hi all
i have a server for a while, but recently the server shutdown with this message : "ERROR: Info_SetValueForKey: oversize infostring" .
i read in some website that a attacker can shutdown any game server based on Quake3 engine.
so you the urban terror admins , did you solve this pb ?
Advertisement
Server shutdown with ERROR: Info_SetValueForKey
Advertisement
#6 Guest_LogicalDope
Posted 07 June 2006 - 11:57 PM
Well it looks like it actualy someone who seemed to have created something to brute rcon passwords or one of my n00bish admins gave out rcon ..
Once rcon is gained .. then his computer sits and does this for ever till it crokes .. did it twice to me b4 I found out .. once I changed rcon and blocked the IP in the firewall all was good.. and the server was ans still is 1.32c ..
Here is the info from qconsole.log
Rcon from 213.112.56.252:4030:
pb_sv_ver
Rcon from 213.112.56.252:4031:
pb_sv_plist
Rcon from 213.112.56.252:4033:
pb_sv_ver
Rcon from 213.112.56.252:4034:
pb_sv_plist
Rcon from 213.112.56.252:4039:
pb_sv_ver
Rcon from 213.112.56.252:4040:
pb_sv_plist
Rcon from 213.112.56.252:4043:
pb_sv_ver
Rcon from 213.112.56.252:4043:
pb_sv_plist
Rcon from 213.112.56.252:3798:
pb_sv_ver
Rcon from 213.112.56.252:3813:
pb_sv_plist
Then after that for sometime and with people on you get
Info string length exceeded
Info string length exceeded
Info string length exceeded
Info string length exceeded
Info string length exceeded
About 50 to 100 times .... Then ...
********************
ERROR: Info_SetValueForKey: oversize infostring
********************
----- Server Shutdown -----
If you got a restart script it cant restart and locks the q3 process ...
This pesky guy whos been doing it is some Sweed .
Guid Number: 5691e9b6
Freq Used Names of 213.112.56.252
Bolibompa
fatrat
green-eyes sun
nosun
sunrat
sunray
I just changed up the password to something harder to brute with dic files and yelled at the peps with rcon not to tell people ... then added a few rules to the old firewall for our friends in SW and so far its all smooth.
So .. secure rcon password .. check for someone trying to brute the password in your conosole log .. ect..
I guess thats best advice ..
Also .. I also seen same block of time this occure ... some n00blet doing this
ClientUserinfo: 11 ip222.154.22.22:45641challenge-919096821qport45641protocol68cl_guid35CB0730B884A4DB2059558E6EF25237cl_punkbuster1cl_anonymous0name9R5hNCoJmyX6SWZIEgymRjaMbn
ClientUserinfoChanged: 11 n9R5hNCoJmyX6SWZIEgymt3racew0l0tl0
broadcast: print "9R5hNCoJmyX6SWZIEgym^7 connectedn"
Client 9 connecting with 200 challenge ping
ClientConnect: 12
ClientUserinfo: 12 ip222.154.22.22:45897challenge194395697qport45897protocol68cl_guid35CB0730B884A4DB2059558E6EF25237cl_punkbuster1cl_anonymous0namek
ClientUserinfoChanged: 12 nkt3racew0l0tl0
broadcast: print "k^7 connectedn"
Connecting with some lame arse names to lock up slots or something .. yah I know better key checking would stop this .. however this lame one is again some Euro dude ..
Guid Number: 38620118 or 37276280
Freq Used Names of 222.154.22.22
skynet * kennyG
JackBauer
skyNet * peteyPablo
Dont know if it is part of the other junk and they work togeather .. however it happened same block of time it seems.
LogicalDope [-iD-] CTF ServerAdmin
Once rcon is gained .. then his computer sits and does this for ever till it crokes .. did it twice to me b4 I found out .. once I changed rcon and blocked the IP in the firewall all was good.. and the server was ans still is 1.32c ..
Here is the info from qconsole.log
Rcon from 213.112.56.252:4030:
pb_sv_ver
Rcon from 213.112.56.252:4031:
pb_sv_plist
Rcon from 213.112.56.252:4033:
pb_sv_ver
Rcon from 213.112.56.252:4034:
pb_sv_plist
Rcon from 213.112.56.252:4039:
pb_sv_ver
Rcon from 213.112.56.252:4040:
pb_sv_plist
Rcon from 213.112.56.252:4043:
pb_sv_ver
Rcon from 213.112.56.252:4043:
pb_sv_plist
Rcon from 213.112.56.252:3798:
pb_sv_ver
Rcon from 213.112.56.252:3813:
pb_sv_plist
Then after that for sometime and with people on you get
Info string length exceeded
Info string length exceeded
Info string length exceeded
Info string length exceeded
Info string length exceeded
About 50 to 100 times .... Then ...
********************
ERROR: Info_SetValueForKey: oversize infostring
********************
----- Server Shutdown -----
If you got a restart script it cant restart and locks the q3 process ...
This pesky guy whos been doing it is some Sweed .
Guid Number: 5691e9b6
Freq Used Names of 213.112.56.252
Bolibompa
fatrat
green-eyes sun
nosun
sunrat
sunray
I just changed up the password to something harder to brute with dic files and yelled at the peps with rcon not to tell people ... then added a few rules to the old firewall for our friends in SW and so far its all smooth.
So .. secure rcon password .. check for someone trying to brute the password in your conosole log .. ect..
I guess thats best advice ..
Also .. I also seen same block of time this occure ... some n00blet doing this
ClientUserinfo: 11 ip222.154.22.22:45641challenge-919096821qport45641protocol68cl_guid35CB0730B884A4DB2059558E6EF25237cl_punkbuster1cl_anonymous0name9R5hNCoJmyX6SWZIEgymRjaMbn
ClientUserinfoChanged: 11 n9R5hNCoJmyX6SWZIEgymt3racew0l0tl0
broadcast: print "9R5hNCoJmyX6SWZIEgym^7 connectedn"
Client 9 connecting with 200 challenge ping
ClientConnect: 12
ClientUserinfo: 12 ip222.154.22.22:45897challenge194395697qport45897protocol68cl_guid35CB0730B884A4DB2059558E6EF25237cl_punkbuster1cl_anonymous0namek
ClientUserinfoChanged: 12 nkt3racew0l0tl0
broadcast: print "k^7 connectedn"
Connecting with some lame arse names to lock up slots or something .. yah I know better key checking would stop this .. however this lame one is again some Euro dude ..
Guid Number: 38620118 or 37276280
Freq Used Names of 222.154.22.22
skynet * kennyG
JackBauer
skyNet * peteyPablo
Dont know if it is part of the other junk and they work togeather .. however it happened same block of time it seems.
LogicalDope [-iD-] CTF ServerAdmin
#10
Posted 08 June 2006 - 01:47 AM
Well im gonna say this short first and i'll be back later to give yah more info
Rcon from 213.112.56.252:4030:
pb_sv_ver
Rcon from 213.112.56.252:4031:
pb_sv_plist
Rcon from 213.112.56.252:4033:
That is rundmc guid database, in order for this to happen.. you signed up for it or someone with your rcon has added your server to that site.
Info string length exceeded
Info string length exceeded
Info string length exceeded
*******************
ERROR: Info_SetValueForKey: oversize infostring
********************
----- Server Shutdown -----
Thats from too many "sets" in your server.cfg
usually anything over 2 sets of info for example
sets "admin" "coolleet0admin"
sets "email" "cool@myfirstserver.com"
sometimes you can add MAYBE one more
sets "cpu" "dual blahablah 8.0GHZ"
but after that anymore sets commands and your screwed
Back maybe 2 maybe 4 releases ago you could have almost as many as you wanted.. but not now, the q3 engine has a limited amount of memory set aside for sets and urbanterror has just about used all that up..
as for the locking up slots.. whatever name they want.. does it really matter.. maybe they are on a lan and shareing a key.. do they actually play or soes this keep happening untill the servers totally full..? maybe set the guid relax higher... =)
and yes they did release that "c" patch but thats not your issue here.. no one is exploiting you and crashing your server. And if they are, you havent posted the right snips from your logs..
Try google next time guys.
Rcon from 213.112.56.252:4030:
pb_sv_ver
Rcon from 213.112.56.252:4031:
pb_sv_plist
Rcon from 213.112.56.252:4033:
That is rundmc guid database, in order for this to happen.. you signed up for it or someone with your rcon has added your server to that site.
Info string length exceeded
Info string length exceeded
Info string length exceeded
*******************
ERROR: Info_SetValueForKey: oversize infostring
********************
----- Server Shutdown -----
Thats from too many "sets" in your server.cfg
usually anything over 2 sets of info for example
sets "admin" "coolleet0admin"
sets "email" "cool@myfirstserver.com"
sometimes you can add MAYBE one more
sets "cpu" "dual blahablah 8.0GHZ"
but after that anymore sets commands and your screwed
Back maybe 2 maybe 4 releases ago you could have almost as many as you wanted.. but not now, the q3 engine has a limited amount of memory set aside for sets and urbanterror has just about used all that up..
as for the locking up slots.. whatever name they want.. does it really matter.. maybe they are on a lan and shareing a key.. do they actually play or soes this keep happening untill the servers totally full..? maybe set the guid relax higher... =)
and yes they did release that "c" patch but thats not your issue here.. no one is exploiting you and crashing your server. And if they are, you havent posted the right snips from your logs..
Try google next time guys.
1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users
Advertisement