Server Crasher

AxleAxle Join Date: 2002-11-19 Member: 9320Members Posts: 3
edited November 2002 in General Server Discussion
Ban this guy pls
Okay, I was playing a game of NS on MFOTS server today and this guy comes in and threatens a server crash if he didn't get his way. Well he crashed it and admitted it, then demanded his way again. So, I got the status and dumped the console to have proof. His id is 1496118.

I attatched the condump to the post as proof.

(TEAM) PORSKYTOO: thx for welding
gooze: teams
PORSKYTOO killed NSPlayer with heavymachinegun
(TEAM) Mr.Bear: oh well, anyways i know we are owning dem
Nasty Terrorist: EVEN THE **obscenity** TEAMS YOU AMERICANS
(TEAM) EflfK: reactor
[bd]-raziel killed -|RtM|-**Atilla* with heavymachinegun
(TEAM) EflfK: oine marine go via portal
PORSKYTOO killed Nasty Terrorist with heavymachinegun
(TEAM) EflfK: uging
Eric the Red killed self with phasegate
Mr.Bear: lagg
Nasty Terrorist: EVEN TEAMS NOW OR SERVER CRASH
(TEAM) Mr.Bear: long time since they attacked
endonosis killed self with turret
(TEAM) EflfK: they are baically finished
-=MDK=- Axle overflowed
]retry
Commencing connection retry to 146.20.89.1:27016
Connecting to 146.20.89.1:27016...
Connection accepted by 146.20.89.1:27016

BUILD 2056 SERVER (0 CRC)
Server # 15
[bd]-raziel: oh tuff
Netchan_CheckForCompletion: Lost/dropped fragment would cause stall, retrying connection
Commencing connection retry to 146.20.89.1:27016
Connecting to 146.20.89.1:27016...
Connection accepted by 146.20.89.1:27016

BUILD 2056 SERVER (0 CRC)
Server # 16
-=MDK=- Axle has joined the game
-=MDK=- Axle has joined the game
Xcom has joined the game
Xcom has joined the game
-|RtM|-**Atilla* has joined the game
-|RtM|-**Atilla* has joined the game
Eric the Red has joined the game
Eric the Red has joined the game
YAMOTO has joined the game
YAMOTO has joined the game
octo Sneaker has joined the game
octo Sneaker has joined the game
mattw has joined the game
mattw has joined the game
EflfK has joined the game
EflfK has joined the game
]bind f8
"f8" = "hotkey88"
Unit 2 has joined the game
Unit 2 has joined the game
Big Cheeky has joined the game
Big Cheeky has joined the game
Nyogtha has joined the game
Nyogtha has joined the game
]bind f10 "condump condump"
Destroyer dropped
Unknown command: hotkey88
Mr.Bear has joined the game
Mr.Bear has joined the game

BUILD 2056 SERVER (0 CRC)
Server # 15
[bd]-raziel: oh tuff
Netchan_CheckForCompletion: Lost/dropped fragment would cause stall, retrying connection
Commencing connection retry to 146.20.89.1:27016
Connecting to 146.20.89.1:27016...
Connection accepted by 146.20.89.1:27016

BUILD 2056 SERVER (0 CRC)
Server # 16
-=MDK=- Axle has joined the game
-=MDK=- Axle has joined the game
Xcom has joined the game
Xcom has joined the game
-|RtM|-**Atilla* has joined the game
-|RtM|-**Atilla* has joined the game
Eric the Red has joined the game
Eric the Red has joined the game
YAMOTO has joined the game
YAMOTO has joined the game
octo Sneaker has joined the game
octo Sneaker has joined the game
mattw has joined the game
mattw has joined the game
EflfK has joined the game
EflfK has joined the game
]bind f8
"f8" = "hotkey88"
Unit 2 has joined the game
Unit 2 has joined the game
Big Cheeky has joined the game
Big Cheeky has joined the game
Nyogtha has joined the game
Nyogtha has joined the game
]bind f10 "condump condump"
Destroyer dropped
Unknown command: hotkey88
Mr.Bear has joined the game
Mr.Bear has joined the game
console dumped to C:\GAMES\HALF-LIFE\ns\condump000.txt
Big Cheeky: ME MARINES OR I CRASH AGAIN
EflfK: who did that?
]bind f8
"f8" = "hotkey88"
Destroyer has joined the game
Destroyer has joined the game
]bind f9
"f9" is not bound
Big Cheeky: MY TURN FOR MARINES
]bind f9 status
hostname: MFOTS.com Natural Selection v1.02
version : 46/1.1.1.0 2056 insecure
tcp/ip : 146.20.89.1:27016
map : ns_bast at: 0 x, 0 y, 0 z
players : 17 active (20 max)

# name userid uniqueid frag time ping loss adr
# 1 "Pred" 283 2593017 0 01:05 66 1
# 2 "octo Sneaker" 290 258182 0 01:05 176 0
# 3 "Big Cheeky" 271 1496118 0 01:24 148 0
# 4 "YAMOTO" 282 18374 0 01:05 106 0
# 5 "-=MDK=- Axle" 284 44337 0 01:05 91 0
# 6 "-|RtM|-**Atilla*" 285 1332807 0 01:05 95 0
# 7 "Unit 2" 293 1884443 0 00:55 90 0
# 8 "Xcom" 287 321711 0 01:05 72 0
# 9 "endonosis" 288 31426 0 01:05 127 0
#10 "Eric the Red" 289 2111388 0 01:05 117 1
#11 "Nyogtha" 211 449602 0 1:16:42 183 0
#12 "Destroyer" 296 2819881 0 00:20 156 1
#13 "EflfK" 291 1672148 0 01:05 105 0
#14 "mattw" 292 1586969 0 01:04 186 0
#15 "Mr.Bear" 294 1378294 0 00:43 197 0
17 users
«1

Comments

  • AxleAxle Join Date: 2002-11-19 Member: 9320Members Posts: 3
    I just finished making this post and went back to check on the MFOTS server...it won't respond. I think this guy crashed the server seriously, not just a reset. If you have a server Be Warned of This Guy. I am not joking.
  • MellonpoprMellonpopr Join Date: 2002-11-01 Member: 2304Members Posts: 281
    thanks for posting.. that's some pretty strange stuff. It does seem that this guy was causing a crash somehow. Are you sure he isn't a server admin or just had access to rcon and shut it down that way ?
    [WM]Mellonpopr
    Leader of clan [WM] visit www.wehrmacht.us or stop by #clan-wm on gamesnet IRC

    Dedicated 20 player server 2mb down /1mb up
    Windows 2000 Advanced Server
    P4 2.85GHz, 1GB DDR 333
    2x 60GB RAID Striped HD's

    24.56.80.133:27015
    16 public slots + 4 type 2 reserved
  • FlayraFlayra Game Director, Unknown Worlds Entertainment San Francisco Join Date: 2002-01-22 Member: 3Super Administrators, NS2 Developer, Subnautica Developer Posts: 6,941 admin
    Any idea how he crashed it? I can easily fix the problem for v1.03 if it's reproducible.
    Charlie Cleveland
    Game Director, Unknown Worlds Entertainment
  • doctorskizodoctorskizo Join Date: 2002-07-31 Member: 1035Members, Constellation Posts: 177
    QUOTE (Flayra @ Nov 19 2002, 06:16 PM)
    Any idea how he crashed it? I can easily fix the problem for v1.03 if it's reproducible.

    dude, who is your teacher and what books did you read? dont mind me going off topic for a sec.
  • DrGigglesDrGiggles Join Date: 2002-11-15 Member: 8833Members Posts: 58
    I was having problems with people crashing my server, I was running metamod + clanmod.

    The crashes seemed to be related to an overflow of some type, buy I'm not sure what command the people were using to overflow the server. The crashes reminded me of the fun mode exploits in AdminMod.

    Sometimes the flood would not crash the server but make the server to go insane and start flooding everyone causing lots of flush_packets and strange reactions from server commands until a restart was required or the server simply crashed out.

    Anyhow, I installed HLGuard and I haven't been crashed since, dunno if it blocked the exploit or what but it seems to have taken care of the issue. The server has been kinda dead (even though the pings are doing alot better) durring the day and early morning, so less people/time for me to test with. I'm logging everything now to see why people are leaving, going from full to empty in an hour seems strange to me.

    Do you know what mods MFOTS has installed? I think the problem is more related to the mods installed than the server its self, although I could be wrong...
    DrGiggles
  • AxleAxle Join Date: 2002-11-19 Member: 9320Members Posts: 3
    I have no idea how he crashed the server. I do know it says that I overflowed, as everyone else did. No, this guy is probably not an admin, if he were, then he could have reset the map, kicked people, or even force people over to the other team. He simply got cranky, crashed the server, got cranky again, and then crashed it apparently for a goodly long time. I just checked the server and it's back up, but no one is in there. Could be related to it being down for a time.
  • MisfireMisfire Join Date: 2002-11-03 Member: 5764Members Posts: 376 Fully active user
    hmm, i had server crashes for no reason....... might be him.
    uK.Misfire
    Owner of Frag & a Coke
    Frag & a Coke

    I-AM Servers
  • TuxedosteveTuxedosteve Join Date: 2002-11-19 Member: 9340Members Posts: 6
    When I saw that wonid I thought. "I know that guy".

    Sure enough I'd banned him the other day. He came on the server with the name "Kurt Cobain is god" and just started spamming it over and over until I kicked and banned him.

    Strange guy. Glad he's gone after reading this.
  • Poison-XPoison-X Join Date: 2002-11-07 Member: 7590Members Posts: 18
    the server didnt crash

    BUILD 2056 SERVER (0 CRC)
    Server # 15

    BUILD 2056 SERVER (0 CRC)
    Server # 16

    etc... he just made it drop all the clients some how
  • ZarXZarX Join Date: 2002-11-07 Member: 7493Members Posts: 45
    Flayra you cant stop the crash. Mainly becuz it has to do with ping. He more than likely pinged the server hard and made it restart. My budy has a log of ppl doing this. The only way to prevent this is to bridge 2 Nic cards together and have load balance set on them so if one card gets pinged the other one turns on and helps take the load of the ping there for no server crash and no pinging anymore.
  • WinkieWinkie Join Date: 2002-11-02 Member: 4034Members Posts: 64
    QUOTE (ZarX @ Nov 19 2002, 10:31 PM)
    Flayra you cant stop the crash. Mainly becuz it has to do with ping. He more than likely pinged the server hard and made it restart. My budy has a log of ppl doing this. The only way to prevent this is to bridge 2 Nic cards together and have load balance set on them so if one card gets pinged the other one turns on and helps take the load of the ping there for no server crash and no pinging anymore.

    What the **obscenity**? shut up, nic cards have 100 meg/s bandwidth, this person neither crashed the server nor ping flooded to over 100 meg/second


    The problem most likely, if it's an overflow is, he sent some command which broadcasts to all, I believe say commands can do it, and send lots, fast, this causes too much data to the client, therefore overflows. Admin mod's "glow red" etc is extremely susceptable because of the amount of text it sends back.
  • LiquidFusionLiquidFusion Join Date: 2002-11-01 Member: 3139Members Posts: 138
    uhhhh btw there are programs out there that get computers to ping an ip. Now one computer isn't so bad, but if you can get all computers on a college or in a certain ip range to do it consitantly that CAN crash a server. Also the 100mb bandwidth is VERY theoretical. A netgear fa311 has 100mbit bandwidth, but for some strange reason that $100 intel card also has 100mbit bandwidth and runs better. Pinging can crash a server or an ip. There are tons of ways to do it.
  • DrGigglesDrGiggles Join Date: 2002-11-15 Member: 8833Members Posts: 58
    Pinging can crash servers, but usually the ping will crash the whole server, or in most cases render it useless (DoS attack?)
    DrGiggles
  • HardeeHardee Join Date: 2002-11-19 Member: 9330Banned Posts: 57 Fully active user
    LOCK THIS TOPIC. THIS IS NOT PROOF AT ALL.

    I COULD USE THE SAME STORY AGAINST YOU AND STICK YOUR WON ID AT THE TOP SO EVERYONE BANS YOU.
  • NecroNecro <insert non-birthday-related title here> Join Date: 2002-08-09 Member: 1118Members Posts: 3,051 Fully active user
    QUOTE (Hardee @ Nov 20 2002, 12:05 PM)
    LOCK THIS TOPIC. THIS IS NOT PROOF AT ALL.

    I COULD USE THE SAME STORY AGAINST YOU AND STICK YOUR WON ID AT THE TOP SO EVERYONE BANS YOU.

    lol, and why DON't you want him banned? maybe it's you? or perhaps a friend?
    image
    EUPT
  • HardeeHardee Join Date: 2002-11-19 Member: 9330Banned Posts: 57 Fully active user
    QUOTE (Necro- @ Nov 20 2002, 04:23 AM)
    QUOTE (Hardee @ Nov 20 2002, 12:05 PM)
    LOCK THIS TOPIC. THIS IS NOT PROOF AT ALL.

    I COULD USE THE SAME STORY AGAINST YOU AND STICK YOUR WON ID AT THE TOP SO EVERYONE BANS YOU.

    lol, and why DON't you want him banned? maybe it's you? or perhaps a friend?

    Because all it takes is for someone to insert someones WON ID they don't like and that's it. Banned. Would you like that done to you? At least provide some demos and screenshots ffs.

  • NecroNecro <insert non-birthday-related title here> Join Date: 2002-08-09 Member: 1118Members Posts: 3,051 Fully active user
    he posted the stuff he said, whats it to you if someone gets banned who most likely is a crasher.
    image
    EUPT
  • TuxedosteveTuxedosteve Join Date: 2002-11-19 Member: 9340Members Posts: 6
    I saw another unrelated thread in this forum about a pair of troublemakers (I think they were destroying their own teams structures). This guys wonid was in there too. That's three seperate people who've had problems with him.

    Of course you don't have to take anyones word for it. Looks like he's working his way around all the servers so I'm sure he'll get to everyone eventually smile.gif
  • PseudoKnightPseudoKnight Join Date: 2002-06-18 Member: 791Members Posts: 1,356 Fully active user
    edited November 2002
    I've seen evidence that text-flooding can cause a server crash.

    This guy did it multiple times.
  • NecroNecro <insert non-birthday-related title here> Join Date: 2002-08-09 Member: 1118Members Posts: 3,051 Fully active user
    pseudo, you know his wonid?

    and you can't destroy structures with ff off anymore...flay fixed it! asrifle.gif
    image
    EUPT
  • cracker_jackmaccracker_jackmac Join Date: 2002-11-04 Member: 6891Members, Constellation, Reinforced - Shadow Posts: 1,213
    edited November 2002
    QUOTE (LiquidFusion @ Nov 20 2002, 01:12 AM)
    uhhhh btw there are programs out there that get computers to ping an ip.  Now one computer isn't so bad, but if you can get all computers on a college or in a certain ip range to do it consitantly that CAN crash a server.  Also the 100mb bandwidth is VERY theoretical.  A netgear fa311 has 100mbit bandwidth, but for some strange reason that $100 intel card also has 100mbit bandwidth and runs better.  Pinging can crash a server or an ip.  There are tons of ways to do it.

    There isn't any certain programs, only trojans can do DDoSing. Usually controlled by a IRC chat server.

    For anyone wanting to know how it works here is the old school version : http://grc.com/dos/grcdos.htm

    here is the new school version : http://grc.com/dos/drdos.htm

    Blocking ICMP messages is the easiest way to stop the old school, thus elimating the DDoS threat. beause you just ignore ping msgs.


    100mb bandwidth is its capacity, not theory. it all depends on the software: encapsulation methods, header lengths, challange/response methods, TCP ACKs and SYNs. Too many factors there. But 100mb is its total bandwidth, but blame the software, not the hardware most of the time.


    QUOTE
    shut up, nic cards have 100 meg/s bandwidth, this person neither crashed the server nor ping flooded to over 100 meg/second

    its not 100meg/sec, its 100Mbits/sec.
  • MellonpoprMellonpopr Join Date: 2002-11-01 Member: 2304Members Posts: 281
    having a 100mbit nic doesn't mean that's how much bandwidth you have to the internet either hehe
    [WM]Mellonpopr
    Leader of clan [WM] visit www.wehrmacht.us or stop by #clan-wm on gamesnet IRC

    Dedicated 20 player server 2mb down /1mb up
    Windows 2000 Advanced Server
    P4 2.85GHz, 1GB DDR 333
    2x 60GB RAID Striped HD's

    24.56.80.133:27015
    16 public slots + 4 type 2 reserved
  • Troll_InvestigatorTroll_Investigator Join Date: 2002-11-12 Member: 8317Members Posts: 19 Fully active user
    edited November 2002
    QUOTE (Hardee @ Nov 20 2002, 04:28 AM)
    QUOTE (Necro- @ Nov 20 2002, 04:23 AM)
    QUOTE (Hardee @ Nov 20 2002, 12:05 PM)
    LOCK THIS TOPIC. THIS IS NOT PROOF AT ALL.

    I COULD USE THE SAME STORY AGAINST YOU AND STICK YOUR WON ID AT THE TOP SO EVERYONE BANS YOU.

    lol, and why DON't you want him banned? maybe it's you? or perhaps a friend?

    Because all it takes is for someone to insert someones WON ID they don't like and that's it. Banned. Would you like that done to you? At least provide some demos and screenshots ffs.

    SO, are you the same "Hardee" that wreaked havoc on the Thievery UT mod when that first came out too?
    Yeah, I remember you.


    http://www.ttlg.com/forums/showthread.php?...&threadid=54860


    http://www.ttlg.com/forums/showthread.php?...&threadid=56582

    http://www.ttlg.com/forums/showthread.php?...&threadid=56432


    Coincidence another "Hardee" shows up in a NS thread about hacking servers? i think not.
  • SerrinSerrin Join Date: 2002-11-01 Member: 2657Members Posts: 23
    QUOTE
    At least provide some demos and screenshots ffs.


    I can't, I have a list of 10 people I have banned, I can provide con dumps if you like, for the whole day no less, but I can't give you screenshots or demos because I'm not IN the server, I'm monitoring my server thru HLSW.

    We need some way to organize this. We need a list of server ops who can prove they are server ops. Give IP's send NS Guides in there and have them talk to the person and make sure that was really him, make sure his server is really a server, stable and good pings with a reasonable player limit and that it's still there the next day, that the admins aren't kicking people for no reason etc.

    And then we need to make them a private password protected forum where they can share info like this just on their word. The forum would have to have some set rules like you can't suggest banning someone because they cuss since a lot of people allow cussing on thier server (myself included) and you'd have to post a description of what they did, etc. Proof would be nice, but lets face it, no system anywhere is perfect. Innocent people get convicted, you just have to do your best to prevent it.

    We do need to do something though. For one, I'd like a list of people who come on servers and yell slurs, I'd like a list of people who crash server, etc. My server dumped all players twice in a row last night. I don't know why or how. All I know is it didn't crash or reboot, it just dumped everyone twice. When I logged in to see what was going on (to see if it would dump me) it was fine and it filled back up again a few hours later and nothing has happened since. I believe someone did it on purpose, but hell if I know who.

    I have played on some of the servers of people who post WonID's here, if I've played on their server and it was a good server and no admin kicked me for saying a bad word or for killing too many people as a skulk.gif then I listen to them when they post a name to be banned. Not always, and usually not if they post a list of names and ID's and say "these people all did bad stuff!" and not if they banned someone for something silly like cussing, but if I've played there and they tell me that this guy crashed their server or logged on and spammed racial slurs over the mic, or whatever, yeah I consider it.

    We need something stable, something at least a little more secure. Yes, some people who don't deserve it will probably get banned. Yes sometimes people's roommates/brothers/sisters/uncle bob's really do get on their computer and do things that get those people in trouble. And yes sometimes a server admin is just gonna lie to get someone they don't like banned. But with NS guides constantly hopping from server to server seeing things and monitoring things we could probably keep a self-policing forum of people we could relatively trust when they give ID"s that should be banned.

    The fact is, it doesn't do a lot to discourage jerks and racists and bigots and grief players from acting that way if all I can do is ban them from my server. There's too many others coming up too fast. And too many admins, over time, will stop paying close attention to their servers.

    Look what happened to CS.

    We need some kind of blacklist, if for no other reason than to at least hope to discourage a handful of people from behaving like this.

    Just my two cents.
  • PseudoKnightPseudoKnight Join Date: 2002-06-18 Member: 791Members Posts: 1,356 Fully active user
    QUOTE
    pseudo, you know his wonid?


    Of course: 277679.
  • NecroNecro <insert non-birthday-related title here> Join Date: 2002-08-09 Member: 1118Members Posts: 3,051 Fully active user
    hmm...hardee sounds like a real lamer, no wonder he's defending the guy..infact probably him...i say ban him from the servers...and forums
    image
    EUPT
  • EvilGrinEvilGrin Join Date: 2002-11-04 Member: 6851Members Posts: 162
  • ArkaineArkaine Join Date: 2002-07-12 Member: 914Members Posts: 214
    It could be the "%" exploit...it happened in CS.
    If you have Admin-Mod, I believe you can prevent this by adding these to your users.ini file:

    //ANTI-EXPLOIT RESERVES
    *%:gnfuth8gfdsg49hjgre:16384
    ~:fh43sithiegfdgjr535:16384
    `DEAD:h34yfgdsh54ht78:16384

    Maybe it will prevent it; maybe it won't...couldn't hurt...
    -Arkaine
    The glass is half full when filled, and have empty when spilled.
    user posted image
  • LiquidFusionLiquidFusion Join Date: 2002-11-01 Member: 3139Members Posts: 138
    QUOTE (cracker jackmac @ Nov 20 2002, 02:11 PM)
    its not 100meg/sec, its 100Mbits/sec.

    I didn't quote the whole post because i wanted to keep the length down, but you're right about everything. Thats what i ment by theory, but there are differences in the bios in certain nic cards. So hardware can be to blame.




    Also someone on my server today said something interesting......

    "Don't go in the cc the server will crash!"

    two seconds later my server crashed.
    So whats up with that?
  • voogruvoogru Naturally Modified (ex. NS programmer) Join Date: 2002-10-31 Member: 1827Members, Retired Developer, NS1 Playtester, Contributor, Constellation Posts: 1,105 Advanced user
    He probally use a chat overflow script.

    I have tried it in my own server and it caused all clients to be booted.
    NOTE: No electrons were harmed during the creation, viewing or writing of this post. All posts are made from 100% recycled electrons. No electrons were discriminated against based upon race, age, religion, or direction of spin.
Sign In or Register to comment.