TL;DR
This plug-in will prevent a malicious user from uploading or downloading sensitive files from your server.
-
This plug-in patches a security vulnerability that allows an attacker to download sensitive files, or upload files that change the behavior of your server.
The servers console by default actually will echo out when a player tries to upload or download a file, but this can't be seen 99% of the time.
If a client tries to upload or download an illegal file, 3 things will happen:
1. It will output to the log file "Player Name<userid><steamid><ip> requested/uploaded illegal file "filename"".
2. Their client will be maliciously crashed in an effort to slow them down. (they won't be kicked but will time out naturally)
3. The file operation will obviously, be denied.
Update: Source code made available, the client crash defense mechanic has been removed as well, file operations are just logged and bad operations get blocked.
Installation: Simply place the files in your addons directory, modify the VDF file depending on what engine you are using. Files with mm18 in the file name require MM 1.8, files with mm17 in the file name require MM 1.7.
Update by Viper: I attached D-Fens for EP1 (CSS) and Orange box engines to the post ;)
linux binaries