AlliedModders

AlliedModders (https://forums.alliedmods.net/index.php)
-   Scripting Help (https://forums.alliedmods.net/forumdisplay.php?f=11)
-   -   Solved what's the problem? (https://forums.alliedmods.net/showthread.php?t=328025)

loiraolhosazul 10-22-2020 09:40

what's the problem?
 
even adding the correct ip the plugin closes.
why?

PHP Code:

new const list_allow_ips[][] =
{
    
"192.168.0.125:27015",
    
"123.456.789.012:27015"
}

new 
server_ip[64], i
get_user_ip
(0server_ipcharsmax(server_ip), false)
    
set_cvar_string("net_address"server_ip)

for(
0sizeof(list_allow_ips); i++)
{
    if(!
equal(server_iplist_allow_ips[i]))
    {
        
set_fail_state("no man :)")
    }



r0ma 10-22-2020 10:47

Re: what's the problem?
 
Test:
PHP Code:

    new iFound false;
    
    for(
0sizeof(list_allow_ips); i++) {
        if(
equal(server_iplist_allow_ips[i])) {
            
iFound true;
            break;
        }
    }
    
    if(!
iFound)
        
set_fail_state("no man :)"); 


loiraolhosazul 10-22-2020 11:00

Re: what's the problem?
 
Quote:

Originally Posted by r0ma (Post 2722188)
Test:
PHP Code:

    new iFound false;
    
    for(
0sizeof(list_allow_ips); i++) {
        if(
equal(server_iplist_allow_ips[i])) {
            
iFound true;
            break;
        }
    }
    
    if(!
iFound)
        
set_fail_state("no man :)"); 


works, thx

HamletEagle 10-22-2020 11:07

Re: what's the problem?
 
Your protection is useless and can be broken in several ways. The only way to keep your plugin private is not to share it with anyone else.

One way to break it:
1. Hook set_fail_state with orpheu.
2. Block the native call and print "yes man :)" just for the laughs.
3. Profit???

Another thing, get_user_ip(0, ...) gets the ip from net_address so what you are doing there is set_cvar(net_address, get_cvar(net_address)). Very useful.

r0ma 10-22-2020 12:11

Re: what's the problem?
 
Quote:

Originally Posted by HamletEagle (Post 2722191)
Your protection is useless and can be broken in several ways. The only way to keep your plugin private is not to share it with anyone else.

One way to break it:
1. Hook set_fail_state with orpheu.
2. Block the native call and print "yes man :)" just for the laughs.
3. Profit???

Another thing, get_user_ip(0, ...) gets the ip from net_address so what you are doing there is set_cvar(net_address, get_cvar(net_address)). Very useful.

or just change net_address before the check xD
btw for someone with not idea of programming its sufficient

loiraolhosazul 10-22-2020 23:14

Re: what's the problem?
 
Quote:

Originally Posted by r0ma (Post 2722197)
or just change net_address before the check xD
btw for someone with not idea of programming its sufficient

exact

fysiks 10-23-2020 00:31

Re: what's the problem?
 
Quote:

Originally Posted by r0ma (Post 2722197)
or just change net_address before the check xD
btw for someone with not idea of programming its sufficient

Ever heard of the internet?

r0ma 10-23-2020 05:07

Re: what's the problem?
 
Quote:

Originally Posted by fysiks (Post 2722250)
Ever heard of the internet?

Not really, why ?:crab:

if someone only have the .amxx and try to avoid the ip check, need to have basic knowledge about amxx and amxx dump/uncompress. Its not just enter to internet and magic happens, or paid to someone able to do dat.

Its a very basic "security" ? Yes of course, but some times its just enough :3

HamletEagle 10-23-2020 06:51

Re: what's the problem?
 
Quote:

Originally Posted by r0ma (Post 2722268)
Not really, why ?:crab:

if someone only have the .amxx and try to avoid the ip check, need to have basic knowledge about amxx and amxx dump/uncompress. Its not just enter to internet and magic happens, or paid to someone able to do dat.

Its a very basic "security" ? Yes of course, but some times its just enough :3

Why would someone have the amxx and not the sma? The license forbids distributing plugins without source.

r0ma 10-23-2020 09:41

Re: what's the problem?
 
Quote:

Originally Posted by HamletEagle (Post 2722274)
Why would someone have the amxx and not the sma? The license forbids distributing plugins without source.

in my case sometime hostings not have enough security and someone stolen server files/plugins.
happened in all hosting in Argentina a few years ago (2011-2013 maybe), was a nice time for learning about security and how hosting are so bad administration. :grrr: :3


All times are GMT -4. The time now is 13:48.

Powered by vBulletin®
Copyright ©2000 - 2024, vBulletin Solutions, Inc.