AlliedModders
Page 1 of 14 1 2311 Last »
Show 40 post(s) from this thread on one page

AlliedModders (https://forums.alliedmods.net/index.php)
-   Source Servers (SRCDS) (https://forums.alliedmods.net/forumdisplay.php?f=130)
-   -   CS:GO Server Crash Exploit (https://forums.alliedmods.net/showthread.php?t=284184)

xeropw 06-20-2016 23:18
CS:GO Server Crash Exploit
 
Hi there,
I run a small community with around 5 servers and they have recently been targeted by a rival group
that goes around crashing community servers. As far as I know they use AW's teleport shoot crash bug
for which no working plugin nor patch was released. For reference, look at: YouTube Video.

From the technical standpoint, the server receives extremely large viewangles by simply editing usercmd viewangles.
PHP Code:
//FYI this is c++ not pawn or sourcepawn
//Essentially this function modifies the player viewangles to send an impossibly high x and y viewangle
//What this translates into is the server unable to handle physics calculations
void teleport_function(CUserCmd pCmd)
{
    pCmd->viewangles.std::numeric_limits<float>::quiet_NaN();
    pCmd->viewangles.std::numeric_limits<float>::quiet_NaN();
So far the applications I've discovered of such devious hacks were that they shoot or jump while
spamming extremely high angles. This results in a server crash. SRCDS will continue to run, but the
server will be "stuck" and players will receive a timeout.

Solutions thus far:
Searched for similar crash reports and found plenty, none have a viable solution.
Reference: https://forums.alliedmods.net/showthread.php?t=276958

Attempt at a fix: https://forums.alliedmods.net/showthread.php?t=276936
Current status: does not prevent this

SMAC log:
Code:
20:13:32: [smac_eyetest.smx | 0.8.6.0] XXXX (ID: STEAM_1:1:XXYY | IP: TYUU) is suspected of cheating with their eye angles. Eye Angles: 205089 205089 205089
20:31:25: [smac_eyetest.smx | 0.8.6.0] XXXX (ID: STEAM_1:1:XXYY | IP: TTYU) is suspected of cheating with their eye angles. Eye Angles: -10058801942080820000000000000000000 -10058801942080820000000000000000000 -10058801942080820000000000000000000
As you can see, SMAC eyetest does detect the aforementioned change in angles, but before it can respond with a ban(next cmd executed) the server already hangs.

---

Does anyone have a viable solution?
Thanks.

----------------------------------

Possible fix to the problem:
1. Add remove out of map weapons plugin to patch Aimware's teleport exploit(partially)
2. Add cmdfix extension(source code also available should you desire to further modify it)
3. Remove bullets from all weapons(that means no sv_infinite_ammo et al gun plugins)
4. Block spam of ping and status queries by restricting them to admin+ users:
Code:
#include <sourcemod>
#pragma semicolon 1

/*
* This plugin will NOT stop your servers from getting crashed, however, it will prevent the
* status/ping cmd spam that causes extreme server instability that /may/ lead to or help spawn a crash.
* 
* To edit the flag checked, scroll down to [Action:block] and replace ADMFLAG_GENERIC with your preferatus.
*
* CHANGELOG:
* 1.1:
* - Will ignore worldplayer(console) command blocking
* - Will ignore fakeplayer(bot) command blocking
*
* 1.0:
* - Initial Release
*/

public Plugin myinfo =
{
    name = "[DS] Status/Ping Restrictor",
    author = "xero, Maxximou5",
    description = "Restricts status/ping access to generic admins. Idea to block these commands by community member named v0id.",
    version = "1.1",
    url = "http://xero.pw"
};

public OnPluginStart()
{
    RegConsoleCmd("status", block);
    RegConsoleCmd("ping", block);
}

public Action block(client, args)
{
    if(!(0 < client <= MaxClients) || !(GetUserFlagBits(client) & ADMFLAG_GENERIC)) return Plugin_Stop;
    
    PrintToConsole(client, "[DS] Admin+ detected, granting access to the requested command."); //optional just for minor debug to know that something preprocesses the blocked commands
    return Plugin_Continue;
}

Afterword: This is not a permanent fix, and I understand that any server that runs a gun gamemode such as casual, deathmatch, 1v1, zombie, et al, will not have the capacity to remove bullets. However, this combination has worked for my servers thus far and it is the only viable alternative until Valve patches this(although severe client monitoring is required to functionally rid the game of crashers.) In short, pressure Valve to turn its lazy eye towards community servers once more here.

Neuro Toxin 06-20-2016 23:22
Re: CS:GO Server Crash Exploit
 
I'm posting this to the mailing list for you :)

xeropw 06-20-2016 23:23
Re: CS:GO Server Crash Exploit
 
Quote:
Originally Posted by Neuro Toxin (Post 2429242)
I'm posting this to the mailing list for you :)
Oh what's up Neuro, good to see you're a part of this community as well!
Thanks mate.

Neuro Toxin 06-20-2016 23:28
Re: CS:GO Server Crash Exploit
 
I get around lol.

http://csgo-servers.1073505.n5.nabbl...s-td11824.html

xeropw 06-20-2016 23:47
Re: CS:GO Server Crash Exploit
 
Found an extension that claims to block the invalid angles, albeit no bin, which means you must compile it yourself.
https://forums.alliedmods.net/showpo...7&postcount=24

Darkness_ 06-21-2016 01:55
Re: CS:GO Server Crash Exploit
 
Quote:
Originally Posted by xeropw (Post 2429247)
Found an extension that claims to block the invalid angles, albeit no bin, which means you must compile it yourself.
https://forums.alliedmods.net/showpo...7&postcount=24
Do note that that extension crashes on Linux.

Neuro Toxin 06-21-2016 02:24
Re: CS:GO Server Crash Exploit
 
Hopefully valve patches the exploit.

It's been around for over year.

asherkin 06-21-2016 04:50
Re: CS:GO Server Crash Exploit
 
Quote:
Originally Posted by Neuro Toxin (Post 2429262)
Hopefully valve patches the exploit.

It's been around for over year.
The one last year was patched (clearly badly), the one going around atm is a very similar issue hitting a slightly different code path.

Neuro Toxin 06-21-2016 05:02
Re: CS:GO Server Crash Exploit
 
As far as i thought the exploit going back was an aimware related crash with viewing angles (not the setinfo exploit).

I figured this was refinded code from such.

I really dont know but I have my sources stating it the previous exploit was know as the teleport exploit.

shavit 06-21-2016 05:13
Re: CS:GO Server Crash Exploit
 
untested plugin that *should* work

Code:
#include <sourcemod>
#include <sdktools>

// #define STOP // remove comment to block the usercmd instead of 'fixing' it

public Plugin myinfo =
{
        name = "fuck server crashers",
        author = "shavit",
        description = "should prevent viewangles crashes",
        version = "1.0",
        url = "http://github.com/shavitush"
}

public Action OnPlayerRunCmd(int client, int &buttons, int &impulse, float vel[3], float angles[3])
{
        if(IsBadAngle(angles[0]) || IsBadAngle(angles[1]) || IsBadAngle(angles[2]))
        {
                #if defined STOP
                return Plugin_Stop;
                #else
                angles[0] = NormalizeAngle(angles[0]);
                angles[1] = NormalizeAngle(angles[1]);
                angles[2] = NormalizeAngle(angles[2]);

                return Plugin_Changed;
                #endif
        }

        return Plugin_Continue;
}

public bool IsBadAngle(float angle)
{
    return angle > 180.0 || angle < -180.0;
}

public float NormalizeAngle(float angle)
{
        float temp = angle;

        while(temp <= -180.0)
        {
                temp += 360.0;
        }

        while(temp > 180.0)
        {
                temp -= 360.0;
        }

        return temp;
}


All times are GMT -4. The time now is 05:23.
Page 1 of 14 1 2311 Last »
Show 40 post(s) from this thread on one page

Powered by vBulletin®
Copyright ©2000 - 2024, vBulletin Solutions, Inc.