"More nasty source engine server exploits"

[source] [more info]
Thought you guys might want to know.
[editline]just now[/editline]

[source]

Mmm, exploits. When will they ever stop :buddy:

[editline]11:27PM[/editline]

Another downloady/ uploady I see. Where the fuck are these coming from? Fix one, two more appear.

Apparently they didn’t actually fix it first time around.

I remeber them mentioning the blacklist in that E-mail looking source you posted. Looks like a actual fix is required and not the halfassery of a blacklist.

Indeed. I wonder how long that’ll take. :confused:

“garrynewman @compwhizii Imagine hosting a web server but then anyone can download or upload any file on the web server. Like that but for Source games.”

You don’t need to shut down your servers to fix this, just turn sv_allowdownload and sv_allowupload to 0 with the new engine binaries from your Garry’s Mod folder in steamapps.

Oh and stop being bad server owners and not using a sv_downloadurl, unless you use one your clients will NOT download any files from your server because you disabled it.

[editline]03:53PM[/editline]

Oh and on another note, check your servers for a gm_cmd.dll in the lua/includes/modules folder. IStanI likes to upload it then use it to add user accounts to the server then have fun with your servers. (Pulsareffect.com lol)

How the hell does that help? Then noone can download necessary client files so you want them to play with error boxes and missing lua files? Nice fix bro.

You are terrible at reading and terrible at owning servers if you don’t use a sv_downloadurl.

There is a way to prevent it.

Edit: And yes, it does involve using a fastDL server, however it’s not based only on the fastDL server.

You know this for sure. Explaination for those who don’t.

I want to add that you need a webserver for sv_downloadurl to work. For those who host a dedicated server out of their house (applies to me), an external webserver may cost too much to rent or buy. The only real benefit is that it takes the bandwidth load off the dedicated server and downloads it off of a much faster web server. If your hosting both a dedicated and webserver from your house, it still takes up an equal amount of bandwidth. If you have a connection that can handle large loads, then sv_downloadurl has a better speed.

Use a free webhost. Like www.000webhost.com. :downs:

Or pay $7 a month for a really fast host: www.bluehost.com

[editline]04:41PM[/editline]

I just posted it like 2 posts above yours.

No you didn’t. You can still upload to the server even with it set to 0.

If you have the new engine dll’s which was in the same post it does work.

Nope, It doesn’t. I know because I’ve been trying it.

Well your doing it wrong then because I have tested it and it works. So stop posting in here and actually go try what I have posted.

Appears I stand corrected then, I was working on this earlier today (tested with binaries extracted at the time) and it was still allowing it.

Does this ring a bell people?

http://www.facepunch.com/showthread.php?t=798387

Read it

Oh fantastic.