Results 1 to 9 of 9

Thread: Patch and Server control

  1. #1

    Default Patch and Server control

    Hey James,

    I was just wondering being that I'm getting back into the mix of mohaa and things; those that are working on the Reborn patch, is there any possible way they can use that to their advantage and take control of a server at any given time?

    I have been talking to some of my people ingame and word around is that many mohaa clans don't want to install the patch because of some "people that are working on the patch" were in a server and being jerks and took control of the server. And since that happened, word got around and other clans are hesitant on installing it.

    I know it's a he said she said thing but I was just wondering if server access was possible to those working on the project. If so, something like that can really ruin the potential success of the patch.

    Thanks,
    - Dead

    I know nothing is 100% secure and if someone working on the patch can do this, then fine. Just wanted my mind at ease either way. I know anyone from my gameserver company can log into my account and gain access to my server password and act a fool too. Not something I worry about since nothing can be done about that anyway.

  2. #2

    Default

    It's impossible, the patch doesn't even contain any code that could make some ppl take control of the whole server.
    And o/c, someone should remember the guy who took control.
    Last edited by Ley0k; July 7th, 2014 at 10:53 AM.

  3. #3

    Default

    Obviously James can reply better on this.
    But atm most (if not all) developers aren't even playing mohaa currently and they are good people that are working to stop any abuse from (server) hackers, crashers etc.
    Anyone stating in a server they are Reborn developers and then f*ck with the server are nothing but fakers, just pretending to be someone they're not and give a bad name to Reborn.
    Because without Reborn, a server is vulnerable to getting crashed and hacked.. which is probably exactly what happened.

    Without the Reborn patch it would be no big deal to gain access to someone's server (as in get rconpassword or crash the server) so why would they build a patch to gain access to a server, when they already can get access? (IF they really wanted to, which is not the case).

    At the moment about 80% of the servers is running the Reborn patch and so far I haven't heard any server crashers or 'take-overs' in a VERY long time. And I had to deal with that shit every single day a few years ago xD

    Obviously, James (or other developers) will reply as well, and their word will mean more in this case, but I still hope you can set your mind at ease and have trust in the developers who are only doing this to save this game and the community. There will always be people that are assholes and pretend to be someone else, and there always will be people who remain paranoid, simply because they do not know any better.

  4. #4
    Administrator James's Avatar
    Join Date
    May 2010
    Location
    on the intraweb
    Posts
    3,180

    Default

    Hey guys, just to clear this up for everyone... DeadSnipe has voiced his concern based on what he heard from other word of mouth, so he wanted to let us know. After talking to RR, I had DeadSnipe post this publicly so we can answer any questions or concerns anyone else has about what the patch does\doesn't do.

    Here was my response
    Well I can tell you this for sure.
    The patch is created with the intention of stoping cheats, adding functionality and preventing exploits... As far as server admins are concerned, unfortunately we can't really control how or what they do with the patch. There has been talk even internally within our community that there are some server admins that "falsely" ban users just because they're very good, or they give themselves an advantage over other users on the server. I CAN tell you, that there is nothing in the patch that would give an admin any advantage over any other user on the server, but sadly, it still doesn't stop a admin from creating a mod using our new features and cvars to create something that could potentially give him an advantage.


    The issue is though regardless of whether or not they use the reborn patch, it still doesn't stop them from creating a mod to give them an advantage. They can still do it with the stock 1.11 patch, so I wouldn't say that servers using Reborn necessarily have "jerk" admins.


    I hope this makes sense to you.


    As far as giving "us the devs" access to other servers, that is absolutely false information. We have no intention of that. The only thing we do, is pull statistics so we know which servers use our patch versus 1.11 version. This however does NOT give us any sort of access to the server to take advantage of it. If someone has come across some exploit that allows this to happen, I suggest that it be reported immediately so we can fix it, because we certainly would not want something like that to ruin the credibility of this patch.


    Thank you for voicing your concern. Maybe RazorRapid can add something to this, but I assure you that the word of mouth are only rumors. If there are any other questions or concerns you have, please let me know.


    Thanks!
    And just to clarify what I meantion above int he quote...
    There will always be "bad" admins... This is one thing that we have all run in to. Even Elgan has his troubles with admins that try to take advantage over other players that are clean...
    The conclusive result is.. regardless of whether a server is running Reborn or not, there is only so much that can be done with protecting a server against these dort of admins. After all, if you have full access to the server and files, then what's really stopping a server admin from running some mod that gives him 500% health or the ability to toggle invisibility or anything else.. quick answer: nothing.

    Now, if I understand correctly, it sounds like whoever is spreading these rumors about the patch is just disgruntled. I really have no other explanation. The point is.. Mohaa has never been "more" clean previously. Even with all the previous AC's like DMW there was always the risk of it getting bypassed. As far as I can tell I haven't come across anyone that is able to circumvent what has been done... So the people that try to give us negative rep, they're probably upset because they can't use their cheats, crashes or other exploits on these servers.

    "people that are working on the patch" were in a server and being jerks and took control of the server

    The only explanation I have for this is... The server may have been running an older version of Reborn that may have had some flaw, however the current stable version should be running without any issues. Also, there is nothing that would allow a client to gain access to a server, so not sure about this.

  5. #5

    Default

    Its always a difficult area and my own clan has had its fair share of users who come on and use our tags and claim this and that and so on and threaten to shut down the server and sometimes manage to do so - All I would say is to back up above what James has said we have never had anyone from the dev team abuse the patch!!! and would agree this is some pissed off hack who cant get past the patch I have been on here for years and I am a trusted member and I dont have access to source!!

    They have always been secure on that and hope you can understand what has been said above but for sure I am 100% happy the patch has not been hacked or abused in any way!!

  6. #6
    Über Prodigy & Developer Razo[R]apiD's Avatar
    Join Date
    May 2010
    Location
    Poland, Lublin
    Posts
    3,257

    Default

    Here's some more background information.

    DeadSnipe asked James about this in private message, and James answered him as well as forwarded their conversation to me so I could say something too.
    I asked if DeadSnipe can make a public thread about it because obviously we have nothing to hide there.

    So here's James answer:

    Well I can tell you this for sure.
    The patch is created with the intention of stoping cheats, adding functionality and preventing exploits... As far as server admins are concerned, unfortunately we can't really control how or what they do with the patch. There has been talk even internally within our community that there are some server admins that "falsely" ban users just because they're very good, or they give themselves an advantage over other users on the server. I CAN tell you, that there is nothing in the patch that would give an admin any advantage over any other user on the server, but sadly, it still doesn't stop a admin from creating a mod using our new features and cvars to create something that could potentially give him an advantage.

    The issue is though regardless of whether or not they use the reborn patch, it still doesn't stop them from creating a mod to give them an advantage. They can still do it with the stock 1.11 patch, so I wouldn't say that servers using Reborn necessarily have "jerk" admins.

    I hope this makes sense to you.

    As far as giving "us the devs" access to other servers, that is absolutely false information. We have no intention of that. The only thing we do, is pull statistics so we know which servers use our patch versus 1.11 version. This however does NOT give us any sort of access to the server to take advantage of it. If someone has come across some exploit that allows this to happen, I suggest that it be reported immediately so we can fix it, because we certainly would not want something like that to ruin the credibility of this patch.

    Thank you for voicing your concern. Maybe RazorRapid can add something to this, but I assure you that the word of mouth are only rumors. If there are any other questions or concerns you have, please let me know.

    Thanks!
    Now here's what I have to say:

    I can understand some concerns regarding security as patch is closed-source and yes - we could put there any code we wanted, even code that could take control over ones server, but we simply won't do this. Why you may ask?

    We are already grown up, therefore we simply don't see a need to do something like this. Everyone of us can own their own server, why should we take over another servers and risk being sued or something. This is first thing. Secondly, I alone spent on developing the patch hundreds of hours. If you do a simple math:

    48h * 10$ = 480$

    or pounds, or euro, or even pln (I'm from Poland and 480PLN is still a lot of money), you will see that this is how much my time is worth (it's worth more actually), and what is more - it's my free time! It should count as overtime where salary is higher. What's more - I spent much more than 48hours, I would even say it can be even thousand or more, really. Why would I want to loose my free time, continously for 5 years to have control over some old game's servers.

    And what Shadow said - university, full time job, life, woman and I don't really have even time to play anymore (from time to time I can play, but I didn't visit any public MoH server in 4 years already).
    The same is for James and others.

    We wanted to create a patch for this game because it truly deserves one and we just like the game, and we enjoy what we do and we enjoy learning process and sharing ideas that come along with this whole xNULL Project - which is not only a patch itself. We've made a lot of 3rd party tools and helped people fix their issues with the game and servers.

    We've built mods, server browsers, master server, mod frameworks. Patch itself contains many fixes against crashes, during development we even discovered bugs that were not known to public community and we've fixed them before anyone else would find a way to exploit them.

    There are only 2 things we do:

    1. Patch has auto-update feature, which is nothing more than a downloader that downloads updates from our website. We did this because we release updates very often and we wanted to make sure that admins run lates and most stable versions of Reborn on their servers.
    2. Patch connects to our custom masterserver. This way we have a database of all online MoH:AA servers that run Reborn. When GameSpy goes down, we can still keep the game alive by serving players data from our database. We can also use this data for statistics (how many servers are online on average etc., how many players play the game etc.) and PR (by giving numbers about servers curently ussing the patch we can encourage other people to use it as well).

    It also should be noted that some game hosting companies already offer 1.12 Reborn build of the server, which just shows how commonly used it is.

    The last thing I can say is that it's much easier to take control over the stock 1.11 server than server secured with Reborn patch and if we just wanted to do so, our last intention would be to spend 5 years developing patch that makes it harder.

    1.12 Reborn patch fixes Buffer Overflow bug, as well as Infostring Buffer Overflow. Both of this bugs are present in stock 1.11 server and allow attacker to run malicious code on server's end, allowing him to take control not only over game server, but over whole machine.

    What is more - this exploit is publicly available on websites that offer ready to compile exploits. It was created by RunningBon by the way, a person who also developed crash and flood fixes for Spearhead servers (they are merged into Daven's fixes too)

    http://www.exploit-db.com/exploits/1776/

    This one exploits Buffer Overflow bug to spawn a remote telnet session, it simply sends too long string message to server that is interpreted as assembler code that executes Windows Console and opens Telnet connection to this console. Attacker can then connect to the whole machine via telnet.

    This is a SERIOUS vulnerability. Fortunately Reborn Patch fixes this and a lot of more bugs that allow things like this, and it makes your server more stable and invulnerable to crashes.

    To sum up, run your servers, play them, enjoy them and if you're having issues with anything connected with MoH:AA/SH/BT in general - write us, we will spend our FREE time to answer and give a helpful hand and we'll always make sure to actually make your experience and fun better with Reborn patch and all we do.


    (Last sentence is edited after Heatsinkbod wrote me, I was so impressed that he's not on wine that I had to do it, thanks for good words Heatsink)

  7. #7

    Default

    Appreciate you guys taking the time to explain that. I fully understand what you're saying. I guess the people from that server had some bad blood issues with whoever is claiming to 'making the patch' and is trying to destroy X-null's reputation. I was told first, by a close friend and then a few others, that if I was smart I wouldn't install the patch and I was like woah woah. lol Had to change the convo subject there. No names were mentioned but only referred as "makers of the patch".

    Possible that these malicious people used you guys' names in-game.... I've had that done to me in the past (who hasn't) where people would go into servers where they knew no admin was present and would change their name to mine (tags and all) and act a fool, curse people out and crash it then leave and when I would go in at normal times, I'd get banned. Like what?? Never could tell me if they had this person's IP or any evidence. Just regular member's stories. Oh well.....

    Thanks again for the reply guys,
    - Dead

  8. #8
    Über Prodigy & Developer Razo[R]apiD's Avatar
    Join Date
    May 2010
    Location
    Poland, Lublin
    Posts
    3,257

    Default

    I want to add that all users frequently visiting this place are already aware of the amount of work that has been put into this patch, therefore my previous post was to all others who might not be aware.
    It's also to calm down people.

    What is more - We don't force anyone to use the patch. We believe that it brings much more cool stuff to the game that a lot of people dreamt about few years ago. EA games didn't do anything about certain aspects of the game, but finally we have a working in-game banning system, or finally usable voting.

    Few years ago you would need to run Autokick to "ban" people by kicking them, you would need to run additional software and everything. It was nightmare - now you have simple ban commands and that's all. If I was a full time server admin I would install Reborn just for this single feature.
    But again - we don't force anyone to use it, but if someone comes here or visits TMT forums and asks questions about crashes, or errors, or questions like: "is it possible to", it's 99% that Reborn patch will address these issues and we will simply recommend him to use the patch as there is nothing else on the market as complete, as stable, as commonly used as this patch.

  9. #9

    Default

    Ooops. I posted in the wrong forum. This should have went under, "MOHAA 1.12 Patch (Server) - General / Questions / Problems"

    You can move it there if ya want. Not sure if you still wanted to sticky it as well.

    And I agree it bringing much more cool stuff to the game. I just wanted to bring this out so that the people that I know, who don't want to run this patch, knows what "the people who REALLY make this patch" REAL intentions are. I have sent them all links to this thread in hopes they change their mind. I have installed it on my server and will start learning all the features.

    Thanks all,
    - Dead
    Last edited by DeadSnipe; July 8th, 2014 at 11:49 AM.
    "Play right, play fair... the way it's meant to be!"

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •