Page 1 of 7 123 ... LastLast
Results 1 to 10 of 61

Thread: New kind of attack IMPORTANT INFO

  1. #1
    Über Prodigy & Developer Razo[R]apiD's Avatar
    Join Date
    May 2010
    Location
    Poland, Lublin
    Posts
    3,257

    Exclamation New kind of attack IMPORTANT INFO

    Please make sure your server has updated patch binaries.

    Get patch_ver.dll from your box, and check it with Version Checker.

    Current, fixed version number is 1.002

    ANOTHER IMPORTANT THING

    This kind of attack allowed cheater to get ClientAdmin access, check your admins.ini if there aren't any modifications. Also check your RCon password.

    I'm not sure which access priviledges he can get, but it's safe if you change your RCon password and check if there isn't any new admin added in admins.ini

    It was partialy caused by a bug in the patch. It's fixed with latest update.

    If you want to force update, set 2010 year in update_reborn.txt file.
    On next map change, server should detect new update and on second map change it should start updating.

    If it doesn't, or you have problems with it, and your patch_ver.dll still shows 1.001, then let me know and I'll post binaries for you, here in this thread.

    ABOUT ATTACK ITSELF

    It's a Buffer Overflow attack, that is sent with the use of MoHAA internal command (not a command like lod_spawn etc.), so it needed deeper engine modifications. It allows attacker to get ClientAdmin priviledges and to crash server.

    Linux servers were only partially vulnerable (attacker can get admin access but can't crash server), but everything is fixed in new release.

    -------------------------------------------------------

    UPDATE !!

    There was a small bug that caused patch to crash when someone tried to log in as admin.

    To fix this you can do 2 things:

    1. Restore old files from Update/old_backup folder or install patch again from download link and allow it to update again
    2. Download manual small update from links below:

    Windows:

    http://www.x-null.net/MOH/manual_upd...ex86BOFFix.zip

    Linux:

    http://www.x-null.net/MOH/manual_upd...serinfoFix.zip

  2. #2

    Default

    Look like my is updated, i have got this date in pdate_reborn.txt file 01/32/45/29/01/2011 01:32:45 AM

  3. #3

    Default

    Okay...tried to set older year in update_reborn.txt...still not working... server goes down....but nothing happens... even after an hour

    Log:
    Cvar_Set2: g_playermodel american_army
    Cvar_Set2: sv_fps 20
    ------ Server Initialization ------
    Server: dm/mohdm2


    ------------------ MoH:AA 1.12 Reborn Patch Shutdown ------------------
    Anti Wallhack/Visuals protection shutdown
    1.12 Reborn patch will start to auto-update now!

    have the newest patch binaries and checked the patch_ver.dll......still the old one...

  4. #4
    Über Prodigy & Developer Razo[R]apiD's Avatar
    Join Date
    May 2010
    Location
    Poland, Lublin
    Posts
    3,257

    Default

    For everyone that couldn't update Linux version.

    Place all those files into yor base mohaa folder.

    http://www.x-null.net/MOH/manual_upd...sBOFUpdate.zip

  5. #5

    Default

    sorry to be a pain and a noob at this, but how do i check i have the latest version? we are on gameservers and dont have access to our base folders

  6. #6
    Über Prodigy & Developer Razo[R]apiD's Avatar
    Join Date
    May 2010
    Location
    Poland, Lublin
    Posts
    3,257

    Default

    Go to main, grab patch_ver.dll, use Version Checker that was shipped with RC1 patch, open .dll file with it.

    Green square means you're up-to-date, red - not.

  7. #7

    Default

    patch_ver.dll is not in my servers main??

  8. #8
    Über Prodigy & Developer Razo[R]apiD's Avatar
    Join Date
    May 2010
    Location
    Poland, Lublin
    Posts
    3,257

    Default

    Any server logs you can show me? There should be info if it found new version.

  9. #9

    Default

    sure, try this 1
    Attached Files Attached Files

  10. #10
    Über Prodigy & Developer Razo[R]apiD's Avatar
    Join Date
    May 2010
    Location
    Poland, Lublin
    Posts
    3,257

    Default

    Hmm doesn't tell me anything useful.

    Ask GameServers to check it for you. They did check it for Goatz.

    But before asking them, edit update_reborn.txt, and change year from 2011 to 2010, to force patch to check for new update. Then change map (if you will be on the server, you will get message that patch will update soon). and then change map again.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •