Server Is Being Nuked...Help!
Moderators: Forum moderators, developers
Server Is Being Nuked...Help!
I have had a couple of troublemakers nuking my server and crashing it. They change their cd key/guid and mask their IPs so I have had no luck in banning them. Is there an anti nuke patch/code available? Thanks for any help!
Heres the script of the nuke from my log files:
3678:04voice: ^0)^3TsA^8(+ HELLO0ÙÃ
@0Ê
Heres the script of the nuke from my log files:
3678:04voice: ^0)^3TsA^8(+ HELLO0ÙÃ
@0Ê
EDIT: Silly me, this is in banimod. I can't support that
But you probably need to apply the anti-nuke patch wrt overly large server commands.
But you probably need to apply the anti-nuke patch wrt overly large server commands.
Zinx Verituse http://zinx.xmms.org/
I am running RTCW banimod on a windows based server... If there is an antinuke patch around, please post a link and/or instructions..Thanks!
Here is more of the logfile if it helps...Thanks for any help!
3678:02ClientConnect: 0
3678:02ClientUserinfoChanged: 0 n\^4.:^9A^4W^9P:.^6Vike^3girl\t\1\model\multi_axis/redlieutenant1\head\redlieutenant1\c1\6
3678:02ClientBegin: 0
3678:02ClientConnect: 1
3678:02ClientUserinfoChanged: 1 n\k1in3d\t\1\model\multi_axis/redmedic1\head\redmedic1\c1\6
3678:02ClientBegin: 1
3678:02ClientConnect: 2
3678:02ClientUserinfoChanged: 2 n\^xumeremortals\t\2\model\multi/bluemedic1\head\bluemedic1\c1\6
3678:02ClientBegin: 2
3678:02ClientConnect: 3
3678:02ClientUserinfoChanged: 3 n\^3!TDG^^8TROUBLE\t\1\model\multi_axis/redmedic1\head\redmedic1\c1\6
3678:02ClientUserinfoChanged: 3 n\^3!TDG^^8TROUBLE\t\1\model\multi_axis/redengineer1\head\redengineer1\c1\6
3678:02ClientBegin: 3
3678:02ClientConnect: 4
3678:02ClientUserinfoChanged: 4 n\Avenger\t\3\model\multi_axis/redmedic1\head\redmedic1\c1\6
3678:02ClientBegin: 4
3678:02ClientConnect: 5
3678:02ClientUserinfoChanged: 5 n\reb \t\2\model\multi/bluemedic1\head\bluemedic1\c1\6
3678:02ClientBegin: 5
3678:02ClientConnect: 6
3678:02ClientUserinfoChanged: 6 n\^4.:^1A^4W^1P:.^3CopyKid\t\1\model\multi_axis/redmedic1\head\redmedic1\c1\6
3678:02ClientBegin: 6
3678:02ClientConnect: 7
3678:02ClientUserinfoChanged: 7 n\^4.:^1a^4w^1p:.^2toecutter\t\2\model\multi/bluemedic1\head\bluemedic1\c1\6
3678:02ClientBegin: 7
3678:02ClientConnect: 8
3678:02ClientUserinfoChanged: 8 n\YouSneak\t\2\model\multi/bluesoldier1\head\bluesoldier1\c1\6
3678:02ClientBegin: 8
3678:02ClientConnect: 9
3678:02ClientUserinfoChanged: 9 n\^4.:^9A^4W^9P:.^0KING\t\1\model\multi_axis/redengineer1\head\redengineer1\c1\6
3678:02ClientUserinfoChanged: 9 n\^4.:^9A^4W^9P:.^0KING\t\1\model\multi_axis/redlieutenant1\head\redlieutenant1\c1\6
3678:02ClientBegin: 9
3678:02ClientConnect: 10
3678:02ClientUserinfoChanged: 10 n\^8MUT1NY^4*\t\1\model\multi_axis/redengineer1\head\redengineer1\c1\6
3678:02ClientUserinfoChanged: 10 n\^8MUT1NY^4*\t\1\model\multi_axis/redmedic1\head\redmedic1\c1\6
3678:02ClientBegin: 10
3678:02ClientConnect: 11
3678:02ClientUserinfoChanged: 11 n\^9)^7Droid^9(\t\1\model\multi_axis/redmedic1\head\redmedic1\c1\6
3678:02ClientBegin: 11
3678:02ClientConnect: 12
3678:02ClientUserinfoChanged: 12 n\^1]^3KX3^1[^3Buff^1alo ^3Bob\t\2\model\multi/bluelieutenant1\head\bluelieutenant1\c1\6
3678:02ClientUserinfoChanged: 12 n\^1]^3KX3^1[^3Buff^1alo ^3Bob\t\2\model\multi/bluesoldier1\head\bluesoldier1\c1\6
3678:02ClientBegin: 12
3678:02ClientConnect: 13
3678:02ClientUserinfoChanged: 13 n\^0Wizard^1O^0f^1^0^0TheH^0^1oo^1^0d\t\2\model\multi/bluemedic1\head\bluemedic1\c1\6
3678:02ClientBegin: 13
3678:02ClientConnect: 14
3678:02ClientUserinfoChanged: 14 n\^0Testy\t\2\model\multi/bluemedic1\head\bluemedic1\c1\6
3678:02ClientBegin: 14
3678:02ClientConnect: 15
3678:02ClientUserinfoChanged: 15 n\^0pEnNyWiSe^9!\t\2\model\multi/blueengineer1\head\blueengineer1\c1\6
3678:02ClientBegin: 15
3678:02ClientConnect: 16
3678:02ClientUserinfoChanged: 16 n\^0)^3TsA^8(+\t\1\model\multi_axis/redmedic1\head\redmedic1\c1\6
3678:02ClientBegin: 16
3678:02ClientConnect: 17
3678:02ClientUserinfoChanged: 17 n\^@^*=^@4^*20^@|2^*4^@|0^*7^@=\t\3\model\multi_axis/redsoldier1\head\redsoldier1\c1\6
3678:02ClientBegin: 17
3678:04voice: ^0)^3TsA^8(+ HELLO0ÙÃ
@0Ê
¨3678:04ClientDisconnect: 1
3678:04ClientDisconnect: 11
3678:04ClientDisconnect: 6
3678:04ClientDisconnect: 2
3678:04ClientDisconnect: 14
3678:04ClientDisconnect: 4
3678:04ClientDisconnect: 8
3678:04ClientDisconnect: 3
3678:04ClientDisconnect: 0
3678:04ClientDisconnect: 16
3678:04ClientDisconnect: 7
3678:05ClientDisconnect: 15
3678:05ClientDisconnect: 10
3678:05ClientDisconnect: 5
3678:06ClientDisconnect: 12
3678:07ClientDisconnect: 9
3678:10ClientDisconnect: 13
3678:10ClientConnect: 0
3678:10ClientUserinfoChanged: 0 n\^0pEnNyWiSe^9!\t\3\model\multi_axis/redsoldier1\head\redsoldier1\c1\6
3678:12ClientConnect: 1
3678:12ClientUserinfoChanged: 1 n\YouSneak\t\3\model\multi_axis/redsoldier1\head\redsoldier1\c1\6
3678:13ClientConnect: 2
3678:13ClientUserinfoChanged: 2 n\^9)^7Droid^9(\t\3\model\multi_axis/redsoldier1\head\redsoldier1\c1\6
3678:17ClientConnect: 3
3678:17ClientUserinfoChanged: 3 n\^3!TDG^^8TROUBLE\t\3\model\multi_axis/redsoldier1\head\redsoldier1\c1\6
3678:17ClientConnect: 4
3678:17ClientUserinfoChanged: 4 n\^4.:^1A^4W^1P:.^3CopyKid\t\3\model\multi_axis/redsoldier1\head\redsoldier1\c1\6
3678:18ClientConnect: 5
3678:18ClientUserinfoChanged: 5 n\^xumeremortals\t\3\model\multi_axis/redsoldier1\head\redsoldier1\c1\6
3678:20ClientConnect: 6
3678:20ClientUserinfoChanged: 6 n\reb \t\3\model\multi_axis/redsoldier1\head\redsoldier1\c1\6
3678:20ClientDisconnect: 0
Here is more of the logfile if it helps...Thanks for any help!
3678:02ClientConnect: 0
3678:02ClientUserinfoChanged: 0 n\^4.:^9A^4W^9P:.^6Vike^3girl\t\1\model\multi_axis/redlieutenant1\head\redlieutenant1\c1\6
3678:02ClientBegin: 0
3678:02ClientConnect: 1
3678:02ClientUserinfoChanged: 1 n\k1in3d\t\1\model\multi_axis/redmedic1\head\redmedic1\c1\6
3678:02ClientBegin: 1
3678:02ClientConnect: 2
3678:02ClientUserinfoChanged: 2 n\^xumeremortals\t\2\model\multi/bluemedic1\head\bluemedic1\c1\6
3678:02ClientBegin: 2
3678:02ClientConnect: 3
3678:02ClientUserinfoChanged: 3 n\^3!TDG^^8TROUBLE\t\1\model\multi_axis/redmedic1\head\redmedic1\c1\6
3678:02ClientUserinfoChanged: 3 n\^3!TDG^^8TROUBLE\t\1\model\multi_axis/redengineer1\head\redengineer1\c1\6
3678:02ClientBegin: 3
3678:02ClientConnect: 4
3678:02ClientUserinfoChanged: 4 n\Avenger\t\3\model\multi_axis/redmedic1\head\redmedic1\c1\6
3678:02ClientBegin: 4
3678:02ClientConnect: 5
3678:02ClientUserinfoChanged: 5 n\reb \t\2\model\multi/bluemedic1\head\bluemedic1\c1\6
3678:02ClientBegin: 5
3678:02ClientConnect: 6
3678:02ClientUserinfoChanged: 6 n\^4.:^1A^4W^1P:.^3CopyKid\t\1\model\multi_axis/redmedic1\head\redmedic1\c1\6
3678:02ClientBegin: 6
3678:02ClientConnect: 7
3678:02ClientUserinfoChanged: 7 n\^4.:^1a^4w^1p:.^2toecutter\t\2\model\multi/bluemedic1\head\bluemedic1\c1\6
3678:02ClientBegin: 7
3678:02ClientConnect: 8
3678:02ClientUserinfoChanged: 8 n\YouSneak\t\2\model\multi/bluesoldier1\head\bluesoldier1\c1\6
3678:02ClientBegin: 8
3678:02ClientConnect: 9
3678:02ClientUserinfoChanged: 9 n\^4.:^9A^4W^9P:.^0KING\t\1\model\multi_axis/redengineer1\head\redengineer1\c1\6
3678:02ClientUserinfoChanged: 9 n\^4.:^9A^4W^9P:.^0KING\t\1\model\multi_axis/redlieutenant1\head\redlieutenant1\c1\6
3678:02ClientBegin: 9
3678:02ClientConnect: 10
3678:02ClientUserinfoChanged: 10 n\^8MUT1NY^4*\t\1\model\multi_axis/redengineer1\head\redengineer1\c1\6
3678:02ClientUserinfoChanged: 10 n\^8MUT1NY^4*\t\1\model\multi_axis/redmedic1\head\redmedic1\c1\6
3678:02ClientBegin: 10
3678:02ClientConnect: 11
3678:02ClientUserinfoChanged: 11 n\^9)^7Droid^9(\t\1\model\multi_axis/redmedic1\head\redmedic1\c1\6
3678:02ClientBegin: 11
3678:02ClientConnect: 12
3678:02ClientUserinfoChanged: 12 n\^1]^3KX3^1[^3Buff^1alo ^3Bob\t\2\model\multi/bluelieutenant1\head\bluelieutenant1\c1\6
3678:02ClientUserinfoChanged: 12 n\^1]^3KX3^1[^3Buff^1alo ^3Bob\t\2\model\multi/bluesoldier1\head\bluesoldier1\c1\6
3678:02ClientBegin: 12
3678:02ClientConnect: 13
3678:02ClientUserinfoChanged: 13 n\^0Wizard^1O^0f^1^0^0TheH^0^1oo^1^0d\t\2\model\multi/bluemedic1\head\bluemedic1\c1\6
3678:02ClientBegin: 13
3678:02ClientConnect: 14
3678:02ClientUserinfoChanged: 14 n\^0Testy\t\2\model\multi/bluemedic1\head\bluemedic1\c1\6
3678:02ClientBegin: 14
3678:02ClientConnect: 15
3678:02ClientUserinfoChanged: 15 n\^0pEnNyWiSe^9!\t\2\model\multi/blueengineer1\head\blueengineer1\c1\6
3678:02ClientBegin: 15
3678:02ClientConnect: 16
3678:02ClientUserinfoChanged: 16 n\^0)^3TsA^8(+\t\1\model\multi_axis/redmedic1\head\redmedic1\c1\6
3678:02ClientBegin: 16
3678:02ClientConnect: 17
3678:02ClientUserinfoChanged: 17 n\^@^*=^@4^*20^@|2^*4^@|0^*7^@=\t\3\model\multi_axis/redsoldier1\head\redsoldier1\c1\6
3678:02ClientBegin: 17
3678:04voice: ^0)^3TsA^8(+ HELLO0ÙÃ
@0Ê
¨3678:04ClientDisconnect: 1
3678:04ClientDisconnect: 11
3678:04ClientDisconnect: 6
3678:04ClientDisconnect: 2
3678:04ClientDisconnect: 14
3678:04ClientDisconnect: 4
3678:04ClientDisconnect: 8
3678:04ClientDisconnect: 3
3678:04ClientDisconnect: 0
3678:04ClientDisconnect: 16
3678:04ClientDisconnect: 7
3678:05ClientDisconnect: 15
3678:05ClientDisconnect: 10
3678:05ClientDisconnect: 5
3678:06ClientDisconnect: 12
3678:07ClientDisconnect: 9
3678:10ClientDisconnect: 13
3678:10ClientConnect: 0
3678:10ClientUserinfoChanged: 0 n\^0pEnNyWiSe^9!\t\3\model\multi_axis/redsoldier1\head\redsoldier1\c1\6
3678:12ClientConnect: 1
3678:12ClientUserinfoChanged: 1 n\YouSneak\t\3\model\multi_axis/redsoldier1\head\redsoldier1\c1\6
3678:13ClientConnect: 2
3678:13ClientUserinfoChanged: 2 n\^9)^7Droid^9(\t\3\model\multi_axis/redsoldier1\head\redsoldier1\c1\6
3678:17ClientConnect: 3
3678:17ClientUserinfoChanged: 3 n\^3!TDG^^8TROUBLE\t\3\model\multi_axis/redsoldier1\head\redsoldier1\c1\6
3678:17ClientConnect: 4
3678:17ClientUserinfoChanged: 4 n\^4.:^1A^4W^1P:.^3CopyKid\t\3\model\multi_axis/redsoldier1\head\redsoldier1\c1\6
3678:18ClientConnect: 5
3678:18ClientUserinfoChanged: 5 n\^xumeremortals\t\3\model\multi_axis/redsoldier1\head\redsoldier1\c1\6
3678:20ClientConnect: 6
3678:20ClientUserinfoChanged: 6 n\reb \t\3\model\multi_axis/redsoldier1\head\redsoldier1\c1\6
3678:20ClientDisconnect: 0
I found some information on the buffer overflow in the quake 3 engine and found this
http://aluigi.altervista.org/patches.htm#bugfix
It looks like a patch to simply limits the amount of data to copy from 1024 to 512 bytes.
I can deploy a patched wolfmp.exe file and hopefully lockout the buffer overflow.
I think this will help does anyone have any thoughts or experiance with this?
http://aluigi.altervista.org/patches.htm#bugfix
It looks like a patch to simply limits the amount of data to copy from 1024 to 512 bytes.
I can deploy a patched wolfmp.exe file and hopefully lockout the buffer overflow.
I think this will help does anyone have any thoughts or experiance with this?
- RoadKillPuppy
- Posts: 207
- Joined: Thu Apr 08, 2004 9:21 am
- Location: Belgium!
- Contact:
- =FF=im2good4u
- Posts: 3821
- Joined: Wed Feb 05, 2003 7:30 am
- Location: The Netherlands, HOLLAND
- Contact:
use http://www.planetquake.com/qmm/
its a h4x between server engine and mod
it can intercept the to long voicechat files
instal it u can ask seppurt on the forum then run it using the nocrash plugin
its a h4x between server engine and mod
it can intercept the to long voicechat files
instal it u can ask seppurt on the forum then run it using the nocrash plugin
<a href="http://bunnyherolabs.com/adopt/showpet. ... dQ=="><img src="http://petimage.bunnyherolabs.com/adopt ... Q0dQ==.png" width="80" height="100" border="0"></a>
Thank you roadkillpuppy for your feedback, I appreciate your help!
=FF=im2good4u Thanks as always for your truly excellent help!
I read through the qmm info and its very good.
I like your nocrash_rtcwmp.dll features alot but how do I deploy it? Do I rename it qagame_mp_x86.dll and use it in place of the qmm.dll or is it a root level dll in addition to all the qmm files?
I cant thank you enough for all of your help!
=FF=im2good4u Thanks as always for your truly excellent help!
I read through the qmm info and its very good.
I like your nocrash_rtcwmp.dll features alot but how do I deploy it? Do I rename it qagame_mp_x86.dll and use it in place of the qmm.dll or is it a root level dll in addition to all the qmm files?
I cant thank you enough for all of your help!
- RoadKillPuppy
- Posts: 207
- Joined: Thu Apr 08, 2004 9:21 am
- Location: Belgium!
- Contact:
While qmm is an interesting approach to this problem I couldn't use it due to gameserver host limiting all extra mods. When you have a dedicated server (and unlimited shell access) qmm is worth a try.
When you are patching, do it like this:
- replicate your gameserver install on a machine @ home
- download the exploit and the fix
- try to crash your machine (if it's not crashing, you are looking at the wrong patch)
- if it crashes, patch the bins and try to crash it again.
- no longer crashing -> upload the bins to your actual gameserver
- still crashing -> the patch does not work, start from scratch
If you want help with tests/patching just pm me.
When you are patching, do it like this:
- replicate your gameserver install on a machine @ home
- download the exploit and the fix
- try to crash your machine (if it's not crashing, you are looking at the wrong patch)
- if it crashes, patch the bins and try to crash it again.
- no longer crashing -> upload the bins to your actual gameserver
- still crashing -> the patch does not work, start from scratch
If you want help with tests/patching just pm me.
- RoadKillPuppy
- Posts: 207
- Joined: Thu Apr 08, 2004 9:21 am
- Location: Belgium!
- Contact:
While qmm is an interesting approach to this problem I couldn't use it due to gameserver host limiting all extra mods. When you have a dedicated server (and unlimited shell access) qmm is worth a try.
When you are patching, do it like this:
- replicate your gameserver install on a machine @ home
- download the exploit and the fix
- try to crash your machine (if it's not crashing, you are looking at the wrong patch)
- if it crashes, patch the bins and try to crash it again.
- no longer crashing -> upload the bins to your actual gameserver
- still crashing -> the patch does not work, start from scratch
If you want help with tests/patching just pm me.
When you are patching, do it like this:
- replicate your gameserver install on a machine @ home
- download the exploit and the fix
- try to crash your machine (if it's not crashing, you are looking at the wrong patch)
- if it crashes, patch the bins and try to crash it again.
- no longer crashing -> upload the bins to your actual gameserver
- still crashing -> the patch does not work, start from scratch
If you want help with tests/patching just pm me.
- =FF=im2good4u
- Posts: 3821
- Joined: Wed Feb 05, 2003 7:30 am
- Location: The Netherlands, HOLLAND
- Contact:
assuming u have both .dll compiled (qmm.dll and nocrash.dll)Centurion wrote:Thank you roadkillpuppy for your feedback, I appreciate your help!
=FF=im2good4u Thanks as always for your truly excellent help!
I read through the qmm info and its very good.
I like your nocrash_rtcwmp.dll features alot but how do I deploy it? Do I rename it qagame_mp_x86.dll and use it in place of the qmm.dll or is it a root level dll in addition to all the qmm files?
I cant thank you enough for all of your help!
1. rename the qa_game_x86.dll to qmm_qa_game_x86.dll (it will bel aoded by qmm now)
2. rename the qmm.dll to qa_game_x86.dll (it wil be loaded by the engine now)
3. put the nocrash.dll inside the fs_game direxctory
3. create a qmm.ini in the main rtcw directory not in the fs_game
4. inside the newly created qmm.ini put the following code
Code: Select all
"your fs-game directorty goes here" {
"plugins" (
"NoCrash";
)
}
----> scroll aside
<a href="http://bunnyherolabs.com/adopt/showpet. ... dQ=="><img src="http://petimage.bunnyherolabs.com/adopt ... Q0dQ==.png" width="80" height="100" border="0"></a>
Thanks for all of your time! I appreciate both of your help.
I do have root level access and still (lol!) run a simple dedicated server.
I patched lastnight with the QMM but I havent deployed the nocrash .dll yet.
According to the qmm "read me" instructions I put the qmm.ini file at the level of the wolfmp.exe and not inside the "main" folder.
So If I understand, I would leave that qmm.ini where it is and put another qmm.ini containing the code you specified into the main folder per your install instructions?
Thanks for the additional clarification!
PS- ROADKILLPUPPY thank you for your kind offer to help me patch. If I cant get Im2Good4U's .dll up I may need your help
Since I dont have a nuking script, and wouldnt even know where to find one, can I impose on you to please check if Im patched correctly? Feel free to nuke at will (lol!!) 205.234.178.58:27960 The server usually is empty during the daytime and starts to fill at 5pm est and emptys after midnight during the week...Thanks!
I do have root level access and still (lol!) run a simple dedicated server.
I patched lastnight with the QMM but I havent deployed the nocrash .dll yet.
According to the qmm "read me" instructions I put the qmm.ini file at the level of the wolfmp.exe and not inside the "main" folder.
So If I understand, I would leave that qmm.ini where it is and put another qmm.ini containing the code you specified into the main folder per your install instructions?
Thanks for the additional clarification!
PS- ROADKILLPUPPY thank you for your kind offer to help me patch. If I cant get Im2Good4U's .dll up I may need your help
Since I dont have a nuking script, and wouldnt even know where to find one, can I impose on you to please check if Im patched correctly? Feel free to nuke at will (lol!!) 205.234.178.58:27960 The server usually is empty during the daytime and starts to fill at 5pm est and emptys after midnight during the week...Thanks!
- RoadKillPuppy
- Posts: 207
- Joined: Thu Apr 08, 2004 9:21 am
- Location: Belgium!
- Contact:
- =FF=im2good4u
- Posts: 3821
- Joined: Wed Feb 05, 2003 7:30 am
- Location: The Netherlands, HOLLAND
- Contact:
u leave the qmm.ini at the same level as wolfmp.exe
u put this code in it
qmm will not protect your server right away u need the nocrass.dll
or if u have downladed it from the cvs it will be stub_qmm.dll in witch case your ini file should look like
AND IF U WANT IT CRASH TESTED i can do it for u
u put this code in it
Code: Select all
"bani" {
"plugins" (
"NoCrash";
)
}
qmm will not protect your server right away u need the nocrass.dll
or if u have downladed it from the cvs it will be stub_qmm.dll in witch case your ini file should look like
Code: Select all
"bani" {
"plugins" (
"stub_qmm";
)
}
<a href="http://bunnyherolabs.com/adopt/showpet. ... dQ=="><img src="http://petimage.bunnyherolabs.com/adopt ... Q0dQ==.png" width="80" height="100" border="0"></a>
That clarified everything! Thanks:D
I followed all of your instructions and deployed the nocrash dll...It was very simple now that I understand....
Could I impose on you to crash test me?
If Im not mistaken, your dll should generate a log that tells me, for example, that =ff=Im2good4U has attempted a crash of the server, right?
Thanks again. I appreciate your time and help...
I followed all of your instructions and deployed the nocrash dll...It was very simple now that I understand....
Could I impose on you to crash test me?
If Im not mistaken, your dll should generate a log that tells me, for example, that =ff=Im2good4U has attempted a crash of the server, right?
Thanks again. I appreciate your time and help...
- =FF=im2good4u
- Posts: 3821
- Joined: Wed Feb 05, 2003 7:30 am
- Location: The Netherlands, HOLLAND
- Contact:
hmm not the orriginal dll just trows away the vsay and nothnig happents
mine makes a console print saying who atempted to crash it
oke ill try it now BRB
mine makes a console print saying who atempted to crash it
oke ill try it now BRB
<a href="http://bunnyherolabs.com/adopt/showpet. ... dQ=="><img src="http://petimage.bunnyherolabs.com/adopt ... Q0dQ==.png" width="80" height="100" border="0"></a>