[mohaa] "Spawn Hack" and server crashes

[-SF-]Shockwave shockwave at clanshortfuse.com
Mon Nov 4 09:34:38 EST 2002 

Hello everyone,

The sv_pure setting is supposed to be fixed in the expansion pack from what
I've heard.  I've also had a chance to talk to the developers of the fix for
the spawn hack and I am in the process of testing the fix myself.  The
problem stems from the ability of the client to invoke a developer menu
command that allows items to be spawned while the game is running.  The
potential fix obfuscates this and other related commands in an attempt to
make them inaccessible.  I'll let everyone know the results of my testing as
soon as I have finished.

Another little tidbit I found is that the following command can show some
interesting information about a player:

dumpuser playername

If the player's name has spaces in it, be sure to include it in quotation
marks like this:

dumpuser "player name"

Players who employ illegal skins and settings to their client program that
adjust the graphics to give them an edge will have these settings appear in
the information displayed by the dumpuser command.  Once identified, a
player can be warned/kicked/banned for using these modifications.  I know
that DELATOR helps with detecting illegal skins and I believe DogTagz helps
deal with players who rename illegal skins to legal skin names in an attempt
to circumvent existing detection tools.

With any luck, sv_pure will alleviate some of these problems.  We'll have to
see when the expansion pack comes out.  I am confident that Ryan and the
other developers at EA will come through for us.  They've done a spectacular
job so far.


Shockwave


----- Original Message -----
From: "André Rivotti Casimiro" <rivotti at netcabo.pt>
To: <mohaa at icculus.org>
Sent: Monday, November 04, 2002 8:52 AM
Subject: RE: [mohaa] "Spawn Hack" and server crashes


> Hi all,
>
> There is a CVAR that it's supose to prevent clients of using diferent pk3
> than the ones in the server: sv_pure. It's suposed to checksum the
clientes
> pk3 and the server pk3 to validade ...or not. It's supose... but I thing
it
> doesn't work... anyone knows nothing about this? I have it like: sv_pure
1.
> I know that the server can checksum the client pk3, but how? Anyone knows
> how?
> Another thing, were's a little anti-cheat mod that preventes the use of
> Force-Models and illegal skins... it's not much but it's something. Put it
> in the main directory like the maps... it works :).
>
> Regards
> André Rivotti Casimiro
>
> -----Mensagem original-----
> De: Antonio Cristovão [mailto:acristovao at compulab.pt]
> Enviada: segunda-feira, 4 de Novembro de 2002 10:11
> Para: mohaa at icculus.org
> Assunto: RE: [mohaa] "Spawn Hack" and server crashes
>
>
> I know a way to stop cheaters to enter with wallhack
>
> install POINT40, you can download at www.alliedassault.dk
> <http://www.alliedassault.dk>
>
> but this is for windows... not linux
>
> -----Mensagem original-----
> De: Perry Heath [mailto:perry at phs-technology.net]
> Enviada: domingo, 3 de Novembro de 2002 15:26
> Para: mohaa at icculus.org
> Assunto: RE: [mohaa] "Spawn Hack" and server crashes
>
>
> Hi Shockwave,
>
> As a supplier of game servers ( www.fragserv.co.uk
> <http://www.fragserv.co.uk> ) I am worried about a new cheat that has
> come to light. As we use Linux servers you seemed to be the right person
> 2 ask.
>
> Its a wallhack lets u see right through walls! its in a .pk3 format is
> there anyway the server could see if someone is using this and kick
> them?
>
> Regards
>
> Perry
> fragserv.co.uk
>
> -----Original Message-----
> From: [-SF-]Shockwave [mailto:shockwave at clanshortfuse.com]
> Sent: 03 November 2002 15:00
> To: mohaa at icculus.org
> Subject: Re: [mohaa] "Spawn Hack" and server crashes
>
>
> Hello again,
>
> It seems that there is now a fix out for this problem.  Here are the
> links to the news item and the file itself:
>
> http://www.mohadmin.com/nuke/ <http://www.mohadmin.com/nuke/>
> http://www.mohadmin.com/nuke/download/MoHAAPatch.zip
> <http://www.mohadmin.com/nuke/download/MoHAAPatch.zip>
>
> The people involved in producing this patch still haven't responded to
> my request for information about how this exploit works which is
> disappointing.  If anyone has any more information about this, I think
> it would be a good idea to discuss it further.  The idea of compiling a
> new fgameded.so file from a Windows installation using an unofficial
> patch program in order to fix an unexplained server exploit makes me a
> bit uneasy.  Maybe it's just me.
>
>
> Shockwave

More information about the Mohaa mailing list