AlliedModders

AlliedModders (https://forums.alliedmods.net/index.php)
-   General (https://forums.alliedmods.net/forumdisplay.php?f=58)
-   -   Sourcemod exploit ? (https://forums.alliedmods.net/showthread.php?t=126487)

Fightspit 05-09-2010 20:09

Sourcemod exploit ?
 
Hello, I just discovered in a forum named Facepunch that a guy is VAC banned by a Valve employee by using "speedhack" with just only sourcemod.
More info here:
http://www.facepunch.com/showthread.php?t=935780

Quote:

Originally Posted by Jag
I was using the speedhacking exploit with sourcemod on a random TF2 server. This guy http://steamcommunity.com/id/professorfarnsworth/ was there, and someone said "Al, don't you work for valve? can't you ban this guy?" and he said "yeah, hold on" and I figured they were just trying to scare me into leaving, and he went in spectate. Then about 5 mins later he came back and said "There, I got him banned, just wait a few mins" and I said "Vac bans take weeks." and someone else said "I thought they take months?" and then I suddenly was kicked from the server with the VAC popup thing saying that this is a secure server and i've been previously banned for acheating infraction.


Quote:

Originally Posted by Jag
I was using no external programs to modify my gameplay. I started a listen server using sourcemod and metamod, and used sm_cvar sv_cheats 1 to make my game think that cheats was on, then sm_cvar host_timescale # to change my speed.

AKA, Console commands ONLY (with a plugin)


bl4nk 05-09-2010 20:10

Re: Sourcemod exploit ?
 
Either KAC or rcon_locker (or both?) prevents this.

Fightspit 05-09-2010 20:12

Re: Sourcemod exploit ?
 
Thanks for a quick reply :)
Yeah, i already heard about these two plugins but is there a way to definitively fix it ?

Afronanny 05-09-2010 20:41

Re: Sourcemod exploit ?
 
Quote:

Originally Posted by Fightspit (Post 1176045)
Thanks for a quick reply :)
Yeah, i already heard about these two plugins but is there a way to definitively fix it ?

No.

Also bl4nk, if someone knows what they are doing, it can still be done rather easily, even with KAC and rcon locker.

BAILOPAN 05-09-2010 22:33

Re: Sourcemod exploit ?
 
This isn't a "SourceMod exploit" - it's someone abusing an architectural flaw in Valve's plugin system.

Unfortunately there's no definitive way to prevent it. Valve doesn't seem interested in fixing it.

recon0 05-09-2010 22:44

Re: Sourcemod exploit ?
 
It'd be so hard for Valve prevent plugins from loading on the client...

bl4nk 05-09-2010 23:04

Re: Sourcemod exploit ?
 
Quote:

Originally Posted by Afronanny (Post 1176066)
Also bl4nk, if someone knows what they are doing, it can still be done rather easily, even with KAC and rcon locker.

This is true, but most people that use this exploit don't know how to get around that.

BAILOPAN 05-09-2010 23:24

Re: Sourcemod exploit ?
 
recon0: It's easy. If there's an issue, it has to be non-technical.

voogru 05-10-2010 01:05

Re: Sourcemod exploit ?
 
I think adding a IsDedicatedServer check would help.

pandamonium 05-10-2010 02:41

Re: Sourcemod exploit ?
 
actually there is a way, sine l4d2 runs off the kinda the same engine css does. lol its time for you guy come together with the eventscript team. i recently had to added this to our css pub. so i did researched on google and came across a hacking forums talking about hack and crashing other ppls server and what the server owners have on the server for it to actually work. and right the link below is the only one that stops them for doing it with rcon locker installed also. they have a esdead beta when l4d2 got released but there hasn't been any update to it so i'm going to give it a try and see if it will work.

http://addons.eventscripts.com/addons/view/servsecurity


yea no go eventscripts wouldn't load on the server. :( dam!!!!!!!!!


All times are GMT -4. The time now is 07:10.

Powered by vBulletin®
Copyright ©2000 - 2024, vBulletin Solutions, Inc.