Page 4 of 5 FirstFirst ... 2345 LastLast
Results 31 to 40 of 50

Thread: server Attack

  1. #31
    Corporal voron00's Avatar
    Join Date
    Nov 2014
    Posts
    248
    Thanks
    64
    Thanked 216 Times in 116 Posts
    You got 2 options:

    1. Switch to Linux + libcod.
    2. sv_allowDownload 0.

    And there is no option 3.
    sudo apt-get rekt

  2. The Following 2 Users Say Thank You to voron00 For This Useful Post:

    CaptainSlow (10th February 2017),valens (10th February 2017)

  3. #32
    Private CaptainSlow's Avatar
    Join Date
    Nov 2014
    Posts
    76
    Thanks
    38
    Thanked 28 Times in 23 Posts
    Welp, I guess we're f...d then and have to go for option 3. sit and wait it out. I might be able to hack a script together that restarts the server as soon it goes offline, but that's just another workaround.
    The 10 euros bounty still stands by the way. Not sure if it's patchable at all for Windows.
    Slow and Steady wins the race

  4. The Following User Says Thank You to CaptainSlow For This Useful Post:

    valens (10th February 2017)

  5. #33
    Private CaptainSlow's Avatar
    Join Date
    Nov 2014
    Posts
    76
    Thanks
    38
    Thanked 28 Times in 23 Posts
    We're being extorted. I received this message today:

    "if u want your COD2 servers online without Troubles ,,
    Send cod2mp_s.exe which u already use it ,
    send to this mail : [removed]
    i will check my mail , if nothing .... forget ur servers then
    but if u send , i will leave ur servers"

    I have the IP of the sender, originates from Iran.

    Since there are no guarantees the attacks will stop after I send him our binaries, I'd rather have the problem fixed instead of paying 'protection money'.
    Therefore, I'm doubling the bounty to 20 euros for someone that can patch/fix the COD2 1.0 executable for Windows that stops these attacks, unless it's technically not possible. Then we'll just have to sit and wait.
    Slow and Steady wins the race

  6. The Following User Says Thank You to CaptainSlow For This Useful Post:

    valens (10th February 2017)

  7. #34
    Private Whiskas's Avatar
    Join Date
    Jan 2015
    Posts
    84
    Thanks
    69
    Thanked 20 Times in 17 Posts
    What about blocking whole Iran with your firewall? Yes I know that it can be bypassed.

  8. The Following 2 Users Say Thank You to Whiskas For This Useful Post:

    CaptainSlow (10th February 2017),valens (10th February 2017)

  9. #35
    Assadministrator IzNoGoD's Avatar
    Join Date
    Aug 2012
    Posts
    1,718
    Thanks
    17
    Thanked 1,068 Times in 674 Posts
    Quote Originally Posted by CaptainSlow View Post
    We're being extorted. I received this message today:

    "if u want your COD2 servers online without Troubles ,,
    Send cod2mp_s.exe which u already use it ,
    send to this mail : [removed]
    i will check my mail , if nothing .... forget ur servers then
    but if u send , i will leave ur servers"

    I have the IP of the sender, originates from Iran.

    Since there are no guarantees the attacks will stop after I send him our binaries, I'd rather have the problem fixed instead of paying 'protection money'.
    Therefore, I'm doubling the bounty to 20 euros for someone that can patch/fix the COD2 1.0 executable for Windows that stops these attacks, unless it's technically not possible. Then we'll just have to sit and wait.
    Use libcod on linux, it's not that hard.
    "Does not work" is an error report for a bug between keyboard and chair.

    All hail Artie Effem

  10. The Following 2 Users Say Thank You to IzNoGoD For This Useful Post:

    CaptainSlow (10th February 2017),valens (10th February 2017)

  11. #36
    Private CaptainSlow's Avatar
    Join Date
    Nov 2014
    Posts
    76
    Thanks
    38
    Thanked 28 Times in 23 Posts
    Quote Originally Posted by Whiskas View Post
    What about blocking whole Iran with your firewall? Yes I know that it can be bypassed.
    That could be an option yes. True, it can be bypassed via VPN or a proxy, but then he must be really dedicated to crash our servers.

    Quote Originally Posted by IzNoGoD View Post
    Use libcod on linux, it's not that hard.
    You're right, it's not hard to use, but we run more than just COD2 servers on our Windows machine. We run ARK, Sniper Elite 3, TeamSpeak etc. I know some of those will also have a Linux variant available, but not all.
    The most important reason we run Windows is because of Statsgen2. Now I could make Statsgen2 work with a Linux COD2 server, but that would require FTPing over logfiles etc and to be honest, I don't quite feel investing all that time and effort because some scriptkiddy is annoying is. But yes, you're right. Libcod would fix it, but again, I would be very grateful if someone could patch this exploit for Windows as well

    PS. We've ran COD2 servers on Linux in the past. Headless, so Ubuntu Server (commandline only). After /boot got full with old kernels (100MB) and I accidentally deleted the wrong one (yes you're allowed to laugh), I gave up and switched to Windows Server.
    Slow and Steady wins the race

  12. The Following User Says Thank You to CaptainSlow For This Useful Post:

    valens (10th February 2017)

  13. #37
    Assadministrator IzNoGoD's Avatar
    Join Date
    Aug 2012
    Posts
    1,718
    Thanks
    17
    Thanked 1,068 Times in 674 Posts
    Old kernels are mainly removed by apt-get autoremove.

    Install proxmox and run it all virtualized through kvm. Supports windows and linux.
    "Does not work" is an error report for a bug between keyboard and chair.

    All hail Artie Effem

  14. The Following 2 Users Say Thank You to IzNoGoD For This Useful Post:

    CaptainSlow (10th February 2017),valens (10th February 2017)

  15. #38
    Corporal voron00's Avatar
    Join Date
    Nov 2014
    Posts
    248
    Thanks
    64
    Thanked 216 Times in 116 Posts
    Oh that damn human kindness...

    I was able to patch the exe but if something else will be broken, i dont care.

    Patched the SV_UserinfoChanged() to ignore client snaps setting. (Just forced it to 20)
    Original code:
    Spoiler:
    Click image for larger version. 

Name:	original.png 
Views:	51 
Size:	4.4 KB 
ID:	1264


    Patched code:
    Spoiler:
    Click image for larger version. 

Name:	patched.png 
Views:	51 
Size:	3.1 KB 
ID:	1265


    Hex:
    Spoiler:
    Click image for larger version. 

Name:	tochange.png 
Views:	52 
Size:	77.9 KB 
ID:	1266


    A bit ugly but should do the trick. Plas test.
    https://www.dropbox.com/s/hcdtplioe3...tched.exe?dl=0

    And i dont need your money.
    Last edited by voron00; 10th February 2017 at 10:30.
    sudo apt-get rekt

  16. The Following 4 Users Say Thank You to voron00 For This Useful Post:

    CaptainSlow (10th February 2017),kung foo man (10th February 2017),Lonsofore (10th February 2017),valens (10th February 2017)

  17. #39
    Private CaptainSlow's Avatar
    Join Date
    Nov 2014
    Posts
    76
    Thanks
    38
    Thanked 28 Times in 23 Posts
    Quote Originally Posted by IzNoGoD View Post
    Old kernels are mainly removed by apt-get autoremove.

    Install proxmox and run it all virtualized through kvm. Supports windows and linux.
    Virtualization would be an option yes, although I prefer Virtualbox for that. I could install Ubuntu Server in Virtual Box and make a virtual share/shared harddrive with the host OS (Windows) so that Statsgen would be able to grab it's logfiles. The drawback is that this costs quite some overhead in terms of CPU and RAM.

    Quote Originally Posted by voron00 View Post
    Oh that damn human kindness...

    I was able to patch the exe but if something else will be broken, i dont care.

    Patched the SV_UserinfoChanged() to ignore client snaps setting. (Just forced it to 20)
    Original code:
    Spoiler:
    Click image for larger version. 

Name:	original.png 
Views:	51 
Size:	4.4 KB 
ID:	1264


    Patched code:
    Spoiler:
    Click image for larger version. 

Name:	patched.png 
Views:	51 
Size:	3.1 KB 
ID:	1265


    Hex:
    Spoiler:
    Click image for larger version. 

Name:	tochange.png 
Views:	52 
Size:	77.9 KB 
ID:	1266


    A bit ugly but should do the trick. Plas test.
    https://www.dropbox.com/s/hcdtplioe3...tched.exe?dl=0

    And i dont need your money.
    Many many thanks for your kindness, time and expertise! I will test it out! Also thanks for the instructions/source, 'Give a hungry man a fish, you feed him for a day, but if you teach him how to fish, you feed him for a lifetime.'
    Which program do you use to modify the exe files? IDA Pro or an Hex editor?
    PS. Did you modify the original cod2mp_s? We're using the one from Mitch, which allows Windows based COD servers to also show up on the masterlist. His exe can be found here:
    https://killtube.org/showthread.php?...ll=1#post12540

    Kind regards.

    EDIT: It works! Well, I don't how to test if the exploit is being blocked (because I don't know how to execute the exploit), but at least I was able to connect to our server and walk around etc, so the server functions seem to be in working order.
    As explained above, we use a modified COD2mp_s.exe by Mitch, which allows cracked servers to show up in the master list.
    Thanks to your explanation/source how you patched/fixed the .exe, I managed to patch the modified COD2mp_s.exe by Mitch by myself. At least I hope I did it properly. I've attached it to this post: CoD2MP_s_cracked_patched_snaps.7z
    Again, server functions seem to be in working order, but I don't know if it actually blocks the exploit because I don't know how to execute it.
    Once again, many many thanks!
    Last edited by CaptainSlow; 10th February 2017 at 11:31.
    Slow and Steady wins the race

  18. The Following 2 Users Say Thank You to CaptainSlow For This Useful Post:

    kung foo man (10th February 2017),valens (10th February 2017)

  19. #40
    Corporal voron00's Avatar
    Join Date
    Nov 2014
    Posts
    248
    Thanks
    64
    Thanked 216 Times in 116 Posts
    Quote Originally Posted by CaptainSlow View Post
    Virtualization would be an option yes, although I prefer Virtualbox for that. I could install Ubuntu Server in Virtual Box and make a virtual share/shared harddrive with the host OS (Windows) so that Statsgen would be able to grab it's logfiles. The drawback is that this costs quite some overhead in terms of CPU and RAM.



    Many many thanks for your kindness, time and expertise! I will test it out! Also thanks for the instructions/source, 'Give a hungry man a fish, you feed him for a day, but if you teach him how to fish, you feed him for a lifetime.'
    Which program do you use to modify the exe files? IDA Pro or an Hex editor?
    PS. Did you modify the original cod2mp_s? We're using the one from Mitch, which allows Windows based COD servers to also show up on the masterlist. His exe can be found here:
    https://killtube.org/showthread.php?...ll=1#post12540

    Kind regards.
    Ida and hex (you can see the patched bytes on 3rd screenshot, they got red line bellow them). Patched cracked exe from mitch: https://www.dropbox.com/s/axh7ayr5y2..._snaps.7z?dl=0
    sudo apt-get rekt

  20. The Following 3 Users Say Thank You to voron00 For This Useful Post:

    CaptainSlow (10th February 2017),kung foo man (10th February 2017),valens (10th February 2017)

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •