[rymax99]

There recently have been topics about some guy named 'Raymond' crashing servers. He begged for my TDM script that Snipa and I have been working on for the past 5-6 months and when his (literally) hundreds of requests were denied, he opted to use some kind of server crasher to crash my server. I have come to the conclusion that this isn't a script specific problem, therefore I'm posting a thread to look into this.

When the attacker does it to my server, my CPU usage jumps to full usage and acts like an infinite loop - I have to forcefully kill the server for it to stop. Here are some logs:

Code:

[09/03/14 08:42:25 PM] [join] Hkertem00 has joined the server (0:197.6.40.100)
[09/03/14 08:42:25 PM] Time to execute connect for 'Hkertem00'(0): 1ms.
[09/03/14 08:42:30 PM] Hkertem00(0) has registered!
[09/03/14 08:42:44 PM] [ANTICHEAT] Player Hkertem00[0] has possibly connected with ******!
[09/03/14 08:42:52 PM] [debug] Run time error 4: "Array index out of bounds"
[09/03/14 08:42:52 PM] [debug]  Accessing element at index 9 past array upper bound 8
[09/03/14 08:42:52 PM] [debug] AMX backtrace:
[09/03/14 08:42:52 PM] [debug] #0 0002bcf8 in ?? (0x00000000, 0x00000008) from s7tdm.amx
[09/03/14 08:42:52 PM] [debug] #1 0000f3a8 in public OnPlayerRequestClass (0x00000000, 0x00000008) from s7tdm.amx
[09/03/14 08:42:52 PM] [debug] Run time error 4: "Array index out of bounds"
[09/03/14 08:42:52 PM] [debug]  Accessing element at index 9 past array upper bound 8
[09/03/14 08:42:52 PM] [debug] AMX backtrace:
[09/03/14 08:42:52 PM] [debug] #0 0007c788 in ?? (0x00000000) from s7tdm.amx
[09/03/14 08:42:52 PM] [debug] #1 000101bc in public OnPlayerRequestSpawn (0x00000000) from s7tdm.amx
[09/03/14 08:42:57 PM] Warning: client exceeded 'messageslimit' 197.6.40.100:59342 (582) Limit: 500/sec
[09/03/14 09:21:48 PM] Kicking 197.6.43.194 because they didn't logon to the game.

After that, there's nothing else - the server is stuck/'crashed'.

[Sublime]

Code:

[09/03/14 08:42:57 PM] Warning: client exceeded 'messageslimit' 197.6.40.100:59342 (582) Limit: 500/sec

I gave you the clue

[rymax99]

Quote:

Originally Posted by Sublime Code: [09/03/14 08:42:57 PM] Warning: client exceeded 'messageslimit' 197.6.40.100:59342 (582) Limit: 500/sec I gave you the clue

Yeah, thanks, I can't read. Obviously it's something that's spamming something to make the server crash - probably something class selection related - but I'm looking for further opinions.

[Sublime]

Who knows. Add and increase the messageslimit in your server.cfg. And if possible, script a restriction where every text/command sent is restricted to 1 per second if you get me.

[Lordzy]

"Array index out of bounds" - This could be if invalid array sizes are being put upon your arrays. Whether in case if the array size is higher than the value it can hold or if it's below 0. You must look with your script, it's probably a fault in there.

The reason why there's an INVALID_PLAYER_ID check over killerid under OnPlayerDeath is to check if killerid is not an invalid player id. Because if INVALID_PLAYER_ID(65535) is assigned over arrays of MAX_PLAYERS(default : 500) size, the same crash will output.

[rymax99]

Quote:

Originally Posted by Sublime Who knows. Add and increase the messageslimit in your server.cfg. And if possible, script a restriction where every text/command sent is restricted to 1 per second if you get me.

If it were text/commands causing the crashes, it'd be logged even before the server crashed.

Quote:

Originally Posted by Lordzy "Array index out of bounds" - This could be if invalid array sizes are being put upon your arrays. Whether in case if the array size is higher than the value it can hold or if it's below 0. You must look with your script, it's probably a fault in there. The reason why there's an INVALID_PLAYER_ID check over killerid under OnPlayerDeath is to check if killerid is not an invalid player id. Because if INVALID_PLAYER_ID(65535) is assigned over arrays of MAX_PLAYERS(default : 500) size, the same crash will output.

I have checks in OnPlayerDeath and what not for invalid ID checks, but these messages are coming from OnPlayerConnect and OnPlayerRequestClass.

Code:

public OnPlayerRequestClass(playerid, classid)
{
    SetPVarInt(playerid, "NoAB", 4);
	if (gPlayerInfo[playerid][pPlayingTeam])
	{
		gTeam[gPlayerInfo[playerid][pPlayingTeam]][tPlayers]-=1;
		gPlayerInfo[playerid][pPlayingTeam]=0;
	}
	gPlayerInfo[playerid][pChangeClass] = 1;
	SetPVarInt(playerid, "classspawn", 0);
	SetPlayerVirtualWorld(playerid, playerid+2); 
	SetPlayerInterior(playerid,0);
        SetPlayerPos(playerid,220.3261,1822.9734,7.5368);
   	SetPlayerFacingAngle(playerid, 270.0);
	SetPlayerCameraPos(playerid,226.7491,1823.0441,7.4141);
	SetPlayerCameraLookAt(playerid,220.3261,1822.9734,7.5368);
 	ApplyAnimation(playerid,"PED","fucku",4.0,0,0,0,0,0);
   	for (new i=1;i<MAX_TEAMS;i++) TextDrawHideForPlayer(playerid,gTeam[i][tClassText]);
   	gPlayerInfo[playerid][pTeam]=classid+1;
   	TextDrawShowForPlayer(playerid,gTeam[gPlayerInfo[playerid][pTeam]][tClassText]);
   	SetPlayerTeam(playerid,gPlayerInfo[playerid][pTeam]);
	gPlayerInfo[playerid][pSpawned]=0;
	TextDrawHideForPlayer(playerid, tw);
	UpdateRank(playerid);
	UpdateScoreDisplay(playerid);
	PlayerTextDrawHide(playerid, TeamClassTD[playerid]);
	TextDrawHideForPlayer(playerid, Text:TeamClassTD[playerid]);
	return 1;
}

[IceCube!]

A bug like this used to exist back around 0.2.2... this was to do with a client causing an infinite loop. However it used to be more than one client as the data limits/CPU usage never used to exceed if it was one client.

Anyhow, the crasher/bug used to simply call F4. This means the next time the player dies they go back to the class selection, it would then do a fake death once a spawn was detected. Why would you wait to spawn you might ask?

Well, back in 0.2.2 and still today. Servers set in their spawn callback "PlayerSpawned[playerid]". This bacially ment they wouldn't be caught out by a little anticheat in OnPlayerSpawn.

Anyhow the way around this was to limit the amount of times a player could request a new class, I usually set 3. Then kick them, if you don't want to kick innocent people you can also set a timer of say 10 seconds to restore this RequestClassCount back to 0.

This was designed to exceed CPU usage, by calling lots of functions and to be fair heavy functions over and over again. This always used to be more than one single person however. Are you absolutely certain it isn't script error.