[Christofski]

First of all let me explain, we are currently running a 0.3.7 LATEST server version, In the past few weeks multiple players have done things like change their Game State to 'Not Spawned' but they appear ingame 'desynced' and can enter vehicles and set invalid integers and data to crash the server, I have been given multiple PRIVATE Hacks that defy alot of rules and fixes in sa-mps current versions. This is a debug from our server just before this player crashed it. Currently the only way I know of doing this is by deleting or editing features of sa-mps client source code. I don't understand how this person is doing this but can anyone else figure it out?. I posted a thread and someone asked me if I used sa-mps latest server. I have lots of info regarding this and I don't know what to do fully myself as it is becoming a problem for our large community. If someone were to be kind and look at this thread it would be of great help and may even help other communities who don't want to deal with multiple crashers being released in the future as I believe this is a private hack.

Код:

//Debug 1

State: Not Spawned
On-Foot: No
In any Vehicle: Yes
Weapons: 24, 25, 31
X: NaN
Y: NaN
Z: 9999...
Health: 100.0
Armour: 0
Vehicle Speed: NaN

//Debug 2


State: Not Spawned
On-Foot: Yes
In any Vehicle: No
Weapons: 99
X: 2561.0
Y: -1246.22
Z: 24.1
Health: 40.0
Armour: 0

This user possesses multiple hacks which evade our anti-cheat and I have not seen used in sa-mp like this.
Here is a video of one of them he even proceeds to login via another acc and send particles with dmg worth 10k per second. We have an anti-cheat with anti-weapon hacks but this guy seems to create and delete the minigun whilst spamming particles to streamed players in an area evading our Anticheat.

https://www.youtube.com/watch?v=NB-cRcP24yM

In short I believe this user possesses a leaked source code of some sort and has removed certain sa-mp updates to do with invalid data. If you read this and have some knowledge please answer me or PM me. I will be willing to discuss a lot more in detail.

[Yashas]

What do you mean by 'crash the server'?

Sending invalid information is not new. It happens every day in every popular server. You have to filter out such information in your callbacks and ban the player if the situation demands.

Why hasn't SAMP got a built-in defense against this?

[Spmn]

Quote:

Originally Posted by Yashas What do you mean by 'crash the server'? Sending invalid information is not new. It happens every day in every popular server. You have to filter out such information in your callbacks and ban the player if the situation demands. Why hasn't SAMP got a built-in defense against this?

Perhaps this exploit was found AFTER the release of latest revision.

[Christofski]

I don't fully understand how he crashes servers but he can definitely do it, the float value and speed values are messed up, he can teleport players to sa-mps height limit somehow also to where the players game just simply breaks which i'm sure you guys are aware of as spmn said this is something found after the release, so somehow somewhere someone has edited sa-mp src code to remove the protections against this. Hence why I am posting a bug report and not a server support thread, this is an actual sa-mp bug and bypass that needs to be fixed before this person gets to release it. SA-MP has built in defences since 0.3 - 0.3.7 multiple things were added to stop things like this happening. I think we all know sa-mp src codes were leaked in past times what is to stop that happening again. This person can't be kicked, Banned, warned, slapped etc. Server will return 'Player not connected'. We are looking into patching it but i know this is partly a sa-mp bug.

https://sampforum.blast.hk/showthread.php?tid=620236

this person posted his crashes, ours was similar on our server just after the float values of a player were faked, suddenly the server crashes due to a plugin that normally works so they must target a certain plugin to make it crash or something i'm not sure, I'm looking into any and all possibilities. I have lots more info to come.

[Yashas]

If whatever you've told is true, then I don't think you can make a fix in your script. It has to be fixed by Kalcor.

The AMX machine has a built in debugger and a mechanism to trap exceptions. Therefore, any script error won't cause the server to crash. On the other hand, the plugin code is running along with the server and does not have any exception handlers (most of them), therefore a crash in a plugin will send the whole server crashing.

What do you have in your server log? Are you using crashdetect?