CoD2 1.0 version I own the server . But I'm taking the attack. not a DDoS attack
They're doing the Lag to the server. 1.0 version game bug.
One way to fix this bug?
Printable View
CoD2 1.0 version I own the server . But I'm taking the attack. not a DDoS attack
They're doing the Lag to the server. 1.0 version game bug.
One way to fix this bug?
Have you tried using libcod?
don't use libcod and I'm using windows
Firewall жи есть
I'm using the firewall but not a ddos attack
It was a bug of the game
It doesn't show any network attack log in
What is the bug then?
lag on the server's going on
everybody's ping 999
udp flood, write help message for your HOST support or edit iptables rules
I wrote the help message but said there's nothing we can do
and here's what I'm getting another attack ;
ERROR: Netchan_Transmit: length = 18287
********************
----- Server Shutdown -----
Sending heartbeat to cod2master.activision.com
==== ShutdownGame ====
0: EXE_DISCONNECTED
1: EXE_DISCONNECTED
2: EXE_DISCONNECTED
3: EXE_DISCONNECTED
4: EXE_DISCONNECTED
5: EXE_DISCONNECTED
6: EXE_DISCONNECTED
7: EXE_DISCONNECTED
8: EXE_DISCONNECTED
9: EXE_DISCONNECTED
10: EXE_DISCONNECTED
---------------------------
That sounds a lot like a bug that got patched in libcod long ago.
libcod is used in Windows_?
Attachment 1259
in this way
Yes, this error fixed on libcod for linux, but i think libcod for windows no fixed it error
part code fix for linux:
Code:
void hook_SV_WriteDownloadToClient(int cl, int msg)
{
#if COD_VERSION == COD2_1_0
int offset = 452008;
#else
int offset = 452280;
#endif
if((*(int*)(cl + 134248)) && (*(int*)(cl+offset)**(int*)(cl+offset+4)/2048000 > 6))
SV_DropClient(cl, "broken download");
else
SV_WriteDownloadToClient(cl, msg);
}
they make constant attack
I don't know what to do
:(
You host server on Linux or Windows?
HELP ME please
use libcod.
Can I use on Windows?
You can use windows libcod, but WINDOWS LIBCOD dont know ADRESS error -> cant fix it.
Maybe someone find adress and add for Windows Libcod.
I have no choice but to wait :(
Why dont you switch to linux?
I don't know how to use Linux
do you have that will help me?
to use Linux
okay thank you
I will configure based there
Glad to see I'm not the only one. Currently we're also experiencing these daily attacks. It's highly annoying. Our COD2 servers have been running perfect for the past 1.5 year, but since last week, they are constantly under attack.
First I thought it was an issue with our mod being too large, even though I didn't change anything and it ran fine for the past 12+ months. So I shaved off 20KB, reducing it's filesize from 145KB to 125KB, but that didn't help. Even reducing the server slots to just 8 slots doesn't fix it.
Sadly we're also using Windows and switching to Linux/libcod is not an option sadly. We're running COD2 1.0; If someone could/wants to patch the executable that prevents this attack I would be very grateful. I'll put up a bounty of 10 euros for anyone who can fix this :)
Code:2: EXE_TIMEDOUT
clientDownload: 10 : begining "main/JUST_1_FILE_PLEASE_WAIT.iwd"
********************
ERROR: Netchan_Transmit: length = 18487
********************
----- Server Shutdown -----
Sending heartbeat to cod2master.activision.com
==== ShutdownGame ====
0: EXE_DISCONNECTED
1: EXE_DISCONNECTED
3: EXE_DISCONNECTED
4: EXE_DISCONNECTED
5: EXE_DISCONNECTED
6: EXE_DISCONNECTED
7: EXE_DISCONNECTED
8: EXE_DISCONNECTED
9: EXE_DISCONNECTED
10: EXE_DISCONNECTED
---------------------------
Hitch warning: 501 msec frame time
You got 2 options:
1. Switch to Linux + libcod.
2. sv_allowDownload 0.
And there is no option 3.
Welp, I guess we're f...d then and have to go for option 3. sit and wait it out. I might be able to hack a script together that restarts the server as soon it goes offline, but that's just another workaround.
The 10 euros bounty still stands by the way. Not sure if it's patchable at all for Windows.
We're being extorted. I received this message today:
"if u want your COD2 servers online without Troubles ,,
Send cod2mp_s.exe which u already use it ,
send to this mail : [removed]
i will check my mail , if nothing .... forget ur servers then
but if u send , i will leave ur servers"
I have the IP of the sender, originates from Iran.
Since there are no guarantees the attacks will stop after I send him our binaries, I'd rather have the problem fixed instead of paying 'protection money'.
Therefore, I'm doubling the bounty to 20 euros for someone that can patch/fix the COD2 1.0 executable for Windows that stops these attacks, unless it's technically not possible. Then we'll just have to sit and wait.
What about blocking whole Iran with your firewall? Yes I know that it can be bypassed.
That could be an option yes. True, it can be bypassed via VPN or a proxy, but then he must be really dedicated to crash our servers.
You're right, it's not hard to use, but we run more than just COD2 servers on our Windows machine. We run ARK, Sniper Elite 3, TeamSpeak etc. I know some of those will also have a Linux variant available, but not all.
The most important reason we run Windows is because of Statsgen2. Now I could make Statsgen2 work with a Linux COD2 server, but that would require FTPing over logfiles etc and to be honest, I don't quite feel investing all that time and effort because some scriptkiddy is annoying is. But yes, you're right. Libcod would fix it, but again, I would be very grateful if someone could patch this exploit for Windows as well:)
PS. We've ran COD2 servers on Linux in the past. Headless, so Ubuntu Server (commandline only). After /boot got full with old kernels (100MB) and I accidentally deleted the wrong one (yes you're allowed to laugh), I gave up and switched to Windows Server.
Old kernels are mainly removed by apt-get autoremove.
Install proxmox and run it all virtualized through kvm. Supports windows and linux.
Oh that damn human kindness...
I was able to patch the exe but if something else will be broken, i dont care.
Patched the SV_UserinfoChanged() to ignore client snaps setting. (Just forced it to 20)
Original code:
Spoiler:
Patched code:
Spoiler:
Hex:
Spoiler:
A bit ugly but should do the trick. Plas test.
https://www.dropbox.com/s/hcdtplioe3...tched.exe?dl=0
And i dont need your money.
Virtualization would be an option yes, although I prefer Virtualbox for that. I could install Ubuntu Server in Virtual Box and make a virtual share/shared harddrive with the host OS (Windows) so that Statsgen would be able to grab it's logfiles. The drawback is that this costs quite some overhead in terms of CPU and RAM.
Many many thanks for your kindness, time and expertise! I will test it out! Also thanks for the instructions/source, 'Give a hungry man a fish, you feed him for a day, but if you teach him how to fish, you feed him for a lifetime.'
Which program do you use to modify the exe files? IDA Pro or an Hex editor?
PS. Did you modify the original cod2mp_s? We're using the one from Mitch, which allows Windows based COD servers to also show up on the masterlist. His exe can be found here:
https://killtube.org/showthread.php?...ll=1#post12540
Kind regards.
EDIT: It works! Well, I don't how to test if the exploit is being blocked (because I don't know how to execute the exploit), but at least I was able to connect to our server and walk around etc, so the server functions seem to be in working order.
As explained above, we use a modified COD2mp_s.exe by Mitch, which allows cracked servers to show up in the master list.
Thanks to your explanation/source how you patched/fixed the .exe, I managed to patch the modified COD2mp_s.exe by Mitch by myself. At least I hope I did it properly. I've attached it to this post: Attachment 1267
Again, server functions seem to be in working order, but I don't know if it actually blocks the exploit because I don't know how to execute it.
Once again, many many thanks!
Ida and hex (you can see the patched bytes on 3rd screenshot, they got red line bellow them). Patched cracked exe from mitch: https://www.dropbox.com/s/axh7ayr5y2..._snaps.7z?dl=0