Expoit Fix
eaglec
Join Date: 2002-11-25 Member: 9948Members, Constellation
Join Date: 2002-11-25 Member: 9948Members, Constellation
<div class="IPBDescription">or so it is claimed</div> Get the official x.1.1.1d(beta)
<a href='ftp://ftp.valvesoftware.com' target='_blank'>ftp.valvesoftware.com</a>
login: hlserver
pass: hlserver
<!--QuoteBegin--></span><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>QUOTE</b> </td></tr><tr><td id='QUOTE'><!--QuoteEBegin-->From: Eric Smith [mailto:EricS@valvesoftware.com]
Sent: Wednesday, July 30, 2003 4:43 PM
To: Half-Life Dedicated Server Mailing List; Half-Life Dedicated Linux Server Mailing List; Half-Life Dedicated Server Annoucement Mailing List
Cc: Erik Johnson; Alfred Reynolds; Leon Hartwig
Subject: [hlds] Half-Life Primary Server x.1.1.1d Beta Release
Importance: High
We've put the x.1.1.1d beta release on our FTP site. Server admin should update their servers to x.1.1.1d to protect against security exploits.
You can grab the "d" beta release here:
ftp.valvesoftware.com
login: hlserver
pass: hlserver
Win32
=====
file: hlds4111d_beta.exe
md5: f523557dac8dcfc1ccde6c8958bc9b52
Linux
=====
file: hlds_l_3111d_update.tar.gz
md5: fb45a812d4940b1603d894a25b961ec8
Here's the change list for the "d" release:
Changes/Additions:
------------------
- Added bot count to "details" server query reply.
- Flipped anti-DoS logic to check per user and then global rate limits. Changed it so users exceeding personal rates don't add into the global rate calculations.
- Performed optimizations on engine to improve performance.
- Linux: Added "-pidfile <filename>" argument to hlds to get it to write the pid of the dedicated server process to the file specified.
- Linux: Improved "-debug" command to look for core.<pid> files.
- Linux: hlds echoes to the controlling tty rather than stdout (solves redirecting output no longer showing key presses).
- HLTV: Changed "status" output, more info displayed.
- HLTV: Added cvar "maxloss", default 0.05, if packet loss exceeds this threshold, new spectators are rejected.
- HLTV: Zero delay possible for direct broadcasts without game buffering ("delay 0").
Bug Fixes:
----------
- Fixed format string crash bug in logging.
- Fixed infinite loop due to malformed infostring.
- HLTV: Fixed system timer problem.
- HLTV: Fixed missing end in HLTV demos.
- HLTV: Fixed missing director commands with "playdemo" in HLTV console.
- HLTV: Fixed MAX_OSPATH.
Let us know if you have any problems with this release and we'll look into them right away.
Thanks.
Eric Smith
Valve
<!--QuoteEnd--></td></tr></table><span class='postcolor'><!--QuoteEEnd-->
The windows patch is small (<3mb) and will cure version 4.1.1.0 or later
If your running windows you need to add -console to avoid the gui interface <!--emo&;)--><img src='http://www.unknownworlds.com/forums/html/emoticons/wink.gif' border='0' style='vertical-align:middle' alt='wink.gif'><!--endemo-->
<a href='ftp://ftp.valvesoftware.com' target='_blank'>ftp.valvesoftware.com</a>
login: hlserver
pass: hlserver
<!--QuoteBegin--></span><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>QUOTE</b> </td></tr><tr><td id='QUOTE'><!--QuoteEBegin-->From: Eric Smith [mailto:EricS@valvesoftware.com]
Sent: Wednesday, July 30, 2003 4:43 PM
To: Half-Life Dedicated Server Mailing List; Half-Life Dedicated Linux Server Mailing List; Half-Life Dedicated Server Annoucement Mailing List
Cc: Erik Johnson; Alfred Reynolds; Leon Hartwig
Subject: [hlds] Half-Life Primary Server x.1.1.1d Beta Release
Importance: High
We've put the x.1.1.1d beta release on our FTP site. Server admin should update their servers to x.1.1.1d to protect against security exploits.
You can grab the "d" beta release here:
ftp.valvesoftware.com
login: hlserver
pass: hlserver
Win32
=====
file: hlds4111d_beta.exe
md5: f523557dac8dcfc1ccde6c8958bc9b52
Linux
=====
file: hlds_l_3111d_update.tar.gz
md5: fb45a812d4940b1603d894a25b961ec8
Here's the change list for the "d" release:
Changes/Additions:
------------------
- Added bot count to "details" server query reply.
- Flipped anti-DoS logic to check per user and then global rate limits. Changed it so users exceeding personal rates don't add into the global rate calculations.
- Performed optimizations on engine to improve performance.
- Linux: Added "-pidfile <filename>" argument to hlds to get it to write the pid of the dedicated server process to the file specified.
- Linux: Improved "-debug" command to look for core.<pid> files.
- Linux: hlds echoes to the controlling tty rather than stdout (solves redirecting output no longer showing key presses).
- HLTV: Changed "status" output, more info displayed.
- HLTV: Added cvar "maxloss", default 0.05, if packet loss exceeds this threshold, new spectators are rejected.
- HLTV: Zero delay possible for direct broadcasts without game buffering ("delay 0").
Bug Fixes:
----------
- Fixed format string crash bug in logging.
- Fixed infinite loop due to malformed infostring.
- HLTV: Fixed system timer problem.
- HLTV: Fixed missing end in HLTV demos.
- HLTV: Fixed missing director commands with "playdemo" in HLTV console.
- HLTV: Fixed MAX_OSPATH.
Let us know if you have any problems with this release and we'll look into them right away.
Thanks.
Eric Smith
Valve
<!--QuoteEnd--></td></tr></table><span class='postcolor'><!--QuoteEEnd-->
The windows patch is small (<3mb) and will cure version 4.1.1.0 or later
If your running windows you need to add -console to avoid the gui interface <!--emo&;)--><img src='http://www.unknownworlds.com/forums/html/emoticons/wink.gif' border='0' style='vertical-align:middle' alt='wink.gif'><!--endemo-->
Comments
Also, every 30 seconds to a minute - temporary timeout (3-5 seconds), only picked it up in HLSW (console is not crashing)...
Anyone else having the same problem with this patch?
Update: Upgrade your HLSW, if you havent already. Anything prior to beta3 will wack it out otherwise. I jumped into the server and found that when I was timing out on HLSW, I wasnt experiencing any connection problems. Updated from 1.0.0. to beta 3 and now theres no problem.
Dont you read the hlsw website?
Valve implemented a new CVAR in HLDS 1.1.1.0 and higher that limits the number of queries sent to server over a number of seconds. HLSW times out because it sends queries every 10 seconds, or more depending on how much info is being sent/received.
max_queries_sec -1
max_queries_sec_global -1
Either increase the value or disable it entirely (see above). Put these values in your server.cfg