About:- This will delete invalid sprays preventing clients from crashing, except the person attempting to crash others.
- You can disable sprays completely by setting the cvar sv_allowupload "0".
- Can specify sm_sprays_allowed in sourcemod/configs/admin_overrides.cfg to make sprays only usable to users with certain flags.
- Small chance there may still be false positives, if there are please PM me the spray file.
- This plugin assumes only sprays will appear in the games /download/ folder tree and be triggered.
- In TF2 many random files are sent by clients, they will be deleted except valid sprays and wave files.
- Because of this the plugin is prevented from banning clients in TF2.
- Might eventually update to only ban when invalid sprays are detected and ignore other random files.
Thanks:- Dunder - Bringing the exploit to my attention.
- Madness (null138) - Adding another exploit fix.
- domino_ - For various help.
- Lux - For various help.
- maximsmol - Helped finding binaries.
- nosoop - Helped finding binaries.
- xZk - Helped testing.
- Cuba - Helped testing.
- SlidyBat - Helped testing.
ConVars:
Saved to
spray_exploit_fixer.cfg in your servers
\cfg\sourcemod\ folder.
PHP Code:
// 0=Off. 1=Ban users who trigger invalid sprays (may still be some false positives).
spray_exploit_fixer_ban "0"
// 0=Off. 1=Kick users who trigger invalid sprays (may still be some false positives).
spray_exploit_fixer_kick "0"
// Logging saved to sourcemod/logs/spray_downloads.log: 0=Off. 1=Log all user uploads. 2=Log invalid sprays only.
spray_exploit_fixer_log "1"
// Print to server console: 0=Off. 1=Missing sprays and invalid sprays. 2=Only invalid sprays.
spray_exploit_fixer_msg "1"
// Path to the downloads folder of sprays. Add /cc/ if sprays are stored in individual 2 character folders. Must contain trailing / slash.
spray_exploit_fixer_path "download/user_custom/cc/" or "downloads/" in Source 2006/2007 and L4D1/L4D2.
// Spray Exploit Fixer plugin version.
spray_exploit_fixer
Admin Command:
PHP Code:
// Tests all sprays in the games downloads folder, listing bad ones.
sm_spray_test
Changes:
Code:
2.22 (28-Jan-2024)
- Fixed memory leak caused by clearing StringMap/ArrayList data instead of deleting.
2.21 (19-Feb-2023)
- Now prevents even more log spamming duplicate entries. Thanks to ".Rushaway" for reporting.
2.20 (20-Jan-2023)
- Now logs if a Steam ID is unverified.
- Now prevents log spamming duplicate entries.
- Fixed checking bots for sprays.
- Thanks to ".Rushaway" for reporting and help testing.
2.19 (07-Jan-2023)
- Fixed processing getting stuck. Thanks to "SuperConker" for reporting and help testing.
- Fixed invalid handle errors. Thanks to "nikooo777" for reporting.
2.18 (24-Dec-2022)
- Changed moving sprays to use an asynchronous method to prevent a script execution timed out error. Thanks to ".Rushaway" for reporting.
2.17 (08-Oct-2022)
- Fixed command "sm_spray_test" getting stuck processing under certain conditions.
- Re-wrote the recursive directory function to avoid several bugs under several conditions.
- Now only moves sprays (.dat or .dat.ztmp) and not other files to the "backup_sprays" folder.
- Now deletes empty directories on plugin start after moving sprays to the "backup_sprays" folder.
2.16 (30-Sep-2022)
- Fixed not moving all sprays on disconnect.
- Fixed client not in game errors when renaming sprays.
- Now moves "dat.ztmp" spray files to backup folder.
2.15 (22-Sep-2022)
- Fixed not deleting the old backup if the names match.
2.14 (22-Sep-2022)
- Added cvar "spray_exploit_fixer_msg" to control if messages should print to the server console. Requested by ".Rushaway".
- Plugin now moves all sprays to the "download/backup_sprays" folder on plugin start and client disconnect.
- Removed saving checked and blocked sprays to file. All sprays will be checked.
2.13 (22-May-2022)
- More detailed "LogAction" when kicking or banning clients.
2.12 (22-May-2022)
- Added some more "LogAction" when kicking or banning clients.
2.11 (22-May-2022)
- Added cvar "spray_exploit_fixer_kick" to kick clients. Ban cvar overrides this. Requested by ".Rushaway".
- Changes to fix not kicking or banning clients under some conditions.
2.10 (23-Apr-2022)
- Fixed the plugin blocking sprays on some servers. Thanks to "SuperConker" for reporting and lots of testing.
2.9 (10-Apr-2022)
- Fixed showing the wrong invalid files count. Thanks to "sappho" for reporting.
2.8 (20-Mar-2022)
- Added another check and prevention against crash exploits. Thanks to "Sreaper" and "ficool2" for lots of help.
- Fixed some false positives due to recent updates.
2.7 (08-Mar-2022)
- Added support for banning using the "Material Admin" plugin. Thanks to "lechuga" for adding.
2.6 (01-Mar-2022)
- Another crash exploit fixed. Thanks to Kenzzer for reporting.
2.5 (15-Jan-2022)
- Fixed randomly using recursive folder and extension names in spray filenames causing validation failure. Thanks to "A1m" for reporting.
2.4 (02-Dec-2021)
- Added support for banning using the "SourceBans" plugin. Thanks to "lechuga" for adding.
2.3 (12-Nov-2021)
- Added a check for missing downloads folder and filename. Thanks to "nebsun" for reporting.
- Changes to fix warnings when compiling on SourceMod 1.11.
2.2 (30-Jun-2021)
- Fixed another Spray exploit. Thanks to "Madness (null138)" for fixing and reporting.
2.1 (31-Mar-2021)
- Added a check for "sm_sprays_allowed" in the command admin_overrides.cfg to only allow specific flag groups to use sprays.
2.0 (09-Aug-2020)
- Now should support all games.
- Added more checks for invalid files.
- Added cvar "spray_exploit_fixer_path" to specify the downloads folder if not correctly detected.
- Removed gamedata and DHooks dependency.
- Removed cvar "spray_exploit_fixer_name".
1.6 (15-Jul-2020)
- Fixed issue with CSS game. Thanks to "NeonC" for reporting.
- Added cvar "spray_exploit_fixer_name" to choose the method for retrieving the spray owner.
1.5 (14-May-2020)
- Added better error log message when gamedata file is missing.
- Fixed gamedata for HL2:DM. Thanks to "CliptonHeist" for reporting and "asherkin" for explaining engine != game.
- (Info: the gamedata "engine" key for HL2:DM uses "hl2dm" (the engine name) while the "game" part uses "hl2mp" (game name) e.g. for offsets).
1.4 (10-May-2020)
- Added support for "Zombie Panic! Source" game. Requires gamedata update.
- Fixed "sm_spray_test" timing out when checking many sprays. Thanks to "Sreaper" for reporting and testing.
- Now checks 50 files and waits 0.1 seconds before checking the next batch.
- TF2 updated to fix clients crashing, but this plugin is still recommended to delete the other randomly uploaded user files.
1.3 (26-Apr-2020)
- Changed cvar "spray_exploit_fixer_log" to log all files or only invalid sprays.
- Logging now saves to "sourcemod/logs/spray_downloads.log" file.
1.2 (23-Apr-2020)
- Added better checks to detect more bad sprays.
- Added better checks for TF2 and other games to avoid false positives.
- Prevented banning people in TF2 since many random invalid files are sent, not just sprays.
1.1 (21-Apr-2020)
- Added better checks to prevent false positives.
- Added ability to detect the users uploading sprays or other files.
- Added cvar "spray_exploit_fixer_ban" to ban players with invalid sprays.
- Added cvar "spray_exploit_fixer_log" to log players and files they uploaded.
- Changed "sm_spray_test" to allow recursive searching the downloads directory.
- Fixed plugin crashing TF2.
- Updated GameData required.
1.0 (20-Apr-2020)
- Initial release.
Updating from 2.13 or older:- Cvars have changed: use the Cvar Configs Updater, or delete the old cvars config or manually add them.
Installation:- Click "Get Plugin" and put the .smx file into your servers \addons\sourcemod\plugins\ folder.