Significant server exploit
#7

Quote:
Originally Posted by BigETI
Посмотреть сообщение
Possible solution:
http://pastebin.com/XfQiAtQv

pawn Код:
#include <ce_fix>
//...
public OnPlayerDisconnect(playerid, reason)
{
    if(reason == 3)
    {
        // Punish, or do whatever you like
    }
}
You should also save the name as it will change and it could be a valid admin name which you wouldn't want getting banned in your system. There is another problem with that solution as well, there could be many OnPlayerDisconnect()'s that are hooked before this callback then they might get called which isn't good because the player has not disconnected yet they've only spoofed an OnPlayerConnect().

Another potential issue if I'm reading this correctly.

if(ce_fix[playerid]) OnPlayerDisconnect(playerid, 3);
else ce_fix[playerid] = true;
#if defined CE_OnPlayerConnect
return CE_OnPlayerConnect(playerid);

If i'm not mistaken that will allow the spoofed OnPlayerConnect() to always hook, that is not desirable it's not a real connection.

Last point I'm pretty sure calling OnPlayerDisconnect() doesn't delete any per player stuff now this shouldn't matter but it could be an issue.

Just clarify things for me if I got another wrong or am overlooking anything thanks
Reply


Messages In This Thread
Significant server exploit - by Pottus - 04.12.2013, 19:18
Re: Significant server exploit - by Sublime - 05.12.2013, 01:44
Re: Significant server exploit - by Sublime - 05.12.2013, 04:23
AW: Significant server exploit - by BigETI - 05.12.2013, 05:11
Re: AW: Significant server exploit - by Pottus - 05.12.2013, 05:52
AW: Significant server exploit - by BigETI - 05.12.2013, 06:26
Re: AW: Significant server exploit - by Pottus - 05.12.2013, 06:49
AW: Re: AW: Significant server exploit - by BigETI - 05.12.2013, 06:56
Re: Significant server exploit - by Pottus - 05.12.2013, 07:08
Re: Significant server exploit - by Kyle - 05.12.2013, 08:54

Forum Jump:


Users browsing this thread: 2 Guest(s)