[CSGO] Server Lagger Exploit Security Patch [3/7/2020]]
 

There's yet another exploit going around the csgo community which allows players to cause the server to stutter. A client has been abusing it in one of the community servers I manage since they are unable to cheat due to a really strong server side anticheat. They resort to any exploit they can to attack the server.

:nono:

I'm unaware if this is a new feature inside a cheat or if it's completely private still. None the less here's the patch before it becomes a massive issue.

Information:
Your srcds console window will spam this message if it's currently being attacked.

IPADDRESS : PORT:reliable state invalid (0)..
https://i.imgur.com/Tdx8HNy.png

This exploit may affect all source engine games.

Installation:
Just put the attached LagExploitFix_3_7_2020.txt file inside your csgo\addons\gamedata\ folder and install the smx in the plugins folder. Load the plugin manually with sm_rcon sm plugins load ServerLagExploitFix_3_7_2020 or restart your server for it to auto load.

Clarification:
This is an in-game engine denial of service attack. A client connects to your game server instance with a hack and forces the server to lag by spamming stuff you can't with a vanilla game client. This plugin removes those commands operations which are intensive via replacing the assembly instructions with nothing. (The description is vague to prevent easy recreation of the exploit which would cause a big surge in attacks)

Warning:
This plugin is written differently then most. It's just raw assembly instruciton replacement. This means it can easily break and lead to crashing after server updates. If you are using this plugin and your server starts crashing, start your debugging efforts by removing this plugin.

Note to the "hackers" that keep attacking community servers I manage. I will keep figuring out the exploit you are abusing and create patchs which will be released publiclly. Please continue :wink:



Updated on 10/22/2022:
A CSGO update broke this plugin and lead to server crashes.
Vauff#2804 from the sourcemod discord has updated it (Not Fully Tested)


Updated on 02/03/2023:
It's untested, leave comments if it crashes or isn't solving the issue and I'll update it.

Download the `ServerLagExploitFix_3_7_2020 updated on 02_03_23.zip` attachment for the newest verison.

Re: [CSGO] Server Lagger Exploit Security Patch [3/7/2020]]
 

Think adding a ban into this would be worthwhile? That way they also get banned for trying and would mostly reduce the number of attempts?

Re: [CSGO] Server Lagger Exploit Security Patch [3/7/2020]]
 

I would but the only way I see of doing that is with a mid function hook to shellcode allocated. The shellcode probably will break really easily with csgo updates. So for now I just have it block the attack. If anyone has a decent way of handling it inside of a sourcemod plugin then I would be interested in learning.

Re: [CSGO] Server Lagger Exploit Security Patch [3/7/2020]]
 

tnx mate i was suffering from this kind of attacks, i will use it

Re: [CSGO] Server Lagger Exploit Security Patch [3/7/2020]]
 

My servers are still being crashed even with this installed.

Re: [CSGO] Server Lagger Exploit Security Patch [3/7/2020]]
 

you have this one installed as well?
https://forums.alliedmods.net/showthread.php?p=2656975

If so and your servers are being attacked, you can add me on steam and i'll figure out what they are doing to your server.

Re: [CSGO] Server Lagger Exploit Security Patch [3/7/2020]]
 

Thank you, will be good to prepare in case of this attack.

Re: [CSGO] Server Lagger Exploit Security Patch [3/7/2020]]
 

There's one which works in Official Valve MM, wonder if this is the same exploit tbh

Re: [CSGO] Server Lagger Exploit Security Patch [3/7/2020]]
 

Is this the same thing where people go into the server and everyone on the server goes to like 20 FPS and it lags

Re: [CSGO] Server Lagger Exploit Security Patch [3/7/2020]]
 

Thank you for the great release, keep up the good work :)