Server Is Being Nuked...Help!

Discussion for Admins of Banimod servers.<br>
If you don't run a server, please don't post here...

Moderators: Forum moderators, developers

Centurion
Posts: 15
Joined: Fri Jul 01, 2005 6:28 am

Server Is Being Nuked...Help!

Post by Centurion »

I have had a couple of troublemakers nuking my server and crashing it. They change their cd key/guid and mask their IPs so I have had no luck in banning them. Is there an anti nuke patch/code available? Thanks for any help!

Heres the script of the nuke from my log files:

3678:04voice: ^0)^3TsA^8(+ HELLO0Ùà
@0Ê
User avatar
zinx
Posts: 267
Joined: Fri Jan 16, 2004 12:37 pm
Location: US
Contact:

Post by zinx »

EDIT: Silly me, this is in banimod. I can't support that :D
But you probably need to apply the anti-nuke patch wrt overly large server commands.
Zinx Verituse http://zinx.xmms.org/
Centurion
Posts: 15
Joined: Fri Jul 01, 2005 6:28 am

Post by Centurion »

I am running RTCW banimod on a windows based server... If there is an antinuke patch around, please post a link and/or instructions..Thanks!

Here is more of the logfile if it helps...Thanks for any help!


3678:02ClientConnect: 0
3678:02ClientUserinfoChanged: 0 n\^4.:^9A^4W^9P:.^6Vike^3girl\t\1\model\multi_axis/redlieutenant1\head\redlieutenant1\c1\6
3678:02ClientBegin: 0
3678:02ClientConnect: 1
3678:02ClientUserinfoChanged: 1 n\k1in3d\t\1\model\multi_axis/redmedic1\head\redmedic1\c1\6
3678:02ClientBegin: 1
3678:02ClientConnect: 2
3678:02ClientUserinfoChanged: 2 n\^xumeremortals\t\2\model\multi/bluemedic1\head\bluemedic1\c1\6
3678:02ClientBegin: 2
3678:02ClientConnect: 3
3678:02ClientUserinfoChanged: 3 n\^3!TDG^^8TROUBLE\t\1\model\multi_axis/redmedic1\head\redmedic1\c1\6
3678:02ClientUserinfoChanged: 3 n\^3!TDG^^8TROUBLE\t\1\model\multi_axis/redengineer1\head\redengineer1\c1\6
3678:02ClientBegin: 3
3678:02ClientConnect: 4
3678:02ClientUserinfoChanged: 4 n\Avenger\t\3\model\multi_axis/redmedic1\head\redmedic1\c1\6
3678:02ClientBegin: 4
3678:02ClientConnect: 5
3678:02ClientUserinfoChanged: 5 n\reb \t\2\model\multi/bluemedic1\head\bluemedic1\c1\6
3678:02ClientBegin: 5
3678:02ClientConnect: 6
3678:02ClientUserinfoChanged: 6 n\^4.:^1A^4W^1P:.^3CopyKid\t\1\model\multi_axis/redmedic1\head\redmedic1\c1\6
3678:02ClientBegin: 6
3678:02ClientConnect: 7
3678:02ClientUserinfoChanged: 7 n\^4.:^1a^4w^1p:.^2toecutter\t\2\model\multi/bluemedic1\head\bluemedic1\c1\6
3678:02ClientBegin: 7
3678:02ClientConnect: 8
3678:02ClientUserinfoChanged: 8 n\YouSneak\t\2\model\multi/bluesoldier1\head\bluesoldier1\c1\6
3678:02ClientBegin: 8
3678:02ClientConnect: 9
3678:02ClientUserinfoChanged: 9 n\^4.:^9A^4W^9P:.^0KING\t\1\model\multi_axis/redengineer1\head\redengineer1\c1\6
3678:02ClientUserinfoChanged: 9 n\^4.:^9A^4W^9P:.^0KING\t\1\model\multi_axis/redlieutenant1\head\redlieutenant1\c1\6
3678:02ClientBegin: 9
3678:02ClientConnect: 10
3678:02ClientUserinfoChanged: 10 n\^8MUT1NY^4*\t\1\model\multi_axis/redengineer1\head\redengineer1\c1\6
3678:02ClientUserinfoChanged: 10 n\^8MUT1NY^4*\t\1\model\multi_axis/redmedic1\head\redmedic1\c1\6
3678:02ClientBegin: 10
3678:02ClientConnect: 11
3678:02ClientUserinfoChanged: 11 n\^9)^7Droid^9(\t\1\model\multi_axis/redmedic1\head\redmedic1\c1\6
3678:02ClientBegin: 11
3678:02ClientConnect: 12
3678:02ClientUserinfoChanged: 12 n\^1]^3KX3^1[^3Buff^1alo ^3Bob\t\2\model\multi/bluelieutenant1\head\bluelieutenant1\c1\6
3678:02ClientUserinfoChanged: 12 n\^1]^3KX3^1[^3Buff^1alo ^3Bob\t\2\model\multi/bluesoldier1\head\bluesoldier1\c1\6
3678:02ClientBegin: 12
3678:02ClientConnect: 13
3678:02ClientUserinfoChanged: 13 n\^0Wizard^1O^0f^1^0^0TheH^0^1oo^1^0d\t\2\model\multi/bluemedic1\head\bluemedic1\c1\6
3678:02ClientBegin: 13
3678:02ClientConnect: 14
3678:02ClientUserinfoChanged: 14 n\^0Testy\t\2\model\multi/bluemedic1\head\bluemedic1\c1\6
3678:02ClientBegin: 14
3678:02ClientConnect: 15
3678:02ClientUserinfoChanged: 15 n\^0pEnNyWiSe^9!\t\2\model\multi/blueengineer1\head\blueengineer1\c1\6
3678:02ClientBegin: 15
3678:02ClientConnect: 16
3678:02ClientUserinfoChanged: 16 n\^0)^3TsA^8(+\t\1\model\multi_axis/redmedic1\head\redmedic1\c1\6
3678:02ClientBegin: 16
3678:02ClientConnect: 17
3678:02ClientUserinfoChanged: 17 n\^@^*=^@4^*20^@|2^*4^@|0^*7^@=\t\3\model\multi_axis/redsoldier1\head\redsoldier1\c1\6
3678:02ClientBegin: 17
3678:04voice: ^0)^3TsA^8(+ HELLO0Ùà
@0Ê
¨3678:04ClientDisconnect: 1
3678:04ClientDisconnect: 11
3678:04ClientDisconnect: 6
3678:04ClientDisconnect: 2
3678:04ClientDisconnect: 14
3678:04ClientDisconnect: 4
3678:04ClientDisconnect: 8
3678:04ClientDisconnect: 3
3678:04ClientDisconnect: 0
3678:04ClientDisconnect: 16
3678:04ClientDisconnect: 7
3678:05ClientDisconnect: 15
3678:05ClientDisconnect: 10
3678:05ClientDisconnect: 5
3678:06ClientDisconnect: 12
3678:07ClientDisconnect: 9
3678:10ClientDisconnect: 13
3678:10ClientConnect: 0
3678:10ClientUserinfoChanged: 0 n\^0pEnNyWiSe^9!\t\3\model\multi_axis/redsoldier1\head\redsoldier1\c1\6
3678:12ClientConnect: 1
3678:12ClientUserinfoChanged: 1 n\YouSneak\t\3\model\multi_axis/redsoldier1\head\redsoldier1\c1\6
3678:13ClientConnect: 2
3678:13ClientUserinfoChanged: 2 n\^9)^7Droid^9(\t\3\model\multi_axis/redsoldier1\head\redsoldier1\c1\6
3678:17ClientConnect: 3
3678:17ClientUserinfoChanged: 3 n\^3!TDG^^8TROUBLE\t\3\model\multi_axis/redsoldier1\head\redsoldier1\c1\6
3678:17ClientConnect: 4
3678:17ClientUserinfoChanged: 4 n\^4.:^1A^4W^1P:.^3CopyKid\t\3\model\multi_axis/redsoldier1\head\redsoldier1\c1\6
3678:18ClientConnect: 5
3678:18ClientUserinfoChanged: 5 n\^xumeremortals\t\3\model\multi_axis/redsoldier1\head\redsoldier1\c1\6
3678:20ClientConnect: 6
3678:20ClientUserinfoChanged: 6 n\reb \t\3\model\multi_axis/redsoldier1\head\redsoldier1\c1\6
3678:20ClientDisconnect: 0
Centurion
Posts: 15
Joined: Fri Jul 01, 2005 6:28 am

Post by Centurion »

I found some information on the buffer overflow in the quake 3 engine and found this

http://aluigi.altervista.org/patches.htm#bugfix

It looks like a patch to simply limits the amount of data to copy from 1024 to 512 bytes.

I can deploy a patched wolfmp.exe file and hopefully lockout the buffer overflow.

I think this will help does anyone have any thoughts or experiance with this?
User avatar
RoadKillPuppy
Posts: 207
Joined: Thu Apr 08, 2004 9:21 am
Location: Belgium!
Contact:

Post by RoadKillPuppy »

If you are talking about the infostring remote server crash then it should work with the universal q3 fix. (That's how many admins here protected their et servers when this exploit became popular.)
User avatar
=FF=im2good4u
Posts: 3821
Joined: Wed Feb 05, 2003 7:30 am
Location: The Netherlands, HOLLAND
Contact:

Post by =FF=im2good4u »

use http://www.planetquake.com/qmm/

its a h4x between server engine and mod

it can intercept the to long voicechat files

instal it u can ask seppurt on the forum then run it using the nocrash plugin
Centurion
Posts: 15
Joined: Fri Jul 01, 2005 6:28 am

Post by Centurion »

Thank you roadkillpuppy for your feedback, I appreciate your help!

=FF=im2good4u Thanks as always for your truly excellent help!

I read through the qmm info and its very good.

I like your nocrash_rtcwmp.dll features alot but how do I deploy it? Do I rename it qagame_mp_x86.dll and use it in place of the qmm.dll or is it a root level dll in addition to all the qmm files?

I cant thank you enough for all of your help!
User avatar
RoadKillPuppy
Posts: 207
Joined: Thu Apr 08, 2004 9:21 am
Location: Belgium!
Contact:

Post by RoadKillPuppy »

While qmm is an interesting approach to this problem I couldn't use it due to gameserver host limiting all extra mods. When you have a dedicated server (and unlimited shell access) qmm is worth a try.

When you are patching, do it like this:
- replicate your gameserver install on a machine @ home
- download the exploit and the fix
- try to crash your machine (if it's not crashing, you are looking at the wrong patch)
- if it crashes, patch the bins and try to crash it again.
- no longer crashing -> upload the bins to your actual gameserver
- still crashing -> the patch does not work, start from scratch

If you want help with tests/patching just pm me.
User avatar
RoadKillPuppy
Posts: 207
Joined: Thu Apr 08, 2004 9:21 am
Location: Belgium!
Contact:

Post by RoadKillPuppy »

While qmm is an interesting approach to this problem I couldn't use it due to gameserver host limiting all extra mods. When you have a dedicated server (and unlimited shell access) qmm is worth a try.

When you are patching, do it like this:
- replicate your gameserver install on a machine @ home
- download the exploit and the fix
- try to crash your machine (if it's not crashing, you are looking at the wrong patch)
- if it crashes, patch the bins and try to crash it again.
- no longer crashing -> upload the bins to your actual gameserver
- still crashing -> the patch does not work, start from scratch

If you want help with tests/patching just pm me.
User avatar
=FF=im2good4u
Posts: 3821
Joined: Wed Feb 05, 2003 7:30 am
Location: The Netherlands, HOLLAND
Contact:

Post by =FF=im2good4u »

Centurion wrote:Thank you roadkillpuppy for your feedback, I appreciate your help!

=FF=im2good4u Thanks as always for your truly excellent help!

I read through the qmm info and its very good.

I like your nocrash_rtcwmp.dll features alot but how do I deploy it? Do I rename it qagame_mp_x86.dll and use it in place of the qmm.dll or is it a root level dll in addition to all the qmm files?

I cant thank you enough for all of your help!
assuming u have both .dll compiled (qmm.dll and nocrash.dll)

1. rename the qa_game_x86.dll to qmm_qa_game_x86.dll (it will bel aoded by qmm now)
2. rename the qmm.dll to qa_game_x86.dll (it wil be loaded by the engine now)
3. put the nocrash.dll inside the fs_game direxctory
3. create a qmm.ini in the main rtcw directory not in the fs_game
4. inside the newly created qmm.ini put the following code

Code: Select all

"your fs-game directorty goes here" &#123;
    "plugins" &#40;
	"NoCrash";
    &#41;
&#125;
yeh u indeed need like root acces lol i never though about that :D
----> scroll aside :D
Centurion
Posts: 15
Joined: Fri Jul 01, 2005 6:28 am

Post by Centurion »

Thanks for all of your time! I appreciate both of your help.

I do have root level access and still (lol!) run a simple dedicated server.

I patched lastnight with the QMM but I havent deployed the nocrash .dll yet.

According to the qmm "read me" instructions I put the qmm.ini file at the level of the wolfmp.exe and not inside the "main" folder.

So If I understand, I would leave that qmm.ini where it is and put another qmm.ini containing the code you specified into the main folder per your install instructions?

Thanks for the additional clarification!


PS- ROADKILLPUPPY thank you for your kind offer to help me patch. If I cant get Im2Good4U's .dll up I may need your help :)

Since I dont have a nuking script, and wouldnt even know where to find one, can I impose on you to please check if Im patched correctly? Feel free to nuke at will (lol!!) 205.234.178.58:27960 The server usually is empty during the daytime and starts to fill at 5pm est and emptys after midnight during the week...Thanks!
User avatar
RoadKillPuppy
Posts: 207
Joined: Thu Apr 08, 2004 9:21 am
Location: Belgium!
Contact:

Post by RoadKillPuppy »

Centurion wrote:Feel free to nuke at will (lol!!)
It's not exactly the kind of stuff that sits on my disks and I will certainly not try to crash your server at any random time.
User avatar
=FF=im2good4u
Posts: 3821
Joined: Wed Feb 05, 2003 7:30 am
Location: The Netherlands, HOLLAND
Contact:

Post by =FF=im2good4u »

u leave the qmm.ini at the same level as wolfmp.exe

u put this code in it

Code: Select all

"bani" &#123; 
    "plugins" &#40; 
   "NoCrash"; 
    &#41; 
&#125;

qmm will not protect your server right away u need the nocrass.dll

or if u have downladed it from the cvs it will be stub_qmm.dll in witch case your ini file should look like

Code: Select all

"bani" &#123; 
    "plugins" &#40; 
   "stub_qmm"; 
    &#41; 
&#125;
AND IF U WANT IT CRASH TESTED i can do it for u
Centurion
Posts: 15
Joined: Fri Jul 01, 2005 6:28 am

Post by Centurion »

That clarified everything! Thanks:D

I followed all of your instructions and deployed the nocrash dll...It was very simple now that I understand....

Could I impose on you to crash test me?
If Im not mistaken, your dll should generate a log that tells me, for example, that =ff=Im2good4U has attempted a crash of the server, right?

Thanks again. I appreciate your time and help...

:D
User avatar
=FF=im2good4u
Posts: 3821
Joined: Wed Feb 05, 2003 7:30 am
Location: The Netherlands, HOLLAND
Contact:

Post by =FF=im2good4u »

hmm not the orriginal dll just trows away the vsay and nothnig happents

mine makes a console print saying who atempted to crash it

oke ill try it now BRB :twisted:
Post Reply