I'm testing another fix for the problem of people spawning stuff in the game to crash the server.
You will have to already know how this is done, because I can't tell anyone how to do it.

My understanding is there are 2 possible ways to do it.
I'm pretty sure I've blocked one way.
I need someone who knows how to do it both ways to test my fix.



Thanks

Druid

I've moved the fix to my clan server for more testing.
IP 63.99.213.111

I'm sure I've blocked anyone from crashing the server by using the console.
I now need someone who knows how to bring up the spawn menu to try.

If anyone knows how to bring up the spawn menu, please goto my server and try to crash it using the menu.

I never thought I would be asking people to try and crash my server
:D :D :D

Druid: Good work on this, I was unable to use any of the methods I know for inserting models. Thanks for hopping on the server with me.

All: there may still be a way to insert models, Druid and I discussed it, however his mod should stop 99% of the people using it now. If it is possible and starts being used then there is a way to make the mod even more secure with a bit of work from the admin. More info once I actually get a copy of his fix and can work with it in my testing environment.

I wasn't sure about what you guys were talking about, but I think I may have just witnessed an occurrance of it. Here's a section of my game server log file right before it crashed:

clientCommand: WAFFEN-SS-16Th-THUG : 47 : lod_spawn models/vehicles/uboat.tik
Cvar_Set2: lod_tikiname models/vehicles/uboat.tik
Cvar_Set2: lod_tool 1
^~^~^ Add the following line to the *_precache.scr map script:
cache models/vehicles/uboat.tik
TIKI_InitTiki: could not find surface 'material4' in 'models/vehicles/uboat.tik'
(check referenced skb/skd files).
Cvar_Set2: cg_drawviewmodel 0
Cvar_Set2: cg_shadows 0
clientCommand: WAFFEN-SS-16Th-THUG : 48 : vÅ
client text ignored for WAFFEN-SS-16Th-THUG
WARNING: bad command byte for client 4
WARNING: bad command byte for client 4
WARNING: bad command byte for client 4
clientCommand: _-=WB=-_T-Dog : 1 : disconnect
broadcast: print "_-=WB=-_T-Dog disconnected\n"
Going to CS_ZOMBIE for _-=WB=-_T-Dog

I downloaded the fix mentioned on the site's main page, but I don't think it will work for Linux because it's a DLL. If someone could explain what the problem is and how it causes a server crash, I would be happy to try to do something on the Linux side if I can.

Thanks!

Wow, were you on the server when it happened?

Was the uboat insert sucessful or did the attempt just crash the server?

I wasn't actually in the game, but I was monitoring the game console and the log output. I was in the process of testing the latest timer logic changes I made to my server administration tool when I noticed it crash. After restarting it, I looked at the tail end of the log and found what I pasted above. I had read about this spawn issue before here in the forums and the lightbulb went on over my head when I realized there may be a connection.

With the developer mode set to "2", all player commands are sent to the game server log file. If crashing the server is a multiple step process, it is possible that I might be able to intercept a forbidden command and make the admin tool issue a command to either counterract it or blank out the command's argument. I am interested in knowing more about what we're all up against so I can figure out what options are available.

Since I don't know of any way to make a DLL work under Linux and that's the only fix proposed so far, it appears that Linux game servers are powerless to stop players bent on crashing the server. That would not be a good thing. :(

I know people are looking at porting my fix over to linux.
As soon as its done. I'll let everyone know.

In the meantime Druid, perhaps you could just explain the mechanism by which these attacks are perpetrated. I already have an extensive mechanism for controlling Linux servers in place and working. Maybe there is something I can do to help. ;)

We've taken Druid's fix and converted it to a patch, both for Linux and Windows versions. We've also made it more difficult to hack. Should be available for download in a bit.....