[cod] 1.5x exploit ( was COD crash log ( regular ) )

Atomic Hund atomic_hund at inetworkus.com
Tue Dec 21 13:43:14 EST 2004


Emailed Ryan, so hopefully he will have some insight into this.

---------- Original Message ----------------------------------
From: "Jay Vasallo" <jayco1 at charter.net>
Reply-To: cod at icculus.org
Date:  Tue, 21 Dec 2004 12:10:49 -0600

>Will PB pick this up before the server?
>
>When people find out who these degenerates are, can you please give us their 
>ip's? We would like to ban them before they reach our servers as most of us 
>would. Shame that people find these exploits and use them. I wonder what 
>goes through their heads when they crash the server. Do they sit there with 
>glee or mark a notch on their desktop? My God, what sad people indeed.
>
>
>
>----- Original Message ----- 
>From: "BludGeonT[EUG]" <bludgeont at gmail.com>
>To: <cod at icculus.org>
>Sent: Tuesday, December 21, 2004 12:02 PM
>Subject: Re: [cod] 1.5x exploit ( was COD crash log ( regular ) )
>
>
>> Interesting, have you scowered your logs to find this command?   I
>> wonder if there would be a way to set up some sort of alias to that
>> command to run something else, or to +setu on a variable (to have a
>> setting take place on a clients machine forced by the server) with the
>> same name as the server variable for this exploit, so that when a
>> client issues it, it spews out something else like a keyword that no
>> one would type on accident.  This keyword might be a PB ban filter for
>> say bad words and it would be cool that when the action is done, it
>> instead does like a say "Im-a-POS-hacker" to the server, and then PB
>> detects this as a ban'able word and kicks them.  I dont know for sure,
>> just brainstorming.
>>
>> Of course a proper fix would be preferred, but there has to be
>> something that can be done to temporarily prevent this.  The command
>> that is being run by the clients would be most helpful to know.
>>
>> (shrug)
>>
>> BludGeonT[EUG]
>>
>>
>> On Tue, 21 Dec 2004 16:06:42 -0000, Steven Hartland
>> <killing at multiplay.co.uk> wrote:
>>> Can we not hijack topics and start a new one.
>>> If you have the details for this exploit mail:
>>> Ryan C. Gordon <icculus at clutteredmind.org>
>>> Privately with the details so we can get it fixed.
>>>
>>>    Steve / K
>>> ----- Original Message -----
>>> From: "Atomic Hund" <atomic_hund at inetworkus.com>
>>>
>>> For those unaware this patch comes with a nice big fat exploit for server 
>>> killing. Through console a user not spectator can enter
>>> a particular command that will essentially kill the server. It makes the 
>>> server look for resources and when it can't find them it
>>> restarts. The clients are dumped and server restarts. This affects both 
>>> new patches. If the console cvar is locked out and the
>>> command is bound they can still do it as well as still beat the PB bind 
>>> search. This may be why you suddenly have the crashes.
>>> Also an FYI is someone makes a threat to you that they will kill the 
>>> server. We have had it happen on a few of ours already.
>>>
>>> ================================================
>>> This e.mail is private and confidential between Multiplay (UK) Ltd. and 
>>> the person or entity to whom it is addressed. In the event of 
>>> misdirection, the recipient is prohibited from using, copying, printing 
>>> or otherwise disseminating it or any information contained in it.
>>>
>>> In the event of misdirection, illegible or incomplete transmission please 
>>> telephone (023) 8024 3137
>>> or return the E.mail to postmaster at multiplay.co.uk.
>>>
>>>
>> 
>
>



More information about the Cod mailing list