ValveSoftware / Source-1-Games

Source 1 based games such as TF2 and Counter-Strike: Source
660 stars 76 forks source link

[HL2DM] [ZPS] Bad Rcon Password can Crash the Server #1002

Closed ghost closed 11 years ago

ghost commented 11 years ago

If you go to the console, and type

rcon_password "123"

and then type something like

rcon status

It will get a wrong password error, but, if you insist and keep sending the command after all atempts, you will be kicked with a message that you have been banned, but however, you are not banner and the server crashes.

Tested on ZPS and HLD2M, i think it happens to all source games though

voided commented 11 years ago

Can you confirm that the actual server process crashes?

Failing rcon password checks over a certain limit (see sv_rcon_maxfailures) leads to the offending IP being banned, which can make it seem that the server is offline when it's simply dropping packets from the banned address.

fuckpaypal commented 11 years ago

I wasn't able to reproduce this.

Pricetx commented 11 years ago

I wasn't able to re-produce this either, is he just referring to listen servers? As I imagine they would probably stop running if the host got banned.

ghost commented 11 years ago

Strange, i was saying about dedicated servers, look, even on a simply google search about it you can see many people suffering from this:

https://www.google.com.br/search?q=bad+rcon+password+crash+server&oq=bad+rcon+password+crash+server&aqs=chrome..69i57j69i61.7341j0&sourceid=chrome&ie=UTF-8&qscrl=1

I just reproduced it now on ZPS (Zombie Panic Source)

Pricetx commented 11 years ago

Hmm, assuming you've been attempting this exploit on your own server, could you provide specs and OS? Also, any mods / plugins would be useful to know.

CutieRin commented 11 years ago

just had a friend try this on my srcds css dedicated server and server didn't crash but he got ip banned and wasnt able to see the server, so you were just being blocked from seeing the server, like voided had explained

ghost commented 11 years ago

Well, i just checked here and ZPS is using orangebox engine (even on steampipe), perhabs this bug it's fixed on steampipe engine?

alfred-valve commented 11 years ago

Sounds like this is ZPS specific and not covered by this tracker, chase this down with the ZPS team.