WARNING: To all sa-mp WINDOWS server owners.
#21

Thanks Sneaky

I recently got told this about this "bug" that crashes the server.

Thank You Very Much.
Reply
#22

Good one sneaky

I just dont get why 'that name' would crash a server
Reply
#23

I dont understand why you wont release your sourcecode. A freind of mine just decompiled it, and explained that there is nothing in that code that could possibly encourage any hacking. He even stated that it was hard to understand, just a basic array with names in them, that checks when a player connects if that player has any of those names.
Reply
#24

Quote:
Originally Posted by Pro
I dont understand why you wont release your sourcecode. A freind of mine just decompiled it, and explained that there is nothing in that code that could possibly encourage any hacking. He even stated that it was hard to understand, just a basic array with names in them, that checks when a player connects if that player has any of those names.
He means 'this name' will crash SA-MP Window servers, which i dont know why it will
So yeah you could just decompile lol
Reply
#25

Quote:
Originally Posted by James
how are we meant to trust this.. what if you are creating a security hole...
If it bothers you that much, there is a AMX - pwn script on these forums.
Reply
#26

thanks for this m8 ill use this
Reply
#27

Quote:
LINK REMOVED, APPERENTLY NO-ONE GIVES A FUCK ABOUT THERE SERVERS, AND KEEP GIVING LINKS OUT TO AN CERTAIN "TOOL" WHICH CAN VIEW THIS FILE'S SOURCE
This can be unstickied.


Quote:

No. Im obviously not including the source for a reason.

Reply
#28

If you didn't release the source, it don't means that nobody can see contents of it. Everyone who want, can de-compile this script, and also 'hackers', and see source and 'bug places', and use it on unsecured servers. So, this script don't makes any new security for server. Devs must include bugfix into server, then it will have sense. And now, you just 'releasing bug list' for all, and everybody can now use this bugs from now.
Reply
#29

Somene needs to calm down.

The internet isn't exactly a place of complete trust, there was a reason why you were stopped from only releasing .amx files in the script-showroom.

If hackers start crashing servers by looking at the source code of the file, then so be it. The server owner needs to be more up to date with things, it's their fault, not yours.
Reply
#30

Fair enough i guess, link re-added.

I you desperatly need to see the source so bad cause you dont trust me Kyeman nor damospiderman, do it.. go find out howto crash servers, hell crash some yourself if that makes you feel better, but dont come here to cry when you are getting banned from everywhere as this is ILLEGAL even our friend troyrulz knows that and removed everything related to it. I released this to help people not to make people wonder what is in the source, just fucking download it if you got a windows server and be crash free and stfu.
Reply
#31

Actually.. I will explain exactly what happens and how to make a fix for your server because that script won't work for everyone

There are reserved names on windows which can't be used as filenames. When the sa-mp server tries writing a file with one of these words as the filename it freezes the server.
This can be fixed by either not using name based filenaming system. Or by kicking the player from the server and making sure you don't write the file.

I'm not posting these names here directly atm but I will ask Sneaky to release the source code
Reply
#32

hey guys sorry to say but i disagree with the decision not to release the source code.

The problem was once again discovered by the Australian community and fixed by the Australian community, then shared with the rest of the community.

If the problem wasn't fixed then fair enough keep it a huge secret because we have no defenses but the exploit is fixed and useless to the hackers and exploiters alike.

The problem i see is that you have not explained what the exploit is, everyone who has a script problem causing there server to crash will download the fix then scratch there heads why isn't it working and with no information available, this could very well cause server owners to throw there hands up in the air and giveup.

Post the problem and the fix on the main samp site let everyone know then fix it in 0.2.5 code.

and why not if all the servers have the fix there is no exploit and no reason for secrecy.

yes almost all the Aussies know full well what the problem was cause our official server was down for about 3 days because of it.

Oh yeah huge thank you to all those who helped fix the problem, Betamaster and keyman I'm looking at you.

Reply
#33

Quote:
Originally Posted by !damo!spiderman
Actually.. I will explain exactly what happens and how to make a fix for your server because that script won't work for everyone

There are reserved names on windows which can't be used as filenames. When the sa-mp server tries writing a file with one of these words as the filename it freezes the server.
This can be fixed by either not using name based filenaming system. Or by kicking the player from the server and making sure you don't write the file.

I'm not posting these names here directly atm but I will ask Sneaky to release the source code
This pretty much explains why linux servers are unhackabe this way. Though there are other ways you can crash both windows and linux servers...
Reply
#34

Thanks Sneaky for sharing this with us and makin our servers more secure, thnx, mate !

Reply
#35

*PเnƉるя claps
That's just ownz, thanks
Reply
#36

wht do u mean that wont work for all servers ? can you give us more details of this " not working for every server " , Damo ?
Reply
#37

It basically depends on why and when you create a file using a players name. Basically all that script does is kick them OnConnect if they have one of the many names which will crash a windows server when trying to create a file by that name. Some systems may create files OnPlayerDisconnect which is still called when someone is kicked. Basically the best solution for everyone is to use a different file naming convention than player names or prefix a extra letter to their name
Reply
#38

Quote:
Originally Posted by !damo!spiderman
It basically depends on why and when you create a file using a players name. Basically all that script does is kick them OnConnect if they have one of the many names which will crash a windows server when trying to create a file by that name. Some systems may create files OnPlayerDisconnect which is still called when someone is kicked. Basically the best solution for everyone is to use a different file naming convention than player names or prefix a extra letter to their name
Ok based on that post^ and the fact that most people already have seen the source, im releasing the source. Now windows server owners can create there own security for this new way of crashing servers based on my script and be fully protected against possible attacks.

Tho there is an downside on this when releasing the source, meaning there will be also a lot of people who will go out and crash windows servers afther see-ing the source. I am not the one who will be responsible for that - the server owners are. They just have to stay more up to date;


pawn Code:
#include <a_samp>

main(){}


new IllegalNames[][7] = {
"com1","com2","com3",
"com4","com5","com6",
"com7","com8","com9",
"lpt1","lpt2","lpt3",
"lpt4","lpt5","lpt6",
"lpt7","lpt8","lpt9",
"nul","clock$","aux",
"prn","con"
};

public OnPlayerConnect(playerid)
{
  new pName[MAX_PLAYER_NAME];
  GetPlayerName(playerid, pName, sizeof(pName));

  for(new i = 0; i < sizeof(IllegalNames); i++)
  {
    if(!strcmp(pName, IllegalNames[i] , true))
    {
      Kick(playerid);
    }
  }
  return 0;
}
Reply
#39

glad you made a filterscript for this, the server i play on was a victim of the HUGE bug, i shall not say what it is but im glad its over
Reply
#40



thanks [X2G]Sneaky!!!!!!!!!
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)