Luigi Auriemma

aluigi.org (ARCHIVE-ONLY FORUM!)
It is currently 19 Jul 2012 14:09

All times are UTC [ DST ]





Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 10 posts ] 
Author Message
 Post subject: q3_dirtrav
PostPosted: 03 Feb 2009 07:19 

Joined: 03 Feb 2009 07:02
Posts: 5
So I recently started a new server. I havent had the time to patch it since I've been working on other things, so as a quick fix against q3_dirtrav I turn off downloads.

The other day I had a player able to access the rcon. Any idea how they would manage to do that, assuming that the person never was able to get it off one of the other owners?

Edit: Sorry, using ET 2.55, and sv_allowdownloads = 0.


Top
 Profile  
 
 
 Post subject: Re: q3_dirtrav
PostPosted: 03 Feb 2009 10:13 

Joined: 13 Aug 2007 21:44
Posts: 4068
Location: http://aluigi.org
if you have the voting enabled he could have got the rcon password from there.
if this is what happened you should see it from your logs


Top
 Profile  
 
 Post subject: Re: q3_dirtrav
PostPosted: 05 Feb 2009 15:17 

Joined: 03 Feb 2009 07:02
Posts: 5
Ok thanks. Does this include if the etpub flag which allows (in my case, only level 9-10) high admins to vote cause him to be able to do this as well? Sorry, not really sure of the specifics of how this works, only have a rough idea.


Top
 Profile  
 
 Post subject: Re: q3_dirtrav
PostPosted: 05 Feb 2009 16:15 

Joined: 13 Aug 2007 21:44
Posts: 4068
Location: http://aluigi.org
uhmmm if only high admins can vote you should be safe, then if this is a etpub specific vote probably it just doesn't touch the vulnerable function at all


Top
 Profile  
 
 Post subject: Re: q3_dirtrav
PostPosted: 05 Feb 2009 17:10 

Joined: 03 Feb 2009 07:02
Posts: 5
Also, last few questions, although its technically a bit off topic since this isnt the right thread, however, for your release of the Universal Game Players limiter, what should I put into the packet.dat file? My understanding is that you're meant to put in the "joining packet", or something along those lines, however what is it for W:ET? Is it the console print you see (eg. "ClientConnect"; ClientConnect: 0
4:27:54 Userinfo: \g_password\none\cl_guid\495137219C111DF09244FAE68846CF07\cl_wwwDownload\1\name\^bEnigma\rate\25000\snaps\20\cl_anonymous\1\cl_punkbuster\1\protocol\82\qport\21676\challenge\1933655907\ip\IP.ADD.RE.SS:27960)?

For q3_dirtrav fix, I had it occur again even after I applied the patch, however now that his IP was visible I quickly gave him a subnet ban, then just reduced that to a ban of all IP's allocated by his ISP. This was with voting turned on, but with the dirtrav patch, any idea why this is, or if its possible to leave voting on without the server being vulnerable?

Apart from that, any there any other fixes I should look for apart from the lpatcher, q3_dirtravfix, and Universal Game Players limiter?


Top
 Profile  
 
 Post subject: Re: q3_dirtrav
PostPosted: 05 Feb 2009 18:25 

Joined: 13 Aug 2007 21:44
Posts: 4068
Location: http://aluigi.org
for the games based on the quake 3 engine (like ET) there is a specific experimental project just for them:
note that this project has been abandoned because could block some genuine players in some cases, so check the playerslimiter project instead

http://aluigi.org/patches/q3playersperip.zip

anyway if you don't want to use "q3playersperip" but want to use the most generic "playerslimiter" it's enough that you rename quake3_packet.dat in packet.dat, it already contains the "connect" packet to limit


Top
 Profile  
 
 Post subject: Re: q3_dirtrav
PostPosted: 09 Feb 2009 10:07 

Joined: 03 Feb 2009 07:02
Posts: 5
I installed the playersperip and ended up getting huge connectivity issues, with many players getting "Awaiting Challenge...", and I would get this when reconnecting, even if I wait a minute or two.


Top
 Profile  
 
 Post subject: Re: q3_dirtrav
PostPosted: 09 Feb 2009 12:54 

Joined: 13 Aug 2007 21:44
Posts: 4068
Location: http://aluigi.org
that's a bad thing, just one of the problems to which I thought about using the internal database.
well seems the dead of that project, anyway on what type of game server you tried it? do you use particular mods?


Top
 Profile  
 
 Post subject: Re: q3_dirtrav
PostPosted: 10 Feb 2009 16:38 

Joined: 08 Feb 2009 22:29
Posts: 5
is there anyway to get the rcon password?

This is for ET 2.55


Top
 Profile  
 
 Post subject: Re: q3_dirtrav
PostPosted: 21 Mar 2009 06:35 

Joined: 03 Feb 2009 07:02
Posts: 5
Sorry about the late reply. Been busy setting up forums, managing the clan and doing school work.

I'm currently running an Enemy Territory server, version 2.55, with the mod ETPub v0.8.1, although I'll be changing to version 0.9.0 (or 0.9.1) shortly, and from there I may be modding it since it is open source, and there are a few things I'd like to add to it.

Edit: Regarding q3fill's and the like, although they are a nuisance I can easily work around it by doing a !ban, and then kicking the rest of the players. If the person persists, I just ban all IP's they can be allocated (although I really hate doing this as it isn't a good idea to get a decent population).


Top
 Profile  
 
Display posts from previous:  Sort by  
Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 10 posts ] 

All times are UTC [ DST ]


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
cron