[cod] Cfg download hacking

Morpheus morpheus at clantoc.org
Tue Sep 14 14:01:05 EDT 2010 

  I think iptables is too low-level to deal with such specific hack 
attempts. At least you can use it to ban IP addresses you catch... It's 
sad it has not been fixed since discovery, with all the games that are 
using the codebase...

Le 14/09/2010 19:32, Marco Padovan a écrit :
> I'm aware of the exploits... was looking for some suggestion on how to
> fix them... even via iptables eventually...
>
> On Tue, Sep 14, 2010 at 6:56 PM, James Landi<jim at landi.net>  wrote:
>>   The exploit I just posted about could be an older version or not the same
>> as described in this mail list thread.
>>
>> using the second link should give you a good list of quake based exploits
>> you may want to watch for.
>>
>> Sorry for the wrong ling
>>
>> Jim Landi
>> Rudedog
>> FPSadmin.com
>> Microsoft MVP, Games for Windows | Twitter@ therealrudedog
>>
>>
>> On 9/14/10 12:25 PM, Morpheus wrote:
>>> We're talking about the built-in download system, not the http redirect
>>> one, which you can control with symlinks and htaccess features. It's about a
>>> security hole that virtually exists in all q3-based games (at least for the
>>> net code).
>>>
>>> Le 14/09/2010 18:21, Mavrick a écrit :
>>>> Anyone tried symbolic links?
>>>>
>>>> On 14/09/2010 3:11 AM, Nosjp Nosjp wrote:
>>>>> The only one solution:  set sv_allowDownload "0"
>>>>>
>>>>> On Mon, Sep 13, 2010 at 7:45 PM, Marco Padovan<evolutioncrazy at gmail.com
>>>>> <mailto:evolutioncrazy at gmail.com>>  wrote:
>>>>>
>>>>>     We are having major hack attempts that consist in people
>>>>>     downloading the cfg files....  currently we had to use random
>>>>>     file names...
>>>>>
>>>>>     is there any solid work around?
>>>>>
>>>>>
>>>>>     _______________________________________________
>>>>>     cod mailing list
>>>>>     cod at icculus.org<mailto:cod at icculus.org>
>>>>>     http://icculus.org/mailman/listinfo/cod
>>>>>
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> cod mailing list
>>>>> cod at icculus.org
>>>>> http://icculus.org/mailman/listinfo/cod
>>>>
>>>> _______________________________________________
>>>> cod mailing list
>>>> cod at icculus.org
>>>> http://icculus.org/mailman/listinfo/cod
>>>
>>> _______________________________________________
>>> cod mailing list
>>> cod at icculus.org
>>> http://icculus.org/mailman/listinfo/cod
>> _______________________________________________
>> cod mailing list
>> cod at icculus.org
>> http://icculus.org/mailman/listinfo/cod
>>
> _______________________________________________
> cod mailing list
> cod at icculus.org
> http://icculus.org/mailman/listinfo/cod

More information about the cod mailing list