Raised This Month: $12 Target: $400
 3% 

Hi, protections by passed


Post New Thread Reply   
 
Thread Tools Display Modes
Author Message
Niko Bellic
New Member
Join Date: Jan 2010
Old 01-03-2010 , 19:33   Hi, protections by passed
Reply With Quote #1

Hi,

My server's protections got by passed by something I already had to deal with, but never found how to stop it.

Here is my server protections :

Write access managements
Firewall on TCP 27015
Anti-upload metamod plugin
Kigen A.C 1.1.9
Rcon Locker
DaF

All those protections got by passed by this exploit.
Console was flooded with :

CModelLoader::Map_IsValid: 'de_dust2' is not a valid BSP file
CModelLoader::Map_IsValid: 'de_dust2' is not a valid BSP file

(Happenned on 2 of my other servers in the same hour) Those error message are from a only D2 server running fine.

All clients trying to connect was dropped by server. Simple fix was this command : changelevel de_dust2 and everything was working again. Server did not crash, and seems like that lags wasn't so big for user playing on the servers, but as soon as they retry, they get dropped too.

The only things I can imagine to create this error and drop clients :

1) Flood with a connexion flood script, even trough ip ban (attackers connected 4 times in 20 minutes, because their ID was banned, and getting re-ip-banned every 5 minutes, that makes me think that they flooded connections while 20 minutes (and the goal of this script is to drop clients too))

2) Find a way to exec the changelevel command, server was flooded even with no one connected on it. I tested it with a cfg file on my server, and it dropped me the same way.

3) Find a way to edit the next map name, adding charmap or some invisible characters so it's not reconized, and flood it.

4) Use hacked CS:S DLL.


They did not use the easy way to by pass kigen anti-cheat & rcon locker lags protections (every version of KAC), because it wouldn't flood changelevel. Any idea on how they managed to do it ?
Niko Bellic is offline
Kigen
BANNED
Join Date: Feb 2008
Old 01-03-2010 , 19:53   Re: Hi, protections by passed
Reply With Quote #2

Get D-FENS.

http://forums.alliedmods.net/showthread.php?t=109453
Kigen is offline
Niko Bellic
New Member
Join Date: Jan 2010
Old 01-03-2010 , 19:57   Re: Hi, protections by passed
Reply With Quote #3

Quote:
Originally Posted by Niko Bellic View Post
Anti-upload metamod plugin

Sorry I didn't remember the name when I was writing the post so I worte it like that, but it's already installed + read only files & directories (only logs can be writed)

And in DFENS logs no one tryed to upload illegal files, and even if it was the case they couldn't hit any maps or cfg files.
Niko Bellic is offline
egor1908
Veteran Member
Join Date: Sep 2009
Old 01-04-2010 , 06:26   Re: Hi, protections by passed
Reply With Quote #4

This exploit was discussed somewhere, and there were few fixes suggested .. Google?

Please post following:

plugin_print
meta list
sm plugins list

Also, do you have eventscripts or Mani or anything else?

Last edited by egor1908; 01-04-2010 at 06:31.
egor1908 is offline
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -4. The time now is 15:49.


Powered by vBulletin®
Copyright ©2000 - 2024, vBulletin Solutions, Inc.
Theme made by Freecode