• Exploit Prevention Help
    7 replies, posted
Basically I'm apart of a server that is constantly under attack by experienced Lua developers who will find exploits in (what I believe) net.Send() and other related network functions to flood the server so much that it crashes, however there is no trace left behind and is essentially undetectable. I require a way to monitor all network related functions being sent from the client to the server so I can hopefully find out which addon is creating the issues and fix it. I have looked on the wiki and searched around for a way to do this however could not find anything, which is surprising to me as wouldn't this be one of the biggest issues popular Garry's Mod servers face? Thanks.
Setup honeypots on serverside. A lot of net messages are only usually sent under specific conditions. If the server sees the conditions aren't met or that the timing is weird, notify admins or ban them automatically.
Might be just backdoors, if you're using some workshop addons.
Threw together a script to count net-messages pr second. You can change buffertimer to more than 10 seconds if you want. Type "netcheck" in the console. As a warning people might be exploiting costly net-functions instead of flooding the net. local buffertimer = 10 local buffer = {} -- Set vars and reset buffer local message_list = {} timer.Create("net-reset",buffertimer,0,function()     message_list = table.Copy(buffer)     table.Empty(buffer) end) -- Override incoming messages and count them oldNetIncoming = oldNetIncoming or net.Incoming function net.Incoming(len, client)     buffer[client] = (buffer[client] or 0) + 1     oldNetIncoming(len,client) end -- Make a command concommand.Add( "netcheck", function( ply, cmd, args )     if not ply:IsAdmin() then return end -- Only admins     ply:PrintMessage(HUD_PRINTCONSOLE,"Messages pr second")     for client,time in pairs(message_list) do         ply:PrintMessage(HUD_PRINTCONSOLE,"[" .. client:Name() .. "] " .. (time / buffertimer) .. "mps")     end end )
How can people send net.message ? I might need to fix some of my addons if they can do it without using one :/
Not sure what you mean, but a lot of people have access to run lua on their client. With or without sv_allowcslua. That is why you should never trust the client. You can read more about it here: Exploit Fix Guide. Net Tips: Never trust the client. Always check server-side. If a user gives negative money to someone .. ect Make fast net-functions or add a cooldown-check. Always develop with security in mind. "If I could run lua on my client, what could I exploit?"
Oh, ok ! I didn't know that. Thanks.
Sorry, you need to Log In to post a reply to this thread.