EventScripts Forums
Mattie's EventScripts and Source Forums
Mattie recommends...
Premier Sponsor:Platinum Sponsor:
 
News
Navigation
Script Categories
addon (49) admin (269) admins (14) advert (15) adverts (19) afk (15) alerts (12) ammo (23) anti (15) auth (16) automatic (12) awp (23) ban (18) ba_jail (17) bhop (19) block (19) bomb (40) bonus (23) bot (24) bot-management (19) bots (17) bunnyhop (11) Buy (21) cash (65) chat (57) cheat (11) clan (16) classes (22) color (21) colors (18) command (20) commands (18) config (22) connect (42) CS:S (16) css (2507) Damage (35) database (11) dead (15) death (19) deathmatch (70) deathrun (12) disconnect (18) Dissolve (11) dm (20) dod:s (11) dods (389) easy (17) effects (120) English (15) entity (21) es_tools (12) Eventscript (12) flashbang (25) français (99) french (36) fun (288) funny (16) Gabeee (11) gameplay (174) give (16) gravity (11) grenade (25) grenades (29) gun (14) GunGame (26) GunGame5 (11) guns (17) Hack (15) headshot (32) health (55) hegrenade (13) hl2dm (332) HP (13) info (48) information (16) jail (26) jailbreak (11) join (23) jump (12) kick (23) kill (44) kills (22) knife (57) leveling (36) management (14) mani (15) map (25) map-management (27) maps (15) match (17) menu (106) message (20) messaging (52) mod (109) model (14) models (32) money (42) motd (13) music (29) mute (18) nades (18) name (13) noblock (35) player (40) player-management (31) player-tracking (28) popup (56) props (23) protection (27) punishment (50) python (63) quake (18) radio (21) random (36) rank (35) rates (16) rcon (13) realism (21) respawn (61) restrict (36) round (20) rpg (24) rules (42) say (11) scout (19) Script (20) script-helper (25) scriptpack (33) sdk (151) server (44) server-tools (42) shop (12) silly (31) simple (27) skins (25) slay (13) soccer (11) sound (45) sounds (92) spawn (63) speed (25) statistics (13) stats (48) STEAMID (23) Superhero (13) surf (31) Team (25) team-balance (14) teleport (12) text (14) TF2 (143) time (17) timer (14) tools (15) tracers (17) triggers (11) uedi (18) uses_auth (18) utility (11) vip (12) vote (36) voting (22) war (20) wcs (24) wcs:Python (32) weapon (77) weapons (114) web (14) welcome (12) zm (24) zombie (90) zombiemod (51) zombies (11)
Script Authors
*XYZ*SaYnt (12) .:MiB:. (11) .eMko* (6) 101satoon101 (10) 3R10N (24) 4u571n91 (5) 7355608 (9) Absolute (8) Ace Rimmer (40) adminc (5) Adz (8) AgathaKnuppelkuh (8) aidden (8) ajax (5) ak_47 (6) Al3c Tr3v3lyan (6) allstareng (5) ashbash1987 (9) ATAMAH (7) aznone (5) B00M (5) BackRaw (41) BFH_RedBull (8) bigfabi (7) Bioko (7) Blade (10) bladesback (13) bobdole (11) bodzsar1 (8) bonbon (36) Brainsucker (30) cagemonkey (8) carbon-14 (10) CaskioUTF (5) cbirou (15) ChaCaLz2psy4 (5) CharlesT (5) Chrisber (5) chrismrulz (9) Chun (6) cladiron (10) clipz934 (8) Colster (21) Cookieman8 (7) craziest (10) DanielB (19) Darkness123 (8) Dave (9) dbozan99 (7) deathx9 (5) Deathyy (16) dhack (16) Di[M]aN (12) DoCky (27) Don (15) dordtcore (8) DragonFreddo (8) Drassil (5) Einlanzers (42) EmbouT (10) emilplov (7) Errant (10) Eun (6) Fantole (9) Franc1sco (9) freddukes (18) Frequency (6) Fulmine (5) GAMEREN2 (8) german9114 (13) GODJonez (38) GoodfellaDeal (5) Hansi (6) HitThePipe (7) HOLLDIDAY (9) Icetouch (6) ichthys (25) infamous1 (9) Jeff91 (45) JoeyT2006 (30) Juba_PornBorn (12) jxl180 (10) KDBFame (6) L'In20Cible (7) Largo Usagi (10) Lobe (11) loKkdoKk (7) lolo-le-haricot (7) LosNir (5) Lumpi@Work (9) M4rc3L-XCN (7) macshot (6) Matth (6) Mattie (20) MBchrono (15) McFly (20) Medda (5) Memphis-84 (10) Messiah93 (12) Mickyy (5) micmacx (6) Mitchell (5) Mordavolt (7) MrScriptaz (5) mryoung (6) Nicolous (26) ojii (31) Omega_K2 (8) Owned|Myself (8) P3N (7) pand3mic (5) parsimba (5) Pascal257 (9) PatPeter (7) PDrop (10) Phaedrus (18) PhantOm Fury (7) phoenix131 (9) pinkyyy -.- (5) pitbull0993 (7) randomknifer (9) Ratzee (6) ReaCtioN2oo9 (6) Rennnyyy (17) revolutionfighters (6) RideGuy (12) Rio (9) Roeliekt (6) runamagic (13) sandking220 (6) Sarcasm_Poisoning (10) saRs| Johnny-5 (13) Schubaal (10) sea212 (5) sega74rus (7) sgt.angel (6) sicilia (5) sicman_adrian (22) skillz92 (7) sn4k3 (18) snake38 (10) sonicsight (7) spoonman184 (8) stabby (22) stas (22) Strontium Dog (30) SumGuy14 (25) SuperDave (45) surfteam (5) TaCo (5) TanaToS (17) Tealk (6) teowow (16) TheCheeTaH (20) TheDonFather (5) theresthatguy (6) Tiny Tod (7) Totyahun (9) uedi (38) Undead (25) usernamesaretaken (15) Warren (13) westham (6) WhiteAvenger (7) Wonder (14) X-Mania (5) XE_ManUp (13) xfalcon61 (5) zSweetXz (5) [Cs]Lord_Inferno2 (11) [NATO]Hunter (28) ||Wolf|| (10)
Search

Post new topic Reply to topic
Go to page 1, 2, 3  Next
  Previous topic | First unread post | Next topic 
Author Message
Viper2026
User avatar
Regular
Profile

Posts: 131
 
New postPosted: 2008-11-24, 12:32 pm 
   Post subject: block_crash (for reliable channel overflowed exploit)
UPDATED 3-6-09: block_crash (for reliable channel overflowed exploit) 1.2

Requirements:Description:
    Hack-ish workaround to prevent people from dropping clients on your server via the reliable channel overflow exploit.

    More info available in the code's comments
Download: Installation:
    ********************************
    (You should be able to simply extract the contents of this .zip archive into your cstrike directory, and the files will all go where they need to)
    ********************************


    PLEASE NOTE: This code is python and is for use with eventscripts 2.0+, this is NOT an eventscripts classic script
    To use this script, make a folder in your \cstrike\addons\eventscripts directory called block_crash
    then inside of that new folder (\cstrike\addons\eventscripts\block_crash), move block_crash.py
    To use it, simply add "es_load block_crash" to your autoexec.cfg or whatever method you use to load scripts
Version Notes:
  • 1.2 - I've added a few more lines, specifically some es.regsaycmd's to cover additional vulnerable mani commands. People were getting clever and starting to use things like

    alias spam "say @timeleft; say @nextmap"

    but the main functionality is still the same. I also removed a few old comments, made some very minor code changes, and lowered the "tolerance threshold" from 5 to 3 before someone is kicked; it seems to catch people slightly more quickly this way and leads to less server lag and chat output spam.

    Additionally, it will now also print the name and steamid of people who are kicked by the script; not just the name as was the case before. I realize that it usually spams the hell out of the chat area when it kicks someone, but I honestly think it's a nice side effect so you don't need to go looking too hard to find out who's just been pwnd :)




One final note: I'm fairly sure that I've covered most of the "vulnerable" mani commands, but if anyone knows of any more, please let me know so that I can make the necessary addition.


Last edited by Viper2026 on 2009-03-06, 1:14 am, edited 4 times in total.




Saul
User avatar
Guru
Guru
Profile

Posts: 1607
Location:
Location: Location:
 
New postPosted: 2008-11-24, 1:43 pm 
But then nextmap and timeleft doesn't work?

_________________
- Saul

All code I give out is licensed under the Creative Commons Attribution-Noncommercial-Share Alike 3.0 license.

Viper2026
User avatar
Regular
Profile

Posts: 131
 
New postPosted: 2008-11-24, 2:39 pm 
Saul wrote:
But then nextmap and timeleft doesn't work?


They will work, my script just checks for repeated use (spammage) of the commands.
Saul
User avatar
Guru
Guru
Profile

Posts: 1607
Location:
Location: Location:
 
New postPosted: 2008-11-24, 2:54 pm 
Have you tried it? Because to my knowledge es.regclientcmd'ing over a command replaces it. Also, you didn't hook the say command.

_________________
- Saul

All code I give out is licensed under the Creative Commons Attribution-Noncommercial-Share Alike 3.0 license.

Viper2026
User avatar
Regular
Profile

Posts: 131
 
New postPosted: 2008-11-24, 2:59 pm 
Saul wrote:
Have you tried it? Because to my knowledge es.regclientcmd'ing over a command replaces it. Also, you didn't hook the say command.


Yep, and it works, I'm not totally sure why or how though 8)

After fairly extensive debugging and testing, I've only been able to get it to work on windows while loading mani via metamod. And then, it only seems to kick people for spamming commands at once, such as "bind x timeleft;timeleft;timeleft;timeleft;timeleft;timeleft;timeleft;timeleft;". It doesn't seem to catch it if people just spam timeleft a whole bunch of times in the console, but that won't crash/lag the server anyway.

The only way this exploit works is when people alias a whole bunch of timeleft;nextmap commands, string them together and spam it in the console; they cannot to my knowledge crash the server through 'say' spam. Also, oddly, it only catches it if people alternate the commands, like spamming timeleft;timeleft;timeleft;timeleft won't get you kicked, but timeleft;nextmap;timeleft;nextmap;timeleft;nextmap will. Like I said, I'm not totally sure how or even why it works, but it seems like it does...


Last edited by Viper2026 on 2008-11-24, 3:11 pm, edited 1 time in total.

Viper2026
User avatar
Regular
Profile

Posts: 131
 
New postPosted: 2008-11-24, 3:05 pm 
block_crash (for reliable channel overflowed exploit) Updated!
Version: 1.1beta
Updated on: 2008-11-24 15:03:47
Version Notes:
Added a few lines to catch people trying to connect as unconnected and kicks them if their name is detected to be ""
bonbon
User avatar
Mentat
Mentat
Profile

Posts: 4727
Location:
C:/ProgramFiles/Bonbon/Bonbon.exe
 
New postPosted: 2008-11-24, 3:31 pm 
Wait, I thought you couldn't hook those mani commands @_@. Anyways, you should also add a multiple popup blocker. You can use the event popup_send, and use popuplib.active(userid)['count'] to check how many popups a user has open.

_________________
SicmanAdrian wrote:
I don't think it is possible but maybe SuperDave could try?

abcdefghijklmnopqrstuvwxyz
"It doesn't work" doesn't help us out, help us help you, be more specific!
Remember, when posting non Python code, post in the ES 1.x discussion forum, you'll get better help!
SuperDave wrote:
It's very difficult to see errors in that script because it is some of the worst looking code I have ever seen. And I've seen bonbon's code

Please do not PM for free private scripts/help!

Viper2026
User avatar
Regular
Profile

Posts: 131
 
New postPosted: 2008-11-24, 4:00 pm 
bonbon wrote:
Wait, I thought you couldn't hook those mani commands @_@. Anyways, you should also add a multiple popup blocker. You can use the event popup_send, and use popuplib.active(userid)['count'] to check how many popups a user has open.


I wasn't sure it was still possible to use the popup exploit, but I'd be interested in learning more about this so I can integrate some preventative measures into my script.
bonbon
User avatar
Mentat
Mentat
Profile

Posts: 4727
Location:
C:/ProgramFiles/Bonbon/Bonbon.exe
 
New postPosted: 2008-11-24, 4:07 pm 
I posted an example in a script request a couple days ago, that youy can use.

_________________
SicmanAdrian wrote:
I don't think it is possible but maybe SuperDave could try?

abcdefghijklmnopqrstuvwxyz
"It doesn't work" doesn't help us out, help us help you, be more specific!
Remember, when posting non Python code, post in the ES 1.x discussion forum, you'll get better help!
SuperDave wrote:
It's very difficult to see errors in that script because it is some of the worst looking code I have ever seen. And I've seen bonbon's code

Please do not PM for free private scripts/help!

Viper2026
User avatar
Regular
Profile

Posts: 131
 
New postPosted: 2008-11-24, 4:15 pm 
bonbon wrote:
I posted an example in a script request a couple days ago, that youy can use.


I can't seem to find it, do you have a link?
blubhed
User avatar
Newbie
Profile

Posts: 69
Location:
Lag-Land
 
New postPosted: 2008-12-16, 9:13 am 
Viper2026 wrote:
bonbon wrote:
I posted an example in a script request a couple days ago, that youy can use.


I can't seem to find it, do you have a link?


ehm.. is this "popup-exploit" still existing ?!
if yes can anybody plz post me a link where i can find a solution.. i cant find anything on the forums..

or maybe i dont know the words to search for.. :D

_________________
Image

sokmaster
User avatar
Regular
Profile

Posts: 163
 
New postPosted: 2008-12-25, 7:17 am 
I got this addon to work on my Windows dedicated server, but it is not running on exactly the same setup on a GameServers linux server.

On Windows I don't have Mani loaded via Meta, and this addon worked. On linux, this addon isn't working for me regardless of how Mani is loaded. I tried both ways.

Any ideas on what could be wrong?
Viper2026
User avatar
Regular
Profile

Posts: 131
 
New postPosted: 2008-12-25, 4:04 pm 
sokmaster wrote:
I got this addon to work on my Windows dedicated server, but it is not running on exactly the same setup on a GameServers linux server.

On Windows I don't have Mani loaded via Meta, and this addon worked. On linux, this addon isn't working for me regardless of how Mani is loaded. I tried both ways.

Any ideas on what could be wrong?


This interestingly goes against all the testing I've done, as I was unable to get the kick functionality to work unless I was running mani via metamod. Perhaps it's just this way for my mix of plugins, as I'm running EST also, which tends to mess with a lot of things. If you get in touch with me via the contact info in my script's comments I might be able to help.
TP.Pred
User avatar
Guru
Guru
Profile

Posts: 1334
Location:
UK, Essex
 
New postPosted: 2008-12-25, 4:58 pm 
Is the crash caused by typing nextmap into console or chat-area?

~Edd

_________________
PMA | Predator^
_________________

http://pred.yardimage.co.uk
_________________

Image

fearts
User avatar
Power User
Profile

Posts: 691
 
New postPosted: 2008-12-25, 8:31 pm 
TP.Pred wrote:
Is the crash caused by typing nextmap into console or chat-area?

~Edd



Removed as requested.


Last edited by fearts on 2009-01-13, 10:19 pm, edited 1 time in total.

suid
User avatar
New User
Profile

Posts: 9
 
New postPosted: 2009-01-12, 5:29 pm 
seems they can use ff , and status aswell as the other commands.. I have added these to the script on my server, however its still being crashed but far less frequent... There must be something else out there we are missing...

Trying to get my hand on the script they are using atm.

-Adam
sicman_adrian
User avatar
Professor
Professor
Profile

Posts: 2376
Location:
I Come From a Land Down Under
 
New postPosted: 2009-01-13, 10:09 pm 
fearts I suggest you remove that code before some one starts trying it out on severs
fearts
User avatar
Power User
Profile

Posts: 691
 
New postPosted: 2009-01-13, 10:20 pm 
sicman_adrian wrote:
fearts I suggest you remove that code before some one starts trying it out on severs


I removed it.

Also I would like to point out that Source Mod has a Anti Flood script integrated into the mod that works perfectly. All you do it put Source Mod on your server and it works.
Display posts from previous:  Sort by  
Post new topic Reply to topic  Page 1 of 3
  [ 47 posts ]  Go to page 1, 2, 3  Next

Forums » Mattie's EventScripts Plugin » EventScripts - Script Addons

Who is online

Users browsing this forum: No registered users and 1 guest

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group

Advertisements by Advertisement Management