Raised This Month: $10 Target: $400
 2% 

D-FENS - Patch for upload/download server file exploit. (Updated 05-10-2010)


Post New Thread Reply   
 
Thread Tools Display Modes
Author Message
voogru
Inspector Javert
Join Date: Oct 2004
Old 11-17-2009 , 11:09   D-FENS - Patch for upload/download server file exploit. (Updated 05-10-2010)
Reply With Quote #1

TL;DR
This plug-in will prevent a malicious user from uploading or downloading sensitive files from your server.

-
This plug-in patches a security vulnerability that allows an attacker to download sensitive files, or upload files that change the behavior of your server.

The servers console by default actually will echo out when a player tries to upload or download a file, but this can't be seen 99% of the time.

If a client tries to upload or download an illegal file, 3 things will happen:

1. It will output to the log file "Player Name<userid><steamid><ip> requested/uploaded illegal file "filename"".
2. Their client will be maliciously crashed in an effort to slow them down. (they won't be kicked but will time out naturally)
3. The file operation will obviously, be denied.

Update: Source code made available, the client crash defense mechanic has been removed as well, file operations are just logged and bad operations get blocked.

Installation: Simply place the files in your addons directory, modify the VDF file depending on what engine you are using. Files with mm18 in the file name require MM 1.8, files with mm17 in the file name require MM 1.7.

Update by Viper: I attached D-Fens for EP1 (CSS) and Orange box engines to the post ;)

linux binaries
Attached Files
File Type: zip d-fens.zip (106.2 KB, 5773 views)
File Type: zip D-FENS mm1.8.zip (68.6 KB, 4964 views)

Last edited by voogru; 05-22-2010 at 08:00. Reason: Uploaded to the forums
voogru is offline
voogru
Inspector Javert
Join Date: Oct 2004
Old 11-17-2009 , 11:18   Re: D-FENS - Emergency patch against downloading server files.
Reply With Quote #2

And here is an example of the log output during my testing.

Code:
L 11/17/2009 - 09:02:45: [D-FENS] "mihaivictor<181><STEAM_0:0:21752144>" requested file "downloads/6f78fc62.dat".
L 11/17/2009 - 09:02:45: [D-FENS] "Mahony<188><STEAM_0:1:1097092>" requested file "downloads/6f78fc62.dat".
L 11/17/2009 - 09:02:45: [D-FENS] "Slobberknocker<187><STEAM_0:1:16591933>" requested file "downloads/6f78fc62.dat".
L 11/17/2009 - 09:02:45: [D-FENS] "Legenderas<194><STEAM_0:0:4477741>" requested file "downloads/6f78fc62.dat".
L 11/17/2009 - 09:02:45: [D-FENS] ".sf| BOO<191><STEAM_0:1:2748942>" requested file "downloads/6f78fc62.dat".
L 11/17/2009 - 09:02:45: [D-FENS] "BudLovsky<164><STEAM_0:0:1827646>" requested file "downloads/6f78fc62.dat".
L 11/17/2009 - 09:02:45: [D-FENS] "ScuNioN<146><STEAM_0:0:8407495>" requested file "downloads/6f78fc62.dat".
L 11/17/2009 - 09:02:45: [D-FENS] "Donutman<189><STEAM_0:0:5437850>" requested file "downloads/6f78fc62.dat".
L 11/17/2009 - 09:02:46: [D-FENS] "Strife<166><STEAM_0:1:16945239>" requested file "downloads/6f78fc62.dat".
L 11/17/2009 - 09:02:46: [D-FENS] "rmszp<159><STEAM_0:0:21855174>" requested file "downloads/6f78fc62.dat".
L 11/17/2009 - 09:02:46: [D-FENS] "nyou<134><STEAM_0:0:27130533>" requested file "downloads/6f78fc62.dat".
L 11/17/2009 - 09:02:46: [D-FENS] "Bob The Fat Bear<179><STEAM_0:1:25700814>" requested file "downloads/6f78fc62.dat".
L 11/17/2009 - 09:02:46: [D-FENS] "ponomarev45<183><STEAM_0:0:25455637>" requested file "downloads/6f78fc62.dat".
L 11/17/2009 - 09:02:46: [D-FENS] "awaotoko<192><STEAM_0:0:21046321>" requested file "downloads/6f78fc62.dat".
L 11/17/2009 - 09:02:46: [D-FENS] "IRAN<184><STEAM_0:1:16042027>" requested file "downloads/6f78fc62.dat".
L 11/17/2009 - 09:02:46: [D-FENS] "Tf2<196><STEAM_0:1:23293127>" requested file "downloads/6f78fc62.dat".
L 11/17/2009 - 09:02:46: [D-FENS] "justHATEyou<115><STEAM_0:0:20399351>" requested file "downloads/6f78fc62.dat".
L 11/17/2009 - 09:02:46: [D-FENS] "Trypot [Fr]<169><STEAM_0:0:17097420>" requested file "downloads/6f78fc62.dat".
L 11/17/2009 - 09:02:46: [D-FENS] "DOLPHY<154><STEAM_0:1:19092712>" requested file "downloads/6f78fc62.dat".
L 11/17/2009 - 09:02:46: [D-FENS] "parachutecloak<168><STEAM_0:1:24993084>" requested file "downloads/6f78fc62.dat".
L 11/17/2009 - 09:02:46: [D-FENS] "Bambadil<167><STEAM_0:0:19055469>" requested file "downloads/6f78fc62.dat".
voogru is offline
1nsane
SourceMod Donor
Join Date: Sep 2005
Old 11-17-2009 , 11:26   Re: D-FENS - Emergency patch against downloading server files.
Reply With Quote #3

Quote:
Originally Posted by voogru View Post
TL;DR

If you can not install this plug-in due to being on and older engine or Linux, rename your server.cfg to some random string. Simply append a few random characters to your .cfg files, ie, server_jfwfhf43f.cfg instead of server.cfg
+servercfgfile

One could also specify an rcon password only in the starting parameters and not in the server.cfg file.

+rcon_password

Good work, hopefully this works.
1nsane is offline
voogru
Inspector Javert
Join Date: Oct 2004
Old 11-17-2009 , 11:29   Re: D-FENS - Emergency patch against downloading server files.
Reply With Quote #4

Quote:
Originally Posted by 1nsane View Post
+servercfgfile

One could also specify an rcon password only in the starting parameters and not in the server.cfg file.

+rcon_password

Good work, hopefully this works.
A lot of people with hosted servers don't have the option of changing the startup line.
voogru is offline
Inflikted
SourceMod Donor
Join Date: Jan 2009
Old 11-17-2009 , 11:54   Re: D-FENS - Emergency patch against downloading server files.
Reply With Quote #5

thanks voogru although we use ipfilter on our rcon port so they can't access it anyways
it would be nice to see who is doing it thanks
Inflikted is offline
voogru
Inspector Javert
Join Date: Oct 2004
Old 11-17-2009 , 11:58   Re: D-FENS - Emergency patch against downloading server files.
Reply With Quote #6

Quote:
Originally Posted by Inflikted View Post
thanks voogru although we use ipfilter on our rcon port so they can't access it anyways
it would be nice to see who is doing it thanks
That was one of the main things I wanted to do. You can prevent it fairly easily but the only way to find out who is doing it is with a plug-in.
voogru is offline
LordVader!
Member
Join Date: Nov 2009
Old 11-17-2009 , 17:09   Re: D-FENS - Emergency patch against downloading server files.
Reply With Quote #7

Quote:
Originally Posted by voogru View Post
2. Their client will be maliciously crashed in an effort to slow them down. (they won't be kicked but will time out naturally)
Very nice

Does the plugin block any normal clients downloads like sprays?
LordVader! is offline
voogru
Inspector Javert
Join Date: Oct 2004
Old 11-17-2009 , 20:09   Re: D-FENS - Emergency patch against downloading server files.
Reply With Quote #8

Quote:
Originally Posted by LordVader! View Post
Very nice

Does the plugin block any normal clients downloads like sprays?
No it will only block files that have .ini, .cfg, .log anywhere in the files path.
voogru is offline
violentcrimes
Senior Member
Join Date: Nov 2006
Old 11-17-2009 , 20:32   Re: D-FENS - Emergency patch against downloading server files.
Reply With Quote #9

Should this work with games like Zombie Panic, AOC & INS?
__________________
violentcrimes is offline
Solor
Member
Join Date: Jan 2009
Old 11-17-2009 , 21:58   Re: D-FENS - Emergency patch against downloading server files.
Reply With Quote #10

Question - I see that several user's are being blocked from downloading this .dat file.

Is this crashing their clients out when it does this or what?

What's the importance of this file, to restrict it?

Seeing the pure number of user's requesting this file, it must be something that is automated, and not the user doing it.
Solor is offline
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -4. The time now is 14:38.


Powered by vBulletin®
Copyright ©2000 - 2021, vBulletin Solutions, Inc.
Theme made by Freecode