[CSGO] Server Lagger Exploit Security Patch [3/7/2020]]
 

There's yet another exploit going around the csgo community which allows players to cause the server to stutter. A client has been abusing it in one of the community servers I manage since they are unable to cheat due to a really strong server side anticheat. They resort to any exploit they can to attack the server.

:nono:

I'm unaware if this is a new feature inside a cheat or if it's completely private still. None the less here's the patch before it becomes a massive issue.

Information:
Your srcds console window will spam this message if it's currently being attacked.

IPADDRESS : PORT:reliable state invalid (0)..
https://i.imgur.com/Tdx8HNy.png

This exploit may affect all source engine games.

Installation:
Just put the attached LagExploitFix_3_7_2020.txt file inside your csgo\addons\gamedata\ folder and install the smx in the plugins folder. Load the plugin manually with sm_rcon sm plugins load ServerLagExploitFix_3_7_2020 or restart your server for it to auto load.

Clarification:
This is an in-game engine denial of service attack. A client connects to your game server instance with a hack and forces the server to lag by spamming stuff you can't with a vanilla game client. This plugin removes those commands operations which are intensive via replacing the assembly instructions with nothing. (The description is vague to prevent easy recreation of the exploit which would cause a big surge in attacks)

Warning:
This plugin is written differently then most. It's just raw assembly instruciton replacement. This means it can easily break and lead to crashing after server updates. If you are using this plugin and your server starts crashing, start your debugging efforts by removing this plugin.

Note to the "hackers" that keep attacking community servers I manage. I will keep figuring out the exploit you are abusing and create patchs which will be released publiclly. Please continue :wink:



Updated on 10/22/2022:
A CSGO update broke this plugin and lead to server crashes.
Vauff#2804 from the sourcemod discord has updated it (Not Fully Tested)


Updated on 02/03/2023:
It's untested, leave comments if it crashes or isn't solving the issue and I'll update it.

Download the `ServerLagExploitFix_3_7_2020 updated on 02_03_23.zip` attachment for the newest verison.

Re: [CSGO] Server Lagger Exploit Security Patch [3/7/2020]]
 

Think adding a ban into this would be worthwhile? That way they also get banned for trying and would mostly reduce the number of attempts?

Re: [CSGO] Server Lagger Exploit Security Patch [3/7/2020]]
 

I would but the only way I see of doing that is with a mid function hook to shellcode allocated. The shellcode probably will break really easily with csgo updates. So for now I just have it block the attack. If anyone has a decent way of handling it inside of a sourcemod plugin then I would be interested in learning.

Re: [CSGO] Server Lagger Exploit Security Patch [3/7/2020]]
 

tnx mate i was suffering from this kind of attacks, i will use it

Re: [CSGO] Server Lagger Exploit Security Patch [3/7/2020]]
 

My servers are still being crashed even with this installed.

Re: [CSGO] Server Lagger Exploit Security Patch [3/7/2020]]
 

you have this one installed as well?
https://forums.alliedmods.net/showthread.php?p=2656975

If so and your servers are being attacked, you can add me on steam and i'll figure out what they are doing to your server.

Re: [CSGO] Server Lagger Exploit Security Patch [3/7/2020]]
 

Thank you, will be good to prepare in case of this attack.

Re: [CSGO] Server Lagger Exploit Security Patch [3/7/2020]]
 

There's one which works in Official Valve MM, wonder if this is the same exploit tbh

Re: [CSGO] Server Lagger Exploit Security Patch [3/7/2020]]
 

Is this the same thing where people go into the server and everyone on the server goes to like 20 FPS and it lags

Re: [CSGO] Server Lagger Exploit Security Patch [3/7/2020]]
 

Thank you for the great release, keep up the good work :)

Re: [CSGO] Server Lagger Exploit Security Patch [3/7/2020]]
 

L 03/21/2020 - 10:37:12: [SM] Error 1 on line 0, col 0: Stream failed to open
L 03/21/2020 - 10:37:12: [SM] Exception reported: Unable to open LagExploitFix_3_7_2020: File could not be opened: No such file or directory
L 03/21/2020 - 10:37:12: [SM] Blaming: 17.03ServerLagExploitFix.smx
L 03/21/2020 - 10:37:12: [SM] Call stack trace:
L 03/21/2020 - 10:37:12: [SM] [0] LoadGameConfigFile
L 03/21/2020 - 10:37:12: [SM] [1] Line 14, C:\Users\Администратор\Desktop\addons sm10\sourcemod\scripting\17.03ServerLagExploi tFix.sp::OnPluginStart
L 03/21/2020 - 10:37:12: [SM] Unable to load plugin "17.03ServerLagExploitFix.smx": Error detected in plugin startup (see error logs)
L 03/21/2020 - 10:51:46: Error log file session closed.

compiled on last sm 1.10

EDIT:
forgot about gamedata, im dumb sorry xD

Re: [CSGO] Server Lagger Exploit Security Patch [3/7/2020]]
 

is this still needed?

Re: [CSGO] Server Lagger Exploit Security Patch [3/7/2020]]
 

Yes. I guess.
https://forums.alliedmods.net/showpo...6&postcount=27

Re: [CSGO] Server Lagger Exploit Security Patch [3/7/2020]]
 

Interesting I haven't seen my server drop to like 10 FPS for all the players since I put this in but now I have a random skip where the server I guess rubber bands once every like 5-10 mins I didn't notice it before I put this in but it is way less annoying that that 10 FPS that was happening to my servers

Re: [CSGO] Server Lagger Exploit Security Patch [3/7/2020]]
 

Is this plugin still necessary? or is this ddos ingame patched?

Re: [CSGO] Server Lagger Exploit Security Patch [3/7/2020]]
 

Yes, I would say it's necessary. Someone tried to exploit my server with this method. I IP banned the player who tried to dos my server.

Re: [CSGO] Server Lagger Exploit Security Patch [3/7/2020]]
 

new syntax (updated plugin)

Re: [CSGO] Server Lagger Exploit Security Patch [3/7/2020]]
 

Some of my users are reporting the stuttering is coming back and I do still have this in my setup. Should I update to the new syntax listed above?

Re: [CSGO] Server Lagger Exploit Security Patch [3/7/2020]]
 

you can try but it probably wouldn't help

Re: [CSGO] Server Lagger Exploit Security Patch [3/7/2020]]
 

You're right it didn't make a difference. I experienced it myself after pushing the new syntax update in the setup. Unfortunate. Is there a way I can go to try and figure out what is causing this. I don't have any error logs and my setup isn't crashing and the CPU is around only 45% load so I have no idea what it could be :/

Re: [CSGO] Server Lagger Exploit Security Patch [3/7/2020]]
 

if you are sure its an exploit maybe you can ask @backward to look at it for you

Re: [CSGO] Server Lagger Exploit Security Patch [3/7/2020]]
 

I am actually unsure if it is or isn't an exploit or not. I just know that there are times where all players in my servers drop down to like 10 FPS randomly and the only fix is to either record a demo and stop it or to retry the server.

On an off note I have discussed this with a few of my players now and they say that they also have this issue in Faceit too so I am thinking this could just be a CSGO bug? but idk since you would think you would be seeing way more reports of this happening and I can't really find much on this besides what could be an exploit. You would also think Valve would fix something like this ASAP since it is a nasty effect to have on the player base if it was caused by a CSGO engine bug or somewhere along those lines.

Re: [CSGO] Server Lagger Exploit Security Patch [3/7/2020]]
 

[SM] Exception reported: Unnamed Signature Incorrect (2).
Hey, i think sig need update

Re: [CSGO] Server Lagger Exploit Security Patch [3/7/2020]]
 

After today update
17 <Error> "[CSGO] Server Lag Exploit Fix [3/7/2020]" (1.10.0.6453) by backwards

Re: [CSGO] Server Lagger Exploit Security Patch [3/7/2020]]
 

Does this exploit still exist today?

Re: [CSGO] Server Lagger Exploit Security Patch [3/7/2020]]
 

There is a new exploit, the old fixes does not work anymore.

Re: [CSGO] Server Lagger Exploit Security Patch [3/7/2020]]
 

This plugin crashes the server after the last csgo update

Re: [CSGO] Server Lagger Exploit Security Patch [3/7/2020]]
 

vauff updated it, check the orginal post. Feel free to leave feedback if there's any problems.

Re: [CSGO] Server Lagger Exploit Security Patch [3/7/2020]]
 

After 02/02 update this plugin is throwing errors:

Re: [CSGO] Server Lagger Exploit Security Patch [3/7/2020]]
 

Updated in main post, let me know if there's any issues.

Re: [CSGO] Server Lagger Exploit Security Patch [3/7/2020]]
 

Throwing errors with new gamedata posted

Re: [CSGO] Server Lagger Exploit Security Patch [3/7/2020]]
 

Make sure you update both the smx and the gamedata.txt files. With the newest .smx, it shouldn't be possible to run into that reserved memory error

Re: [CSGO] Server Lagger Exploit Security Patch [3/7/2020]]
 

Just realized it was an older log. Its all good now