Secure Wlserver Against "extasis"
yada yada, i didnt have time atm to check if there are any new magnificent
ways to protect your worldlogserver from unauthorized connections, besides
my last "worlogfilter" err heres the topic url, page 2(scroll a bit down):
<a href='index.php?showtopic=4093&hl=filter&st=25' target='_blank'>index.php?...hl=filter&st=25</a>
that didnt earn much "yawn" if i could say so, and the url became wasted so i
post here "new" url to it: <a href='http://members.tiscali.fi/tommi00/World ... Filter.zip' target='_blank'>http://members.tiscali.fi/tommi00/World ... ter.zip</a>
BUT to the new method, its here: <a href='http://members.surfeu.fi/tommi00/wlpatsh_v3.zip' target='_blank'>http://members.surfeu.fi/tommi00/wlpatsh_v3.zip</a>
its nifty executable patcher which launches WorldLogServer when you start
patsh.exe, patches it so that it tried memory compare on
WLServer.cfg with the ip address of the hgserver connecting to your worldlogserver
and if match is found, it allows it, otherwise it goes failed =)
be sure to understand this: it matches the ip against wlserver.cfg as a one
string, so every ip which matches the connecting user's ip, will be allowed
(gateserver ip = blaablaa) will be accepted (lazy, hurry, well generally
you dont add foreigner's ip's to wlserver.cfg)
if you want to disallow some ip, remove it completely from wlserver.cfg
if the patch cannot open wlserver.cfg for one reason or another, it will
allow every hgserver, be sure to try connecting to it yourself
**********************
usage: extract <a href='http://members.surfeu.fi/tommi00/wlpatsh_v3.zip' target='_blank'>http://members.surfeu.fi/tommi00/wlpatsh_v3.zip</a>
to your worldlogserver's folder, rename your worldlogserver to
_3WorldLServer.exe
and then start patsh.exe and voila (pray that you have even remotely same
kind of worldlogserver as i do, my wlserver's size is 106496bytes
i'm no expert in asm so it might crash but as far as i tested it, it did not
(well not anymore, at _last_
**********************
from. >_<
UPDATE!!!!!! I released version 2 (v2) as I noted BIG FREAKIN' mistake >:(
It let hgservers pass through due to a *drum drum* bug!
Now this wlpatsh_v2.zip does not do it, it also makes check so it can't
be crashed if hgserver sends its information as "zero". Keep posted, if I
find new bugs, I'll try to fix them (hope there's none anymore)
--------
Update!
After friggin stupid wlpatsh-hbhax overwriting-confusion(I just woke up), I managed to put this wlpatsh_v3.zip in the correct thread and correct .zip file..
It should have fixed those crashed on different os'es as it now relocates those functions it's using and doesn't just jump there assuming its in X.
Download the new version: <a href='http://members.surfeu.fi/tommi00/wlpatsh_v3.zip' target='_blank'>http://members.surfeu.fi/tommi00/wlpatsh_v3.zip</a>
Thanks for the patience.
ways to protect your worldlogserver from unauthorized connections, besides
my last "worlogfilter" err heres the topic url, page 2(scroll a bit down):
<a href='index.php?showtopic=4093&hl=filter&st=25' target='_blank'>index.php?...hl=filter&st=25</a>
that didnt earn much "yawn" if i could say so, and the url became wasted so i
post here "new" url to it: <a href='http://members.tiscali.fi/tommi00/World ... Filter.zip' target='_blank'>http://members.tiscali.fi/tommi00/World ... ter.zip</a>
BUT to the new method, its here: <a href='http://members.surfeu.fi/tommi00/wlpatsh_v3.zip' target='_blank'>http://members.surfeu.fi/tommi00/wlpatsh_v3.zip</a>
its nifty executable patcher which launches WorldLogServer when you start
patsh.exe, patches it so that it tried memory compare on
WLServer.cfg with the ip address of the hgserver connecting to your worldlogserver
and if match is found, it allows it, otherwise it goes failed =)
be sure to understand this: it matches the ip against wlserver.cfg as a one
string, so every ip which matches the connecting user's ip, will be allowed
(gateserver ip = blaablaa) will be accepted (lazy, hurry, well generally
you dont add foreigner's ip's to wlserver.cfg)
if you want to disallow some ip, remove it completely from wlserver.cfg
if the patch cannot open wlserver.cfg for one reason or another, it will
allow every hgserver, be sure to try connecting to it yourself
**********************
usage: extract <a href='http://members.surfeu.fi/tommi00/wlpatsh_v3.zip' target='_blank'>http://members.surfeu.fi/tommi00/wlpatsh_v3.zip</a>
to your worldlogserver's folder, rename your worldlogserver to
_3WorldLServer.exe
and then start patsh.exe and voila (pray that you have even remotely same
kind of worldlogserver as i do, my wlserver's size is 106496bytes
i'm no expert in asm so it might crash but as far as i tested it, it did not
(well not anymore, at _last_
**********************
from. >_<
UPDATE!!!!!! I released version 2 (v2) as I noted BIG FREAKIN' mistake >:(
It let hgservers pass through due to a *drum drum* bug!
Now this wlpatsh_v2.zip does not do it, it also makes check so it can't
be crashed if hgserver sends its information as "zero". Keep posted, if I
find new bugs, I'll try to fix them (hope there's none anymore)
--------
Update!
After friggin stupid wlpatsh-hbhax overwriting-confusion(I just woke up), I managed to put this wlpatsh_v3.zip in the correct thread and correct .zip file..
It should have fixed those crashed on different os'es as it now relocates those functions it's using and doesn't just jump there assuming its in X.
Download the new version: <a href='http://members.surfeu.fi/tommi00/wlpatsh_v3.zip' target='_blank'>http://members.surfeu.fi/tommi00/wlpatsh_v3.zip</a>
Thanks for the patience.
-
- Outpost bitch
- Posts: 559
- Joined: Wed Mar 30, 2005 6:45 am
about what version files we are talking about?
<img src='http://helbreath.pri.ee/userbars/hbest-gamemaster2.jpg' border='0' alt='user posted image' /> <img src='http://helbreath.pri.ee/userbars/hbsoccer-owner.jpg' border='0' alt='user posted image' /> <img src='http://helbreath.pri.ee/userbars/scorpa-rider.jpg' border='0' alt='user posted image' /> <img src='http://helbreath.pri.ee/userbars/logout-master.jpg' border='0' alt='user posted image' /> <br>.<br>................................Ego sum Rage, flagellum Dei!<br><br>The problem with America is stupidity. I'm not saying there should be a capital punishment for stupidity, but why don't we just take the safety labels off of everything and let the problem solve itself? (bash.org)
Nice thx B)
QUOTE (ADDKiD @ Dec 1 2006, 4:01 PM) <br>You guys make me laugh alot, half the shit I say, is bullshit...<br><br><img src='http://img485.imageshack.us/img485/492/banssig1ng.gif' border='0' alt='user posted image' /><br><br><b>I see no changes at all, wake up in the morning and ask myself...<br>Is life worth living? Should I blast myself?</b><br><br><b><a href='http://2paclegacy.com' target='_blank'>2PacLegacy.com</a></b>
Will this stop all connections to WorldServer with HGServers...
What about character uploading? like a person can upload his entire file into your server :unsure:
What about character uploading? like a person can upload his entire file into your server :unsure:
QUOTE (ADDKiD @ Dec 1 2006, 4:01 PM) <br>You guys make me laugh alot, half the shit I say, is bullshit...<br><br><img src='http://img485.imageshack.us/img485/492/banssig1ng.gif' border='0' alt='user posted image' /><br><br><b>I see no changes at all, wake up in the morning and ask myself...<br>Is life worth living? Should I blast myself?</b><br><br><b><a href='http://2paclegacy.com' target='_blank'>2PacLegacy.com</a></b>
I don't know about new (or old) hacks that can upload your character file
to server but I suppose that It's done via making some kind og HGServer
connection with the WLServer and if this is the case, then this patch will most
likely block it (unless I made mistakes while coding) but as far as I checked this,
it blocked every connection to WLServer whose real remote Ip address is
not in WLServer.cfg. (And remember that the Ip is searched from WLServer.cfg
as if WLServer.cfg's whole content would be one string, so it doesnt matter
if the ip is commented in there or part of some other line, Ip that's found
in WLServer.cfg will be allowed to connect.)
So in short: yes as far as I know
to server but I suppose that It's done via making some kind og HGServer
connection with the WLServer and if this is the case, then this patch will most
likely block it (unless I made mistakes while coding) but as far as I checked this,
it blocked every connection to WLServer whose real remote Ip address is
not in WLServer.cfg. (And remember that the Ip is searched from WLServer.cfg
as if WLServer.cfg's whole content would be one string, so it doesnt matter
if the ip is commented in there or part of some other line, Ip that's found
in WLServer.cfg will be allowed to connect.)
So in short: yes as far as I know
UPDATE!!!!!! I released version 2 (v2) as I noted
BIG FREAKIN' mistake >:(
It let hgservers pass through due to a *drum drum* bug!
Now this wlpatsh_v2.zip does not do it, it also makes check
so it can't be crashed if hgserver sends its information as
"zero".
Keep posted, if I find new bugs, I'll try to fix them (hope there's none anymore)
The url is (altought I modified it already in the first post):
<a href='http://members.surfeu.fi/tommi00/wlpatsh_v2.zip' target='_blank'>http://members.surfeu.fi/tommi00/wlpatsh_v2.zip</a>
BIG FREAKIN' mistake >:(
It let hgservers pass through due to a *drum drum* bug!
Now this wlpatsh_v2.zip does not do it, it also makes check
so it can't be crashed if hgserver sends its information as
"zero".
Keep posted, if I find new bugs, I'll try to fix them (hope there's none anymore)
The url is (altought I modified it already in the first post):
<a href='http://members.surfeu.fi/tommi00/wlpatsh_v2.zip' target='_blank'>http://members.surfeu.fi/tommi00/wlpatsh_v2.zip</a>
against extasis?! wtf?
<img src='http://213.149.231.16/avatars/firma.jpg' border='0' alt='user posted image' />
Thanks a lot...tommu00
The thing that i am telling you...is like an outsider can open a conection with the WorldServer and when it does, then kinds of send his character info same way the HG does...so Worldserver accepts it and replace it with the old one...and puff you have it.
So i create a character file in my house named same as my server's character and then send it to WorldServer and i have my edit character.
Thats how i look it...tho :blink:
P.D: hi popic you still on hb?
The thing that i am telling you...is like an outsider can open a conection with the WorldServer and when it does, then kinds of send his character info same way the HG does...so Worldserver accepts it and replace it with the old one...and puff you have it.
So i create a character file in my house named same as my server's character and then send it to WorldServer and i have my edit character.
Thats how i look it...tho :blink:
P.D: hi popic you still on hb?
QUOTE (ADDKiD @ Dec 1 2006, 4:01 PM) <br>You guys make me laugh alot, half the shit I say, is bullshit...<br><br><img src='http://img485.imageshack.us/img485/492/banssig1ng.gif' border='0' alt='user posted image' /><br><br><b>I see no changes at all, wake up in the morning and ask myself...<br>Is life worth living? Should I blast myself?</b><br><br><b><a href='http://2paclegacy.com' target='_blank'>2PacLegacy.com</a></b>
hi Locolocobans wrote: Thanks a lot...tommu00
The thing that i am telling you...is like an outsider can open a conection with the WorldServer and when it does, then kinds of send his character info same way the HG does...so Worldserver accepts it and replace it with the old one...and puff you have it.
So i create a character file in my house named same as my server's character and then send it to WorldServer and i have my edit character.
Thats how i look it...tho :blink:
P.D: hi popic you still on hb?
yea im still in hb, hbzion, i will never leave you
Oh...weird you said were you the one that was hacking the server...you will never leave me and you "hacked" me? lol guess weren't you...anyways is down and will be till i can fix it B)
QUOTE (ADDKiD @ Dec 1 2006, 4:01 PM) <br>You guys make me laugh alot, half the shit I say, is bullshit...<br><br><img src='http://img485.imageshack.us/img485/492/banssig1ng.gif' border='0' alt='user posted image' /><br><br><b>I see no changes at all, wake up in the morning and ask myself...<br>Is life worth living? Should I blast myself?</b><br><br><b><a href='http://2paclegacy.com' target='_blank'>2PacLegacy.com</a></b>
If he wanted to talk...he would of contacted me :rolleyes:
QUOTE (ADDKiD @ Dec 1 2006, 4:01 PM) <br>You guys make me laugh alot, half the shit I say, is bullshit...<br><br><img src='http://img485.imageshack.us/img485/492/banssig1ng.gif' border='0' alt='user posted image' /><br><br><b>I see no changes at all, wake up in the morning and ask myself...<br>Is life worth living? Should I blast myself?</b><br><br><b><a href='http://2paclegacy.com' target='_blank'>2PacLegacy.com</a></b>