HACKER PROBLEM
Moderator: Core Staff
HACKER PROBLEM
I've got a homemad server with redirect download, but my problem is that i don't know how to protect it very well. There is a programm that dowloand your server server.cfg file from my computer. In that he can find my rcon pw.
I know i can put download of but then people won't be able to download my mod:(. Do you know how I can fix this?
set sv_allowdownload "1"
seta sv_wwwDownload "1"
seta sv_wwwBaseURL "http://xxx.xxx.xxx/xxx"
seta sv_wwwDlDisconnected "0"
seta sv_dl_maxRate "42000"
Ty alot of someone can help me
I know i can put download of but then people won't be able to download my mod:(. Do you know how I can fix this?
set sv_allowdownload "1"
seta sv_wwwDownload "1"
seta sv_wwwBaseURL "http://xxx.xxx.xxx/xxx"
seta sv_wwwDlDisconnected "0"
seta sv_dl_maxRate "42000"
Ty alot of someone can help me
Re: HACKER PROBLEM
I allready have the solution if anyone is interrested i will give it.
-
- CJ G0D!
- Posts: 1575
- Joined: June 3rd, 2009, 9:02 pm
- Location: Cardiff University, UK
Re: HACKER PROBLEM
In regards to that thread, the OP stated there isn't a fix for it.Pedsdude wrote:http://codjumper.com/forums/viewtopic.php?f=12&t=12196
There is a fix on aluigi.org (he has patches, exploits fixes and such for a HUGE variety of games), which just slightly changes a few bytes in your exec file using lpatch. Also has fixes for server crash bugs, which 1.7 servers are still vulnerable to.
-
Re: HACKER PROBLEM
in cod2 it just works when you turn sv_allowdownload to 0
but then you need a wwwredirect, but that doesnt seems to be the problem with cod4.
but then you need a wwwredirect, but that doesnt seems to be the problem with cod4.
-
- Core Staff
- Posts: 13313
- Joined: April 13th, 2005, 8:22 pm
- Location: UK, London
Re: HACKER PROBLEM
In regards to your reading of that thread, 4 solutions have been given.xSnipeZx wrote:In regards to that thread, the OP stated there isn't a fix for it.
- Use a redirect for downloads and only turn on "www" downloads.
- Change your command line for starting the server to add "+rcon_password your_password"
- Change your command line and config to a random filename "+exec asdfgh.cfg"
- Manually enter a new RCON password AFTER the server has started.
![Image](http://www.pingtest.net/result/43108009.png)
Virgin Media 20Mb Broadband:
"Perfect for families going online at the same time, downloading movies, online gaming and more."
Borked internet since: 22-07-2010
-
- CJ G0D!
- Posts: 1575
- Joined: June 3rd, 2009, 9:02 pm
- Location: Cardiff University, UK
Re: HACKER PROBLEM
None of these FIX it though. (Turning off www downloads should prevent it in all cases, but many people need it on for mods/custom maps).Drofder2004 wrote:In regards to your reading of that thread, 4 solutions have been given.xSnipeZx wrote:In regards to that thread, the OP stated there isn't a fix for it.
- Use a redirect for downloads and only turn on "www" downloads.
- Change your command line for starting the server to add "+rcon_password your_password"
- Change your command line and config to a random filename "+exec asdfgh.cfg"
- Manually enter a new RCON password AFTER the server has started.
With all of those applied you can still download other cfgs and text files that could be potentially useful for a hacker- not going to name with ones.
The FIX actually changes the Server exec file, and files cannot be downloaded from the server in this way. (You can still have normal downloads working fine etc).
-
Re: HACKER PROBLEM
sv_allowdownload 0 should fix the downloading from the server.
Then,
sv_wwwdownload 1 should allow users to download from the www mirror, specified in
sv_wwwbasurl
Then,
sv_wwwdownload 1 should allow users to download from the www mirror, specified in
sv_wwwbasurl
-
- Core Staff
- Posts: 13313
- Joined: April 13th, 2005, 8:22 pm
- Location: UK, London
Re: HACKER PROBLEM
It may not be a fix, but it IS a solution.xSnipeZx wrote:The FIX actually changes the Server exec file, and files cannot be downloaded from the server in this way. (You can still have normal downloads working fine etc).
All of those WILL prevent you from using the exploit.
Find me ONE good quality Game Server Provider who is going to willingly let you upload a cracked EXE file...
The only REAL fix, is an official release, everything else, is a solution.
![Image](http://www.pingtest.net/result/43108009.png)
Virgin Media 20Mb Broadband:
"Perfect for families going online at the same time, downloading movies, online gaming and more."
Borked internet since: 22-07-2010
-
- CJ G0D!
- Posts: 1575
- Joined: June 3rd, 2009, 9:02 pm
- Location: Cardiff University, UK
Re: HACKER PROBLEM
Only the sv_allowdownload one prevents people from using the exploit, you can still download other files off of the server from any of the other `solutions` (unless of course they rename every file to something unguessable).Drofder2004 wrote: It may not be a fix, but it IS a solution.
All of those WILL prevent you from using the exploit.
Gameservers.com. -And its not a cracked EXE file (well I don't know the sure definition of cracked, but I know it doesn't create a cracked server, meaning no fake keys can use it).Drofder2004 wrote: Find me ONE good quality Game Server Provider who is going to willingly let you upload a cracked EXE file...
[/quote]Drofder2004 wrote: The only REAL fix, is an official release, everything else, is a solution.
It is a real fix, if IW did decide to make a fix for it (which they obviously havn't) it would be along the lines of changing the executable anyway I assume, which is what this fix does.
-
-
- Core Staff
- Posts: 13313
- Joined: April 13th, 2005, 8:22 pm
- Location: UK, London
Re: HACKER PROBLEM
To avoid a long post of excalated opinion, I leave you with this.xSnipeZx wrote:...
All 4 suggested solutions will stop your rcon from being hacked. If you do not want somebody to get access to any server file, turn off your server downloading.
![Image](http://www.pingtest.net/result/43108009.png)
Virgin Media 20Mb Broadband:
"Perfect for families going online at the same time, downloading movies, online gaming and more."
Borked internet since: 22-07-2010
-
- CJ G0D!
- Posts: 1575
- Joined: June 3rd, 2009, 9:02 pm
- Location: Cardiff University, UK
Who is online
Users browsing this forum: No registered users and 0 guests