banimod / etpro / ettv forums

[Centurion]

I have had a couple of troublemakers nuking my server and crashing it. They change their cd key/guid and mask their IPs so I have had no luck in banning them. Is there an anti nuke patch/code available? Thanks for any help!

Heres the script of the nuke from my log files:

3678:04voice: ^0)^3TsA^8(+ HELLO0Ùà
@0Ê

[zinx]

EDIT: Silly me, this is in banimod. I can't support that
But you probably need to apply the anti-nuke patch wrt overly large server commands.
_________________
Zinx Verituse http://zinx.xmms.org/

[Centurion]

I am running RTCW banimod on a windows based server... If there is an antinuke patch around, please post a link and/or instructions..Thanks!

Here is more of the logfile if it helps...Thanks for any help!


3678:02ClientConnect: 0
3678:02ClientUserinfoChanged: 0 n\^4.:^9A^4W^9P:.^6Vike^3girl\t\1\model\multi_axis/redlieutenant1\head\redlieutenant1\c1\6
3678:02ClientBegin: 0
3678:02ClientConnect: 1
3678:02ClientUserinfoChanged: 1 n\k1in3d\t\1\model\multi_axis/redmedic1\head\redmedic1\c1\6
3678:02ClientBegin: 1
3678:02ClientConnect: 2
3678:02ClientUserinfoChanged: 2 n\^xumeremortals\t\2\model\multi/bluemedic1\head\bluemedic1\c1\6
3678:02ClientBegin: 2
3678:02ClientConnect: 3
3678:02ClientUserinfoChanged: 3 n\^3!TDG^^8TROUBLE\t\1\model\multi_axis/redmedic1\head\redmedic1\c1\6
3678:02ClientUserinfoChanged: 3 n\^3!TDG^^8TROUBLE\t\1\model\multi_axis/redengineer1\head\redengineer1\c1\6
3678:02ClientBegin: 3
3678:02ClientConnect: 4
3678:02ClientUserinfoChanged: 4 n\Avenger\t\3\model\multi_axis/redmedic1\head\redmedic1\c1\6
3678:02ClientBegin: 4
3678:02ClientConnect: 5
3678:02ClientUserinfoChanged: 5 n\reb \t\2\model\multi/bluemedic1\head\bluemedic1\c1\6
3678:02ClientBegin: 5
3678:02ClientConnect: 6
3678:02ClientUserinfoChanged: 6 n\^4.:^1A^4W^1P:.^3CopyKid\t\1\model\multi_axis/redmedic1\head\redmedic1\c1\6
3678:02ClientBegin: 6
3678:02ClientConnect: 7
3678:02ClientUserinfoChanged: 7 n\^4.:^1a^4w^1p:.^2toecutter\t\2\model\multi/bluemedic1\head\bluemedic1\c1\6
3678:02ClientBegin: 7
3678:02ClientConnect: 8
3678:02ClientUserinfoChanged: 8 n\YouSneak\t\2\model\multi/bluesoldier1\head\bluesoldier1\c1\6
3678:02ClientBegin: 8
3678:02ClientConnect: 9
3678:02ClientUserinfoChanged: 9 n\^4.:^9A^4W^9P:.^0KING\t\1\model\multi_axis/redengineer1\head\redengineer1\c1\6
3678:02ClientUserinfoChanged: 9 n\^4.:^9A^4W^9P:.^0KING\t\1\model\multi_axis/redlieutenant1\head\redlieutenant1\c1\6
3678:02ClientBegin: 9
3678:02ClientConnect: 10
3678:02ClientUserinfoChanged: 10 n\^8MUT1NY^4*\t\1\model\multi_axis/redengineer1\head\redengineer1\c1\6
3678:02ClientUserinfoChanged: 10 n\^8MUT1NY^4*\t\1\model\multi_axis/redmedic1\head\redmedic1\c1\6
3678:02ClientBegin: 10
3678:02ClientConnect: 11
3678:02ClientUserinfoChanged: 11 n\^9)^7Droid^9(\t\1\model\multi_axis/redmedic1\head\redmedic1\c1\6
3678:02ClientBegin: 11
3678:02ClientConnect: 12
3678:02ClientUserinfoChanged: 12 n\^1]^3KX3^1[^3Buff^1alo ^3Bob\t\2\model\multi/bluelieutenant1\head\bluelieutenant1\c1\6
3678:02ClientUserinfoChanged: 12 n\^1]^3KX3^1[^3Buff^1alo ^3Bob\t\2\model\multi/bluesoldier1\head\bluesoldier1\c1\6
3678:02ClientBegin: 12
3678:02ClientConnect: 13
3678:02ClientUserinfoChanged: 13 n\^0Wizard^1O^0f^1^0^0TheH^0^1oo^1^0d\t\2\model\multi/bluemedic1\head\bluemedic1\c1\6
3678:02ClientBegin: 13
3678:02ClientConnect: 14
3678:02ClientUserinfoChanged: 14 n\^0Testy\t\2\model\multi/bluemedic1\head\bluemedic1\c1\6
3678:02ClientBegin: 14
3678:02ClientConnect: 15
3678:02ClientUserinfoChanged: 15 n\^0pEnNyWiSe^9!\t\2\model\multi/blueengineer1\head\blueengineer1\c1\6
3678:02ClientBegin: 15
3678:02ClientConnect: 16
3678:02ClientUserinfoChanged: 16 n\^0)^3TsA^8(+\t\1\model\multi_axis/redmedic1\head\redmedic1\c1\6
3678:02ClientBegin: 16
3678:02ClientConnect: 17
3678:02ClientUserinfoChanged: 17 n\^@^*=^@4^*20^@|2^*4^@|0^*7^@=\t\3\model\multi_axis/redsoldier1\head\redsoldier1\c1\6
3678:02ClientBegin: 17
3678:04voice: ^0)^3TsA^8(+ HELLO0Ùà
@0Ê
¨3678:04ClientDisconnect: 1
3678:04ClientDisconnect: 11
3678:04ClientDisconnect: 6
3678:04ClientDisconnect: 2
3678:04ClientDisconnect: 14
3678:04ClientDisconnect: 4
3678:04ClientDisconnect: 8
3678:04ClientDisconnect: 3
3678:04ClientDisconnect: 0
3678:04ClientDisconnect: 16
3678:04ClientDisconnect: 7
3678:05ClientDisconnect: 15
3678:05ClientDisconnect: 10
3678:05ClientDisconnect: 5
3678:06ClientDisconnect: 12
3678:07ClientDisconnect: 9
3678:10ClientDisconnect: 13
3678:10ClientConnect: 0
3678:10ClientUserinfoChanged: 0 n\^0pEnNyWiSe^9!\t\3\model\multi_axis/redsoldier1\head\redsoldier1\c1\6
3678:12ClientConnect: 1
3678:12ClientUserinfoChanged: 1 n\YouSneak\t\3\model\multi_axis/redsoldier1\head\redsoldier1\c1\6
3678:13ClientConnect: 2
3678:13ClientUserinfoChanged: 2 n\^9)^7Droid^9(\t\3\model\multi_axis/redsoldier1\head\redsoldier1\c1\6
3678:17ClientConnect: 3
3678:17ClientUserinfoChanged: 3 n\^3!TDG^^8TROUBLE\t\3\model\multi_axis/redsoldier1\head\redsoldier1\c1\6
3678:17ClientConnect: 4
3678:17ClientUserinfoChanged: 4 n\^4.:^1A^4W^1P:.^3CopyKid\t\3\model\multi_axis/redsoldier1\head\redsoldier1\c1\6
3678:18ClientConnect: 5
3678:18ClientUserinfoChanged: 5 n\^xumeremortals\t\3\model\multi_axis/redsoldier1\head\redsoldier1\c1\6
3678:20ClientConnect: 6
3678:20ClientUserinfoChanged: 6 n\reb \t\3\model\multi_axis/redsoldier1\head\redsoldier1\c1\6
3678:20ClientDisconnect: 0

[Centurion]

I found some information on the buffer overflow in the quake 3 engine and found this

http://aluigi.altervista.org/patches.htm#bugfix

It looks like a patch to simply limits the amount of data to copy from 1024 to 512 bytes.

I can deploy a patched wolfmp.exe file and hopefully lockout the buffer overflow.

I think this will help does anyone have any thoughts or experiance with this?

[RoadKillPuppy]

If you are talking about the infostring remote server crash then it should work with the universal q3 fix. (That's how many admins here protected their et servers when this exploit became popular.)

[=FF=im2good4u]

use http://www.planetquake.com/qmm/

its a h4x between server engine and mod

it can intercept the to long voicechat files

instal it u can ask seppurt on the forum then run it using the nocrash plugin
_________________

[Centurion]

Thank you roadkillpuppy for your feedback, I appreciate your help!

=FF=im2good4u Thanks as always for your truly excellent help!

I read through the qmm info and its very good.

I like your nocrash_rtcwmp.dll features alot but how do I deploy it? Do I rename it qagame_mp_x86.dll and use it in place of the qmm.dll or is it a root level dll in addition to all the qmm files?

I cant thank you enough for all of your help!

[RoadKillPuppy]

While qmm is an interesting approach to this problem I couldn't use it due to gameserver host limiting all extra mods. When you have a dedicated server (and unlimited shell access) qmm is worth a try.

When you are patching, do it like this:
- replicate your gameserver install on a machine @ home
- download the exploit and the fix
- try to crash your machine (if it's not crashing, you are looking at the wrong patch)
- if it crashes, patch the bins and try to crash it again.
- no longer crashing -> upload the bins to your actual gameserver
- still crashing -> the patch does not work, start from scratch

If you want help with tests/patching just pm me.

[RoadKillPuppy]

While qmm is an interesting approach to this problem I couldn't use it due to gameserver host limiting all extra mods. When you have a dedicated server (and unlimited shell access) qmm is worth a try.

When you are patching, do it like this:
- replicate your gameserver install on a machine @ home
- download the exploit and the fix
- try to crash your machine (if it's not crashing, you are looking at the wrong patch)
- if it crashes, patch the bins and try to crash it again.
- no longer crashing -> upload the bins to your actual gameserver
- still crashing -> the patch does not work, start from scratch

If you want help with tests/patching just pm me.

[=FF=im2good4u]

[Centurion]

Thanks for all of your time! I appreciate both of your help.

I do have root level access and still (lol!) run a simple dedicated server.

I patched lastnight with the QMM but I havent deployed the nocrash .dll yet.

According to the qmm "read me" instructions I put the qmm.ini file at the level of the wolfmp.exe and not inside the "main" folder.

So If I understand, I would leave that qmm.ini where it is and put another qmm.ini containing the code you specified into the main folder per your install instructions?

Thanks for the additional clarification!


PS- ROADKILLPUPPY thank you for your kind offer to help me patch. If I cant get Im2Good4U's .dll up I may need your help

Since I dont have a nuking script, and wouldnt even know where to find one, can I impose on you to please check if Im patched correctly? Feel free to nuke at will (lol!!) 205.234.178.58:27960 The server usually is empty during the daytime and starts to fill at 5pm est and emptys after midnight during the week...Thanks!

[RoadKillPuppy]

[=FF=im2good4u]

u leave the qmm.ini at the same level as wolfmp.exe

u put this code in it

[Centurion]

That clarified everything! Thanks:D

I followed all of your instructions and deployed the nocrash dll...It was very simple now that I understand....

Could I impose on you to crash test me?
If Im not mistaken, your dll should generate a log that tells me, for example, that =ff=Im2good4U has attempted a crash of the server, right?

Thanks again. I appreciate your time and help...

[=FF=im2good4u]

hmm not the orriginal dll just trows away the vsay and nothnig happents

mine makes a console print saying who atempted to crash it

oke ill try it now BRB
_________________