Relentless Posted May 4, 2008 Posted May 4, 2008 Just wondering if there's any defense against this? We've been attacked a number of times (10+) over the past week. Quote
fozzer Posted May 4, 2008 Posted May 4, 2008 Just wondering if there's any defense against this? We've been attacked a number of times (10+) over the past week. Whats the server address ? Quote
Relentless Posted May 4, 2008 Author Posted May 4, 2008 64.34.183.34:27960 Its streaming to PB. This is a screenshot we have of it. It's happened numerous other times in the past week as well. Quote
ROC TaurusBully Posted May 4, 2008 Posted May 4, 2008 Not a big COD4 fan, So im not sure whats up here, is this just someone sending connection commands to the server? Quote
Relentless Posted May 4, 2008 Author Posted May 4, 2008 Its for W:ET. What happens (as far as we can tell) is that someone connects with no GUID and begins to generate a lot of 'false' or 'bot' players. Each 'bot' has their hunkmegs cranked up all the way to try and crash the server. Also, we believe that they might be running RCON Brute Force hacking, but are not positive. Quote
Wolfman2008 Posted May 4, 2008 Posted May 4, 2008 Hi Relentless, I think within your server.cfg file make it run an exe someone writes in C++ or Visual C++, and have that file check that each nick has an associated GUID# so that the first nick that doesn't have one, it bans the person by his CD key and GUID #. Also have each nick checked to see if it grows B 4 U let it go as you say, it is not going to violate anything with the original 1st signon, it is the growth nicks without GUID's I used to be really sharp at Visual C++, if I was given TOO MUCH time and explained a little technical info that is fed as a person is signed on, I could do such a thing. The program would not be that hard once had a full understanding of sign on process. I suppose I am wasting your time. I always try to help and I know how badly you want a solution yesterday for this nice fellow but he is not going to just stick with you, he will hit others, this is a very serious issue. Sorry for wasting your time, Wolfman2008 :blink: Quote
Precision Posted May 5, 2008 Posted May 5, 2008 (edited) Server in Brazil comes here suffering to this exactly attack, still does not know as to block http://img509.imageshack.us/my.php?image=serverbugadogx1.jpg Edited May 5, 2008 by Precision Quote
=BLACKWOLF= Posted May 6, 2008 Posted May 6, 2008 Try a subnet ban. If that fails, firewall ban (I believe |>B<| servers are hosted on your own dedicated machines and not rented from a GSP?) Quote
Relentless Posted May 7, 2008 Author Posted May 7, 2008 We have subnet bans on the, but they just avoid them. If we make them any bigger we lose some Regulars and Members. Yes, we do own our own servers and host them at locations such as Server Beach, etc... Problem is there, if we make the firewalls to block them, we wind up blocking Regulars/Members. Quote
EvilJohn Posted May 7, 2008 Posted May 7, 2008 (edited) What mod and version of ET? I am sorry. I believe there is no patch, or fix for this fake player bug which denies service. Unless you run etpro mod and use the combined fix lua. See here. http://bani.anime.net/banimod/forums/viewtopic.php?t=6777 Please note they inform other mod makers! " to fill up servers with bogus players" I checked Luigi Auriemma's site. He also offers no patch. Although he does have a patch for RCON brute force. I would suggest you pressure the powers to be with the mod you are using. If the mod is no longer supported. I feel for ya. Edit: If the mod makers went to etpro, and asked for help on the fix. They would probably help them. Edited May 7, 2008 by EvilJohn Quote
EvilJohn Posted May 7, 2008 Posted May 7, 2008 Well we know that is no longer supported. But they are playing with it here. http://etace.org/ Quote
Relentless Posted May 8, 2008 Author Posted May 8, 2008 We run an older version of ETPub, largely because the newer versions will cause MAX_GAMESTATE_CHARS more often (64 players). Any chance there will be a PB update that will help fight this? Quote
fozzer Posted May 8, 2008 Posted May 8, 2008 We run an older version of ETPub, largely because the newer versions will cause MAX_GAMESTATE_CHARS more often (64 players). Any chance there will be a PB update that will help fight this? The question should be; Any chance there will be a mod update that will help fight this? and should be directed at the mod makers. Quote
Relentless Posted May 8, 2008 Author Posted May 8, 2008 (edited) I'm just wondering, as the program I guess can run on ALL Quake3 based games. Edited May 8, 2008 by Relentless Quote
Manipulated Posted May 24, 2008 Posted May 24, 2008 ITs a really old bug, there already is fixes for it, the onyl one I know of is for etpro, its all ive used and its a .lua fix. But I think there is a cvar you can set, that doesnt allow more then 1 player from the same IP connect. This will fix it. The .lua fix is called fakeplimit.lua I believe, and the exploit is something called q3 fake player bug or something. Same bug for most q3 based games. Quote
Jet Posted May 29, 2008 Posted May 29, 2008 But I think there is a cvar you can set, that doesnt allow more then 1 player from the same IP connect. if there are 2 brothers who wanna play, they can't. do they all connect from the same IP? you said they're "bots" and normal "0" "bots" don't have an IP or? Quote
=BLACKWOLF= Posted May 29, 2008 Posted May 29, 2008 There is a way to limit the number of connections, but I can't remember if this was coded into certain mods, or even etadmin_mod. Probably best to allow about 2-3 connections per IP address incase two players play from the same household. Quote
SlAppY Posted June 25, 2008 Posted June 25, 2008 ETpub 0.8.x has a g_spoofOptions cvar This is the only way to stop q3fill tool on an etpub server that I know of. The lua mod mentioned is for ETPro and works quite well, but this guy isn't asking about ETPro. If you version of ETPub does not have g_spoofOptions then all I can tell you is to update. :( Quote
EvilJohn Posted September 14, 2008 Posted September 14, 2008 This is the only way to stop q3fill tool on an etpub server that I know of. The lua mod mentioned is for ETPro and works quite well, but this guy isn't asking about ETPro. If you version of ETPub does not have g_spoofOptions then all I can tell you is to update. :( This has been fixed in a beta version of etpub (open source btw) You can find it here. But be warned "beta" http://www.etpub.org/e107_plugins/forum/fo...topic.php?27638 http://www.etpub.org/e107_plugins/forum/fo...topic.php?27171 Quote
hellreturn Posted September 15, 2008 Posted September 15, 2008 This is the only way to stop q3fill tool on an etpub server that I know of. The lua mod mentioned is for ETPro and works quite well, but this guy isn't asking about ETPro. If you version of ETPub does not have g_spoofOptions then all I can tell you is to update. :( It would be nice if you/anyone can remove the tool name bec anyone can see what its being used and someone will use to harm other servers. On the side note try nightly 9.1 has it has connection limit to 4 per IP. But as said its "nightly". Quote
McBain{TibeT} Posted September 15, 2008 Posted September 15, 2008 I have 2 ET servers, one runs ETPro with the .lua combined fixes script. The other server is NoQuarter which has the CVAR "ip_max_clients" available, which I've set to 3. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.