hey guys.
Ill b honest.
Im not a hacker. Im a normal player , but i see why u hack etc.
but i wanna say this, to 1SKcause i cant access there forums.
1SK, doesn't want people knowing about #1. So this is what they get for messing with FsG(my old clan which i ran). If you run a game server, patch it since IW won't. Props to the coder that took care of business. I hope Google has a field day with this post.
#1: Run the patches here on your main exe (the multiplayer one)
http://aluigi.***************/patches.htm
#2: Disable RCON so they can't bypass the pswd and issue a kilserver cmd (Update: we don't know if the patches fix the RCON exploit yet but disabling it definitely stops them. FsG is currently toggling RCON but will post when more info is available)
#3 Turn on PB so they get kicked for flood attempts and/or just issue the cmd directly on their PB ID via server console (not to be confused with client console) using the syntax pv_sv_ban [ID]. Screen shots of the flooding work well to grab the ID quickly. Make sure your server has enough RAM and bandwidth to cover a few simultaneous floods or it will crash.
Note that 1SK uses vulnerabilities in the COD4 game server that IW created and left unpatched. Hopefully Dice will do a better job with BC2. 1SK has not affected any system above the game server so the VM and OS are solid.
For those that want to skip the tech, all 1SK does is send data that the server is not coded to account for. Normally, a software application is coded to account for unexpected data and simply reject it or throw an error. When this hasn't been coded, the application crashes like we've all experienced with the desktop apps we run. 1SK simply uses this functionality as enjoyment to their advantage.
Here's an example of what they did today. They send too much text via the console:
va() is a function of the Quake 3 engine used to quickly build strings
using snprintf and a static destination buffer.
If the generated string is longer than the available buffer the server
shows an "Attempted to overrun string in call to va()" error and
terminates.
From Call of Duty 2 (and consequently CoD4) the size of this buffer has
been reduced from the original 32000 bytes to only 1024 causing many
problems to the admins, for which reason I created an unofficial fix
for CoD2 in the far 2006 (
http://aluigi.org/patches/cod2vawo.lpatch).
So in CoD4 an attacker which has joined the server can exploit this
vulnerability through the sending of a command longer than 1024 bytes
causing the immediate termination of the server.
1SK , please leave .SF alone.
Btw, im loving the smilies.
Also , Im not a hacker like i said but id like to get involved in a community like this, you seem alright guys when ur not ingame ;L
