banimod / etpro / ettv forums Forum Index banimod / etpro / ettv forums
Bani's Discussion Forums
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

Server Is Being Nuked...Help!
Goto page 1, 2  Next
 
Post new topic   Reply to topic    banimod / etpro / ettv forums Forum Index -> Banimod Server Admins
View previous topic :: View next topic  
Author Message
Centurion



Joined: 01 Jul 2005
Posts: 15

PostPosted: Wed Jan 25, 2006 6:43 am    Post subject: Server Is Being Nuked...Help! Reply with quote

I have had a couple of troublemakers nuking my server and crashing it. They change their cd key/guid and mask their IPs so I have had no luck in banning them. Is there an anti nuke patch/code available? Thanks for any help!

Heres the script of the nuke from my log files:

3678:04voice: ^0)^3TsA^8(+ HELLO0Ùà
@0Ê
Back to top
View user's profile Send private message
zinx



Joined: 16 Jan 2004
Posts: 268
Location: US

PostPosted: Wed Jan 25, 2006 8:27 am    Post subject: Reply with quote

EDIT: Silly me, this is in banimod. I can't support that Very Happy
But you probably need to apply the anti-nuke patch wrt overly large server commands.
_________________
Zinx Verituse http://zinx.xmms.org/
Back to top
View user's profile Send private message Visit poster's website
Centurion



Joined: 01 Jul 2005
Posts: 15

PostPosted: Wed Jan 25, 2006 8:35 am    Post subject: Reply with quote

I am running RTCW banimod on a windows based server... If there is an antinuke patch around, please post a link and/or instructions..Thanks!

Here is more of the logfile if it helps...Thanks for any help!


3678:02ClientConnect: 0
3678:02ClientUserinfoChanged: 0 n\^4.:^9A^4W^9P:.^6Vike^3girl\t\1\model\multi_axis/redlieutenant1\head\redlieutenant1\c1\6
3678:02ClientBegin: 0
3678:02ClientConnect: 1
3678:02ClientUserinfoChanged: 1 n\k1in3d\t\1\model\multi_axis/redmedic1\head\redmedic1\c1\6
3678:02ClientBegin: 1
3678:02ClientConnect: 2
3678:02ClientUserinfoChanged: 2 n\^xumeremortals\t\2\model\multi/bluemedic1\head\bluemedic1\c1\6
3678:02ClientBegin: 2
3678:02ClientConnect: 3
3678:02ClientUserinfoChanged: 3 n\^3!TDG^^8TROUBLE\t\1\model\multi_axis/redmedic1\head\redmedic1\c1\6
3678:02ClientUserinfoChanged: 3 n\^3!TDG^^8TROUBLE\t\1\model\multi_axis/redengineer1\head\redengineer1\c1\6
3678:02ClientBegin: 3
3678:02ClientConnect: 4
3678:02ClientUserinfoChanged: 4 n\Avenger\t\3\model\multi_axis/redmedic1\head\redmedic1\c1\6
3678:02ClientBegin: 4
3678:02ClientConnect: 5
3678:02ClientUserinfoChanged: 5 n\reb \t\2\model\multi/bluemedic1\head\bluemedic1\c1\6
3678:02ClientBegin: 5
3678:02ClientConnect: 6
3678:02ClientUserinfoChanged: 6 n\^4.:^1A^4W^1P:.^3CopyKid\t\1\model\multi_axis/redmedic1\head\redmedic1\c1\6
3678:02ClientBegin: 6
3678:02ClientConnect: 7
3678:02ClientUserinfoChanged: 7 n\^4.:^1a^4w^1p:.^2toecutter\t\2\model\multi/bluemedic1\head\bluemedic1\c1\6
3678:02ClientBegin: 7
3678:02ClientConnect: 8
3678:02ClientUserinfoChanged: 8 n\YouSneak\t\2\model\multi/bluesoldier1\head\bluesoldier1\c1\6
3678:02ClientBegin: 8
3678:02ClientConnect: 9
3678:02ClientUserinfoChanged: 9 n\^4.:^9A^4W^9P:.^0KING\t\1\model\multi_axis/redengineer1\head\redengineer1\c1\6
3678:02ClientUserinfoChanged: 9 n\^4.:^9A^4W^9P:.^0KING\t\1\model\multi_axis/redlieutenant1\head\redlieutenant1\c1\6
3678:02ClientBegin: 9
3678:02ClientConnect: 10
3678:02ClientUserinfoChanged: 10 n\^8MUT1NY^4*\t\1\model\multi_axis/redengineer1\head\redengineer1\c1\6
3678:02ClientUserinfoChanged: 10 n\^8MUT1NY^4*\t\1\model\multi_axis/redmedic1\head\redmedic1\c1\6
3678:02ClientBegin: 10
3678:02ClientConnect: 11
3678:02ClientUserinfoChanged: 11 n\^9)^7Droid^9(\t\1\model\multi_axis/redmedic1\head\redmedic1\c1\6
3678:02ClientBegin: 11
3678:02ClientConnect: 12
3678:02ClientUserinfoChanged: 12 n\^1]^3KX3^1[^3Buff^1alo ^3Bob\t\2\model\multi/bluelieutenant1\head\bluelieutenant1\c1\6
3678:02ClientUserinfoChanged: 12 n\^1]^3KX3^1[^3Buff^1alo ^3Bob\t\2\model\multi/bluesoldier1\head\bluesoldier1\c1\6
3678:02ClientBegin: 12
3678:02ClientConnect: 13
3678:02ClientUserinfoChanged: 13 n\^0Wizard^1O^0f^1^0^0TheH^0^1oo^1^0d\t\2\model\multi/bluemedic1\head\bluemedic1\c1\6
3678:02ClientBegin: 13
3678:02ClientConnect: 14
3678:02ClientUserinfoChanged: 14 n\^0Testy\t\2\model\multi/bluemedic1\head\bluemedic1\c1\6
3678:02ClientBegin: 14
3678:02ClientConnect: 15
3678:02ClientUserinfoChanged: 15 n\^0pEnNyWiSe^9!\t\2\model\multi/blueengineer1\head\blueengineer1\c1\6
3678:02ClientBegin: 15
3678:02ClientConnect: 16
3678:02ClientUserinfoChanged: 16 n\^0)^3TsA^8(+\t\1\model\multi_axis/redmedic1\head\redmedic1\c1\6
3678:02ClientBegin: 16
3678:02ClientConnect: 17
3678:02ClientUserinfoChanged: 17 n\^@^*=^@4^*20^@|2^*4^@|0^*7^@=\t\3\model\multi_axis/redsoldier1\head\redsoldier1\c1\6
3678:02ClientBegin: 17
3678:04voice: ^0)^3TsA^8(+ HELLO0Ùà
@0Ê
¨3678:04ClientDisconnect: 1
3678:04ClientDisconnect: 11
3678:04ClientDisconnect: 6
3678:04ClientDisconnect: 2
3678:04ClientDisconnect: 14
3678:04ClientDisconnect: 4
3678:04ClientDisconnect: 8
3678:04ClientDisconnect: 3
3678:04ClientDisconnect: 0
3678:04ClientDisconnect: 16
3678:04ClientDisconnect: 7
3678:05ClientDisconnect: 15
3678:05ClientDisconnect: 10
3678:05ClientDisconnect: 5
3678:06ClientDisconnect: 12
3678:07ClientDisconnect: 9
3678:10ClientDisconnect: 13
3678:10ClientConnect: 0
3678:10ClientUserinfoChanged: 0 n\^0pEnNyWiSe^9!\t\3\model\multi_axis/redsoldier1\head\redsoldier1\c1\6
3678:12ClientConnect: 1
3678:12ClientUserinfoChanged: 1 n\YouSneak\t\3\model\multi_axis/redsoldier1\head\redsoldier1\c1\6
3678:13ClientConnect: 2
3678:13ClientUserinfoChanged: 2 n\^9)^7Droid^9(\t\3\model\multi_axis/redsoldier1\head\redsoldier1\c1\6
3678:17ClientConnect: 3
3678:17ClientUserinfoChanged: 3 n\^3!TDG^^8TROUBLE\t\3\model\multi_axis/redsoldier1\head\redsoldier1\c1\6
3678:17ClientConnect: 4
3678:17ClientUserinfoChanged: 4 n\^4.:^1A^4W^1P:.^3CopyKid\t\3\model\multi_axis/redsoldier1\head\redsoldier1\c1\6
3678:18ClientConnect: 5
3678:18ClientUserinfoChanged: 5 n\^xumeremortals\t\3\model\multi_axis/redsoldier1\head\redsoldier1\c1\6
3678:20ClientConnect: 6
3678:20ClientUserinfoChanged: 6 n\reb \t\3\model\multi_axis/redsoldier1\head\redsoldier1\c1\6
3678:20ClientDisconnect: 0
Back to top
View user's profile Send private message
Centurion



Joined: 01 Jul 2005
Posts: 15

PostPosted: Wed Jan 25, 2006 9:53 am    Post subject: Reply with quote

I found some information on the buffer overflow in the quake 3 engine and found this

http://aluigi.altervista.org/patches.htm#bugfix

It looks like a patch to simply limits the amount of data to copy from 1024 to 512 bytes.

I can deploy a patched wolfmp.exe file and hopefully lockout the buffer overflow.

I think this will help does anyone have any thoughts or experiance with this?
Back to top
View user's profile Send private message
RoadKillPuppy



Joined: 08 Apr 2004
Posts: 207
Location: Belgium!

PostPosted: Wed Jan 25, 2006 11:18 am    Post subject: Reply with quote

If you are talking about the infostring remote server crash then it should work with the universal q3 fix. (That's how many admins here protected their et servers when this exploit became popular.)
Back to top
View user's profile Send private message Visit poster's website
=FF=im2good4u



Joined: 05 Feb 2003
Posts: 3924
Location: The Netherlands, HOLLAND

PostPosted: Wed Jan 25, 2006 12:39 pm    Post subject: Reply with quote

use http://www.planetquake.com/qmm/

its a h4x between server engine and mod

it can intercept the to long voicechat files

instal it u can ask seppurt on the forum then run it using the nocrash plugin
_________________
Back to top
View user's profile Send private message Visit poster's website MSN Messenger
Centurion



Joined: 01 Jul 2005
Posts: 15

PostPosted: Wed Jan 25, 2006 2:02 pm    Post subject: Reply with quote

Thank you roadkillpuppy for your feedback, I appreciate your help!

=FF=im2good4u Thanks as always for your truly excellent help!

I read through the qmm info and its very good.

I like your nocrash_rtcwmp.dll features alot but how do I deploy it? Do I rename it qagame_mp_x86.dll and use it in place of the qmm.dll or is it a root level dll in addition to all the qmm files?

I cant thank you enough for all of your help!
Back to top
View user's profile Send private message
RoadKillPuppy



Joined: 08 Apr 2004
Posts: 207
Location: Belgium!

PostPosted: Thu Jan 26, 2006 2:21 am    Post subject: Reply with quote

While qmm is an interesting approach to this problem I couldn't use it due to gameserver host limiting all extra mods. When you have a dedicated server (and unlimited shell access) qmm is worth a try.

When you are patching, do it like this:
- replicate your gameserver install on a machine @ home
- download the exploit and the fix
- try to crash your machine (if it's not crashing, you are looking at the wrong patch)
- if it crashes, patch the bins and try to crash it again.
- no longer crashing -> upload the bins to your actual gameserver
- still crashing -> the patch does not work, start from scratch

If you want help with tests/patching just pm me.
Back to top
View user's profile Send private message Visit poster's website
RoadKillPuppy



Joined: 08 Apr 2004
Posts: 207
Location: Belgium!

PostPosted: Thu Jan 26, 2006 2:21 am    Post subject: Reply with quote

While qmm is an interesting approach to this problem I couldn't use it due to gameserver host limiting all extra mods. When you have a dedicated server (and unlimited shell access) qmm is worth a try.

When you are patching, do it like this:
- replicate your gameserver install on a machine @ home
- download the exploit and the fix
- try to crash your machine (if it's not crashing, you are looking at the wrong patch)
- if it crashes, patch the bins and try to crash it again.
- no longer crashing -> upload the bins to your actual gameserver
- still crashing -> the patch does not work, start from scratch

If you want help with tests/patching just pm me.
Back to top
View user's profile Send private message Visit poster's website
=FF=im2good4u



Joined: 05 Feb 2003
Posts: 3924
Location: The Netherlands, HOLLAND

PostPosted: Thu Jan 26, 2006 2:40 am    Post subject: Reply with quote

Centurion wrote:
Thank you roadkillpuppy for your feedback, I appreciate your help!

=FF=im2good4u Thanks as always for your truly excellent help!

I read through the qmm info and its very good.

I like your nocrash_rtcwmp.dll features alot but how do I deploy it? Do I rename it qagame_mp_x86.dll and use it in place of the qmm.dll or is it a root level dll in addition to all the qmm files?

I cant thank you enough for all of your help!
assuming u have both .dll compiled (qmm.dll and nocrash.dll)

1. rename the qa_game_x86.dll to qmm_qa_game_x86.dll (it will bel aoded by qmm now)
2. rename the qmm.dll to qa_game_x86.dll (it wil be loaded by the engine now)
3. put the nocrash.dll inside the fs_game direxctory
3. create a qmm.ini in the main rtcw directory not in the fs_game
4. inside the newly created qmm.ini put the following code
Code:
"your fs-game directorty goes here" {
    "plugins" (
   "NoCrash";
    )
}


yeh u indeed need like root acces lol i never though about that Very Happy
----> scroll aside Very Happy
_________________
Back to top
View user's profile Send private message Visit poster's website MSN Messenger
Centurion



Joined: 01 Jul 2005
Posts: 15

PostPosted: Thu Jan 26, 2006 6:22 am    Post subject: Reply with quote

Thanks for all of your time! I appreciate both of your help.

I do have root level access and still (lol!) run a simple dedicated server.

I patched lastnight with the QMM but I havent deployed the nocrash .dll yet.

According to the qmm "read me" instructions I put the qmm.ini file at the level of the wolfmp.exe and not inside the "main" folder.

So If I understand, I would leave that qmm.ini where it is and put another qmm.ini containing the code you specified into the main folder per your install instructions?

Thanks for the additional clarification!


PS- ROADKILLPUPPY thank you for your kind offer to help me patch. If I cant get Im2Good4U's .dll up I may need your help Smile

Since I dont have a nuking script, and wouldnt even know where to find one, can I impose on you to please check if Im patched correctly? Feel free to nuke at will (lol!!) 205.234.178.58:27960 The server usually is empty during the daytime and starts to fill at 5pm est and emptys after midnight during the week...Thanks!
Back to top
View user's profile Send private message
RoadKillPuppy



Joined: 08 Apr 2004
Posts: 207
Location: Belgium!

PostPosted: Thu Jan 26, 2006 7:14 am    Post subject: Reply with quote

Centurion wrote:
Feel free to nuke at will (lol!!)

It's not exactly the kind of stuff that sits on my disks and I will certainly not try to crash your server at any random time.
Back to top
View user's profile Send private message Visit poster's website
=FF=im2good4u



Joined: 05 Feb 2003
Posts: 3924
Location: The Netherlands, HOLLAND

PostPosted: Thu Jan 26, 2006 7:43 am    Post subject: Reply with quote

u leave the qmm.ini at the same level as wolfmp.exe

u put this code in it
Code:
"bani" {
    "plugins" (
   "NoCrash";
    )
}



qmm will not protect your server right away u need the nocrass.dll

or if u have downladed it from the cvs it will be stub_qmm.dll in witch case your ini file should look like
Code:
"bani" {
    "plugins" (
   "stub_qmm";
    )
}


AND IF U WANT IT CRASH TESTED i can do it for u
_________________
Back to top
View user's profile Send private message Visit poster's website MSN Messenger
Centurion



Joined: 01 Jul 2005
Posts: 15

PostPosted: Thu Jan 26, 2006 8:43 am    Post subject: Reply with quote

That clarified everything! Thanks:D

I followed all of your instructions and deployed the nocrash dll...It was very simple now that I understand....

Could I impose on you to crash test me?
If Im not mistaken, your dll should generate a log that tells me, for example, that =ff=Im2good4U has attempted a crash of the server, right?

Thanks again. I appreciate your time and help...

Very Happy
Back to top
View user's profile Send private message
=FF=im2good4u



Joined: 05 Feb 2003
Posts: 3924
Location: The Netherlands, HOLLAND

PostPosted: Fri Jan 27, 2006 2:22 am    Post subject: Reply with quote

hmm not the orriginal dll just trows away the vsay and nothnig happents

mine makes a console print saying who atempted to crash it

oke ill try it now BRB Twisted Evil
_________________
Back to top
View user's profile Send private message Visit poster's website MSN Messenger
Display posts from previous:   
Post new topic   Reply to topic    banimod / etpro / ettv forums Forum Index -> Banimod Server Admins All times are GMT - 8 Hours
Goto page 1, 2  Next
Page 1 of 2

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group