 0)

should allow such files rather than blocking them

I don't know the programming syntax, but for strncmp(filename + len - 4, ".dat", 4) == 0), shouldn't you use a substring compare instead? (i.e. strncmp(filename.substr(len - 4), ".dat", 4) == 0). Unless you're certain that "filename + len - 4" should return the last 4 characters of the filename string.

I don't know the programming syntax, but for strncmp(filename + len - 4, ".dat", 4) == 0), shouldn't you use a substring compare instead? (i.e. strncmp(filename.substr(len - 4), ".dat", 4) == 0). Unless you're certain that "filename + len - 4" should return the last 4 characters of the filename string.

strncmp takes a char pointer, filename is a char pointer as well, filename + len is the pointer to the null terminator and -4 should point to the dot character

btw i will check it out hopefully today, i just installed windows 8 and still have to download and install visual studio etc

Ohh yes that makes a lot more sense now. Well if it's any help, the only file showing up in the logs as blocked is downloads/1ab72a88.dat, and not any of the other .dat files.

This extension no longer works after the 1/23 cs:go update.


L 01/30/2013 - 20:57:25: SourceMod error session started
L 01/30/2013 - 20:57:25: Info (map "ar_lego_arena") (file "errors_20130130.log")
L 01/30/2013 - 20:57:25: [SM] Unable to load extension "fileprotect.ext": Failed to locate CheckReceivingList function.
L 01/30/2013 - 21:54:35: Error log file session closed.

i will get the new signature sometime this week, im kinda busy right now

Fine but if my server gets attacked in the meantime I'm blaming you. =P

Didn't even notice it broke - no autoload file :S

Yeah why no autoload file?

At least add info in first post that if extension wont work, make sure you have empty file called fileprotect.autoload in extensions folder

Yeah why no autoload file?

At least add info in first post that if extension wont work, make sure you have empty file called fileprotect.autoload in extensions folder

-Create a blank file called fileprotect.autoload in your extensions folder

that line has been there always :p:3

oh well... thanks for extension anyway :up:

Anyone in the mood to update the gamedata on this?

Anyone in the mood to update the gamedata on this?

which platform

which platform

CSGO, I am getting failed to load function for CheckReceivingList when attempting to load it.

CSGO, I am getting failed to load function for CheckReceivingList when attempting to load it.

windows/linux?

Sorry I had a moment.. Super late... Haha, for windows.

Sorry I had a moment.. Super late... Haha, for windows.

okay ill put the files on my skydrive and check it out at the university, i will update the gamedata today

umm the signature should be fine, ive just checked the latest windows binaries

edit: just tested on live windows server as well, loaded jsut fine with the old signature

umm the signature should be fine, ive just checked the latest windows binaries

edit: just tested on live windows server as well, loaded jsut fine with the old signature

Thanks for the info. It seems the extension file itself was also modified on our server. Didn't notice that its modify date was the same as the malicious plugins.

Seems to be just fine now.

[04] Equinox File Upload/Download Fix (1.0.0): Bite me alien boi

Nice job, now waiting on valve. Hope they wake up, never heard about this issue. But i dont like it :down: Nice fix :)

Thanks for the extension, really appreciate it.

do I dl the fileprotect_sc zip? or just the other ones?

my Norton detected https://forums.alliedmods.net/images/attach/dll.gif fileprotect.ext.2.csgo.dll (https://forums.alliedmods.net/attachment.php?attachmentid=111607&d=1351547881) (80.5 KB, 139 views) not safe and was deleted. Please confirm this

my Norton detected https://forums.alliedmods.net/images/attach/dll.gif fileprotect.ext.2.csgo.dll (https://forums.alliedmods.net/attachment.php?attachmentid=111607&d=1351547881) (80.5 KB, 139 views) not safe and was deleted. Please confirm this

If you had looked at the detection, it wasn't saying that it wasn't safe, just that it wasn't common (as is to be expected).

https://www.virustotal.com/en/file/1c0df5338d5443970d79b5a9ada3e2582fcf9c2491035 216f66f0e3e6e8c4141/analysis/1379278067/

It's not a virus or any sort of badware.

Do I need to download fileprotect_src.zip? or just the other 3





https://forums.alliedmods.net/images/attach/zip.gif fileprotect_src.zip (https://forums.alliedmods.net/attachment.php?attachmentid=111606&d=1351547865) (10.0 KB, 197 views) https://forums.alliedmods.net/images/attach/dll.gif fileprotect.ext.2.csgo.dll (https://forums.alliedmods.net/attachment.php?attachmentid=111607&d=1351547881) (80.5 KB, 139 views) https://forums.alliedmods.net/images/attach/so.gif fileprotect.ext.2.csgo.so (https://forums.alliedmods.net/attachment.php?attachmentid=111608&d=1351547891) (190.0 KB, 149 views) https://forums.alliedmods.net/images/attach/txt.gif fileprotect.txt (https://forums.alliedmods.net/attachment.php?attachmentid=115924&d=1360824103) (789 Bytes, 136 views)

Install:
-Download the binary according to your platform and place it in your extensions folder
-Download the .txt and place it in your gamedata
-Create a blank file called fileprotect.autoload in your extensions folder

The instructions cover that fairly well.

On Windows server, my logs get massive spam with line:

Downloading file 'downloads/1ab72a88.dat' has been blocked.

It cause 1-day log to achieve impressive 3,6 MB size. Is it possible not to log this activity or turn off logging at all?

On Windows server, my logs get massive spam with line:

bool IsValidFile(const char * file)
{
char * filename = new char[strlen(file)+1];
if(filename == NULL)
return false;

INetworkStringTable *downloads = netstringtables->FindTable("downloadables");
if(downloads == NULL)
{
g_pSM->LogError(myself, "Missing downloadables string table");
delete [] filename;
return false;
}

int len = strlen(filename);
int index = downloads->FindStringIndex(filename);

if(index == INVALID_STRING_INDEX && (len > 5 && strncmp(filename, "maps/", 5) == 0))
{
for(int i = 0; i < len; i++)
{
if(filename[i] == '/')
filename[i] = '\\';
}

index = downloads->FindStringIndex(filename);
}

if(index != INVALID_STRING_INDEX || (len == 22 && strncmp(filename, "downloads/", 10) == 0 && strncmp(filename + len - 4, ".dat", 4) == 0))
{
delete [] filename;
return true;
}

delete [] filename;
return false;
}

`filename` is uninitialized the whole way though. I'm not sure how this extension ever worked for anyone.

bool IsValidFile(const char * file)
{
char * filename = new char[strlen(file)+1];
if(filename == NULL)
return false;

INetworkStringTable *downloads = netstringtables->FindTable("downloadables");
if(downloads == NULL)
{
g_pSM->LogError(myself, "Missing downloadables string table");
delete [] filename;
return false;
}

int len = strlen(filename);
int index = downloads->FindStringIndex(filename);

if(index == INVALID_STRING_INDEX && (len > 5 && strncmp(filename, "maps/", 5) == 0))
{
for(int i = 0; i < len; i++)
{
if(filename[i] == '/')
filename[i] = '\\';
}

index = downloads->FindStringIndex(filename);
}

if(index != INVALID_STRING_INDEX || (len == 22 && strncmp(filename, "downloads/", 10) == 0 && strncmp(filename + len - 4, ".dat", 4) == 0))
{
delete [] filename;
return true;
}

delete [] filename;
return false;
}`filename` is uninitialized the whole way though. I'm not sure how this extension ever worked for anyone.

probably because it just blocked all the file uploads / downloads all together (except fastdl obviously). although that function is not mine, i copied it from azuisleet's code, i just assumed it worked but you are right the contents of "file" is never copied into filename

edit: yes it works because it only uses strncmp and doesnt try to read random memory, it simply fails on all conditions and just return false at the end

btw, from latest csgo update notes:

- Fixed a community server file transfer exploit.

ill make sure to check it out later on and i will deprecate the extension if they really fixed it

yeah, that's what I came here for - the CSGO update log suggests this has been fixed.

although that function is not mine, i copied it from azuisleet's code, i just assumed it worked but you are right the contents of "file" is never copied into filename

None of the 3 versions of AzuiSleet's ServerSecure nor my port in serversecure_files contains that bug.

None of the 3 versions of AzuiSleet's ServerSecure nor my port in serversecure_files contains that bug.


i dont remember touching that code but its irrelevant now really. valve has fixed the exploit on csgo finally. also those downloads are custom sprays and sprays are disabled in CS:GO anyway and the extension did work against uploads while it lasted