2010kohtep
commented
5 years ago It also works for customizations: player can upload his spray to the server, then get its hash and organize flood attack with 'dlfile !MD5[hash]' commands, which will give the same effect. Probably need to add a check for already requested files.
afwn90cj93201nixr2e1re
This method could be used through 2 techniques
1 : https://github.com/ValveSoftware/halflife/issues/2135 2 : https://github.com/ValveSoftware/halflife/issues/2129 (without kill , only cmd dlfile & "dlfile" )
there is a list of type "blacklist " in IsSafeFileToDownload for the files, this is not enough
larger files exist(wad/bsp), and if you do not exceed 1MB, you can amplify with a large number of commands sent
ex:
de_airstrip.wad 4.20 MB
cs_havana.wad : 7.83 MB
you can find them yourself
I made a fix in the amxx file here : https://github.com/SkillartzHD/HLDS-Shield-1.0.7-/blob/master/HLDS-Shield%20Proffesional/addons/sourcecode/HLDS-Shield%20beta.sma#L1379 to block this spam for SV_BeginFileDownload_f + some files added in the blacklist
yes, it is not a solution to put a restriction of the size of some files, so you will block developers of maps to fall within a certain limit