server facade question regarding silent-0.9.0

[phantasm]

Hello,

 

I upgraded my silent -0.8.2 server to silent 0.9.0 today, due to some recurring problems with rcon hack vulnerabilities, and it appears to possibly have a conflict with my server facades that were running fine for a long time (several years) until now.

 

I have rebooted the server facades, and then rolled my game server back to silent-0.8.2 with no success in being able to get my redirects running again.

 

I saw in the new features list that there was something to block the user redirect feature, but it isn't very specific what this does. Can you tell me if this interferes with the Server Facades?

 

I am just wondering if this version of silent mod is intended to block the server facades. If this is intentional it would nice to be transparent about it. Not everyone abuses them, I never put up fake links or spoofed anyone else's server name.

 

Thanks.

[gaoesa]

Clients have a cvar that forces redirect without asking the player about it. This cva has existed since server redirecting was introduced to the offical ET SDK (2.60 etmain). We removed that client cvar. It has nothing to do with facades. Facades in general are engine things that allow connections with 2.55 protocol as well as 2.60 protocol. I have no idea how you can reboot a facade without rebooting the server as it is the very same thing.

 

I have no idea why this is in bug reports as I don't see any bug report in it. For the question: do we do anything against server facades, no we have not done anything against server facades and we will not do anything against those either. If you have an external server for the only purpose to redirect clients to new servers (no matter if it is because you have moved your server or you want to deceive players), we have not done anything against those servers either. What we have done is that players no longer get redirected to another server without asking those players first.

 

What would be interesting would be more info about those rcon hack vulnerabilities you referred as I'm not aware of any.

[alex]

I d'like to know more about these vulnerabilities as well.

[phantasm]

I am using the old "Server Facade" software from Redsector to add a few extra links to my server on the masterlist. The links are the same name as my "real" server, and the player is asked if they want to go to the real server IP. This has been used by many people for years. I use these in addition to the 2.55/2.60 dual lister from Trackbase (the modified ET.exe from Paul that has been out for years). Nothing new or particularly creative lol.

 

We had a hacker mess with our in-game voting, which I reported here a few weeks ago. He was also using an aimbot which was uncommon on my server. This same hacker then started setting levels. I had to set the rcon password to "" to stop it. So I thought maybe the exploit would be patched in 0.9.0 and I tried it last night. It works fine with enhmod though.

[phantasm]

I consider "fake links" to be putting up names that are deceptive or have nothing to do with the actual server.

 

I am aware this software is easily abused. I dont think adding links with the same name as the real server is particularly bad. It is a good way to get attention and doesnt do anything to the client installs.

[clan DIABOLIK]

Hello phantasm

 

Concerning the Paul binary, be sure to run the 0.7.4 version for security.

 

 

V55