[Silvers]

About:

• This will delete invalid sprays preventing clients from crashing, except the person attempting to crash others.
• You can disable sprays completely by setting the cvar sv_allowupload "0".
• Can specify sm_sprays_allowed in sourcemod/configs/admin_overrides.cfg to make sprays only usable to users with certain flags.

• Small chance there may still be false positives, if there are please PM me the spray file.

• This plugin assumes only sprays will appear in the games /download/ folder tree and be triggered.

• In TF2 many random files are sent by clients, they will be deleted except valid sprays and wave files.
• Because of this the plugin is prevented from banning clients in TF2.
• Might eventually update to only ban when invalid sprays are detected and ignore other random files.

Thanks:

• Dunder - Bringing the exploit to my attention.
• Madness (null138) - Adding another exploit fix.
• domino_ - For various help.
• Lux - For various help.
• maximsmol - Helped finding binaries.
• nosoop - Helped finding binaries.
• xZk - Helped testing.
• Cuba - Helped testing.
• SlidyBat - Helped testing.

ConVars:

Saved to spray_exploit_fixer.cfg in your servers \cfg\sourcemod\ folder.

PHP Code:

// 0=Off. 1=Ban users who trigger invalid sprays (may still be some false positives).
spray_exploit_fixer_ban "0"

// 0=Off. 1=Kick users who trigger invalid sprays (may still be some false positives).
spray_exploit_fixer_kick "0"

// Logging saved to sourcemod/logs/spray_downloads.log: 0=Off. 1=Log all user uploads. 2=Log invalid sprays only.
spray_exploit_fixer_log "1"

// Print to server console: 0=Off. 1=Missing sprays and invalid sprays. 2=Only invalid sprays.
spray_exploit_fixer_msg "1"

// Path to the downloads folder of sprays. Add /cc/ if sprays are stored in individual 2 character folders. Must contain trailing / slash.
spray_exploit_fixer_path "download/user_custom/cc/" or "downloads/" in Source 2006/2007 and L4D1/L4D2.

// Spray Exploit Fixer plugin version.
spray_exploit_fixer 


Admin Command:

PHP Code:

// Tests all sprays in the games downloads folder, listing bad ones.
sm_spray_test 


Changes:

Code:

2.22 (28-Jan-2024)
    - Fixed memory leak caused by clearing StringMap/ArrayList data instead of deleting.

2.21 (19-Feb-2023)
    - Now prevents even more log spamming duplicate entries. Thanks to ".Rushaway" for reporting.

2.20 (20-Jan-2023)
    - Now logs if a Steam ID is unverified.
    - Now prevents log spamming duplicate entries.
    - Fixed checking bots for sprays.
    - Thanks to ".Rushaway" for reporting and help testing.

2.19 (07-Jan-2023)
    - Fixed processing getting stuck. Thanks to "SuperConker" for reporting and help testing.
    - Fixed invalid handle errors. Thanks to "nikooo777" for reporting.

2.18 (24-Dec-2022)
    - Changed moving sprays to use an asynchronous method to prevent a script execution timed out error. Thanks to ".Rushaway" for reporting.

2.17 (08-Oct-2022)
    - Fixed command "sm_spray_test" getting stuck processing under certain conditions.
    - Re-wrote the recursive directory function to avoid several bugs under several conditions.
    - Now only moves sprays (.dat or .dat.ztmp) and not other files to the "backup_sprays" folder.
    - Now deletes empty directories on plugin start after moving sprays to the "backup_sprays" folder.

2.16 (30-Sep-2022)
    - Fixed not moving all sprays on disconnect.
    - Fixed client not in game errors when renaming sprays.
    - Now moves "dat.ztmp" spray files to backup folder.

2.15 (22-Sep-2022)
    - Fixed not deleting the old backup if the names match.

2.14 (22-Sep-2022)
    - Added cvar "spray_exploit_fixer_msg" to control if messages should print to the server console. Requested by ".Rushaway".
    - Plugin now moves all sprays to the "download/backup_sprays" folder on plugin start and client disconnect.
    - Removed saving checked and blocked sprays to file. All sprays will be checked.

2.13 (22-May-2022)
    - More detailed "LogAction" when kicking or banning clients.

2.12 (22-May-2022)
    - Added some more "LogAction" when kicking or banning clients.

2.11 (22-May-2022)
    - Added cvar "spray_exploit_fixer_kick" to kick clients. Ban cvar overrides this. Requested by ".Rushaway".
    - Changes to fix not kicking or banning clients under some conditions.

2.10 (23-Apr-2022)
    - Fixed the plugin blocking sprays on some servers. Thanks to "SuperConker" for reporting and lots of testing.

2.9 (10-Apr-2022)
    - Fixed showing the wrong invalid files count. Thanks to "sappho" for reporting.

2.8 (20-Mar-2022)
    - Added another check and prevention against crash exploits. Thanks to "Sreaper" and "ficool2" for lots of help.
    - Fixed some false positives due to recent updates.

2.7 (08-Mar-2022)
    - Added support for banning using the "Material Admin" plugin. Thanks to "lechuga" for adding.

2.6 (01-Mar-2022)
    - Another crash exploit fixed. Thanks to Kenzzer for reporting.

2.5 (15-Jan-2022)
    - Fixed randomly using recursive folder and extension names in spray filenames causing validation failure. Thanks to "A1m" for reporting.

2.4 (02-Dec-2021)
    - Added support for banning using the "SourceBans" plugin. Thanks to "lechuga" for adding.

2.3 (12-Nov-2021)
    - Added a check for missing downloads folder and filename. Thanks to "nebsun" for reporting.
    - Changes to fix warnings when compiling on SourceMod 1.11.

2.2 (30-Jun-2021)
    - Fixed another Spray exploit. Thanks to "Madness (null138)" for fixing and reporting.

2.1 (31-Mar-2021)
    - Added a check for "sm_sprays_allowed" in the command admin_overrides.cfg to only allow specific flag groups to use sprays.

2.0 (09-Aug-2020)
    - Now should support all games.
    - Added more checks for invalid files.
    - Added cvar "spray_exploit_fixer_path" to specify the downloads folder if not correctly detected.
    - Removed gamedata and DHooks dependency.
    - Removed cvar "spray_exploit_fixer_name".

1.6 (15-Jul-2020)
    - Fixed issue with CSS game. Thanks to "NeonC" for reporting.
    - Added cvar "spray_exploit_fixer_name" to choose the method for retrieving the spray owner.

1.5 (14-May-2020)
    - Added better error log message when gamedata file is missing.
    - Fixed gamedata for HL2:DM. Thanks to "CliptonHeist" for reporting and "asherkin" for explaining engine != game.
    - (Info: the gamedata "engine" key for HL2:DM uses "hl2dm" (the engine name) while the "game" part uses "hl2mp" (game name) e.g. for offsets).

1.4 (10-May-2020)
    - Added support for "Zombie Panic! Source" game. Requires gamedata update.
    - Fixed "sm_spray_test" timing out when checking many sprays. Thanks to "Sreaper" for reporting and testing.
    - Now checks 50 files and waits 0.1 seconds before checking the next batch.
    - TF2 updated to fix clients crashing, but this plugin is still recommended to delete the other randomly uploaded user files.

1.3 (26-Apr-2020)
    - Changed cvar "spray_exploit_fixer_log" to log all files or only invalid sprays.
    - Logging now saves to "sourcemod/logs/spray_downloads.log" file.

1.2 (23-Apr-2020)
    - Added better checks to detect more bad sprays.
    - Added better checks for TF2 and other games to avoid false positives.
    - Prevented banning people in TF2 since many random invalid files are sent, not just sprays.

1.1 (21-Apr-2020)
    - Added better checks to prevent false positives.
    - Added ability to detect the users uploading sprays or other files.
    - Added cvar "spray_exploit_fixer_ban" to ban players with invalid sprays.
    - Added cvar "spray_exploit_fixer_log" to log players and files they uploaded.
    - Changed "sm_spray_test" to allow recursive searching the downloads directory.
    - Fixed plugin crashing TF2.
    - Updated GameData required.

1.0 (20-Apr-2020)
    - Initial release.

Updating from 2.13 or older:

• Cvars have changed: use the Cvar Configs Updater, or delete the old cvars config or manually add them.

Installation:

1. Click "Get Plugin" and put the .smx file into your servers \addons\sourcemod\plugins\ folder.