Jump to content

got a problem..


Recommended Posts

Hello PB Admins, Id appreciate it if you took the time to read what I have to say. I have been playing Enemy Territory on and off for 5 years now, both the 2.55(etpub) patch and the 2.6(etpro) patch. Although 2.55 is seen as the "noob" version of ET, it still holds a large community of gamers, who enjoy playing the game for fun and not so much for competitive reasons. And some of us are actually very skilled. Almost all of 2.55 knows each other, and we enjoy pubbing and scrimming together.

 

The problem is that PB has not been updated on 2.55 servers for quite a long time. For a good while this was unknown to most people, so the amount of hackers was at a low, but recently due to a few people who found out you can use old outdated hacks for 2.55 and not get caught, the number of people using hacks has increased greatly. I and the majority of the 2.55 community who still play this game the way its supposed to be played would be eternally grateful if PB could be updated on all 2.55 servers, so that these people who use these hacks could be perma banned from these servers. Thank you for reading this story xP I hope there is something you can do to help.

Link to post
Share on other sites

I dnt see any logical reason to play in old version of ET. The guys as u are the reason of decreased number of ppl playing in the latest ET.You r lazy to download and update your wolf. Wtf r u waiting for? Sorry, im shocked of your post...

 

2.60b patch

 

regards

Edited by Luk4ward
Link to post
Share on other sites

Games' patch versions have nothing to do with pointless talk "skill or noobism", the core problem is: evenbalance only supports the latest version of any (not just ET) punkbuster supported game. This is a fact that will stay and is necessary, as it is inevitable to set priorities: in a environment where it is difficult enough to keep a software up to date with cheats, it was about impossible to take care of issues of outdated versions with already patched bugs and glitches ... plus there are more and more issues to solve with hard- and software producers that put common standards aside - example: a cd/dvd retailer that gives a damn for ATAPI interface standardizations but uses his own "modified" interface, what can raise unexpected hangs/crashes/false-positives of pb games ... to fix stuff like that - whilst thousands of noobs (here it is correct) that will not listen ("Vista is unsupported" :> ) moaning and whining about things they fecked up themselves in the first place - is a job i would not touch for money & good words tbh.

 

There is no need to run etpub on ET 2.55 really, there are etpub-servers running ET 2.60b, what IS urgently recommended.

 

Why? Well, streaming to an AC site like PBBans (what is recommended as well :P) and running their advanced cheat detection technologies can fix problems with "oldie" hacks to some extend, but:

1. ... not totally, there are few hacks that will be picked by a pb update only,

2. nothing can be done about the security flaws of ET.exe itself (q3 engine vulnerability) but patching, nvd.nist.gov Link, our comment.

Link to post
Share on other sites

Thanks Ben .. a good informative response m8 :)

 

Just to update things, sitting on my desktop is the actual hack programme used to steal rcon/ftp details of any ET server running versions below 2.60b

after installation all it takes is for someone to join the server and input 4 commands via the console they then have a generated log with all rcon/ftp details of that particular server.

Thats how easy it is.

I tested this out on 3 different servers chosen completely at random from ASE server list.

2.55 successfully received all rcon/ftp details

2.60 successfully received all rcon details

2.60b no success

 

If a nub like me can successfully hack a server in a minute or less its only a matter of time before you get a visit from someone with evil intent, these people actively trawl for servers they can hack, but as more and more server admins update their servers the playing field diminishes and that increases the chances of you getting a malicious visitor.

What you must decide as a server admin is;

1. do you wait for something really nasty to happen before you upgrade

2. do you upgrade now to allow your regular clientelle to play in safety

not a hard choice to make is it :)

 

I used to admin servers for GamesDomain before it went belly up and was quite surprised by the amount of players that connected to the servers that we had no control over apart from rcon and were running older versions of RTCW.

What I found was that a lot of the players had no clue about patches and how to apply them, all they saw was a server protocol error elsewhere so they became the regulars on the older version servers we had.

That may not be the case here but I can not stress hard enough how important it is to upgrade your ET servers to 2.60b.

Running anything less is like putting a welcome mat out to cheaters and hackers :)

Link to post
Share on other sites

Thank you very much for the quick and informative response. So basically I take it that the only thing a 2.55 server admin can do is either try to run etpro on their servers, (which usually doesnt work well on the 2.55 version) try to update pb as much as possible, or simply move to 2.6. I didn't exactly get the answer I wanted but I did get the explanation I wanted. I understand that PB only updates latest versions of games as it must be hard enough to constantly be updating the game for fixed versions let alone old buggy versions. Once again thank you for the response, happy holidays and merry christmas.

Link to post
Share on other sites

I have SEVEN ET servers running 24/7.

 

Five of these are 2.55 servers and two are 2.60B servers. Take a guess which servers stay full to capacity almost 24 hours a day............In case you dont know i will tell you.............its the 2.55 servers.

 

The 2.60 servers stay empty almost 90 percent of the time.........they are a waste of my money, and if we didnt need them for WPL and TWL they would be gone.

 

I would rather pay for a CONSTANTLY FULL 2.55 server anyday over a NEARLY EMPTY 2.60 server that does nothing but collect dust.

 

There are thousands of 2.55 servers running, and the reason i dont update is NOT because im too damn lazy, its because me and the HUNDREDS of regular players who play on my servers are quiet happy with 2.55.

 

And PunkBuster DOES include 2.55 when it sends out an update, tho usually it fucks the servers up.....2.55 and 2.60 for a few days till they release an update to fix their update.......you can tell when an update has been released because NO ONE can connect to your server till you type in pb_sv_guidrelax 1 till they fix the problem.

 

So you can play on your super uber 2.60 not even half full servers all you want. I will stick to the 2.55 allways full noob servers as you say they are referred to.

Link to post
Share on other sites

There are thousands of 2.55 servers running, and the reason i dont update is NOT because im too damn lazy, its because me and the HUNDREDS of regular players who play on my servers are quiet happy with 2.55.

Having just seen a similar discussion over on enemy-territory.4players.de, I have no particular desire to get involved in this one. However, I did giggle slightly at the above exaggeration: here are some slightly more accurate stats.

 

ET 2.60 (3731 Servers)

ET 2.56 (24 Servers)

ET 2.55 (219 Servers)

 

Peace.

Link to post
Share on other sites

I have SEVEN ET servers running 24/7.

 

Five of these are 2.55 servers and two are 2.60B servers. Take a guess which servers stay full to capacity almost 24 hours a day............In case you dont know i will tell you.............its the 2.55 servers.

 

The 2.60 servers stay empty almost 90 percent of the time.........they are a waste of my money, and if we didnt need them for WPL and TWL they would be gone.

 

I would rather pay for a CONSTANTLY FULL 2.55 server anyday over a NEARLY EMPTY 2.60 server that does nothing but collect dust.

 

There are thousands of 2.55 servers running, and the reason i dont update is NOT because im too damn lazy, its because me and the HUNDREDS of regular players who play on my servers are quiet happy with 2.55.

 

And PunkBuster DOES include 2.55 when it sends out an update, tho usually it fucks the servers up.....2.55 and 2.60 for a few days till they release an update to fix their update.......you can tell when an update has been released because NO ONE can connect to your server till you type in pb_sv_guidrelax 1 till they fix the problem.

 

So you can play on your super uber 2.60 not even half full servers all you want. I will stick to the 2.55 allways full noob servers as you say they are referred to.

who referred to anything as "noob servers", admins running servers below 2.60b have had a security loophole pointed out to them and by choice they choose to ignore it :) ergo when/if something nasty happens they have no one to blame except themselves .. this is not a topic of debate about what fills servers better and whats does not but a statement of fact.

Any ET server not patched to 2.60b is vulnerable to a security exploit whereby your rcon/ftp details can be obtained by a malicious client who connects to servers below 2.60b and inputs 4 commands via the console if the sv_download cvar is enabled

Admins who run any ET server no matter what version will find that running PBBans MCL/MDL will help no end in keeping their servers clean and the MBI does not discriminate as to which version of the game your running :)

 

On a sidenote .. I guess if the 3,731 2.60 servers were cut to 300 overnight every one of them would be full as well :P

Think about it :)

Link to post
Share on other sites

I'd have to agree with mr.buckly on the fact that 2.55 is a better place to run a server if you want to run an active constantly full server. As opposed to 2.6 that has thousands of servers and have no where near that many ever with a single player inside of them. Unfortunatly you face the issue of a less effective pb system. If there are any specific commands or settings a server admin can use to run pb to its maximum efficiency, or if there is anything else one can do to improve the performance of pb on 2.55 etpub servers or etpro, could someone please post them. I dont run servers myself but know many many people who do, and who would be grateful for them. Thankyou.

Link to post
Share on other sites

I'd have to agree with mr.buckly on the fact that 2.55 is a better place to run a server if you want to run an active constantly full server. As opposed to 2.6 that has thousands of servers and have no where near that many ever with a single player inside of them. Unfortunatly you face the issue of a less effective pb system. If there are any specific commands or settings a server admin can use to run pb to its maximum efficiency, or if there is anything else one can do to improve the performance of pb on 2.55 etpub servers or etpro, could someone please post them. I dont run servers myself but know many many people who do, and who would be grateful for them. Thankyou.

there is a lot that can give pb a little extra help that turns pb from fairly competent anti cheat software into fairly l33t anti cheat software .. this info is reserved for admins who stream their servers to PBBans .. obviously we are not going to post cvar and md5 scan information in an open section of the forum :) .. that would be akin to police erecting a huge sign saying

caution: speed trap 500 yards ahead !
:)
Link to post
Share on other sites

omg, none is saying that et server running 2.55 is a noob server. And yes u r lazy and scared about losting some players, there are guys like u and thats why ET scene is separated. Whats more if u r running super full server in 2.55 version your players can't even know about latest patches and are in danger of the security holes. I do not want to make u afraid but i heard a group of ppl who are getting fun from getting passwords from your superb 2.55,2.6 et servers. I totally dnt understand u and any other like u ppl who are just making ET worst. What's more your server is full of players, but u have no idea what players are there playing....Its about time to take care on ppl not on the money...

 

 

Im running 2.60b et server with standard map and its quite full, your position is pointless and i recommend to update your server as soon as possible untill it wont be too late...

Link to post
Share on other sites

Fozzer I am not a server admin myself although if you could tell me how one joins the streaming pb info to you guys I'd appreciate it, im sure there are SA's I know that would join this if they only knew how. Also on a side note, not that I care what people think about others because of the game version they play, I have been playing 2.6 and recently 2.6b twl for 3+ years, on beta and high beta teams taking on alpha teams before the split was made from beta and alpha twl to just one. I play 2.6 for twl and its competitive reasons, and I play 2.55 for its pub reasons. I don't understand you people who think it really matters what version of a game you play, serious business if you ask me. The number of "noobs" on 2.6b is probably higher than on 2.55 just because of the higher number of players and servers. Not everyone in 2.6 is alpha, not everyone in 2.5 is a dumbass who is either afraid, lazy, or just not knowing how to patch their game. Almost all of 2.55 have all the versions of et.

Edited by tata
Link to post
Share on other sites

Fozzer I am not a server admin myself although if you could tell me how one joins the streaming pb info to you guys I'd appreciate it, im sure there are SA's I know that would join this if they only knew how. Also on a side note, not that I care what people think about others because of the game version they play, I have been playing 2.6 and recently 2.6b twl for 3+ years, on beta and high beta teams taking on alpha teams before the split was made from beta and alpha twl to just one. I play 2.6 for twl and its competitive reasons, and I play 2.55 for its pub reasons. I don't understand you people who think it really matters what version of a game you play, serious business if you ask me. The number of "noobs" on 2.6b is probably higher than on 2.55 just because of the higher number of players and servers. Not everyone in 2.6 is alpha, not everyone in 2.5 is a dumbass who is either afraid, lazy, or just not knowing how to patch their game. Almost all of 2.55 have all the versions of et.

a good start to anything is actually reading whats been posted .. let me try one more time.

 

FACT1. any ET server that is running a version below 2.60b has a gaping security loophole that any malicious user can exploit if the sv_download cvar is enabled.

 

FACT2. as posted to everyone when they join the forums :

the criteria for streaming admin status is;

1. Have rcon/FTP to a PB enabled game server(FTP not mandatory)

2. Be willing to stream your cheat logs to an EvenBalance repository

Once streaming has been verified your forum status will be upgraded to "streaming game admin" and you will have access to the streaming game admin private section of the forum as well as access to PBBans Master Player Index(MPI3) / Master Config Index(MCI) and all that PBBans has to offer.

All this is free.

Link to post
Share on other sites
  • 2 months later...

is it true that this brute force hack will only work if the server config file is named server.cfg?

 

my point is will it only work to search for server.cfg, or if for example the servers cfg file is named 'mackdieselservercfg.cfg' for instance, they couldnt access it unless they knew that name beforehand?

 

we have our server named to something other than server.cfg, and i read somewhere where the hacker would have to know the name of that file.

 

true or false?

 

if so i have to change the cfg filenames for a bunch of other peoples servers we run, hehe

 

have a nice day!

 

mackel

Edited by mackel
Link to post
Share on other sites

hey fozzer i had an idea.

 

one of our servers that we administer was hacked in this very same way. It was the House of SE server on 2.55

 

anyways we are 99.9 percent sure who did it, and i have an idea.

 

can you only read a cfg file inside the root folder, more importantly, can you access the start line in this manner?

 

We took out the seta rconpassword line in our server.cfg on a test server that we run. we ADDED the set rconpassword line to our start script (start line, script whatever u want to call it) and it worked. we have the 10 man test server to put on new campaigns to test them make sure they work, and to test maps, and for reasons exactly like this.

 

you said you have the program that can hack into a 2.55 server. you say that once you get access you can read the server.cfg file. we have taken out the rcon line in the server.cfg file, and put it in the start path. if i give you the address of the server thru irc, can you go in there and try your magic pretty please with a grenade and a satchel on top? :) i want to see if you can still find the rcon thru it. if not then we can do the same to his server, and problem should be solved i guess.

 

alot of you are gonna say "why dont you upgrade to 2.60b?" believe me ive told them a gazillion times if you update we wont have this problem. he dont want to so i aint gonna change it, u got to deal with it. they pay the bills you know what im sayin? :P

 

if you cannot do this because you dont believe in hacking, or for whatever reason, i understand, no problem. but if you can this would be great cause i am quite curious if this does or doesnt work. i hope it does cause it would solve alot of peoples headaches.

 

have a nice day!

 

mackel

 

p.s. it is 3/4/07 at 01:58 AM Eastern Time (GMT -5). im signed into IRC, and if you can do this can you please PM me in there? if i dont respond dont worry ill be there asap. i can send you all the pertinent test server info beforehand and see if this does/or does not work.

 

 

p.p.s. im putting this in here so we can keep this as an open discussion, maybe it does or doesnt work i dunno. if it doesnt, then people will know. if it does work, then goddammit good i hope it stops these idiots from ruining a good thing. (not that they havent already) im tired of it as well as alot of other people.

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.