former FS member
[text]news 351[/text]
Advertisement
Security Update - 27th January 2012
Rate Topic:
1 Votes
MultiQuote
#2
MajkiFajki 
Posted 27 January 2012 - 10:47 PM
Wasn't 4.2 were tagged to address those issues? After decision to release HD.
FS head admin
#5
SubJunk
Posted 28 January 2012 - 12:41 AM
Thanks a lot for the release guys :)
[img]http://www.redskiesg...unk-sig-urt.jpg[/img]
Advertisement
#7
Pussnboots
Posted 28 January 2012 - 05:49 AM
Progress is AWESOME! And I'm glad you guys are bustin' your ***** to get sh** done.. But I still urge you (FS and ALL Server operators) to read my last post.. This can be VERY serious business with HUGE implications if not adhered to.
http://www.urbanterr...150#entry324082
I don't mean to be a downer, but the above link should describe the true severity of the situation. It could literally cost people hundreds to THOUSANDS of dollars. I don't know about where the laws are elsewhere, but when is this punk is caught in the U.S., He's facing some MAJOR time in the slammer with some NASTY fines as well as some unforgivable and permanent Felonies..
http://www.urbanterr...150#entry324082
I don't mean to be a downer, but the above link should describe the true severity of the situation. It could literally cost people hundreds to THOUSANDS of dollars. I don't know about where the laws are elsewhere, but when is this punk is caught in the U.S., He's facing some MAJOR time in the slammer with some NASTY fines as well as some unforgivable and permanent Felonies..
#8
FS |HSO|RaideR
-
FS inactive member
Company Director & Lead Web Services Developer
Posted 28 January 2012 - 11:13 AM
Yes, the news was posted about a week early (we wanted to keep the testing up a little longer) until yesterday i received a call saying that we were DDoSing some poor ladies website.
After investigation it was not "our network" but "THE network", of Urban Terror servers DDoS-ing innocent people.
This fix removes there ability to use UrT Servers as vulnerable proxy's. I will be putting into operation in the next few days a master server ban filter that will remove "non-patched" servers from the master list. This will make it so much harder for the DDoS-ers to find the server instances (not impossible sadly). The downside is this WILL remove servers which are not updated.
So take this as a friendly warning! Update now!
After investigation it was not "our network" but "THE network", of Urban Terror servers DDoS-ing innocent people.
This fix removes there ability to use UrT Servers as vulnerable proxy's. I will be putting into operation in the next few days a master server ban filter that will remove "non-patched" servers from the master list. This will make it so much harder for the DDoS-ers to find the server instances (not impossible sadly). The downside is this WILL remove servers which are not updated.
So take this as a friendly warning! Update now!
#10
bc`ItsMe
Posted 28 January 2012 - 12:35 PM
@RaideR
At first I want to say that I appreciate the way you take this seriously (TBH, at first [mid/ end December] I've had some doubts about that -> my Post here).
But consider that you walk on a fine line near censorship with this.
Is it really _your_ business to decide what's good (for "the internet", the server owners, the victims of that DDoS) by filtering unpatched servers out? Is it maybe the part of the ISP/ Carrier to see/ find out that these Attacks are happening and do preventing it?
NO! Its the responsibility of the owner of every single server himself! He has to make sure that he is using your provided binary or another fixed one and/ or have a call at his Provider and _order_ him to track those Attacks and block them on the Datacenters Router/ Switch.
When hes not -> his decision -> he has to bear the consequences.
You've asked the Community about if or not to do the Blackout of the Website against SOPA for a free Internet...
True, because lots of servers send their Heartbeats to monster.idsoftware.com and/ or master.gamespy.com
Thats the goal of it :)
Here comes _the_ Question where I want to point to.
I've updated my Servers long _before_ FS released the official Securityfix from the source of ioquake (the ioquake Team fixed the issue in January 2010).
So will you block block _all_ servers out there that are not using _your_ binary?
I don't know what masterserver software do you use - dpmaster (--game-policy reject $NONPATCHEDSERVER)?
How you can make sure that you block just servers that are unpatched (here is the small line of censorship I've talked above) and not servers who use other/ selfcompiled binarys?
PS.
Don't get me wrong - I do not want to troll you I just want to point my finger onto some Problems I see with your decisions regarding these Blocking on the Masterlist. It solves _not_ the Problem.
RaideR, on 28 January 2012 - 11:13 AM, said:
snip...
This fix removes there ability to use UrT Servers as vunerable proxys. I will be putting into operation in the next few days a master server ban filter that will remove "non-patched" servers from the master list.
This fix removes there ability to use UrT Servers as vunerable proxys. I will be putting into operation in the next few days a master server ban filter that will remove "non-patched" servers from the master list.
At first I want to say that I appreciate the way you take this seriously (TBH, at first [mid/ end December] I've had some doubts about that -> my Post here).
But consider that you walk on a fine line near censorship with this.
Is it really _your_ business to decide what's good (for "the internet", the server owners, the victims of that DDoS) by filtering unpatched servers out? Is it maybe the part of the ISP/ Carrier to see/ find out that these Attacks are happening and do preventing it?
NO! Its the responsibility of the owner of every single server himself! He has to make sure that he is using your provided binary or another fixed one and/ or have a call at his Provider and _order_ him to track those Attacks and block them on the Datacenters Router/ Switch.
When hes not -> his decision -> he has to bear the consequences.
You've asked the Community about if or not to do the Blackout of the Website against SOPA for a free Internet...
Quote
This will make it so much harder for the DDoSers to find the server instances (not impossible sadley).
True, because lots of servers send their Heartbeats to monster.idsoftware.com and/ or master.gamespy.com
Quote
The downside is this WILL remove servers which are not updated.
Thats the goal of it :)
Quote
So take this as a friendly warning! Update now!
Here comes _the_ Question where I want to point to.
I've updated my Servers long _before_ FS released the official Securityfix from the source of ioquake (the ioquake Team fixed the issue in January 2010).
So will you block block _all_ servers out there that are not using _your_ binary?
I don't know what masterserver software do you use - dpmaster (--game-policy reject $NONPATCHEDSERVER)?
How you can make sure that you block just servers that are unpatched (here is the small line of censorship I've talked above) and not servers who use other/ selfcompiled binarys?
PS.
Don't get me wrong - I do not want to troll you I just want to point my finger onto some Problems I see with your decisions regarding these Blocking on the Masterlist. It solves _not_ the Problem.
This post has been edited by ItsMe: 28 January 2012 - 12:38 PM
1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users
Advertisement