[|P|Nitro]

Creation, on 11 January 2012 - 03:05 PM, said:

Personally i can only hope for a patch to be released really soon because i`m sure that not all server admins where able to use the workaround found on another topic.

patch? the executables were patched and released before the work around was completed


scroll down to "update your server" >> http://www.urbanterr...up-guide-tools/

This post has been edited by nitro: 11 January 2012 - 10:56 PM

[rfx]

nitro, on 11 January 2012 - 10:55 PM, said:

patch? the executables were patched and released before the work around was completed

scroll down to "update your server" >> http://www.urbanterr...up-guide-tools/

Sorry, but that's hardly a news post at the front page.

As of today, the server binaries you get from the official download page ( http://www.urbanterror.info/downloads/ ) are exploitable as hell (I derived that from their compile stamp: somewhen in 2007 (!) ). I've no words for that.

Let me quote that text you refer to (and, please do not consider this is a criticism to you):

Quote

These patches are unofficial and provided by the community, these are not supported by frozen sands. Use at your own risk!

Wt...?

This completely negates any kind of trust a server owner would need to put into it.

Reconsidering the rcon attack, this one is kind of minor in regards to monetary problems it can cause. It's still annoying.

But the DrDoS attack can create amounts of traffic so easily it's almost unprecedented. I had an account of over 200GB traffic just within merely 2 1/2 days; luckily I was called by phone quickly enough to take countermeasures (first one was to shut down servers the second I was informed about the problem).

IMHO there should be a dedicated officially supported communication channel for server owner. That's the least thing I'd consider professional.

[Rambetter]

Still waiting for one of these "community members" to join Frozen Sand so that server fixes in 4.1 would become "official". *nudge* *nudge*

[|P|Nitro]

I see what you mean rfx, but as of right now I don't think frozen sands has anyone on the dedicated server to make these patches, Its a position they'll need to fill as it is definitely a requirement, Its bad enough with game experience on home servers, but what happens when dedicated hoster's pull their hardware and cut their loses due to unnecessary expenses because the server code isn't kept upto scratch (well not unless you follow rambetters svn trunk and are willing to trust him as an unofficial patcher)

to make things worse game servers on home hardware will be even worse with these attacks as the amount of bandwidth generated can completely knock them out.

I've always wondered why frozen sands hasn't considered someone like rambetter for their team as he is clearly a talented and dedicated contributer to this gaming community. It would be a shame to lose someone like that in this communnity, and certainly he is one of the few people in this community that has been there for us when the well known exploits have been targeted. I cannot imagine the position we would be in right now if it wasn't for dedicated people like rambetter.

[rfx]

Thanks nitro (&Rambetter), I couldn't word it better.

Really, no one of the team being able to provide current binaries is a serious issue. I don't want to try to imagine how this turns out of with the future of the (closed source due direct id license?) HD variant, when suddenly no one is there anymore to provide updates to the binaries ...

[FS |HSO|RaideR]

I realized the severity of this ages ago. I am moving as fast as I can in regards to getting this fixed and yes that means officially.

This thread has methods contained within for "techys" to protect for the short terms. What i'm trying to do is look to the medium to long term security protections of the server binaries that we list as official!

Remember this effects NOT just Urban Terror but anything on the idtech3 engine or uses similar UDP based connective methods. While I 100% understand peoples frustration here, may i remind you i don't tolerate rudeness to either myself OR the team. We are doing our best here.

[bc`ItsMe]

RaideR, on 12 January 2012 - 09:23 AM, said:

This thread has methods contained within for "techys" to protect for the short terms. What i'm trying to do is look to the medium to long term security protections of the server binaries that we list as official!

Ty RaideR for saying that that clearly, thats exact my Point of view what I've tried to make clear in my Discussion with nitro.

Quote

Remember this effects NOT just Urban Terror but anything on the idtech3 engine or uses similar UDP based connective methods.

As I said in my Post in this Thread: here, the Problem is fixed by ioquake since r1762 (4th-Jan-2010)

Quote

While I 100% understand peoples frustration here, may i remind you i don't tolerate rudeness to either myself OR the team. We are doing our best here.

Your Forum -> Your Rules


PS.
The Binarys I use are compiled from the ioquake trunk since End of December and even after dropping my shields [read iptables] the problem seems gone.
I did a few changes again to them in January thats why the Version looks like:

-> version\(bubbleclub)-ioq3 1.36_SVN2214M linux-x86_64 Jan 6 2012

[FS Barbatos]

I'm working on an official security update for the server binaries. It'll be ready for download asap (by Monday I hope).

[3spades]

Using Rambetter's build and it blocks all gametracker.com requests so my servers are dead to them. I would recommend testing the official fix against that so all the urbanterror servers don't drop off of their tracker.

Edit: seems I had to manually test it with their interface and its not dead anymore. Guess it was just coincidence.

This post has been edited by 3spades: 14 January 2012 - 06:31 PM

[|P|Nitro]

3spades, on 14 January 2012 - 05:25 PM, said:

Using Rambetter's build and it blocks all gametracker.com requests so my servers are dead to them. I would recommend testing the official fix against that so all the urbanterror servers don't drop off of their tracker.

Edit: seems I had to manually test it with their interface and its not dead anymore. Guess it was just coincidence.

This can't be possible because game tracker queries the master servers not your server directly. For this to be blocked your server would have to be blocked on the master server also. Have you tried the firewall rules? Perhaps one of them isn't working correctly.