HACKER PROBLEM

[Noobie36]

I've got a homemad server with redirect download, but my problem is that i don't know how to protect it very well. There is a programm that dowloand your server server.cfg file from my computer. In that he can find my rcon pw.
I know i can put download of but then people won't be able to download my mod:(. Do you know how I can fix this?
set sv_allowdownload "1"
seta sv_wwwDownload "1"
seta sv_wwwBaseURL "http://xxx.xxx.xxx/xxx"
seta sv_wwwDlDisconnected "0"
seta sv_dl_maxRate "42000"
Ty alot of someone can help me

[Noobie36]

I allready have the solution if anyone is interrested i will give it.

[Pedsdude]

http://codjumper.com/forums/viewtopic.php?f=12&t=12196

[F |Madness| U]

http://codjumper.com/forums/viewtopic.php?f=12&t=12196

In regards to that thread, the OP stated there isn't a fix for it.

There is a fix on aluigi.org (he has patches, exploits fixes and such for a HUGE variety of games), which just slightly changes a few bytes in your exec file using lpatch. Also has fixes for server crash bugs, which 1.7 servers are still vulnerable to.

[IzNoGoD]

in cod2 it just works when you turn sv_allowdownload to 0
but then you need a wwwredirect, but that doesnt seems to be the problem with cod4.

[Drofder2004]

In regards to that thread, the OP stated there isn't a fix for it.

In regards to your reading of that thread, 4 solutions have been given.
- Use a redirect for downloads and only turn on "www" downloads.
- Change your command line for starting the server to add "+rcon_password your_password"
- Change your command line and config to a random filename "+exec asdfgh.cfg"
- Manually enter a new RCON password AFTER the server has started.

[F |Madness| U]

In regards to that thread, the OP stated there isn't a fix for it.

In regards to your reading of that thread, 4 solutions have been given.
- Use a redirect for downloads and only turn on "www" downloads.
- Change your command line for starting the server to add "+rcon_password your_password"
- Change your command line and config to a random filename "+exec asdfgh.cfg"
- Manually enter a new RCON password AFTER the server has started.

None of these FIX it though. (Turning off www downloads should prevent it in all cases, but many people need it on for mods/custom maps).

With all of those applied you can still download other cfgs and text files that could be potentially useful for a hacker- not going to name with ones.

The FIX actually changes the Server exec file, and files cannot be downloaded from the server in this way. (You can still have normal downloads working fine etc).

[IzNoGoD]

sv_allowdownload 0 should fix the downloading from the server.
Then,
sv_wwwdownload 1 should allow users to download from the www mirror, specified in
sv_wwwbasurl

[Drofder2004]

The FIX actually changes the Server exec file, and files cannot be downloaded from the server in this way. (You can still have normal downloads working fine etc).

It may not be a fix, but it IS a solution.
All of those WILL prevent you from using the exploit.

Find me ONE good quality Game Server Provider who is going to willingly let you upload a cracked EXE file...

The only REAL fix, is an official release, everything else, is a solution.

[F |Madness| U]

It may not be a fix, but it IS a solution.
All of those WILL prevent you from using the exploit.

Only the sv_allowdownload one prevents people from using the exploit, you can still download other files off of the server from any of the other `solutions` (unless of course they rename every file to something unguessable).

Find me ONE good quality Game Server Provider who is going to willingly let you upload a cracked EXE file...

Gameservers.com. -And its not a cracked EXE file (well I don't know the sure definition of cracked, but I know it doesn't create a cracked server, meaning no fake keys can use it).

The only REAL fix, is an official release, everything else, is a solution.

[/quote]

It is a real fix, if IW did decide to make a fix for it (which they obviously havn't) it would be along the lines of changing the executable anyway I assume, which is what this fix does.

[Drofder2004]

...

To avoid a long post of excalated opinion, I leave you with this.

All 4 suggested solutions will stop your rcon from being hacked. If you do not want somebody to get access to any server file, turn off your server downloading.

[F |Madness| U]

Partially agree.

[Pedsdude]

lol'd.