Zombie Mod just crashed from a Client Overflow.

Timeleft was being spammed.

Just informing.

Can we write an eventscript to prevent timeleft floods?

Possibly auto-permabanning the perpetrator?

Can we write an eventscript to prevent timeleft floods?

Possibly auto-permabanning the perpetrator?

That would be awesome...

That would be awesome...

# Here I'll help you start...

import es;
import playerlib;

def es_client_command(event_var):

if(str(event_var['command']) == 'timeleft'):


es.tell(event_var['userid'], "Banned for flooding timeleft.");


es.server.queuecmd("banid %i %s" %(0, event_var['userid'], ));

# I'm too lazy to write the rest... good luck ... :)



Yay for programming experience :D

heres the link for whats causing all this timeleft crap http://www.fpsbanana.com/scripts/2704 your welcome :P

It's an everlasting war between the black-hat hackers and the white-hat hackers.

The wannabe script kiddies are cannon fodder.

And computer science advances...

well i hope they make a campaign to get rid of that script :P i hate server crashes =(

Okay I updated my script...

Nothing fancy. Just a starting point. You can use whatever database you prefer. I was using dictionaries and tuples to store the userid and timediff integers.

TODO: More state control.

NOTE: DO NOT FIRE THIS BITCH UP, THE LOGIC IS WRONG! I need to fix that once I stop being lazy.

import es;
import time;

# Set these values to your preference.
# floodthresh requests in timeforflood seconds...

floodthresh = 5;
timeforflood = 10;

cl = dict();

def es_client_command(event_var):

if(str(event_var['command']) == 'timeleft'):


userid = event_var['userid'];


ct = abs(time.time());


if(not(cl.has_key(userid))):



cl[userid] = (1, ct);



return;


tdiff = cl.get(userid)[1] - ct;


cl[userid] = (cl.get(userid)[0] + 1, ct);


if((cl.get(userid)[0] > floodthresh) and (tdiff <= timeforflood)):



es.tell(userid, "Banned for flooding timeleft (%i requests in % secs)." % (cl.get(userid)[0], tdiff));



es.server.queuecmd("banid %i %s" %(0, userid, ));


elif((cl.get(userid)[0] < floodthresh) and (tdiff > timeforflood)):



cl[userid] = (0, 0);



return;

Autobanning :P Theres this guy i know thats amazing with scripts, and he has like basically a hack proof server. anyone who changes there name more then 3 times on a server, is auto kicked, anyone without a name, is auto kicked. and they have some sort of auto ban system where, if anyone tries rcon, once, and gets it wrong, is perma banned, and also alot of other cool stuff :P

Autobanning :P Theres this guy i know thats amazing with scripts, and he has like basically a hack proof server. anyone who changes there name more then 3 times on a server, is auto kicked, anyone without a name, is auto kicked. and they have some sort of auto ban system where, if anyone tries rcon, once, and gets it wrong, is perma banned, and also alot of other cool stuff :P

Apoc you should use your hacking skills for good:)

DON'T JOIN THE DARK SIDE! RESISTANCE!

Also, who is this guy? Link me!

yea he sounds cool

If you give Zero the time that this occurred, he can track whoever did it and permanently ban him.

If you give Zero the time that this occurred, he can track whoever did it and permanently ban him.

That's wonderful and everything, but you're talking about reactive measures.

I'm talking about proactive measures (i.e. prevent the attacker from bringing down the server in the first place).

This isn't the first timeleft flood attack, and it will not be the last.

That's wonderful and everything, but you're talking about reactive measures.

I'm talking about proactive measures (i.e. prevent the attacker from bringing down the server in the first place).

This isn't the first timeleft flood attack, and it will not be the last.

proactive ftw

That's wonderful and everything, but you're talking about reactive measures.

I'm talking about proactive measures (i.e. prevent the attacker from bringing down the server in the first place).

This isn't the first timeleft flood attack, and it will not be the last.

I know, but unless you do the scripting yourself, since I'm too lazy, and Zero and Jigsaw are usually too busy, that's the next best thing.