[cod] 1.5x exploit ( was COD crash log ( regular ) )

Jay Vasallo jayco1 at charter.net
Tue Dec 21 13:10:49 EST 2004 

Will PB pick this up before the server?

When people find out who these degenerates are, can you please give us their 
ip's? We would like to ban them before they reach our servers as most of us 
would. Shame that people find these exploits and use them. I wonder what 
goes through their heads when they crash the server. Do they sit there with 
glee or mark a notch on their desktop? My God, what sad people indeed.



----- Original Message ----- 
From: "BludGeonT[EUG]" <bludgeont at gmail.com>
To: <cod at icculus.org>
Sent: Tuesday, December 21, 2004 12:02 PM
Subject: Re: [cod] 1.5x exploit ( was COD crash log ( regular ) )


> Interesting, have you scowered your logs to find this command?   I
> wonder if there would be a way to set up some sort of alias to that
> command to run something else, or to +setu on a variable (to have a
> setting take place on a clients machine forced by the server) with the
> same name as the server variable for this exploit, so that when a
> client issues it, it spews out something else like a keyword that no
> one would type on accident.  This keyword might be a PB ban filter for
> say bad words and it would be cool that when the action is done, it
> instead does like a say "Im-a-POS-hacker" to the server, and then PB
> detects this as a ban'able word and kicks them.  I dont know for sure,
> just brainstorming.
>
> Of course a proper fix would be preferred, but there has to be
> something that can be done to temporarily prevent this.  The command
> that is being run by the clients would be most helpful to know.
>
> (shrug)
>
> BludGeonT[EUG]
>
>
> On Tue, 21 Dec 2004 16:06:42 -0000, Steven Hartland
> <killing at multiplay.co.uk> wrote:
>> Can we not hijack topics and start a new one.
>> If you have the details for this exploit mail:
>> Ryan C. Gordon <icculus at clutteredmind.org>
>> Privately with the details so we can get it fixed.
>>
>>    Steve / K
>> ----- Original Message -----
>> From: "Atomic Hund" <atomic_hund at inetworkus.com>
>>
>> For those unaware this patch comes with a nice big fat exploit for server 
>> killing. Through console a user not spectator can enter
>> a particular command that will essentially kill the server. It makes the 
>> server look for resources and when it can't find them it
>> restarts. The clients are dumped and server restarts. This affects both 
>> new patches. If the console cvar is locked out and the
>> command is bound they can still do it as well as still beat the PB bind 
>> search. This may be why you suddenly have the crashes.
>> Also an FYI is someone makes a threat to you that they will kill the 
>> server. We have had it happen on a few of ours already.
>>
>> ================================================
>> This e.mail is private and confidential between Multiplay (UK) Ltd. and 
>> the person or entity to whom it is addressed. In the event of 
>> misdirection, the recipient is prohibited from using, copying, printing 
>> or otherwise disseminating it or any information contained in it.
>>
>> In the event of misdirection, illegible or incomplete transmission please 
>> telephone (023) 8024 3137
>> or return the E.mail to postmaster at multiplay.co.uk.
>>
>>
>

More information about the Cod mailing list