[cod] Beware...

Tomé Duarte tome.duarte at gmail.com
Fri May 29 11:15:26 EDT 2009 

Hello,
Maybe I'm misunderstanding your script, but won't the initial rm delete the
clients' dirs, thus removing the config files as well as possible mods
installed, etc?
Cheers,
Tomé Duarte
On Fri, May 29, 2009 at 3:06 PM, escapedturkey <
escapedturkey at escapedturkey.com> wrote:

> You could update the files automatically every 24 hours so they always have
> the legit binaries and iwd files.
>
> Example:
>
> crontab this ever 24 hours.
>
> update-files.bsh
>
> #!/bin/bash
> rm -f /home/users
> chattr -R +i /home/install
> cd /home
> ls -1p|grep /|grep -v install|cut -d "/" -f1 > users
> for user in `cat users`
> do
> rsync -av /home/install/cod4 /home/$user/
> done
> rm -f /home/users
> exit $?
>
> Make sure no .cfg files are in your skeleton version so to avoid
> over-writes. This would make sure .iwd and binaries are legit every 24
> hours.
>
>
> Oliver Warburton wrote:
>
>> This is the first thing I would do.
>>
>> Then replace those files back. Then try every way possible to try and
>> overwrite them.
>>  They must be overwriting then somehow, and remember these people aren't
>> the kind that would just do it over FTP. They can be quite sneaky, and that
>> involves hacking round your setup to get what they want.
>>  Oliver Warburton,
>> Managing Director
>> INX-Network LTD
>>  INX-Gaming
>>  |
>> www.inx-gaming.com <http://www.inx-gaming.com>
>>
>>    ----- Original Message -----
>>    *From:* Einar S. Idsø <mailto:einar.cod at norsk-esport.no>
>>    *To:* Call of Duty server admin list. <mailto:cod at icculus.org>
>>    *Sent:* Friday, May 29, 2009 10:24 AM
>>    *Subject:* Re: [cod] Beware...
>>
>>    Have you checked the binaries of the alleged hacked servers and
>>    compared them with binaries from the non-hacked ones? You could run
>>    an md5sum on the specific file(s) only, or a diff -r --brief
>>    /path/to/nonhackedserver /path/to/hackedserver to look for differences.
>>
>>    Cheers,
>>    Einar
>>
>>    On Fri, May 29, 2009 at 11:10 AM, Matt | Pointy BestGN
>>    <matt at bestgn.net.au <mailto:matt at bestgn.net.au>> wrote:
>>
>>        No.
>>
>>
>>        Up until a couple of weeks ago, the only ppl to have access to
>>        the cod4 directories were myself and 1 other person that runs
>>        the network with me.
>>
>>        We have never allowed box access to anyone.
>>
>>
>>
>>
>>        *From:* Clanwarz [mailto:clanwarz at gmail.com
>>        <mailto:clanwarz at gmail.com>]
>>        *Sent:* Friday, May 29, 2009 7:02 PM
>>
>>        *To:* Call of Duty server admin list.
>>        *Subject:* Re: [cod] Beware...
>>
>>
>>        Can your clients remove the bin or exe and replace it?
>>
>>
>>        --jay
>>
>>        On Fri, May 29, 2009 at 3:40 AM, Matt | Pointy BestGN
>>        <matt at bestgn.net.au <mailto:matt at bestgn.net.au>> wrote:
>>
>>        Hey peeps..
>>
>>        I'm having a problem identifying why some of my COD4 servers are
>>        displaying
>>        as 'cracked' servers.
>>        Over the many months of hosting COD4, both public servers and
>>        sponsored clan
>>        servers, I have always used the same set of installed (updated)
>>        files from a
>>        core install.
>>        At one stage I had 6 public and 3 sponsored servers running - 2
>>        showing as
>>        cracked (allset up and installed from the same core files)
>>
>>
>>        I uploaded the game files when I purchased the game on release-
>>        so the game
>>        files are 100% legit
>>        If I wanted a new COD4 server up, I add a user (or new dir under
>>        the cod4
>>        user), cp the core files to the user dir, edit the server config
>>        and away we
>>        go...
>>
>>        All my update patches have always been downloaded via links from
>>        this
>>        mailing list and linux bins are always downloaded from links on
>>        FPSAdmin...
>>
>>        Anyone got any ideas why they are showing as being cracked?
>>
>>
>>
>>        -----Original Message-----
>>        From: MaydaX [mailto:maydaxone at gmail.com
>>        <mailto:maydaxone at gmail.com>]
>>        Sent: Friday, May 29, 2009 8:46 AM
>>        To: Call of Duty server admin list.
>>        Subject: Re: [cod] Beware...
>>
>>        MD5 checks would do the trick. Also you can check the value of
>>        authservername to be sure it's correct as an added check.
>>
>>        The main issue is legit players are populating cracked servers.
>>        The client
>>        could check the master server to see if the server they are
>>        connecting to is
>>        listed. If it's not then kick them with an error like cod waw
>>        does. Ofc it
>>        would have to check if the server is running in LAN etc.
>>
>>        Before PBBans redirected cod4master.activhsion.com
>>        <http://cod4master.activhsion.com> to the real master server
>>        we logged all IP's that connected to us. So far we have logged
>>        783 server ip's (Which I attached). PunkBuster has the ability
>>        to ban a
>>        server ip but I don't hear much on them anymore. From what I
>>        understand
>>        Activision has to send the IP's to EB for banning.
>>
>>        Any player can check the authservername value by using "/pb_cvarval
>>        authservername" in the console.
>>
>>        MaydaX
>>        Developer
>>        http://www.pbbans.com
>>
>>        Joker{eXtreme+} wrote:
>>        <file:///F:/Users/Seven/Desktop/cracked_list.zip>
>>         > Mods are given freely, not paid for, so if the md5 doesn't
>>        check out,
>>         > the mod will crash, not the server or game.  Just means you
>>        can't run
>>         > the mod without legit copy of the game ;)
>>         >
>>         > That should skip all the newer laws just fine, but I will
>>        double check
>>         > with an attorney no problems (got a few in the family)
>>         >
>>         > ~Joker
>>         > eXtreme+ mod
>>         > http://www.mycallofduty.com
>>
>>
>>        No virus found in this incoming message.
>>        Checked by AVG - www.avg.com <http://www.avg.com>
>>        Version: 8.5.339 / Virus Database: 270.12.44/2140 - Release
>>        Date: 05/28/09
>>        18:09:00
>>
>>        _______________________________________________
>>        cod mailing list
>>        cod at icculus.org <mailto:cod at icculus.org>
>>        http://icculus.org/mailman/listinfo/cod
>>
>>
>>        No virus found in this incoming message.
>>        Checked by AVG - www.avg.com <http://www.avg.com>
>>        Version: 8.5.339 / Virus Database: 270.12.44/2140 - Release
>>        Date: 05/28/09 18:09:00
>>
>>
>>        _______________________________________________
>>        cod mailing list
>>        cod at icculus.org <mailto:cod at icculus.org>
>>        http://icculus.org/mailman/listinfo/cod
>>
>>
>>
>>  ------------------------------------------------------------------------
>>
>>    _______________________________________________
>>    cod mailing list
>>    cod at icculus.org
>>    http://icculus.org/mailman/listinfo/cod
>>
>>
>>
>>    __________ Information from ESET Smart Security, version of virus
>>    signature database 3877 (20090222) __________
>>
>>    The message was checked by ESET Smart Security.
>>
>>    http://www.eset.com
>>
>>
>> ------------------------------------------------------------------------
>>
>> _______________________________________________
>> cod mailing list
>> cod at icculus.org
>> http://icculus.org/mailman/listinfo/cod
>>
> _______________________________________________
> cod mailing list
> cod at icculus.org
> http://icculus.org/mailman/listinfo/cod
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://icculus.org/pipermail/cod/attachments/20090529/e769eea0/attachment-0001.htm>

More information about the cod mailing list