Page 1 of 1
et player hacking server
Posted: Wed Mar 19, 2008 6:49 am
by crazyfrag
Hello
Theres a guy faking pb_guids to get acces to etadmin_mod
he takes the pb_guid from one of the admins playing on the servers and get acces to etadmin_mod! he has saved the pb_guids from vsp stats time ago!
this is the userinfo from yesterday when he flooded 3 of our servers with q3fill
http://78.46.45.67/bilder/shot0000.jpg
pb ist tooo slow to kick all this fake clients the reconect and reconnet again!
Code: Select all
23:26.34 Userinfo: \challenge\-396981686\qport\3394\protocol\84\cl_guid\G\cl_punkbuster\1\cl_anonymous\0\snaps\10\rate\1500\name\^0FUCK ^7EF Clan^0!\model\none\AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
thers one thing which is different on him then on all other players!
in his userinfo thers a part
\model\ i think this is because he usees some kind of q3 hack or so!
so my question ist it possible to let a lua check if a player uses
\model\ in his userinfo and kickes him!
Mfg crazy
[/url]
Re: et player hacking server
Posted: Wed Mar 19, 2008 8:30 am
by Father
Posted: Wed Mar 19, 2008 10:05 am
by crazyfrag
this lua runs already....
Posted: Wed Mar 19, 2008 4:38 pm
by Father
Mmm.. new version of Q3 Fill was released at March 5, 2008.
Posted: Thu Mar 20, 2008 12:46 am
by crazyfrag
i want to just create a lua tha tkicks all players with /model/
Posted: Thu Mar 20, 2008 11:51 am
by jump3r
i had the same problem yesterday, combinedfixes lua didnt worked. hopefully i "fixed" this problem using teh pb_banmask 91.76.
edit:
nah sry, it worked. checking log atm:
Code: Select all
ClientConnect: 6
Userinfo: \challenge\1948536928\qport\42509\protocol\84\cl_guid\7D72B6516107D1CF941F8A9E94829B25\cl_punkbuster\1\cl_anonymous\0\snaps\10\rate\1500\name\^6dirtyduck\ip\91.76.44.47:42509
ClientUserinfoChanged: 6 n\^6dirtyduck\t\3\c\0\r\0\m\0000000\s\0000000\dn\\dr\0\w\0\lw\0\sw\0\mu\0\ref\0\p\0\ss\1\sc\0\tv\0\lc\0
Client 848 connecting with 100 challenge ping
ClientConnect: 7
Userinfo: \challenge\1522610151\qport\42765\protocol\84\cl_guid\7D72B6516107D1CF941F8A9E94829B25\cl_punkbuster\1\cl_anonymous\0\snaps\10\rate\1500\name\^4lilcrappy\ip\91.76.44.47:42765
ClientUserinfoChanged: 7 n\^4lilcrappy\t\3\c\0\r\0\m\0000000\s\0000000\dn\\dr\0\w\0\lw\0\sw\0\mu\0\ref\0\p\0\ss\1\sc\0\tv\0\lc\0
Client 849 connecting with 50 challenge ping
ClientConnect: 8
Userinfo: \challenge\1590903818\qport\43021\protocol\84\cl_guid\7D72B6516107D1CF941F8A9E94829B25\cl_punkbuster\1\cl_anonymous\0\snaps\10\rate\1500\name\^2crunkman\ip\91.76.44.47:43021
ClientUserinfoChanged: 8 n\^2crunkman\t\3\c\0\r\0\m\0000000\s\0000000\dn\\dr\0\w\0\lw\0\sw\0\mu\0\ref\0\p\0\ss\1\sc\0\tv\0\lc\0
Client 850 connecting with 100 challenge ping
fakeplimit.lua: too many connections from 91.76.44.47
Code: Select all
ClientConnect: 9
Userinfo: \challenge\965321965\qport\52749\protocol\84\cl_guid\7D72B6516107D1CF941F8A9E94829B25\cl_punkbuster\1\cl_anonymous\0\snaps\10\rate\1500\name\^6dirtyduck\ip\83.237.174.149:52749
ClientUserinfoChanged: 9 n\^6dirtyduck\t\3\c\0\r\0\m\0000000\s\0000000\dn\\dr\0\w\0\lw\0\sw\0\mu\0\ref\0\p\0\ss\1\sc\0\tv\0\lc\0
Client 853 connecting with 100 challenge ping
ClientConnect: 10
Userinfo: \challenge\217765071\qport\53005\protocol\84\cl_guid\7D72B6516107D1CF941F8A9E94829B25\cl_punkbuster\1\cl_anonymous\0\snaps\10\rate\1500\name\^4lilcrappy\ip\83.237.174.149:53005
ClientUserinfoChanged: 10 n\^4lilcrappy\t\3\c\0\r\0\m\0000000\s\0000000\dn\\dr\0\w\0\lw\0\sw\0\mu\0\ref\0\p\0\ss\1\sc\0\tv\0\lc\0
Client 854 connecting with 100 challenge ping
ClientConnect: 11
Userinfo: \challenge\500553771\qport\53261\protocol\84\cl_guid\7D72B6516107D1CF941F8A9E94829B25\cl_punkbuster\1\cl_anonymous\0\snaps\10\rate\1500\name\^2crunkman\ip\83.237.174.149:53261
ClientUserinfoChanged: 11 n\^2crunkman\t\3\c\0\r\0\m\0000000\s\0000000\dn\\dr\0\w\0\lw\0\sw\0\mu\0\ref\0\p\0\ss\1\sc\0\tv\0\lc\0
Client 855 connecting with 100 challenge ping
fakeplimit.lua: too many connections from 83.237.174.149
Code: Select all
ClientConnect: 13
Userinfo: \challenge\304837677\qport\58637\protocol\84\cl_guid\7D72B6516107D1CF941F8A9E94829B25\cl_punkbuster\1\cl_anonymous\0\snaps\10\rate\1500\name\^5funnymule\ip\91.76.47.163:58637
ClientUserinfoChanged: 13 n\^5funnymule\t\3\c\0\r\0\m\0000000\s\0000000\dn\\dr\0\w\0\lw\0\sw\0\mu\0\ref\0\p\0\ss\1\sc\0\tv\0\lc\0
Client 857 connecting with 100 challenge ping
ClientConnect: 15
Userinfo: \challenge\72568607\qport\58893\protocol\84\cl_guid\7D72B6516107D1CF941F8A9E94829B25\cl_punkbuster\1\cl_anonymous\0\snaps\10\rate\1500\name\^2crunkman\ip\91.76.47.163:58893
ClientUserinfoChanged: 15 n\^2crunkman\t\3\c\0\r\0\m\0000000\s\0000000\dn\\dr\0\w\0\lw\0\sw\0\mu\0\ref\0\p\0\ss\1\sc\0\tv\0\lc\0
Client 858 connecting with 50 challenge ping
ClientConnect: 16
Userinfo: \challenge\1552888191\qport\59149\protocol\84\cl_guid\7D72B6516107D1CF941F8A9E94829B25\cl_punkbuster\1\cl_anonymous\0\snaps\10\rate\1500\name\^7crazyhorse\ip\91.76.47.163:59149
ClientUserinfoChanged: 16 n\^7crazyhorse\t\3\c\0\r\0\m\0000000\s\0000000\dn\\dr\0\w\0\lw\0\sw\0\mu\0\ref\0\p\0\ss\1\sc\0\tv\0\lc\0
Client 859 connecting with 100 challenge ping
fakeplimit.lua: too many connections from 91.76.47.163
Posted: Thu Mar 20, 2008 11:52 am
by dutchmeat
You could easily create a FakePlayersbug fix using GameMonkey Scriptmod(
www.gaminggone.net/gmScriptmod/).
Posted: Sat Mar 22, 2008 1:44 am
by crazyfrag
i can get the userinfo by lua...
so now how do i get him detect /model/ and kick client
Posted: Sat Mar 22, 2008 4:53 am
by Luk4ward
Well, its admins' fault coz u have to know:
a) cl_guid can be spoofed
b) do not post full pb guids to public
A fix for vsp stats is here:
http://wolfwiki.anime.net/index.php/Use ... tats_fixes
But u have to clear first the database and run parsing again
p.s i will post soon cl_guid checker merged into combined fixes with logging players with faked guids
Posted: Sat Mar 22, 2008 5:16 am
by McSteve
crazyfrag wrote:so now how do i get him detect /model/ and kick client
I see your reasons for wanting to do so, but that's really not the best thing to do if there is a new version of q3fill and combinedfixes.lua is not effective. Its not 100% clear if this is the case or not. It might be useful if crazyfrag and jump3r could provide any further information about their experience. I'm especially curious as to why jump3r thought at first combinedfixes wasn't working before checking the logs. Did the server get filled with 'connecting' clients?
@crazyfrag
Luk4ward is right, exposing full pbguids and running mods that use cl_guids can lead to exactly this. If you have not already done so, you should remove any admin priviliges from exposed pbguids. Nothing can be done to restore security apart from having your admins change their guids and not reveal them.
Posted: Sat Mar 22, 2008 5:31 am
by dutchmeat
just use getValueForKey, I don't know if etpro's lua has it, but I think it does.
Posted: Sat Mar 22, 2008 5:44 am
by crazyfrag
etadmin priveliegs are alread revoked to 1
and vsp stats only shoes thhe last 8 of guid
