[cod] Cfg download hacking

Marco Padovan evolutioncrazy at gmail.com
Tue Sep 14 13:32:29 EDT 2010 

I'm aware of the exploits... was looking for some suggestion on how to
fix them... even via iptables eventually...

On Tue, Sep 14, 2010 at 6:56 PM, James Landi <jim at landi.net> wrote:
>  The exploit I just posted about could be an older version or not the same
> as described in this mail list thread.
>
> using the second link should give you a good list of quake based exploits
> you may want to watch for.
>
> Sorry for the wrong ling
>
> Jim Landi
> Rudedog
> FPSadmin.com
> Microsoft MVP, Games for Windows | Twitter@ therealrudedog
>
>
> On 9/14/10 12:25 PM, Morpheus wrote:
>>
>> We're talking about the built-in download system, not the http redirect
>> one, which you can control with symlinks and htaccess features. It's about a
>> security hole that virtually exists in all q3-based games (at least for the
>> net code).
>>
>> Le 14/09/2010 18:21, Mavrick a écrit :
>>>
>>> Anyone tried symbolic links?
>>>
>>> On 14/09/2010 3:11 AM, Nosjp Nosjp wrote:
>>>>
>>>> The only one solution:  set sv_allowDownload "0"
>>>>
>>>> On Mon, Sep 13, 2010 at 7:45 PM, Marco Padovan <evolutioncrazy at gmail.com
>>>> <mailto:evolutioncrazy at gmail.com>> wrote:
>>>>
>>>>    We are having major hack attempts that consist in people
>>>>    downloading the cfg files....  currently we had to use random
>>>>    file names...
>>>>
>>>>    is there any solid work around?
>>>>
>>>>
>>>>    _______________________________________________
>>>>    cod mailing list
>>>>    cod at icculus.org <mailto:cod at icculus.org>
>>>>    http://icculus.org/mailman/listinfo/cod
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> cod mailing list
>>>> cod at icculus.org
>>>> http://icculus.org/mailman/listinfo/cod
>>>
>>>
>>> _______________________________________________
>>> cod mailing list
>>> cod at icculus.org
>>> http://icculus.org/mailman/listinfo/cod
>>
>>
>> _______________________________________________
>> cod mailing list
>> cod at icculus.org
>> http://icculus.org/mailman/listinfo/cod
>
> _______________________________________________
> cod mailing list
> cod at icculus.org
> http://icculus.org/mailman/listinfo/cod
>

More information about the cod mailing list