Packet Hacks - Ja Server Problem

Aidenius · 06-25-2009, 12:06 PM

Hello There,

I posted recently about an apparent Q3fill issue which was resolved mostly by updating to the newest version of japlus.

My friends server is being hacked by a person named 'zarath' who is apparently using packet hacks to crash the server, yet he is apparently unable to do it to mb2 servers.

Does anyone know how to fix this?

Thank You.

Aidenius.

stoiss · 06-28-2009, 05:40 AM

what i know of there is only one way.. make slider to code the game it self to be better protected by hackers.. or turn off you allowdownload what can cost it.. changes you rconpassword and don't make it small make it over the 20 number/words to keep it away from stuff like that make new admin passwords.. i can't see what else there could be done sens it is many years ago i used JA+ Server files and don't know his config's anymore..

-=*Raz0r*=- · 06-28-2009, 06:19 AM

Are you referring to q3infoboom? (sends large requests to the server causing crashes)
That should be patched by JA+ :/

Aidenius · 06-28-2009, 07:40 AM

Apparently hes using his own developed programme, we have the latest version of Ja+, how can we stop this?

Unreliable · 09-09-2009, 12:06 AM

Old, but I gotta post this since it's completely related.

There was a hack with callvote, where you can edit the packet to change the rcon address (while the vote is in progress) and the password. Lugormod fixed this, but since it's closed source I have no idea how to do this...

Didz93 · 09-12-2009, 11:44 AM

Inside void Cmd_CallVote_f( gentity_t *ent ) in g_cmds.c

Look for this line:

Code:

if( strchr( arg1, ';' ) || strchr( arg2, ';' ) ) {

And replace it with:

Code:

if(strchr(arg1, ';') || strchr(arg2, ';') || strchr(arg1, '\r') || strchr(arg2, '\r')) {

As you may know already, packets were being modified to make the server execute multiple commands via the use of the \r line feed character.

Exploiters used modified clients to do this most of the time by replacing ; in their callvote string with \r.
So /callvote timelimit "60;set rconPassword lol" was in fact being changed to /callvote timelimit "60\rset rconPassword lol"

The code I gave you will block the use of the \r line feed character, therefore patching the callvote exploit

If you wanted to be really harsh you could kick the player from the server in that if statement if you wanted.

TJ01 · 09-12-2009, 11:56 AM

I thought /n and /t could also be used.

Not sure though. I just added \n \r \t just in case

Nice idea about the kicking Lol.
If only you could make them do r_primi or something? Can you? =o

-=*Raz0r*=- · 09-12-2009, 12:03 PM

*EDIT: Replying to Didz*
Indeed, the above will patch callvote.

Back to the original post, I doubt he was using anything too harmful - Probably just trying to boost his 'omg i r l33t hax0r ololol' ego.
There was a G_Malloc exploit that's been fixed in JA+ 2.4beta5, the details were posted here
This may have been what you were referring to.

Quote:

I thought /n and /t could also be used.

\n is already patched, and I'm pretty sure \t can't be used.

Quote:

If only you could make them do r_primi or something? Can you? =o

Well yes, so long as you require they have a client plugin - otherwise nope.

Didz93 · 09-12-2009, 12:11 PM

Only ; and \r needs to be patched, i think \r needs to be patched because that's the character used to seperate commands in the command buffer