Raised This Month: $12 Target: $400
 3% 

[CSGO] Server Lagger Exploit Security Patch [5/28/2021]


Post New Thread Reply   
 
Thread Tools Display Modes
Author
backwards
AlliedModders Donor
Join Date: Feb 2014
Location: USA
Plugin ID:
7656
Plugin Version:
Plugin Category:
Server Management
Plugin Game:
Counter-Strike: GO
Plugin Dependencies:
    Servers with this Plugin:
     
    Plugin Description:
    [CSGO] prevents server lag due to modified game clients abusing exploits
    Old 05-28-2021 , 18:08   [CSGO] Server Lagger Exploit Security Patch [5/28/2021]
    Reply With Quote #1

    Another denial of service exploit has been released to the public.
    This one is being referred to as the "ping raiser" , "high ping" or "ping increaser" exploit.
    I'm unsure if it affects all source engine games or just csgo at the moment.

    Installation:
    Just put the attached `LagExploitFix_5_28_2021.txt` file inside your `csgo\addons\gamedata\` folder and install the `smx` in the `plugins` folder.
    Load the plugin manually with `sm_rcon sm plugins load ServerLagExploitFix_5_28_2021` or restart your server for it to auto load.


    Warning:

    This plugin is written differently then most. It's just raw assembly instruction replacement. This means it can easily break and lead to crashing after server updates.
    If you are using this plugin and your server starts crashing, start your debugging efforts by removing this plugin.

    NOTE:
    Three more server lagger exploits were released today along side this one. This is the most prevalent one though. I'll release more patches if they start to become an issue.

    NOTE 2:
    This plugin is mostly untested, let me know if you run into any issues while running it.


    Updated on 10/22/2022:
    A CSGO update broke this plugin and lead to server crashes.
    Vauff#2804 from the sourcemod discord has updated it (Not Fully Tested)

    Updated on 02/04/2023:
    A CSGO update broke this plugin on linux.
    Vauff#2804 from the sourcemod discord has updated it (Not Fully Tested)

    Download the `ExploitFix_5_28_2021_updated_on_02_04_23_by_ vauff.zip` attachment for the newest verison.

    Last edited by backwards; 02-04-2023 at 21:29.
    backwards is offline
    asdfxD
    Veteran Member
    Join Date: Apr 2011
    Old 05-29-2021 , 00:35   Re: [CSGO] Server Lagger Exploit Security Patch [5/28/2021]
    Reply With Quote #2

    thx.

    possible to log steamid of player who try to lag the server?
    asdfxD is offline
    freak.exe_uLow
    AlliedModders Donor
    Join Date: Jul 2012
    Location: Germany
    Old 05-29-2021 , 06:01   Re: [CSGO] Server Lagger Exploit Security Patch [5/28/2021]
    Reply With Quote #3

    thanks backwards
    freak.exe_uLow is offline
    yuv41
    Member
    Join Date: Jan 2020
    Old 05-29-2021 , 16:21   Re: [CSGO] Server Lagger Exploit Security Patch [5/28/2021]
    Reply With Quote #4

    Thanks backwards
    ----
    Apparently this exploit was effective only on Valve servers, and was patched.
    So no worries to communities.

    Last edited by yuv41; 05-29-2021 at 17:10.
    yuv41 is offline
    backwards
    AlliedModders Donor
    Join Date: Feb 2014
    Location: USA
    Old 05-29-2021 , 18:58   Re: [CSGO] Server Lagger Exploit Security Patch [5/28/2021]
    Reply With Quote #5

    Quote:
    Originally Posted by yuv41 View Post
    Thanks backwards
    ----
    Apparently this exploit was effective only on Valve servers, and was patched.
    So no worries to communities.
    This is misinformation as the exploit still works. I happen to of built a proof of concept which I actively tested while developing this patch. I can assure you it's not only affecting valve servers and still is unpatched. Multiple exploits were released yesterday, the one that only affected MM servers and was patched is not related to this patch fix.

    Quote:
    Originally Posted by asdfxD View Post
    thx.

    possible to log steamid of player who try to lag the server?
    It's possible to log the steamid for sure, it's just not easy to do it with only sourcemod and no extra extensions.

    Last edited by backwards; 05-29-2021 at 19:04.
    backwards is offline
    Fragkiller
    Member
    Join Date: Jun 2012
    Old 05-29-2021 , 19:20   Re: [CSGO] Server Lagger Exploit Security Patch [5/28/2021]
    Reply With Quote #6

    Is CS:S also affected? There was a video around from some days ago where someone was joining CS:S servers and crashed them.
    Fragkiller is offline
    freak.exe_uLow
    AlliedModders Donor
    Join Date: Jul 2012
    Location: Germany
    Old 05-29-2021 , 21:07   Re: [CSGO] Server Lagger Exploit Security Patch [5/28/2021]
    Reply With Quote #7

    Quote:
    Originally Posted by yuv41 View Post
    Thanks backwards
    ----
    Apparently this exploit was effective only on Valve servers, and was patched.
    So no worries to communities.
    think first, then write.....(check the video)
    https://forums.alliedmods.net/showthread.php?t=332705

    Last edited by freak.exe_uLow; 05-29-2021 at 21:07.
    freak.exe_uLow is offline
    backwards
    AlliedModders Donor
    Join Date: Feb 2014
    Location: USA
    Old 05-29-2021 , 21:20   Re: [CSGO] Server Lagger Exploit Security Patch [5/28/2021]
    Reply With Quote #8

    Quote:
    Originally Posted by Fragkiller View Post
    Is CS:S also affected? There was a video around from some days ago where someone was joining CS:S servers and crashed them.
    I believe it is affected but I haven't tested. This patch only works for csgo though. If it becomes an issue in other games just message me and i'll find time to write a fix.
    backwards is offline
    foxsay
    AlliedModders Donor
    Join Date: Sep 2013
    Old 05-30-2021 , 11:12   Re: [CSGO] Server Lagger Exploit Security Patch [5/28/2021]
    Reply With Quote #9

    What we would do without you you are our server guard
    __________________
    poggers
    foxsay is offline
    FroGeX
    Senior Member
    Join Date: Aug 2020
    Old 05-31-2021 , 07:01   Re: [CSGO] Server Lagger Exploit Security Patch [5/28/2021]
    Reply With Quote #10

    please not mix old and new syntax :_D
    FroGeX is offline
    Reply


    Thread Tools
    Display Modes

    Posting Rules
    You may not post new threads
    You may not post replies
    You may not post attachments
    You may not edit your posts

    BB code is On
    Smilies are On
    [IMG] code is On
    HTML code is Off

    Forum Jump


    All times are GMT -4. The time now is 09:48.


    Powered by vBulletin®
    Copyright ©2000 - 2024, vBulletin Solutions, Inc.
    Theme made by Freecode