I don't run add at all on my servers any more, but in defense of MOTGgd, I must say that when I was using ads, they have me the most options (such as disabling video ads all together). I never saw any option to hide the ads in the background. However there were some server-side plugins that could be used to run other ads hidden in the background. This was not an MOTDgd thing. I don't recall the ad network, but the thread may still be on the SourceMod forums. In the end I decided that (as a player in my own servers) I really didn't like the advertising, so I dropped all forms of it.
More on topic, will setting sv_allowuploads on mods (like Fistful of Frags as an example) actually accomplish anything? Or is this some deeper underlying issue that requires Valve to update their SDK so that mod authors may then have that option work as expected? PS: to each his own on liking or not liking the spray feature in various games. I happen to host a least politically correct community, so it's kind of ingrained in our "culture" in our case. :-) On Sep 4, 2015 5:51 AM, "HD" <[email protected]> wrote: > > Then delete them? I just created a cron to flush certain folders on my servers and even my client. If you do it manually for a client it takes seconds, big deal. Sprays won’t disappear so you may as well get used to the hentai or familiar with the process of delete. > > > > From: [email protected] [mailto: [email protected]] On Behalf Of Valentin Puscoi > Sent: Friday, September 04, 2015 7:41 AM > > To: Half-Life dedicated Win32 server mailing list > Subject: Re: [hlds] PSA: Severe Source SDK 2013 Multiplayer exploit found, can be used to hijack steam accounts. > > > > hopefully valve removes sprays all together, my downloads folder is filled with hentai > > > > 2015-09-03 22:59 GMT+03:00 Refeek Yeglek <[email protected]>: > > Hi, I'm one of the developers for Team Fortress 2 Classic, a source mod project. Recently, someone abused a bug present in Source SDK 2013 MP to distribute viruses to quite a few of our players and developers. The way they did it was by abusing a spray exploit present in the SDK 2013 MP edition to upload a file pretending to be a spray to all players and executing it. The technical info on how it works from one of our other coders will be posted at the end of this email, but here's what you need to know as a server owner: > > > > We don't know how many source games are vulnerable. The big name VALVe ones aren't, but any sourcemod probably is. This includes ones on steam like Fortress Forever, or Fistful of Frags. > > > > If you're running a server for a non-VALVe or bigname(Titanfall, GMOD, etc.) Source Engine game, then here's what you need to do: > > > > 1. Set sv_upload to 0 on your server. > > > > 2. If you are a TF2C server host, shut your server down and start scanning your server for viruses. > > > > 3. Pester valve to fix this ASAP. > > > > TL;DR: > > Sprays can be exploited to run code on people's systems and break into accounts, we've had quite a few CS:GO and TF2 items lifted from accounts and moved to trade alts and disappearing after that. Disable sprays ASAP if you host a sourcemod multiplayer server. > > > > Here's the technical info for how stuff works: > > > > "The vulnerability is triggered by a missing check to see if a memory allocation succeded in the loading of VTFs. When the material is loaded, there is space allocated for the material. The crucial option in the using of this exploit is the option to skip Mipmaps from the material. If, for instance, the first mipmap is skipped, the game will copy the mipmap data to buffer + size of first mipmap. When the memory allocation fails, the buffer will be 0, because thats what malloc returns on out of memory. This means, that the only factor determining where the block is put is determined by the size of the first mipmap. This way you can put the data in the second mipmap whereever you want, meaning you can write to a predictable location in memory. This is additionally encouraged due to the fact that ASLR is disabled for the module in question. From that point on ROP is used to mark a controlled memory location executable and transfer control to it, bypassing DEP. The distribution of the malicious material file can be easily done through the use of the spray system, which uploads a custom material to the server and distributes it. This is of course not the only way to distribute it, but one used in this case. This is not absolutely accurate and technical details have been left out due to them not influencing this exploit." > > > _______________________________________________ > To unsubscribe, edit your list preferences, or view the list archives, please visit: > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds > > > > > _______________________________________________ > To unsubscribe, edit your list preferences, or view the list archives, please visit: > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds >
_______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds
