View previous topic :: View next topic |
Author |
Message |
Centurion
Joined: 01 Jul 2005 Posts: 15
|
Posted: Wed Jan 25, 2006 6:43 am Post subject: Server Is Being Nuked...Help! |
|
|
I have had a couple of troublemakers nuking my server and crashing it. They change their cd key/guid and mask their IPs so I have had no luck in banning them. Is there an anti nuke patch/code available? Thanks for any help!
Heres the script of the nuke from my log files:
3678:04voice: ^0)^3TsA^8(+ HELLO0Ùà
@0Ê |
|
Back to top |
|
 |
zinx

Joined: 16 Jan 2004 Posts: 268 Location: US
|
Posted: Wed Jan 25, 2006 8:27 am Post subject: |
|
|
EDIT: Silly me, this is in banimod. I can't support that
But you probably need to apply the anti-nuke patch wrt overly large server commands. _________________ Zinx Verituse http://zinx.xmms.org/ |
|
Back to top |
|
 |
Centurion
Joined: 01 Jul 2005 Posts: 15
|
Posted: Wed Jan 25, 2006 8:35 am Post subject: |
|
|
I am running RTCW banimod on a windows based server... If there is an antinuke patch around, please post a link and/or instructions..Thanks!
Here is more of the logfile if it helps...Thanks for any help!
3678:02ClientConnect: 0
3678:02ClientUserinfoChanged: 0 n\^4.:^9A^4W^9P:.^6Vike^3girl\t\1\model\multi_axis/redlieutenant1\head\redlieutenant1\c1\6
3678:02ClientBegin: 0
3678:02ClientConnect: 1
3678:02ClientUserinfoChanged: 1 n\k1in3d\t\1\model\multi_axis/redmedic1\head\redmedic1\c1\6
3678:02ClientBegin: 1
3678:02ClientConnect: 2
3678:02ClientUserinfoChanged: 2 n\^xumeremortals\t\2\model\multi/bluemedic1\head\bluemedic1\c1\6
3678:02ClientBegin: 2
3678:02ClientConnect: 3
3678:02ClientUserinfoChanged: 3 n\^3!TDG^^8TROUBLE\t\1\model\multi_axis/redmedic1\head\redmedic1\c1\6
3678:02ClientUserinfoChanged: 3 n\^3!TDG^^8TROUBLE\t\1\model\multi_axis/redengineer1\head\redengineer1\c1\6
3678:02ClientBegin: 3
3678:02ClientConnect: 4
3678:02ClientUserinfoChanged: 4 n\Avenger\t\3\model\multi_axis/redmedic1\head\redmedic1\c1\6
3678:02ClientBegin: 4
3678:02ClientConnect: 5
3678:02ClientUserinfoChanged: 5 n\reb \t\2\model\multi/bluemedic1\head\bluemedic1\c1\6
3678:02ClientBegin: 5
3678:02ClientConnect: 6
3678:02ClientUserinfoChanged: 6 n\^4.:^1A^4W^1P:.^3CopyKid\t\1\model\multi_axis/redmedic1\head\redmedic1\c1\6
3678:02ClientBegin: 6
3678:02ClientConnect: 7
3678:02ClientUserinfoChanged: 7 n\^4.:^1a^4w^1p:.^2toecutter\t\2\model\multi/bluemedic1\head\bluemedic1\c1\6
3678:02ClientBegin: 7
3678:02ClientConnect: 8
3678:02ClientUserinfoChanged: 8 n\YouSneak\t\2\model\multi/bluesoldier1\head\bluesoldier1\c1\6
3678:02ClientBegin: 8
3678:02ClientConnect: 9
3678:02ClientUserinfoChanged: 9 n\^4.:^9A^4W^9P:.^0KING\t\1\model\multi_axis/redengineer1\head\redengineer1\c1\6
3678:02ClientUserinfoChanged: 9 n\^4.:^9A^4W^9P:.^0KING\t\1\model\multi_axis/redlieutenant1\head\redlieutenant1\c1\6
3678:02ClientBegin: 9
3678:02ClientConnect: 10
3678:02ClientUserinfoChanged: 10 n\^8MUT1NY^4*\t\1\model\multi_axis/redengineer1\head\redengineer1\c1\6
3678:02ClientUserinfoChanged: 10 n\^8MUT1NY^4*\t\1\model\multi_axis/redmedic1\head\redmedic1\c1\6
3678:02ClientBegin: 10
3678:02ClientConnect: 11
3678:02ClientUserinfoChanged: 11 n\^9)^7Droid^9(\t\1\model\multi_axis/redmedic1\head\redmedic1\c1\6
3678:02ClientBegin: 11
3678:02ClientConnect: 12
3678:02ClientUserinfoChanged: 12 n\^1]^3KX3^1[^3Buff^1alo ^3Bob\t\2\model\multi/bluelieutenant1\head\bluelieutenant1\c1\6
3678:02ClientUserinfoChanged: 12 n\^1]^3KX3^1[^3Buff^1alo ^3Bob\t\2\model\multi/bluesoldier1\head\bluesoldier1\c1\6
3678:02ClientBegin: 12
3678:02ClientConnect: 13
3678:02ClientUserinfoChanged: 13 n\^0Wizard^1O^0f^1^0^0TheH^0^1oo^1^0d\t\2\model\multi/bluemedic1\head\bluemedic1\c1\6
3678:02ClientBegin: 13
3678:02ClientConnect: 14
3678:02ClientUserinfoChanged: 14 n\^0Testy\t\2\model\multi/bluemedic1\head\bluemedic1\c1\6
3678:02ClientBegin: 14
3678:02ClientConnect: 15
3678:02ClientUserinfoChanged: 15 n\^0pEnNyWiSe^9!\t\2\model\multi/blueengineer1\head\blueengineer1\c1\6
3678:02ClientBegin: 15
3678:02ClientConnect: 16
3678:02ClientUserinfoChanged: 16 n\^0)^3TsA^8(+\t\1\model\multi_axis/redmedic1\head\redmedic1\c1\6
3678:02ClientBegin: 16
3678:02ClientConnect: 17
3678:02ClientUserinfoChanged: 17 n\^@^*=^@4^*20^@|2^*4^@|0^*7^@=\t\3\model\multi_axis/redsoldier1\head\redsoldier1\c1\6
3678:02ClientBegin: 17
3678:04voice: ^0)^3TsA^8(+ HELLO0Ùà
@0Ê
¨3678:04ClientDisconnect: 1
3678:04ClientDisconnect: 11
3678:04ClientDisconnect: 6
3678:04ClientDisconnect: 2
3678:04ClientDisconnect: 14
3678:04ClientDisconnect: 4
3678:04ClientDisconnect: 8
3678:04ClientDisconnect: 3
3678:04ClientDisconnect: 0
3678:04ClientDisconnect: 16
3678:04ClientDisconnect: 7
3678:05ClientDisconnect: 15
3678:05ClientDisconnect: 10
3678:05ClientDisconnect: 5
3678:06ClientDisconnect: 12
3678:07ClientDisconnect: 9
3678:10ClientDisconnect: 13
3678:10ClientConnect: 0
3678:10ClientUserinfoChanged: 0 n\^0pEnNyWiSe^9!\t\3\model\multi_axis/redsoldier1\head\redsoldier1\c1\6
3678:12ClientConnect: 1
3678:12ClientUserinfoChanged: 1 n\YouSneak\t\3\model\multi_axis/redsoldier1\head\redsoldier1\c1\6
3678:13ClientConnect: 2
3678:13ClientUserinfoChanged: 2 n\^9)^7Droid^9(\t\3\model\multi_axis/redsoldier1\head\redsoldier1\c1\6
3678:17ClientConnect: 3
3678:17ClientUserinfoChanged: 3 n\^3!TDG^^8TROUBLE\t\3\model\multi_axis/redsoldier1\head\redsoldier1\c1\6
3678:17ClientConnect: 4
3678:17ClientUserinfoChanged: 4 n\^4.:^1A^4W^1P:.^3CopyKid\t\3\model\multi_axis/redsoldier1\head\redsoldier1\c1\6
3678:18ClientConnect: 5
3678:18ClientUserinfoChanged: 5 n\^xumeremortals\t\3\model\multi_axis/redsoldier1\head\redsoldier1\c1\6
3678:20ClientConnect: 6
3678:20ClientUserinfoChanged: 6 n\reb \t\3\model\multi_axis/redsoldier1\head\redsoldier1\c1\6
3678:20ClientDisconnect: 0 |
|
Back to top |
|
 |
Centurion
Joined: 01 Jul 2005 Posts: 15
|
Posted: Wed Jan 25, 2006 9:53 am Post subject: |
|
|
I found some information on the buffer overflow in the quake 3 engine and found this
http://aluigi.altervista.org/patches.htm#bugfix
It looks like a patch to simply limits the amount of data to copy from 1024 to 512 bytes.
I can deploy a patched wolfmp.exe file and hopefully lockout the buffer overflow.
I think this will help does anyone have any thoughts or experiance with this? |
|
Back to top |
|
 |
RoadKillPuppy

Joined: 08 Apr 2004 Posts: 207 Location: Belgium!
|
Posted: Wed Jan 25, 2006 11:18 am Post subject: |
|
|
If you are talking about the infostring remote server crash then it should work with the universal q3 fix. (That's how many admins here protected their et servers when this exploit became popular.) |
|
Back to top |
|
 |
=FF=im2good4u

Joined: 05 Feb 2003 Posts: 3925 Location: The Netherlands, HOLLAND
|
Posted: Wed Jan 25, 2006 12:39 pm Post subject: |
|
|
use http://www.planetquake.com/qmm/
its a h4x between server engine and mod
it can intercept the to long voicechat files
instal it u can ask seppurt on the forum then run it using the nocrash plugin _________________
  |
|
Back to top |
|
 |
Centurion
Joined: 01 Jul 2005 Posts: 15
|
Posted: Wed Jan 25, 2006 2:02 pm Post subject: |
|
|
Thank you roadkillpuppy for your feedback, I appreciate your help!
=FF=im2good4u Thanks as always for your truly excellent help!
I read through the qmm info and its very good.
I like your nocrash_rtcwmp.dll features alot but how do I deploy it? Do I rename it qagame_mp_x86.dll and use it in place of the qmm.dll or is it a root level dll in addition to all the qmm files?
I cant thank you enough for all of your help! |
|
Back to top |
|
 |
RoadKillPuppy

Joined: 08 Apr 2004 Posts: 207 Location: Belgium!
|
Posted: Thu Jan 26, 2006 2:21 am Post subject: |
|
|
While qmm is an interesting approach to this problem I couldn't use it due to gameserver host limiting all extra mods. When you have a dedicated server (and unlimited shell access) qmm is worth a try.
When you are patching, do it like this:
- replicate your gameserver install on a machine @ home
- download the exploit and the fix
- try to crash your machine (if it's not crashing, you are looking at the wrong patch)
- if it crashes, patch the bins and try to crash it again.
- no longer crashing -> upload the bins to your actual gameserver
- still crashing -> the patch does not work, start from scratch
If you want help with tests/patching just pm me. |
|
Back to top |
|
 |
RoadKillPuppy

Joined: 08 Apr 2004 Posts: 207 Location: Belgium!
|
Posted: Thu Jan 26, 2006 2:21 am Post subject: |
|
|
While qmm is an interesting approach to this problem I couldn't use it due to gameserver host limiting all extra mods. When you have a dedicated server (and unlimited shell access) qmm is worth a try.
When you are patching, do it like this:
- replicate your gameserver install on a machine @ home
- download the exploit and the fix
- try to crash your machine (if it's not crashing, you are looking at the wrong patch)
- if it crashes, patch the bins and try to crash it again.
- no longer crashing -> upload the bins to your actual gameserver
- still crashing -> the patch does not work, start from scratch
If you want help with tests/patching just pm me. |
|
Back to top |
|
 |
=FF=im2good4u

Joined: 05 Feb 2003 Posts: 3925 Location: The Netherlands, HOLLAND
|
Posted: Thu Jan 26, 2006 2:40 am Post subject: |
|
|
Centurion wrote: | Thank you roadkillpuppy for your feedback, I appreciate your help!
=FF=im2good4u Thanks as always for your truly excellent help!
I read through the qmm info and its very good.
I like your nocrash_rtcwmp.dll features alot but how do I deploy it? Do I rename it qagame_mp_x86.dll and use it in place of the qmm.dll or is it a root level dll in addition to all the qmm files?
I cant thank you enough for all of your help! | assuming u have both .dll compiled (qmm.dll and nocrash.dll)
1. rename the qa_game_x86.dll to qmm_qa_game_x86.dll (it will bel aoded by qmm now)
2. rename the qmm.dll to qa_game_x86.dll (it wil be loaded by the engine now)
3. put the nocrash.dll inside the fs_game direxctory
3. create a qmm.ini in the main rtcw directory not in the fs_game
4. inside the newly created qmm.ini put the following code Code: | "your fs-game directorty goes here" {
"plugins" (
"NoCrash";
)
} |
yeh u indeed need like root acces lol i never though about that
----> scroll aside  _________________
  |
|
Back to top |
|
 |
Centurion
Joined: 01 Jul 2005 Posts: 15
|
Posted: Thu Jan 26, 2006 6:22 am Post subject: |
|
|
Thanks for all of your time! I appreciate both of your help.
I do have root level access and still (lol!) run a simple dedicated server.
I patched lastnight with the QMM but I havent deployed the nocrash .dll yet.
According to the qmm "read me" instructions I put the qmm.ini file at the level of the wolfmp.exe and not inside the "main" folder.
So If I understand, I would leave that qmm.ini where it is and put another qmm.ini containing the code you specified into the main folder per your install instructions?
Thanks for the additional clarification!
PS- ROADKILLPUPPY thank you for your kind offer to help me patch. If I cant get Im2Good4U's .dll up I may need your help
Since I dont have a nuking script, and wouldnt even know where to find one, can I impose on you to please check if Im patched correctly? Feel free to nuke at will (lol!!) 205.234.178.58:27960 The server usually is empty during the daytime and starts to fill at 5pm est and emptys after midnight during the week...Thanks! |
|
Back to top |
|
 |
RoadKillPuppy

Joined: 08 Apr 2004 Posts: 207 Location: Belgium!
|
Posted: Thu Jan 26, 2006 7:14 am Post subject: |
|
|
Centurion wrote: | Feel free to nuke at will (lol!!) |
It's not exactly the kind of stuff that sits on my disks and I will certainly not try to crash your server at any random time. |
|
Back to top |
|
 |
=FF=im2good4u

Joined: 05 Feb 2003 Posts: 3925 Location: The Netherlands, HOLLAND
|
Posted: Thu Jan 26, 2006 7:43 am Post subject: |
|
|
u leave the qmm.ini at the same level as wolfmp.exe
u put this code in it Code: | "bani" {
"plugins" (
"NoCrash";
)
} |
qmm will not protect your server right away u need the nocrass.dll
or if u have downladed it from the cvs it will be stub_qmm.dll in witch case your ini file should look like Code: | "bani" {
"plugins" (
"stub_qmm";
)
} |
AND IF U WANT IT CRASH TESTED i can do it for u _________________
  |
|
Back to top |
|
 |
Centurion
Joined: 01 Jul 2005 Posts: 15
|
Posted: Thu Jan 26, 2006 8:43 am Post subject: |
|
|
That clarified everything! Thanks:D
I followed all of your instructions and deployed the nocrash dll...It was very simple now that I understand....
Could I impose on you to crash test me?
If Im not mistaken, your dll should generate a log that tells me, for example, that =ff=Im2good4U has attempted a crash of the server, right?
Thanks again. I appreciate your time and help...
 |
|
Back to top |
|
 |
=FF=im2good4u

Joined: 05 Feb 2003 Posts: 3925 Location: The Netherlands, HOLLAND
|
Posted: Fri Jan 27, 2006 2:22 am Post subject: |
|
|
hmm not the orriginal dll just trows away the vsay and nothnig happents
mine makes a console print saying who atempted to crash it
oke ill try it now BRB  _________________
  |
|
Back to top |
|
 |
|