Raised This Month: $12 Target: $400
 3% 

D-FENS - Patch for upload/download server file exploit. (Updated 05-10-2010)


Post New Thread Reply   
 
Thread Tools Display Modes
Solor
Member
Join Date: Jan 2009
Old 11-18-2009 , 19:45   Re: D-FENS - Emergency patch against downloading server files.
Reply With Quote #21

Thanks for the clarification on the .dat files. I assumed that's what it was, but wanted to double check.

On a side note.. Seem's odd that it's giving issues for people using any versions of MM:Source below v1.8

I'm using v1.7.1 and works fine o.0 (didn't notice this till now)

19:43:29 Listing 5 plugins:
[01] SourceMod (1.2.4) by AlliedModders LLC
[02] TF2 Tools (1.2.4) by AlliedModders LLC
[03] BinTools (1.2.4) by AlliedModders LLC
[04] SDK Tools (1.2.4) by AlliedModders LLC
[05] D-FENS (1.0.0.0) by Spencer 'voogru' MacDonald

19:436 meta version
19:436 Metamod:Source version 1.7.1
Build ID: 644:f526469efdeb
Loaded As: Valve Server Plugin
Compiled on: Feb 25 2009
Plugin interface version: 14:14
SourceHook version: 5:5
http://www.metamodsource.net/
Solor is offline
DontWannaName
Veteran Member
Join Date: Jun 2007
Location: VALVe Land, WA
Old 11-18-2009 , 19:58   Re: D-FENS - Emergency patch against downloading server files.
Reply With Quote #22

I would try 1.7.1 as the sourcehook version is newer since in 1.8 I think they backported it?
__________________

DontWannaName is offline
Fearts
ferts of daeth
Join Date: Oct 2008
Old 11-18-2009 , 23:55   Re: D-FENS - Emergency patch against downloading server files.
Reply With Quote #23

Doesn't work for me with any version I keep getting the same error.
__________________
Fearts is offline
urus
Senior Member
Join Date: Jan 2007
Old 11-19-2009 , 00:37   Re: D-FENS - Emergency patch against downloading server files.
Reply With Quote #24

Quote:
This plug-in patches a security vulnerability that's recently been used against a fleet of servers. It appears someone is downloading server cfg files in an effort to obtain the rcon_password
Does the sv_uploads 0 solve a problem?
__________________
urus is offline
DontWannaName
Veteran Member
Join Date: Jun 2007
Location: VALVe Land, WA
Old 11-19-2009 , 01:35   Re: D-FENS - Emergency patch against downloading server files.
Reply With Quote #25

sv_allowdownload you mean.
__________________

DontWannaName is offline
NoS
Senior Member
Join Date: Nov 2006
Old 11-19-2009 , 02:14   Re: D-FENS - Emergency patch against downloading server files.
Reply With Quote #26

Quote:
Originally Posted by DontWannaName View Post
sv_allowdownload you mean.
Yeah and that will disable downloading any sounds or maps you may have on the server.

I hope a CS:S windows binary will be out soon.
NoS is offline
Wolfman
Member
Join Date: Apr 2009
Location: Australia
Old 11-19-2009 , 02:59   Re: D-FENS - Emergency patch against downloading server files.
Reply With Quote #27

yer is there any plans on a CSS windows version of this coz it has a big problem with that atm coz ive gotten hack though the CSS engine by a hacker
Wolfman is offline
eee
Member
Join Date: Aug 2009
Old 11-20-2009 , 14:19   Re: D-FENS - Emergency patch against downloading server files.
Reply With Quote #28

So am I the only one wondering what this "malicious crash" is and how it works? I mean, if you've just released something to give every abusive admin a way to permanently tank their game until they reinstall it, it's like goldsource all over again isn't it?
__________________
eee is offline
voogru
Inspector Javert
Join Date: Oct 2004
Old 11-21-2009 , 17:31   Re: D-FENS - Emergency patch against downloading server files.
Reply With Quote #29

Quote:
Originally Posted by eee View Post
So am I the only one wondering what this "malicious crash" is and how it works? I mean, if you've just released something to give every abusive admin a way to permanently tank their game until they reinstall it, it's like goldsource all over again isn't it?
Admins can't exactly force a player to run an exploit on their server to crash them.
voogru is offline
devicenull
Veteran Member
Join Date: Mar 2004
Location: CT
Old 11-22-2009 , 21:37   Re: D-FENS - Emergency patch against downloading server files.
Reply With Quote #30

Quote:
Originally Posted by eee View Post
So am I the only one wondering what this "malicious crash" is and how it works? I mean, if you've just released something to give every abusive admin a way to permanently tank their game until they reinstall it, it's like goldsource all over again isn't it?
It will not cause any permanent harm.
__________________
Various bits of semi-useful code in a bunch of languages: http://code.devicenull.org/
devicenull is offline
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -4. The time now is 08:12.


Powered by vBulletin®
Copyright ©2000 - 2024, vBulletin Solutions, Inc.
Theme made by Freecode