Two New Exploits
#1

We're encountering two new exploits

#1: Another client crasher / opcode crasher. Similiar to the recent problems that resulted in the latest update there appears to be another crasher out there.

Symptoms: 20-30 users in an unknown radius from the crasher as a player suddenly get dropped. This does appear to boot the crasher as well. They then warp to another area and boot an additional group. Those booted report problems re-connecting to the server for a few minutes afterwards where it cycles with "connecting to.." over and over. Yet the others who did not get boot report no problems and connectivity tests to the box show it's fine.

Suspects: We have noticed a large # of IP's that come from a Phillipines IP range, once we've range banned them it has slowed but occasionally we find them on another proxy based host. We've found them by monitoring who is in a particular area and who warps on reconnect.

#2: There is some method for a player to do the initial handshake as a player with the server, but before entering a password it spawns them as CJ and lets them run around the server. It does not give them any permissions or file contents (stats etc), most attempts to freeze the player via a cuff/freeze command will not work. We've tried IP and CSF firewall banning and the person does not seem to be impacted (possibly spoofed IP).

We welcome any of the SAMP staff to discuss or monitor on our server contact me for any details.
Reply
#2

Are you sure the second isn't an issue with your own script?
Reply
#3

100% positive, we've had people try everything in the book with us, we managed to get them blocked at the network level rather than the local box and it's blocking them now but this is what we see in the logs:

I've removed the guys last 2 octets but this is an example of the log data when they try to connect as an existing player.

Line 16299: [06/11/2013 01:41:04] (1) Invalid client connecting from 41.96.x.x
Line 16315: [06/11/2013 01:41:04] Invalid client connecting from 41.96.x.x
Line 16318: [06/11/2013 01:41:04] [join] Harry_Poter has joined the server (1:41.96.x.x)
Line 16357: [06/11/2013 01:41:16] Incoming connection: 41.96.x.x:50008
Line 16361: [06/11/2013 01:41:17] [join] Harry_Poter has joined the server (6:41.96.x.x)
Line 16504: [06/11/2013 01:42:57] Incoming connection: 41.96.x.x:50028
Line 16506: [06/11/2013 01:42:58] [join] Harry_Poter has joined the server (6:41.96.x.x)
Reply
#4

#1 you should post more information like crash dumps

#2 has happened on another server, if I remember correctly they were bypassing the login dialog, it can be fixed by not using the default virtual world for the game and only setting their virtual world after they've logged in
Reply
#5

Quote:
Originally Posted by V415
Посмотреть сообщение
100% positive, we've had people try everything in the book with us, we managed to get them blocked at the network level rather than the local box and it's blocking them now but this is what we see in the logs:

I've removed the guys last 2 octets but this is an example of the log data when they try to connect as an existing player.

Line 16299: [06/11/2013 01:41:04] (1) Invalid client connecting from 41.96.x.x
Line 16315: [06/11/2013 01:41:04] Invalid client connecting from 41.96.x.x
Line 16318: [06/11/2013 01:41:04] [join] Harry_Poter has joined the server (1:41.96.x.x)
Line 16357: [06/11/2013 01:41:16] Incoming connection: 41.96.x.x:50008
Line 16361: [06/11/2013 01:41:17] [join] Harry_Poter has joined the server (6:41.96.x.x)
Line 16504: [06/11/2013 01:42:57] Incoming connection: 41.96.x.x:50028
Line 16506: [06/11/2013 01:42:58] [join] Harry_Poter has joined the server (6:41.96.x.x)
You can add an array to check if the player slot is used in your script. If someone try to connect with an used player ID, ban him.

Quote:
Originally Posted by cessil
Посмотреть сообщение
#1 you should post more information like crash dumps

#2 has happened on another server, if I remember correctly they were bypassing the login dialog, it can be fixed by not using the default virtual world for the game and only setting their virtual world after they've logged in
Can they spawn even if I return 0 in OnPlayerRequestSpawn?
BTW you can always use that secret native to check for bots. GetPlayerVersion returns invalid version name too for them, while IsPlayerNPC returns false.
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)