Found a good explanation of what devil was doing and a good way around it...

Senior Member
★ Black Lounger ★
✔️ HL Verified
💻 Oldtimer
Joined
Feb 17, 2003
Messages
1,483
Best answers
0
I had to translate a page from djeyl.net to get it dot he folowing:

(unless they updated it) its the third news item in the list.
go to google.com

put in:
djeyl.net
and click translate this page.

If your french just read ahead instead.

add: I decided to put it here in case if it ever dissappears on the site
You know certainly the mechanism which make it possible to the players to download since a waiter of the files which they miss (maps, sounds...).

This system suffers unfortunately from a critical fault, recently published: any customer can, using orders which we will not detail here, to ask for the remote loading of any file . Yes, yes. Thus for example: server.cfg, addons/amx/users.ini, etc.

To counter this, two possibilities:

* to decontaminate this functionality ("sv_allowdownload 0 "in the server.cfg)
* to move the sensitive files out of repertory HLDS when that is possible

Let us reconsider this second possibility, which you will have to choose not to prevent the customers from downloading your sounds, maps & Co "custom". You must move a maximum of files, for example in a repertory "config" located at the same level as your repertory HLDS, and put your files inside (config of let us addons in particular -- plugins MetaMod). You will be able to then configure your addons to go to seek these files via access paths of the type "../../config/fichier.cfg "(instead of" addons/machin/fichier.cfg). Pay attention to the "..", one loses oneself easily in the various levels of the tree structure.

Concerning the nonremovable files (server.cfg in particular), re-elect it in anything ("pheukzehakerz.cfg"), and add the parameter which goes well to the line of order launching HLDS (here, "+servercfgfile pheukzehakerz.cfg").

A last thing: change your passwords, somebody perhaps already played with your files...

Good luck!

News powered by dJeyL (GNA)

[ EDICT - 21/11 ] the problem was corrected for the Steam waiters. They should be updated manually so that the patch is applied. The correction for waiters WON will come when to him very soon.
(remember this is translated by google from a website, so it seems a little wierd) (I think waiter = server)
 
Active Member
🚂 Steam Linked
💻 Oldtimer
Joined
Nov 4, 2002
Messages
1,061
Best answers
0
This is a little old and this isn't how devil was crashing servers. This is how goldensaiyan crashed a couple servers and gained rcon access to my server however. I didn't want to post this here because I didn't want kids going out looking for the exploit. Also its sv_allowupload 0
 
Senior Member
★ Black Lounger ★
✔️ HL Verified
💻 Oldtimer
Joined
Feb 17, 2003
Messages
1,483
Best answers
0
No Upload means upload to the server. Download is download from the server. Big diffrence.
 

Users who are viewing this thread

Top Bottom