hack prevention of server (rcon/ref hacks)

(dwe_flame) #1

well, as some of you admins know the ada… (the admins know what i mean) has released some new hack the passed months.

for 2.55 servers.
now i was looking back at some old stuff, and found this Quake multi mod. wich seems to fix some server buggs. but there seems no working site anywhere with some working docu on this. so i was wondering, does any1 have some docu on it ?

second question:
again for 2.55 servers.
im only talking about server hacks here, stuff that gets your Rcon and so on, so not the aimbots.
I have done some security fixes, as those were already adviced multiple times:

  • disable mapvoting (or all votes)
  • change server.cfg to a new name / relocate
  • 2 of my servers have PB on, 2 have them off (could this be a security problem? )

so, what else can or should i do ? any more programs to install ?

(Destroy666) #2

Our servers (TWC) use a patch to prevent hackers.

(dwe_flame) #3

for the jaymod server i just installed the enchantment mod, seems to work perfect

but not sure yet if it will work on the noquarter servers and TJ server too :\

(zbzero) #4

Already have a qmm file for prevent this created by Eyjohn take a look at this link http://www.ycn-hosting.eu/downloads/bugfixes/

the protection works great but i didnt have sure if it works with omnibot running, the list of the bugfixes is that:
The QMM bugfixes (for Enemy Territory) provides some additional bugfixes which may already be supported by the mod you run. Please note that QMM itself also contains an infostring bugfix which is not included by this bugfix.

The 4 bugfixes/features supported by this plugin are:
(by default all the bugfixes are enabled)

  1. /ws Crash Protection
    This bugfix is enabled when the cvar bf_ws is set to 1 (default). To disable this fix simply set bf_ws to 0.

  2. GUID Faking (userinfo)
    This bugfix prevents users from changing their GUID after they have joined the server. This is required for console mods such as etadmin_mod and etphp. This bugfix is enabled when bf_guid is set to 1. To disable this bugfix set bf_guid to 0 (default). This bug has been known to cause some problems with omnibots as they use fake GUIDs.

  3. Team Changes Spam Protection
    This bugfix allows the server to restrict how many team changes a player can make within 10 seconds. By default bf_teamchanges is set to 3 (3 team changes per 10 seconds). You can change this value to any integer to allow more/less team changes per 10 seconds. To disable this feature set bf_teamchanges to 0.

  4. Callvote Exploit
    This bugfix prevents clients from injecting additional rcon commands through the callvote command. This bugfix is enabled when bf_callvote is set to 1 (default). To disable this feature set bf_callvote 0.

  5. Max Connections per IP (q3fill protection)
    When bf_maxcon cvar is set to any value above 0 then when more connections are made from the same IP address then the value, they will be rejected and the connection will be closed. By default the connection limit is set to 2. To disable this feature set bf_maxcon 0. This feature allows protection against the q3fill exploit which floods your server with fake players.

Maybe it helps someone.

(macbeth) #5

how did you install it ? :blush:
it will work with noquarter 123?

(hellreturn) #6

[QUOTE=macbeth;206295]how did you install it ? :blush:
it will work with noquarter 123?[/QUOTE]

NQ has build in options for it. You don’t need another addons / hooks to stop all those stuff. It’s just for old dead jaymod.

(zbzero) #7

Its necessary you place the files qmm.ini and pbd.so in you main directory where your et are installed the files qagame.mp.i386.so need be placed in the mod folder and the file you already have in the mod package need be renamed to qmm_qagame.mp.i386.so and put the plugin folder inside the mod folder, i didnt have sure if it works with omnibots, but i think it should work if you set the cvar bf_guid 0 the new version of this bugfix 1.0.7b have some new explots fixes but i read the docs in somewehere but cant remember now.
Qmm (quake multi mode) have some great features and can be costomizade to change / add almost everything you want not only for ET it works in some q3 based games. I dont know where to find the docs now some months before i read and check all the plugis created for ET in this page if im not wrong but it seems the website is down http://q3mm.org/

I only find some infos about this for now: http://www.somedude.net/gamemonkey/ and this http://www.somedude.net/gamemonkey/forum/ and http://h1416017.stratoserver.net/gmScriptMod/

(ailmanki) #8

http://web.archive.org/web/*/http://q3mm.org/
yet I am waiting since an hour for a page to load… hehe

(Adrian) #9

THE QMM Files from YCN will be updated ASAP

Regards,
Adrian