Aidenius Posted June 25, 2009 Share Posted June 25, 2009 Hello There, I posted recently about an apparent Q3fill issue which was resolved mostly by updating to the newest version of japlus. My friends server is being hacked by a person named 'zarath' who is apparently using packet hacks to crash the server, yet he is apparently unable to do it to mb2 servers. Does anyone know how to fix this? Thank You. Aidenius. Link to comment Share on other sites More sharing options...
stoiss Posted June 28, 2009 Share Posted June 28, 2009 what i know of there is only one way.. make slider to code the game it self to be better protected by hackers.. or turn off you allowdownload what can cost it.. changes you rconpassword and don't make it small make it over the 20 number/words to keep it away from stuff like that make new admin passwords.. i can't see what else there could be done sens it is many years ago i used JA+ Server files and don't know his config's anymore.. Link to comment Share on other sites More sharing options...
-=*Raz0r*=- Posted June 28, 2009 Share Posted June 28, 2009 Are you referring to q3infoboom? (sends large requests to the server causing crashes) That should be patched by JA+ :/ Link to comment Share on other sites More sharing options...
Aidenius Posted June 28, 2009 Author Share Posted June 28, 2009 Apparently hes using his own developed programme, we have the latest version of Ja+, how can we stop this? Link to comment Share on other sites More sharing options...
Unreliable Posted September 9, 2009 Share Posted September 9, 2009 Old, but I gotta post this since it's completely related. There was a hack with callvote, where you can edit the packet to change the rcon address (while the vote is in progress) and the password. Lugormod fixed this, but since it's closed source I have no idea how to do this... Link to comment Share on other sites More sharing options...
Didz93 Posted September 12, 2009 Share Posted September 12, 2009 Inside void Cmd_CallVote_f( gentity_t *ent ) in g_cmds.c Look for this line: if( strchr( arg1, ';' ) || strchr( arg2, ';' ) ) { And replace it with: if(strchr(arg1, ';') || strchr(arg2, ';') || strchr(arg1, '\r') || strchr(arg2, '\r')) { As you may know already, packets were being modified to make the server execute multiple commands via the use of the \r line feed character. Exploiters used modified clients to do this most of the time by replacing ; in their callvote string with \r. So /callvote timelimit "60;set rconPassword lol" was in fact being changed to /callvote timelimit "60\rset rconPassword lol" The code I gave you will block the use of the \r line feed character, therefore patching the callvote exploit If you wanted to be really harsh you could kick the player from the server in that if statement if you wanted. Link to comment Share on other sites More sharing options...
TJ01 Posted September 12, 2009 Share Posted September 12, 2009 I thought /n and /t could also be used. Not sure though. I just added \n \r \t just in case Nice idea about the kicking Lol. If only you could make them do r_primi or something? Can you? =o Link to comment Share on other sites More sharing options...
-=*Raz0r*=- Posted September 12, 2009 Share Posted September 12, 2009 *EDIT: Replying to Didz* Indeed, the above will patch callvote. Back to the original post, I doubt he was using anything too harmful - Probably just trying to boost his 'omg i r l33t hax0r ololol' ego. There was a G_Malloc exploit that's been fixed in JA+ 2.4beta5, the details were posted here This may have been what you were referring to. I thought /n and /t could also be used. \n is already patched, and I'm pretty sure \t can't be used. If only you could make them do r_primi or something? Can you? =o Well yes, so long as you require they have a client plugin - otherwise nope. Link to comment Share on other sites More sharing options...
Didz93 Posted September 12, 2009 Share Posted September 12, 2009 Only ; and \r needs to be patched, i think \r needs to be patched because that's the character used to seperate commands in the command buffer Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.