[Xutax_Kamay]

Quote:

Originally Posted by asdfxD kamay is a css/csgo hack coder known from royalhack. so i think it is realy an exploit that should be fixed lol

Royalhack have been erasing me from their current cheat forums, so nop, definitly not a coder from there. Probably wav or some guys trolling me but what ever.

[Lannister]

Everyone seems quiet now about this, did something happend?

[darthelmo1]

Quote:

Originally Posted by Lannister Everyone seems quiet now about this, did something happend?

The guy responsible posted directly above you in the thread, everyone probably got spooked.

Exploit is still live, he's come on my server on 3 IPs and multiple accounts now, I can only keep my flatfile disabled for so long. If anyone has updates or temporary fixes for this please inform.


Here he is:
http://steamcommunity.com/profiles/76561197965954837/
http://steamcommunity.com/profiles/76561198321695646/

[Fearts]

Add sv_allowupload 0 to the server.cfg.

[Fluxxx]

Quote:

Originally Posted by Fearts Add sv_allowupload 0 to the server.cfg.

Wont this affect FastDL?

[8guawong]

Quote:

Originally Posted by Fluxxx Wont this affect FastDL?

sv_allowupload
FastDL

so no

[DarkDeviL]

Quote:

Originally Posted by Fluxxx Wont this affect FastDL?

Neither sv_allowupload nor sv_allowdownload will effect your "FastDL" with sv_downloadurl.

sv_allowupload and sv_allowdownload solely controls the allowance of uploading (e.g. sprays) and downloading (sprays, maps, etc.) DIRECTLY to/from the game server, and is not at all related to sv_downloadurl.

So you can just keep them both @ 0..

[shavit]

if OnFileReceive does what i think it does, this should work

Code:

#include <sourcemod>
#include <sdktools>

char block[][] =
{
	"cfg",
	"addons",
	".dll",
	".so",
	".smx",
	".txt",
};

public Action OnFileReceive(int client, const char[] sFile)
{
	for(int i = 0; i < sizeof(block); i++)
	{
		if(StrContains(sFile, block[i], false) != -1)
		{
			return Plugin_Handled;
		}
	}

	return Plugin_Continue;
}

untested ^

[Xutax_Kamay]

Quote:

Originally Posted by darthelmo1 The guy responsible posted directly above you in the thread, everyone probably got spooked. Exploit is still live, he's come on my server on 3 IPs and multiple accounts now, I can only keep my flatfile disabled for so long. If anyone has updates or temporary fixes for this please inform. Here he is: http://steamcommunity.com/profiles/76561197965954837/ http://steamcommunity.com/profiles/76561198321695646/

Oh interesting, didn't know someone else would fake me (again).

Though it's surprising that valve keeps trying to fix this and can't fix it properly it seems.

[Visual77]

Quote:

Originally Posted by shavit if OnFileReceive does what i think it does, this should work Code: #include <sourcemod> #include <sdktools> char block[][] = { "cfg", "addons", ".dll", ".so", ".smx", ".txt", }; public Action OnFileReceive(int client, const char[] sFile) { for(int i = 0; i < sizeof(block); i++) { if(StrContains(sFile, block[i], false) != -1) { return Plugin_Handled; } } return Plugin_Continue; } untested ^

D-fens extension did something similar to this:

Code:

char g_szAllowedPaths[][] = 
{
	"downloads",
	"maps",
	"materials",
	"particles",
	"models",
	"sound"	
};

public Action OnFileReceive(int client, const char[] sFile)
{
	bool bAllowed = false;

	char getDir[10];

	if (SplitString(sFile, "/", getDir, sizeof(getDir)) == -1)
	{
		SplitString(sFile, "\\", getDir, sizeof(getDir));
	}

	for(int i = 0; i < sizeof(g_szAllowedPaths); i++)
	{
		if(StrEqual(getDir, g_szAllowedPaths[i], false))
		{
			bAllowed = true;
		}
	}

	if(!bAllowed)
	{
		if (client != 0){
			LogMessage("%N attempted to upload illegal file %s", client, sFile);
		}
		return Plugin_Handled;
	}

	return Plugin_Continue;
}

public Action OnFileSend(int client, const char[] sFile)
{
	bool bAllowed = false;

	char getDir[10];

	if (SplitString(sFile, "/", getDir, sizeof(getDir)) == -1)
	{
		SplitString(sFile, "\\", getDir, sizeof(getDir));
	}

	for(int i = 0; i < sizeof(g_szAllowedPaths); i++)
	{
		if(StrEqual(getDir, g_szAllowedPaths[i], false))
		{
			bAllowed = true;
		}
	}

	if(!bAllowed)
	{
		if (client != 0){
			LogMessage("%N attempted to download illegal file %s", client, sFile);
		}
		return Plugin_Handled;
	}
		
	return Plugin_Continue;
}