06.11.2013, 05:36
We're encountering two new exploits
#1: Another client crasher / opcode crasher. Similiar to the recent problems that resulted in the latest update there appears to be another crasher out there.
Symptoms: 20-30 users in an unknown radius from the crasher as a player suddenly get dropped. This does appear to boot the crasher as well. They then warp to another area and boot an additional group. Those booted report problems re-connecting to the server for a few minutes afterwards where it cycles with "connecting to.." over and over. Yet the others who did not get boot report no problems and connectivity tests to the box show it's fine.
Suspects: We have noticed a large # of IP's that come from a Phillipines IP range, once we've range banned them it has slowed but occasionally we find them on another proxy based host. We've found them by monitoring who is in a particular area and who warps on reconnect.
#2: There is some method for a player to do the initial handshake as a player with the server, but before entering a password it spawns them as CJ and lets them run around the server. It does not give them any permissions or file contents (stats etc), most attempts to freeze the player via a cuff/freeze command will not work. We've tried IP and CSF firewall banning and the person does not seem to be impacted (possibly spoofed IP).
We welcome any of the SAMP staff to discuss or monitor on our server contact me for any details.
#1: Another client crasher / opcode crasher. Similiar to the recent problems that resulted in the latest update there appears to be another crasher out there.
Symptoms: 20-30 users in an unknown radius from the crasher as a player suddenly get dropped. This does appear to boot the crasher as well. They then warp to another area and boot an additional group. Those booted report problems re-connecting to the server for a few minutes afterwards where it cycles with "connecting to.." over and over. Yet the others who did not get boot report no problems and connectivity tests to the box show it's fine.
Suspects: We have noticed a large # of IP's that come from a Phillipines IP range, once we've range banned them it has slowed but occasionally we find them on another proxy based host. We've found them by monitoring who is in a particular area and who warps on reconnect.
#2: There is some method for a player to do the initial handshake as a player with the server, but before entering a password it spawns them as CJ and lets them run around the server. It does not give them any permissions or file contents (stats etc), most attempts to freeze the player via a cuff/freeze command will not work. We've tried IP and CSF firewall banning and the person does not seem to be impacted (possibly spoofed IP).
We welcome any of the SAMP staff to discuss or monitor on our server contact me for any details.