This morning, in my servers, i have spotted a new tool.
A lot of players with random nicks (like 'aWJHFkla13sfk') were connecting, occuping all slots.
When connecting timeout occurs, again they are replaced with some others.
There is no guid or similar, just ip and nick.
The solution is to look at the ip with 'rcon clientlist', and add the ip on the banlist 'rcon addip xxxx.xxxx.xxxx.xxxx'.
Unfortunately, i was not able to collect more info.
Advertisement
Page 1 of 1
Admins: a new tool spotted
all slots occupied with random nicks
#2
Posted 19 September 2011 - 02:25 PM
Hi zamy its me Pretender http://x2s2hx.alterv...php?f=53&t=1745
And here is another discussion of same Guy who is exploiting
http://www.urbanterr...916#entry317916
And here is another discussion of same Guy who is exploiting
http://www.urbanterr...916#entry317916
“Be the change you want to see in the world.â€
"Treat Others The Way You Want To Be Treated"
"One of the greatest victories you can gain over someone is to beat him at politeness"
[IMG]http://i1114.photobu...r1988/val-1.jpg[/IMG]
[img]http://cache.www.gam...E1B5_2E3226.png[/img]
"Treat Others The Way You Want To Be Treated"
"One of the greatest victories you can gain over someone is to beat him at politeness"
[IMG]http://i1114.photobu...r1988/val-1.jpg[/IMG]
[img]http://cache.www.gam...E1B5_2E3226.png[/img]
#3
Posted 19 September 2011 - 04:39 PM
Pretender1988, on 19 September 2011 - 02:25 PM, said:
Hi zamy its me Pretender http://x2s2hx.alterv...php?f=53&t=1745
And here is another discussion of same Guy who is exploiting
http://www.urbanterr...916#entry317916
And here is another discussion of same Guy who is exploiting
http://www.urbanterr...916#entry317916
Tnx.
So that's a massive attack, nice... :/
#4
Posted 20 September 2011 - 04:03 AM
checkout rambetters repository thread here for a patch that contains a guid check, if the players guid isnt 32 characters long and only alphanumeric it wont let them connect should work for what u need as u stated that dont have a guid
This post has been edited by Mission85: 20 September 2011 - 04:04 AM
[img]http://www.dejgaming.com/alpha.png[/img]
[img]http://www.dejgaming...ngsupporter.jpg[/img]
My GitHub
[img]http://www.dejgaming...ngsupporter.jpg[/img]
My GitHub
#5
Posted 28 September 2011 - 11:02 PM
rambetter also has a patch to only allow a set number of clients per IP, my server is currently set to 2 so I don't think I'll have a problem unless the attack is originating from infected computers across the internet.
secondly, there is also a strict name patch that prevents random characters in the name other than numerical and alphabetical characters which could also prevent connection.
please post any relevant logs as attachments so we can look at them and perhaps work up a plan to prevent this spreading further.
secondly, there is also a strict name patch that prevents random characters in the name other than numerical and alphabetical characters which could also prevent connection.
please post any relevant logs as attachments so we can look at them and perhaps work up a plan to prevent this spreading further.
Lian Li pc-o11dw Der 8auer Edition · Gigabyte x570 Aorus Xtreme · AMD Ryzen 9 5950x 16-Core
32GB DDR4 3800MHz CL16 · 2x 1TB Samsung NVMe RAID 0 · 16GB Radeon RX 6900XT Liquid Cooled
32GB DDR4 3800MHz CL16 · 2x 1TB Samsung NVMe RAID 0 · 16GB Radeon RX 6900XT Liquid Cooled
Advertisement
#6
Posted 29 September 2011 - 12:00 AM
nitro, on 28 September 2011 - 11:02 PM, said:
rambetter also has a patch to only allow a set number of clients per IP, my server is currently set to 2 so I don't think I'll have a problem unless the attack is originating from infected computers across the internet.
secondly, there is also a strict name patch that prevents random characters in the name other than numerical and alphabetical characters which could also prevent connection.
please post any relevant logs as attachments so we can look at them and perhaps work up a plan to prevent this spreading further.
secondly, there is also a strict name patch that prevents random characters in the name other than numerical and alphabetical characters which could also prevent connection.
please post any relevant logs as attachments so we can look at them and perhaps work up a plan to prevent this spreading further.
I want to post this question again. Is there any good reason these patches haven't been collected and incorporated into the 4.1 codebase? I don't understand why tools like this are floating around the net and not patched into 1 solid build that all servers use by default?
#7
Posted 29 September 2011 - 12:08 AM
because 4.1 is no longer being updated - urt HD will probably includes these ideas by default however urt:HD isn't going to be ready any time soon
Lian Li pc-o11dw Der 8auer Edition · Gigabyte x570 Aorus Xtreme · AMD Ryzen 9 5950x 16-Core
32GB DDR4 3800MHz CL16 · 2x 1TB Samsung NVMe RAID 0 · 16GB Radeon RX 6900XT Liquid Cooled
32GB DDR4 3800MHz CL16 · 2x 1TB Samsung NVMe RAID 0 · 16GB Radeon RX 6900XT Liquid Cooled
Page 1 of 1
1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users
Advertisement