[cod] Beware...

escapedturkey escapedturkey at escapedturkey.com
Fri May 29 11:06:48 EDT 2009 

You could update the files automatically every 24 hours so they always 
have the legit binaries and iwd files.

Example:

crontab this ever 24 hours.

update-files.bsh

#!/bin/bash
rm -f /home/users
chattr -R +i /home/install
cd /home
ls -1p|grep /|grep -v install|cut -d "/" -f1 > users
for user in `cat users`
do
rsync -av /home/install/cod4 /home/$user/
done
rm -f /home/users
exit $?

Make sure no .cfg files are in your skeleton version so to avoid 
over-writes. This would make sure .iwd and binaries are legit every 24 
hours.


Oliver Warburton wrote:
> This is the first thing I would do.
> 
> Then replace those files back. Then try every way possible to try and 
> overwrite them.
>  
> They must be overwriting then somehow, and remember these people aren't 
> the kind that would just do it over FTP. They can be quite sneaky, and 
> that involves hacking round your setup to get what they want.
>  
> Oliver Warburton,
> Managing Director
> INX-Network LTD
>  
> INX-Gaming
>  |
> www.inx-gaming.com <http://www.inx-gaming.com>
> 
>     ----- Original Message -----
>     *From:* Einar S. Idsø <mailto:einar.cod at norsk-esport.no>
>     *To:* Call of Duty server admin list. <mailto:cod at icculus.org>
>     *Sent:* Friday, May 29, 2009 10:24 AM
>     *Subject:* Re: [cod] Beware...
> 
>     Have you checked the binaries of the alleged hacked servers and
>     compared them with binaries from the non-hacked ones? You could run
>     an md5sum on the specific file(s) only, or a diff -r --brief
>     /path/to/nonhackedserver /path/to/hackedserver to look for differences.
> 
>     Cheers,
>     Einar
> 
>     On Fri, May 29, 2009 at 11:10 AM, Matt | Pointy BestGN
>     <matt at bestgn.net.au <mailto:matt at bestgn.net.au>> wrote:
> 
>         No.
> 
>          
> 
>         Up until a couple of weeks ago, the only ppl to have access to
>         the cod4 directories were myself and 1 other person that runs
>         the network with me.
> 
>         We have never allowed box access to anyone.
> 
>          
> 
>          
> 
>          
> 
>         *From:* Clanwarz [mailto:clanwarz at gmail.com
>         <mailto:clanwarz at gmail.com>]
>         *Sent:* Friday, May 29, 2009 7:02 PM
> 
>         *To:* Call of Duty server admin list.
>         *Subject:* Re: [cod] Beware...
> 
>          
> 
>         Can your clients remove the bin or exe and replace it?
> 
> 
>         --jay
> 
>         On Fri, May 29, 2009 at 3:40 AM, Matt | Pointy BestGN
>         <matt at bestgn.net.au <mailto:matt at bestgn.net.au>> wrote:
> 
>         Hey peeps..
> 
>         I'm having a problem identifying why some of my COD4 servers are
>         displaying
>         as 'cracked' servers.
>         Over the many months of hosting COD4, both public servers and
>         sponsored clan
>         servers, I have always used the same set of installed (updated)
>         files from a
>         core install.
>         At one stage I had 6 public and 3 sponsored servers running - 2
>         showing as
>         cracked (allset up and installed from the same core files)
> 
> 
>         I uploaded the game files when I purchased the game on release-
>         so the game
>         files are 100% legit
>         If I wanted a new COD4 server up, I add a user (or new dir under
>         the cod4
>         user), cp the core files to the user dir, edit the server config
>         and away we
>         go...
> 
>         All my update patches have always been downloaded via links from
>         this
>         mailing list and linux bins are always downloaded from links on
>         FPSAdmin...
> 
>         Anyone got any ideas why they are showing as being cracked?
> 
> 
> 
>         -----Original Message-----
>         From: MaydaX [mailto:maydaxone at gmail.com
>         <mailto:maydaxone at gmail.com>]
>         Sent: Friday, May 29, 2009 8:46 AM
>         To: Call of Duty server admin list.
>         Subject: Re: [cod] Beware...
> 
>         MD5 checks would do the trick. Also you can check the value of
>         authservername to be sure it's correct as an added check.
> 
>         The main issue is legit players are populating cracked servers.
>         The client
>         could check the master server to see if the server they are
>         connecting to is
>         listed. If it's not then kick them with an error like cod waw
>         does. Ofc it
>         would have to check if the server is running in LAN etc.
> 
>         Before PBBans redirected cod4master.activhsion.com
>         <http://cod4master.activhsion.com> to the real master server
>         we logged all IP's that connected to us. So far we have logged
>         783 server ip's (Which I attached). PunkBuster has the ability
>         to ban a
>         server ip but I don't hear much on them anymore. From what I
>         understand
>         Activision has to send the IP's to EB for banning.
> 
>         Any player can check the authservername value by using "/pb_cvarval
>         authservername" in the console.
> 
>         MaydaX
>         Developer
>         http://www.pbbans.com
> 
>         Joker{eXtreme+} wrote:
>         <file:///F:/Users/Seven/Desktop/cracked_list.zip>
>          > Mods are given freely, not paid for, so if the md5 doesn't
>         check out,
>          > the mod will crash, not the server or game.  Just means you
>         can't run
>          > the mod without legit copy of the game ;)
>          >
>          > That should skip all the newer laws just fine, but I will
>         double check
>          > with an attorney no problems (got a few in the family)
>          >
>          > ~Joker
>          > eXtreme+ mod
>          > http://www.mycallofduty.com
> 
> 
>         No virus found in this incoming message.
>         Checked by AVG - www.avg.com <http://www.avg.com>
>         Version: 8.5.339 / Virus Database: 270.12.44/2140 - Release
>         Date: 05/28/09
>         18:09:00
> 
>         _______________________________________________
>         cod mailing list
>         cod at icculus.org <mailto:cod at icculus.org>
>         http://icculus.org/mailman/listinfo/cod
> 
>          
> 
>         No virus found in this incoming message.
>         Checked by AVG - www.avg.com <http://www.avg.com>
>         Version: 8.5.339 / Virus Database: 270.12.44/2140 - Release
>         Date: 05/28/09 18:09:00
> 
> 
>         _______________________________________________
>         cod mailing list
>         cod at icculus.org <mailto:cod at icculus.org>
>         http://icculus.org/mailman/listinfo/cod
> 
> 
>     ------------------------------------------------------------------------
> 
>     _______________________________________________
>     cod mailing list
>     cod at icculus.org
>     http://icculus.org/mailman/listinfo/cod
> 
> 
> 
>     __________ Information from ESET Smart Security, version of virus
>     signature database 3877 (20090222) __________
> 
>     The message was checked by ESET Smart Security.
> 
>     http://www.eset.com
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> cod mailing list
> cod at icculus.org
> http://icculus.org/mailman/listinfo/cod

More information about the cod mailing list