PDA

View Full Version : server Attack



valens
5th February 2017, 17:44
CoD2 1.0 version I own the server . But I'm taking the attack. not a DDoS attack

They're doing the Lag to the server. 1.0 version game bug.

One way to fix this bug?

IzNoGoD
5th February 2017, 18:58
Have you tried using libcod?

Paho
5th February 2017, 19:07
https://killtube.org/showthread.php?1727-Anti-DDOS-script-collection-thread&highlight=iptables+--flush

valens
5th February 2017, 19:42
don't use libcod and I'm using windows

Paho
5th February 2017, 20:37
Firewall жи есть

valens
5th February 2017, 21:17
I'm using the firewall but not a ddos attack

It was a bug of the game

valens
5th February 2017, 21:20
It doesn't show any network attack log in

Ni3ls
5th February 2017, 21:43
What is the bug then?

valens
5th February 2017, 21:49
lag on the server's going on
everybody's ping 999

maxdamage99
6th February 2017, 11:38
udp flood, write help message for your HOST support or edit iptables rules

valens
6th February 2017, 12:25
I wrote the help message but said there's nothing we can do

valens
6th February 2017, 12:28
and here's what I'm getting another attack ;

ERROR: Netchan_Transmit: length = 18287
********************
----- Server Shutdown -----
Sending heartbeat to cod2master.activision.com
==== ShutdownGame ====
0: EXE_DISCONNECTED
1: EXE_DISCONNECTED
2: EXE_DISCONNECTED
3: EXE_DISCONNECTED
4: EXE_DISCONNECTED
5: EXE_DISCONNECTED
6: EXE_DISCONNECTED
7: EXE_DISCONNECTED
8: EXE_DISCONNECTED
9: EXE_DISCONNECTED
10: EXE_DISCONNECTED
---------------------------

IzNoGoD
6th February 2017, 13:53
That sounds a lot like a bug that got patched in libcod long ago.

valens
6th February 2017, 14:51
libcod is used in Windows_?

valens
6th February 2017, 15:25
1259

in this way

maxdamage99
6th February 2017, 16:21
Yes, this error fixed on libcod for linux, but i think libcod for windows no fixed it error

part code fix for linux:



void hook_SV_WriteDownloadToClient(int cl, int msg)
{
#if COD_VERSION == COD2_1_0
int offset = 452008;
#else
int offset = 452280;
#endif

if((*(int*)(cl + 134248)) && (*(int*)(cl+offset)**(int*)(cl+offset+4)/2048000 > 6))
SV_DropClient(cl, "broken download");
else
SV_WriteDownloadToClient(cl, msg);
}

valens
6th February 2017, 16:26
they make constant attack

I don't know what to do
:(

maxdamage99
6th February 2017, 16:39
You host server on Linux or Windows?

valens
6th February 2017, 17:29
You host server on Linux or Windows?

works on windows server

valens
7th February 2017, 09:52
HELP ME please

IzNoGoD
7th February 2017, 10:01
use libcod.

valens
7th February 2017, 13:41
Can I use on Windows?

maxdamage99
7th February 2017, 14:00
You can use windows libcod, but WINDOWS LIBCOD dont know ADRESS error -> cant fix it.
Maybe someone find adress and add for Windows Libcod.

valens
7th February 2017, 14:18
I have no choice but to wait :(

Ni3ls
7th February 2017, 17:48
Why dont you switch to linux?

valens
7th February 2017, 19:24
I don't know how to use Linux

do you have that will help me?

to use Linux

IzNoGoD
7th February 2017, 19:33
How is this shit hard?

https://killtube.org/showthread.php?2454-Work-in-progress-Setup-CoD2-on-your-ubuntu-14-04-server


As per your OTHER thread on the exact same topic.

valens
7th February 2017, 19:40
okay thank you

I will configure based there

Paho
7th February 2017, 21:11
ERROR: Netchan_Transmit: length = 18287

fix by libcod.
Sending a packet from the client to the server over the size 1024x16 = 16384 bytes.
///////delete/////////

CaptainSlow
9th February 2017, 15:01
Glad to see I'm not the only one. Currently we're also experiencing these daily attacks. It's highly annoying. Our COD2 servers have been running perfect for the past 1.5 year, but since last week, they are constantly under attack.
First I thought it was an issue with our mod being too large, even though I didn't change anything and it ran fine for the past 12+ months. So I shaved off 20KB, reducing it's filesize from 145KB to 125KB, but that didn't help. Even reducing the server slots to just 8 slots doesn't fix it.

Sadly we're also using Windows and switching to Linux/libcod is not an option sadly. We're running COD2 1.0; If someone could/wants to patch the executable that prevents this attack I would be very grateful. I'll put up a bounty of 10 euros for anyone who can fix this :)



2: EXE_TIMEDOUT
clientDownload: 10 : begining "main/JUST_1_FILE_PLEASE_WAIT.iwd"
********************
ERROR: Netchan_Transmit: length = 18487
********************
----- Server Shutdown -----
Sending heartbeat to cod2master.activision.com
==== ShutdownGame ====
0: EXE_DISCONNECTED
1: EXE_DISCONNECTED
3: EXE_DISCONNECTED
4: EXE_DISCONNECTED
5: EXE_DISCONNECTED
6: EXE_DISCONNECTED
7: EXE_DISCONNECTED
8: EXE_DISCONNECTED
9: EXE_DISCONNECTED
10: EXE_DISCONNECTED
---------------------------
Hitch warning: 501 msec frame time

voron00
9th February 2017, 15:09
You got 2 options:

1. Switch to Linux + libcod.
2. sv_allowDownload 0.

And there is no option 3.

CaptainSlow
9th February 2017, 19:29
Welp, I guess we're f...d then and have to go for option 3. sit and wait it out. I might be able to hack a script together that restarts the server as soon it goes offline, but that's just another workaround.
The 10 euros bounty still stands by the way. Not sure if it's patchable at all for Windows.

CaptainSlow
10th February 2017, 09:18
We're being extorted. I received this message today:

"if u want your COD2 servers online without Troubles ,,
Send cod2mp_s.exe which u already use it ,
send to this mail : [removed]
i will check my mail , if nothing .... forget ur servers then
but if u send , i will leave ur servers"

I have the IP of the sender, originates from Iran.

Since there are no guarantees the attacks will stop after I send him our binaries, I'd rather have the problem fixed instead of paying 'protection money'.
Therefore, I'm doubling the bounty to 20 euros for someone that can patch/fix the COD2 1.0 executable for Windows that stops these attacks, unless it's technically not possible. Then we'll just have to sit and wait.

Whiskas
10th February 2017, 09:37
What about blocking whole Iran with your firewall? Yes I know that it can be bypassed.

IzNoGoD
10th February 2017, 09:54
We're being extorted. I received this message today:

"if u want your COD2 servers online without Troubles ,,
Send cod2mp_s.exe which u already use it ,
send to this mail : [removed]
i will check my mail , if nothing .... forget ur servers then
but if u send , i will leave ur servers"

I have the IP of the sender, originates from Iran.

Since there are no guarantees the attacks will stop after I send him our binaries, I'd rather have the problem fixed instead of paying 'protection money'.
Therefore, I'm doubling the bounty to 20 euros for someone that can patch/fix the COD2 1.0 executable for Windows that stops these attacks, unless it's technically not possible. Then we'll just have to sit and wait.

Use libcod on linux, it's not that hard.

CaptainSlow
10th February 2017, 10:12
What about blocking whole Iran with your firewall? Yes I know that it can be bypassed.

That could be an option yes. True, it can be bypassed via VPN or a proxy, but then he must be really dedicated to crash our servers.


Use libcod on linux, it's not that hard.

You're right, it's not hard to use, but we run more than just COD2 servers on our Windows machine. We run ARK, Sniper Elite 3, TeamSpeak etc. I know some of those will also have a Linux variant available, but not all.
The most important reason we run Windows is because of Statsgen2. Now I could make Statsgen2 work with a Linux COD2 server, but that would require FTPing over logfiles etc and to be honest, I don't quite feel investing all that time and effort because some scriptkiddy is annoying is. But yes, you're right. Libcod would fix it, but again, I would be very grateful if someone could patch this exploit for Windows as well:)

PS. We've ran COD2 servers on Linux in the past. Headless, so Ubuntu Server (commandline only). After /boot got full with old kernels (100MB) and I accidentally deleted the wrong one (yes you're allowed to laugh), I gave up and switched to Windows Server.

IzNoGoD
10th February 2017, 10:13
Old kernels are mainly removed by apt-get autoremove.

Install proxmox and run it all virtualized through kvm. Supports windows and linux.

voron00
10th February 2017, 10:27
Oh that damn human kindness...

I was able to patch the exe but if something else will be broken, i dont care.

Patched the SV_UserinfoChanged() to ignore client snaps setting. (Just forced it to 20)
Original code:
1264

Patched code:
1265

Hex:
1266

A bit ugly but should do the trick. Plas test.
https://www.dropbox.com/s/hcdtplioe3ay48y/CoD2MP_s_snaps_patched.exe?dl=0

And i dont need your money.

CaptainSlow
10th February 2017, 11:08
Old kernels are mainly removed by apt-get autoremove.

Install proxmox and run it all virtualized through kvm. Supports windows and linux.

Virtualization would be an option yes, although I prefer Virtualbox for that. I could install Ubuntu Server in Virtual Box and make a virtual share/shared harddrive with the host OS (Windows) so that Statsgen would be able to grab it's logfiles. The drawback is that this costs quite some overhead in terms of CPU and RAM.


Oh that damn human kindness...

I was able to patch the exe but if something else will be broken, i dont care.

Patched the SV_UserinfoChanged() to ignore client snaps setting. (Just forced it to 20)
Original code:
1264

Patched code:
1265

Hex:
1266

A bit ugly but should do the trick. Plas test.
https://www.dropbox.com/s/hcdtplioe3ay48y/CoD2MP_s_snaps_patched.exe?dl=0

And i dont need your money.

Many many thanks for your kindness, time and expertise! I will test it out! Also thanks for the instructions/source, 'Give a hungry man a fish, you feed him for a day, but if you teach him how to fish, you feed him for a lifetime.'
Which program do you use to modify the exe files? IDA Pro or an Hex editor?
PS. Did you modify the original cod2mp_s? We're using the one from Mitch, which allows Windows based COD servers to also show up on the masterlist. His exe can be found here:
https://killtube.org/showthread.php?1337-CoD2-Tutorial-How-to-make-your-cracked-server-show-up-in-the-master-list&p=12540&viewfull=1#post12540

Kind regards.

EDIT: It works! Well, I don't how to test if the exploit is being blocked (because I don't know how to execute the exploit), but at least I was able to connect to our server and walk around etc, so the server functions seem to be in working order.
As explained above, we use a modified COD2mp_s.exe by Mitch, which allows cracked servers to show up in the master list.
Thanks to your explanation/source how you patched/fixed the .exe, I managed to patch the modified COD2mp_s.exe by Mitch by myself. At least I hope I did it properly. I've attached it to this post: 1267
Again, server functions seem to be in working order, but I don't know if it actually blocks the exploit because I don't know how to execute it.
Once again, many many thanks!

voron00
10th February 2017, 11:28
Virtualization would be an option yes, although I prefer Virtualbox for that. I could install Ubuntu Server in Virtual Box and make a virtual share/shared harddrive with the host OS (Windows) so that Statsgen would be able to grab it's logfiles. The drawback is that this costs quite some overhead in terms of CPU and RAM.



Many many thanks for your kindness, time and expertise! I will test it out! Also thanks for the instructions/source, 'Give a hungry man a fish, you feed him for a day, but if you teach him how to fish, you feed him for a lifetime.'
Which program do you use to modify the exe files? IDA Pro or an Hex editor?
PS. Did you modify the original cod2mp_s? We're using the one from Mitch, which allows Windows based COD servers to also show up on the masterlist. His exe can be found here:
https://killtube.org/showthread.php?1337-CoD2-Tutorial-How-to-make-your-cracked-server-show-up-in-the-master-list&p=12540&viewfull=1#post12540

Kind regards.
Ida and hex (you can see the patched bytes on 3rd screenshot, they got red line bellow them). Patched cracked exe from mitch: https://www.dropbox.com/s/axh7ayr5y2ai24w/CoD2MP_s_cracked_patched_snaps.7z?dl=0

CaptainSlow
10th February 2017, 11:40
Ida and hex (you can see the patched bytes on 3rd screenshot, they got red line bellow them). Patched cracked exe from mitch: https://www.dropbox.com/s/axh7ayr5y2ai24w/CoD2MP_s_cracked_patched_snaps.7z?dl=0

We posted at the same time (well I edited my previous post ;) ). Once again, many thanks for the information. Thanks to your explanation how you patched/fixed the .exe, I managed to patch the modified COD2mp_s.exe by Mitch by myself. But just to be safe, I rather use your patched exe because I have no experience in this and I don't know if I edited it correctly. My edited exe is attached in my previous post btw.

Server functions seem to be in working order (I can connect, walk around, shoot etc), but I don't know if it actually blocks the exploit because I don't know how to execute it.
Once again, many many thanks!

valens
10th February 2017, 12:40
I started using Linux and I have installed libcod.
It's best to use libcod :)

Thank you all so much for your interest in :)

CaptainSlow
15th April 2017, 13:04
Aaaaannnddd he's back. Just received this mail:



Do you really think you just Solved it ? now lets see if you can connect your server :)
You better forget your servers ,
that was your final Laugh .........

Guy was launching a DDOS attack on our servers. Yay for Azure NSG.

IzNoGoD
15th April 2017, 13:17
Aaaaannnddd he's back. Just received this mail:



Guy was launching a DDOS attack on our servers. Yay for Azure NSG.

Check email headers for origin ip :)

CaptainSlow
15th April 2017, 13:33
Check email headers for origin ip :)

Yup, same guy from Iran.

CaptainSlow
15th April 2017, 15:00
Lol, he's now trying a different approach
https://i.imgur.com/DEl6wvy.png

kokonat
15th April 2017, 18:16
hello first of all sorry if my english is not so good. i see friends share troubles with their call of duty 2 servers and im in trouble wanted to say here if anybody pls can help me . im having a windows server and i have a server with no mods sometimes someone attacking and its like this you can see in screenshot spamming and lags server
http://i.imgur.com/On9vO0z.jpg
i recently had this problem and asked a polish modder he said your exe must have getchallenge fix need to edit some codes but i dont know which codes must be edited .i wanted to say here maybe professional users can help me . thank you

kung foo man
16th April 2017, 16:05
You can open the .exe in WinHex, search the string and replace the first character of this string (S) with the hex value 0x00. That would prevent your CoD2 console from being spammed

IzNoGoD
16th April 2017, 17:01
You can open the .exe in WinHex, search the string and replace the first character of this string (S) with the hex value 0x00. That would prevent your CoD2 console from being spammed

Not sure if that also eliminates the line break afterwards, given that the lagg is either from the enormous amount of packets (which doesnt change) or the console scroll gui being updated (which doesnt change if the linebreak isnt removed)

kokonat
18th April 2017, 08:14
You can open the .exe in WinHex, search the string and replace the first character of this string (S) with the hex value 0x00. That would prevent your CoD2 console from being spammed

thanks kung foo man i did it and server is safe for 2 days however was under attack day night
thanks again i wish you all the best in your life,you get me out from a big trouble