[cod] Cfg download hacking

Morpheus morpheus at clantoc.org
Mon Sep 13 15:16:42 EDT 2010 

  Yes, but it is only relevant with http downloading (I'm simlinking the 
folder too, but with a good htaccess restrictions, and stricts 
permission on the files--only readable by the owner). Is it possible to 
use the client to try downloading the cfg through the built-in protocol 
? That could be the major hack, and it can potentially touch every 
quake-based game, at least those using the same net codebase (cod2 is 
one of them).

But I'm pretty sure it's not the case, and http is the way to follow, 
and to harden...

Le 13/09/2010 21:09, Sheepa a écrit :
> I havnt't really researched this matter but I'm guessing ppl are 
> creating symlinks to their entire mods folder? I've symlinked the 
> individual files that are supposed to be available to the public.
>
> *From:* Morpheus <mailto:morpheus at clantoc.org>
> *Sent:* Monday, September 13, 2010 8:08 PM
> *To:* Call of Duty server admin list. <mailto:cod at icculus.org>
> *Subject:* Re: [cod] Cfg download hacking
>
> How do they try to download it ? How do you allow them to download 
> files ? how the http redirection is set up (if there is one) ? Without 
> some details about the setup and the attempts, it's hard to give you a 
> fix...
>
> Le 13/09/2010 19:11, Nosjp Nosjp a écrit :
>> The only one solution:  set sv_allowDownload "0"
>>
>> On Mon, Sep 13, 2010 at 7:45 PM, Marco Padovan 
>> <evolutioncrazy at gmail.com <mailto:evolutioncrazy at gmail.com>> wrote:
>>
>>     We are having major hack attempts that consist in people
>>     downloading the cfg files....  currently we had to use random
>>     file names...
>>
>>     is there any solid work around?
>>
>>
>>     _______________________________________________
>>     cod mailing list
>>     cod at icculus.org <mailto:cod at icculus.org>
>>     http://icculus.org/mailman/listinfo/cod
>>
>>
>>
>> _______________________________________________
>> cod mailing list
>> cod at icculus.org
>> http://icculus.org/mailman/listinfo/cod
>
> ------------------------------------------------------------------------
> _______________________________________________
> cod mailing list
> cod at icculus.org
> http://icculus.org/mailman/listinfo/cod
>
>
> _______________________________________________
> cod mailing list
> cod at icculus.org
> http://icculus.org/mailman/listinfo/cod
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://icculus.org/pipermail/cod/attachments/20100913/2277e7f6/attachment.htm>

More information about the cod mailing list