26

Re: Server Crash exploit.

/sign

*** JUSTICE ALWAYS WINS ***

27

Re: Server Crash exploit.

I can +1 to NFD tee.

if($poster["intelligence"] == $intelligence["idiot"])
        deny_post($poster);

28

Re: Server Crash exploit.

please provide a patch file

regards

29

Re: Server Crash exploit.

rajh posted a patch file. i have problems with creating a patch because the patch-file changes the code. but you can download the source-file and try to make a patch wink. if you made a patch please post how you get the correct output wink

30

Re: Server Crash exploit.

ok i tried it and i hope it will work smile
1. i removed all files except the createdir.txt file from the directory src/game/generated of your provided .zip
2. to create the patch i used

diff -Naur x/teeworlds-0.4.2-src/src teamspamprot/src > patch_autokick

3. from the teeworlds source folder i applied the patch by

patch -p1 < ../../patch_autokick

and here is the patch

diff -Naur x/teeworlds-0.4.2-src/src/game/g_variables.h teamspamprot/src/game/g_variables.h
--- x/teeworlds-0.4.2-src/src/game/g_variables.h    2008-04-05 15:13:02.000000000 +0200
+++ teamspamprot/src/game/g_variables.h    2008-05-26 10:45:15.000000000 +0200
@@ -55,5 +55,10 @@
 MACRO_CONFIG_STR(sv_gametype, 32, "dm")
 MACRO_CONFIG_INT(sv_tournament_mode, 0, 0, 1)
 MACRO_CONFIG_INT(sv_spamprotection, 1, 0, 1)
+MACRO_CONFIG_INT(sv_teamchanges, 4, 0, 100)
+MACRO_CONFIG_INT(sv_teamchangeskick, 2, 0, 100)
+MACRO_CONFIG_INT(sv_messagesnum, 8, 0, 100)
+MACRO_CONFIG_INT(sv_messageskick, 2, 0, 100)
+MACRO_CONFIG_STR(sv_endroundmessage, 500, "")
 
 MACRO_CONFIG_INT(sv_spectator_slots, 0, 0, 12)
diff -Naur x/teeworlds-0.4.2-src/src/game/server/gs_common.h teamspamprot/src/game/server/gs_common.h
--- x/teeworlds-0.4.2-src/src/game/server/gs_common.h    2008-04-05 15:13:02.000000000 +0200
+++ teamspamprot/src/game/server/gs_common.h    2008-05-26 10:51:51.000000000 +0200
@@ -352,6 +352,9 @@
     
     virtual bool take_damage(vec2 force, int dmg, int from, int weapon);
     virtual void snap(int snaping_client);
+    int last_message_tick; unsigned char message_num; bool muted;
+    bool teamchanging; unsigned char team_changes; int last_team_set;
+    bool voted;
 };
 
 extern player *players;
diff -Naur x/teeworlds-0.4.2-src/src/game/server/gs_game.cpp teamspamprot/src/game/server/gs_game.cpp
--- x/teeworlds-0.4.2-src/src/game/server/gs_game.cpp    2008-04-05 15:13:02.000000000 +0200
+++ teamspamprot/src/game/server/gs_game.cpp    2008-05-26 11:27:37.000000000 +0200
@@ -90,7 +90,15 @@
 {
     if(warmup) // game can't end when we are running warmup
         return;
-        
+    if(strlen(config.sv_endroundmessage) > 0)
+    {
+        NETMSG_SV_CHAT msg;
+        msg.team = 0;
+        msg.cid = -1;
+        msg.message = config.sv_endroundmessage;
+        msg.pack(MSGFLAG_VITAL);
+        server_send_msg(-1);
+    }
     world->paused = true;
     game_over_tick = server_tick();
     sudden_death = 0;
diff -Naur x/teeworlds-0.4.2-src/src/game/server/gs_server.cpp teamspamprot/src/game/server/gs_server.cpp
--- x/teeworlds-0.4.2-src/src/game/server/gs_server.cpp    2008-04-05 15:13:02.000000000 +0200
+++ teamspamprot/src/game/server/gs_server.cpp    2008-05-26 13:28:10.000000000 +0200
@@ -39,6 +39,85 @@
 
 static void send_chat(int cid, int team, const char *text)
 {
+    if(cid > -1 && cid < MAX_CLIENTS)
+    {
+        player *tmp = get_player(cid);
+        if(strcmp("/++",text) == 0 || strcmp("/--", text) == 0)
+        {
+            if(tmp->voted)
+            {
+                char voted[] = "You already voted the map, ignoring vote";
+                NETMSG_SV_CHAT msg;
+                msg.team = 0;
+                msg.cid = -1;
+                msg.message = voted;
+                msg.pack(MSGFLAG_VITAL);
+                server_send_msg(cid);
+            }
+            else
+            {
+                tmp->voted = true;
+                dbg_msg("game", "map-voting %s", text);
+                char voted[] = "You voted for the map, thank you";
+                NETMSG_SV_CHAT msg;
+                msg.team = 0;
+                msg.cid = -1;
+                msg.message = voted;
+                msg.pack(MSGFLAG_VITAL);
+                server_send_msg(cid);
+            }
+            
+            
+            return;
+        }
+        if(tmp->muted)
+        {
+            if(tmp->last_message_tick + 180*SERVER_TICK_SPEED > server_tick())
+            {
+                tmp->message_num++;
+                if(tmp->message_num > config.sv_messageskick)
+                {
+                    server_kick(cid,"You were kicked because of spamming");
+                }
+                return;
+            }
+            else
+            {
+                tmp->muted = false;
+                tmp->message_num = 0;
+                tmp->last_message_tick = server_tick();
+            }
+        }
+        else
+        {
+            if(tmp->last_message_tick + 30*SERVER_TICK_SPEED > server_tick())
+            {
+                if(tmp->message_num >= config.sv_messagesnum)
+                {
+                    tmp->muted = true;
+                    tmp->message_num = 0;
+                    char *muting = (char *)malloc(sizeof(char) * 200);
+                    sprintf(muting, "%s was muted for 3 minutes because of spamming.", server_clientname(cid));
+                    dbg_msg("chat", "*** %s", muting);
+                    NETMSG_SV_CHAT msg;
+                    msg.team = 0;
+                    msg.cid = -1;
+                    msg.message = muting;
+                    msg.pack(MSGFLAG_VITAL);
+                    server_send_msg(-1);
+                    free(muting);
+                    return;
+                }
+                else
+                    tmp->message_num++;
+            }
+            else
+            {
+                tmp->last_message_tick = server_tick();
+                tmp->message_num = 0;
+            }
+        }
+    }
     if(cid >= 0 && cid < MAX_CLIENTS)
         dbg_msg("chat", "%d:%d:%s: %s", cid, team, server_clientname(cid), text);
     else
@@ -659,6 +738,9 @@
 
 void player::init()
 {
+    voted = false;
+    teamchanging = false; team_changes = 0; last_team_set = server_tick();
+    last_message_tick = server_tick(); message_num = 0; muted = false;
     proximity_radius = phys_size;
     client_id = -1;
     team = -1; // -1 == spectator
@@ -750,6 +832,54 @@
 
 void player::set_team(int new_team)
 {
+    if(teamchanging)
+    {
+        if(last_team_set + 180*SERVER_TICK_SPEED > server_tick())
+        {
+            team_changes++;
+            if(team_changes > config.sv_teamchangeskick)
+            {
+                server_kick(client_id,"You were kicked because of fast teamchanging");
+                
+            }
+            return;
+        }
+        else
+        {
+            teamchanging = false;
+            team_changes = 0;
+            last_team_set = server_tick();
+        }
+    }
+    else
+    {
+        if(last_team_set + 30*SERVER_TICK_SPEED > server_tick())
+        {
+            if(team_changes >= config.sv_teamchanges)
+            {
+                teamchanging = true;
+                team_changes = 0;
+                char *blocking = (char *)malloc(sizeof(char) * 200);
+                sprintf(blocking, "%s can't change team for 3 minutes", server_clientname(client_id));
+                dbg_msg("chat", "*** %s", blocking);
+                NETMSG_SV_CHAT msg;
+                msg.team = 0;
+                msg.cid = -1;
+                msg.message = blocking;
+                msg.pack(MSGFLAG_VITAL);
+                server_send_msg(-1);
+                free(blocking);
+                return;
+            }
+            else
+                team_changes++;
+        }
+        else
+        {
+            last_team_set = server_tick();
+            team_changes = 0;
+        }
+    }
     // clamp the team
     new_team = gameobj->clampteam(new_team);
     if(team == new_team)

31

Re: Server Crash exploit.

I run a server myself sometimes, and I can tell what the problem is of the teamchanging: my CPU and RAM raised through the roof while this happened and after my laptop reaches a certain CPU / RAM usage (didn't figure out how much yet), the server program stops responding, causing the server to crash in-game. I haven't been able to reconstruct it though, just happened two times..

[chat]: NAZI 4 LIFE: how the fuck u get out of the box
[chat]: nuff @ clan search: ctrl+shift+q
*** NAZI 4 LIFE has left the game

32

Re: Server Crash exploit.

@martin.9

thank you smile don't know why that didn't work here but the patch-file seems to be correct smile. i will try it at my next  mod with the same command, hope that will work smile

33

Re: Server Crash exploit.

Much respect!
This basters are crashing my server 2 times a week, i hope this patch will help me ))

34

Re: Server Crash exploit.

I have a little problme with martin.9's patch,

azmeuk@ramoloss:~/teeworlds/042$ patch -p1 < ../files/spamprotection.patch 
patching file src/game/g_variables.h
patching file src/game/server/gs_common.h
Hunk #1 FAILED at 352.
1 out of 1 hunk FAILED -- saving rejects to file src/game/server/gs_common.h.rej
patching file src/game/server/gs_game.cpp
Hunk #1 FAILED at 90.
1 out of 1 hunk FAILED -- saving rejects to file src/game/server/gs_game.cpp.rej
patching file src/game/server/gs_server.cpp
Hunk #1 FAILED at 39.
Hunk #2 FAILED at 738.
Hunk #3 FAILED at 832.
3 out of 3 hunks FAILED -- saving rejects to file src/game/server/gs_server.cpp.rej
azmeuk@ramoloss:~/teeworlds/042$

Where am I wrong ?

Play ctf_fall if you dare!

35

Re: Server Crash exploit.

scosu provided a binary earlier in the thread. no need to compile

oh btw, can this be implemented in the next release? because this seriously needs to be addressed and should be in the official build. otherwise we'll have to be patching every release =P

36

Re: Server Crash exploit.

I need to compile becaus I want to apply another patch ...

Play ctf_fall if you dare!

37

Re: Server Crash exploit.

i don't know why the patch doesn't work, at least i was not able to make it wink. But you could simply apply the patch by copy and paste(are not so much changes) or take the src folder from earlier in this thread or take the physics patch. there are the same features but more code changes so it could be difficult to apply another patch.

38

Re: Server Crash exploit.

They aren't. Here is the diff, and thanks for the help.

--- gs_server.cpp    2008-06-09 15:41:10.000000000 -0700
+++ grenade2.cpp    2008-06-09 15:44:55.000000000 -0700
@@ -1,42 +1,36 @@
-        case WEAPON_GRENADE:
-        {
             if(!grenade_shotspread)
+            grenade_shotspread = 3;
+            msg_pack_start(NETMSGTYPE_SV_EXTRA_PROJECTILE, 0);
+            msg_pack_int(grenade_shotspread);
+            for(int i = grenade_shotspread; i <= grenade_shotspread; i++)
             {
-                int grenade_shotspread = 1;
-                msg_pack_start(NETMSGTYPE_SV_EXTRA_PROJECTILE, 0);
-                msg_pack_int(grenade_shotspread);
-            }
-            else
-            {
-                msg_pack_start(NETMSGTYPE_SV_EXTRA_PROJECTILE, 0);
-                msg_pack_int(grenade_shotspread*2+1);
-            }
-    
-            for(int i = -grenade_shotspread; i <= grenade_shotspread; i++)
-            {
-                float spreading[] = {-0.185f, -0.070f, 0, 0.070f, 0.185f};
+                
+                float spreading[] = {-0.070f, 0, 0.070f};
+                latest_input.target_x= latest_input.target_x+spreading[i+12];
+                latest_input.target_y= latest_input.target_y+spreading[i+12];
+                vec2 new_dir = normalize(vec2(latest_input.target_x, latest_input.target_y));
                 float a = get_angle(direction);
                 a += spreading[i+2];
                 float v = 1-(abs(i)/(float)grenade_shotspread);
-                float speed = mix((float)tuning.shotgun_speeddiff, 1.0f, v);
+                float speed = mix((float)tuning.grenade_speed, 1.0f, v);
                 projectile *proj = new projectile(WEAPON_GRENADE,
                     client_id,
                     projectile_startpos,
-                    vec2(cosf(a), sinf(a))*speed,
+                    new_dir,
                     (int)(server_tickspeed()*tuning.grenade_lifetime),
                     this,
                     1, projectile::PROJECTILE_FLAGS_EXPLODE, 0, SOUND_GRENADE_EXPLODE, WEAPON_GRENADE);
-
+                    
                 // pack the projectile and send it to the client directly
                 NETOBJ_PROJECTILE p;
                 proj->fill_info(&p);
-
-                msg_pack_start(NETMSGTYPE_SV_EXTRA_PROJECTILE, 0);
-                msg_pack_int(1);
+                
                 for(unsigned i = 0; i < sizeof(NETOBJ_PROJECTILE)/sizeof(int); i++)
                     msg_pack_int(((int *)&p)[i]);
             }
+
             msg_pack_end();
-            server_send_msg(client_id);
+            server_send_msg(client_id);                    
+            
             create_sound(pos, SOUND_GRENADE_FIRE);
         } break;
if($poster["intelligence"] == $intelligence["idiot"])
        deny_post($poster);

39 (edited by martin.9 2008-06-20 17:11:59)

Re: Server Crash exploit.

@scosu
maybe this mod should also be posted in the "content: other" forum

regards

40

Re: Server Crash exploit.

@martin.9
in case you didn't see it already, i posted it here: http://www.teeworlds.com/forum/viewtopic.php?id=1726

41

Re: Server Crash exploit.

thx

42

Re: Server Crash exploit.

They have tried many times to crash my server, they cant. They should include this patch into the main teeworlds downloads and patch the files in the Ubuntu Repos (where i got my server files).

Ubuntu Member
Power tends to corrupt and absolute power corrupts absolutely. - Lord Acton