New Exploit ReHLDS ?

[wilianmaique]

I'm receiving an 'attack', but it's not a DDoS. As soon as the attack happens, I quickly restart the map, and the attack disappears instantly, which confirms it's some kind of 'exploit', but I still don't have enough details.

Note: It's a '4fun' server with not many plugins, and none of the plugins increase the ping, etc.

I'm posting here to see if anyone has more details.

[HypeGfx]

Yeah this is a new exploit I experienced it too recently...

[wilianmaique]

Yeah this is a new exploit I experienced it too recently...

Do you know any way to block etc?

[SmilexGamer]

Logs would be helpful.

[wilianmaique]

SmilexGamer

I don't have logs, it's an exploit, hard to know

[SmilexGamer]

SmilexGamer

I don't have logs, it's an exploit, hard to know

With no logs, there's not much the devs can do to fix this. Try intercepting the packets at the time of the attack

[HypeGfx]

Ok I'm not certain if this will fix it but try to check your mp_consistency and set it to 1.. I'm just changing a lot of ConVars desperate to find a reason for it.. I will reply on this topic in like 12-15 hr...

[rishhh78]

Let me explain the issue...

Basically what happens is, player does something I have no idea but it happens when is in the server (It's most likely related to map thingy i guess) so server resource gets utilized maximum and players starts to lag badly as if its like some DDoS attack.... server memory ramps up in rapid amount as well..

I got one report here not sure if its related to that one https://hernan.de/blog/lock-and-load-exploiting-counter-strike-via-bsp-map-files/ exploit from 2017

[SmilexGamer]

Let me explain the issue...

Basically what happens is, player does something I have no idea but it happens when is in the server (It's most likely related to map thingy i guess) so server resource gets utilized maximum and players starts to lag badly as if its like some DDoS attack.... server memory ramps up in rapid amount as well..

I got one report here not sure if its related to that one https://hernan.de/blog/lock-and-load-exploiting-counter-strike-via-bsp-map-files/ exploit from 2017

That's an exploit regarding arbitrary code execution, in which a malicious actor would infect a BSP map. This is totally not the same.

[di57inct]

try setting sv_send_logos 0 and sv_allowupload 0 and if you're using fast download sv_allowdownload 0. there's also sv_allow_dlfile too but idk what that does exactly. do some research.

[HypeGfx]

try setting sv_send_logos 0 and sv_allowupload 0 and if you're using fast download sv_allowdownload 0. there's also sv_allow_dlfile too but idk what that does exactly. do some research.

I will try these.. thank you

[wilianmaique]

try setting sv_send_logos 0 and sv_allowupload 0 and if you're using fast download sv_allowdownload 0. there's also sv_allow_dlfile too but idk what that does exactly. do some research.

not resolve

[di57inct]

have you tried setting sv_allow_dlfile 0 too?
have you messed with any of these cvars?:

[wilianmaique]

sv_net_incoming_decompression "1"
sv_net_incoming_decompression_max_ratio "80.0"
sv_net_incoming_decompression_max_size "65536"
sv_net_incoming_decompression_punish "-1"
sv_allowupload "0"
sv_send_logos "0"
sv_allowdownload "0"
sv_allow_dlfile "0"
syserror_logfile "addons/amxmodx/logs/sys_error.log"
sv_rehlds_hull_centering "1"
sv_force_ent_intersection "1"
sv_delayed_spray_upload "1"
sv_echo_unknown_cmd "1"
sv_rehlds_local_gametime "1"
sv_rehlds_movecmdrate_max_avg "40000"
sv_rehlds_movecmdrate_avg_punish "-1"
sv_rehlds_movecmdrate_max_burst "40000"
sv_rehlds_movecmdrate_burst_punish "-1"
sv_rehlds_stringcmdrate_max_avg "40000"
sv_rehlds_stringcmdrate_avg_punish "-1"
sv_rehlds_stringcmdrate_max_burst "40000"
sv_rehlds_stringcmdrate_burst_punish "-1"
sv_rehlds_attachedentities_playeranimationspeed_fix "1"
sv_rehlds_force_dlmax "1"
sv_auto_precache_sounds_in_models "1"
sv_usercmd_custom_random_seed "1"
fps_max "1000"
sys_ticrate "1000"
max_queries_sec_global "10"
max_queries_window "1"
max_queries_sec "1.0"
mp_consistency "1"