Raised This Month: $ Target: $400
 0% 

Fix for rcon crash exploit?


Post New Thread Reply   
 
Thread Tools Display Modes
Dominator
Senior Member
Join Date: Mar 2008
Old 07-03-2009 , 13:22   Re: Fix for rcon crash exploit?
Reply With Quote #21

Quote:
Originally Posted by retsam View Post
Its virtually impossible to crash your server with it unless they sat on your server doing it "a while"
Sweet thanks a lot, though they can also do this with using HLSW with a written script. Just a heads up. Now they will find another way to crash the server.

If they still manage to crash the server, maybe the plugin can go even higher with the attempts.
__________________
Dominator is offline
devicenull
Veteran Member
Join Date: Mar 2004
Location: CT
Old 07-03-2009 , 13:50   Re: Fix for rcon crash exploit?
Reply With Quote #22

Quote:
Originally Posted by retsam View Post
No youre right. It doesnt do jack. Someone nice just did a plugin that ups the default cvar values that, in a way, prevents the exploit though.

If anyone needs it, use this. It puts the limits to 99999999999. (and no you cant do that in the server.cfg, by default the max value is like 10-15ish) Its virtually impossible to crash your server with it unless they sat on your server doing it "a while".

http://forums.alliedmods.net/showpos...1&postcount=20

The only ways to prevent the exploit is to use that plugin, or on the box firewall block the tcp ports for rcon.
Just a note, that leaves your server vulnerable to brute force rcon attacks if you aren't using a secure password. I added similar functionality to my exploit fix plugin, which solves a few other exploits too.
__________________
Various bits of semi-useful code in a bunch of languages: http://code.devicenull.org/
devicenull is offline
devicenull
Veteran Member
Join Date: Mar 2004
Location: CT
Old 07-03-2009 , 13:51   Re: Fix for rcon crash exploit?
Reply With Quote #23

Quote:
Originally Posted by Dominator View Post
Sweet thanks a lot, though they can also do this with using HLSW with a written script. Just a heads up. Now they will find another way to crash the server.

If they still manage to crash the server, maybe the plugin can go even higher with the attempts.
The script and HLSW work in the exact same way.. still raising these values to an absurd value may help.
__________________
Various bits of semi-useful code in a bunch of languages: http://code.devicenull.org/
devicenull is offline
retsam
Veteran Member
Join Date: Aug 2008
Location: so-cal
Old 07-03-2009 , 16:50   Re: Fix for rcon crash exploit?
Reply With Quote #24

Yeah I know. But its either raising the values huge and leaving it open to brute force, or leaving the server open to being able to be crashed easier... : /

I think someone would really have to hate your server to sit on it even with a script 99999999999 times heh.

Id rather protect it from being crashed easier.
retsam is offline
nbtc971
Senior Member
Join Date: Sep 2008
Old 08-18-2009 , 16:02   Re: Fix for rcon crash exploit?
Reply With Quote #25

What can we do to get Valve to support the community and fix this exploit? I've just had 2 very popular servers tormented all morning by some nut job. I've applied this 'fix' but lets face it, it's not perfect.

Should we all hit up Valve support to take care of this or will it not matter you think?
nbtc971 is offline
Buzzaard
Member
Join Date: Apr 2005
Location: Florida
Old 08-18-2009 , 16:34   Re: Fix for rcon crash exploit?
Reply With Quote #26

I am not real sure how HLSW works but could it be that someone is monitoring your server using HLSW and accidently entered a password so it keeps trying to use it?
Maybe you can used the IP address of the exploiter and see if its one of your players. I monitor your server using HLSW but I didnt input any passwords and My IP address starts with 68.x.x.x
Buzzaard is offline
shustas
SourceMod Donor
Join Date: May 2007
Location: London
Old 08-18-2009 , 16:49   Re: Fix for rcon crash exploit?
Reply With Quote #27

For wich game this exploit? I tried spamming 999999 times on CS:S nothing happens just get banned
__________________
shustas is offline
retsam
Veteran Member
Join Date: Aug 2008
Location: so-cal
Old 08-18-2009 , 16:51   Re: Fix for rcon crash exploit?
Reply With Quote #28

It affects all srcds games....and no there is no way to completely fix it other than blocking your rcon port, or using that limit plugin(which still doesnt "FIX" anything really.)

And no valve wont do anything. This is an old issue and they have had that exploit for a long time. They have not fixed it yet and I doubt they ever will.

You are welcome to waste your time in valve community or support though.

Last edited by retsam; 08-18-2009 at 16:53.
retsam is offline
shustas
SourceMod Donor
Join Date: May 2007
Location: London
Old 08-18-2009 , 16:53   Re: Fix for rcon crash exploit?
Reply With Quote #29

Man, its not working on CS:S, tried many stuff and many crash scripts, nothing, simple ban and bye bye
__________________
shustas is offline
retsam
Veteran Member
Join Date: Aug 2008
Location: so-cal
Old 08-18-2009 , 16:55   Re: Fix for rcon crash exploit?
Reply With Quote #30

Youre doing it wrong....
retsam is offline
Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -4. The time now is 03:51.


Powered by vBulletin®
Copyright ©2000 - 2024, vBulletin Solutions, Inc.
Theme made by Freecode