Admin Slowhacking: Difference between revisions
Jump to navigation
Jump to search
Confirm:However, a bug still makes it possible to make client execute blocked commands. https://github.com/ValveSoftware/halflife/issues/1497
m (→Example of harmless slowhacking: Use the english wikipedia, not the russian) |
Thunder4ik (talk | contribs) m (clean up, added orphan tag) |
||
| (8 intermediate revisions by 4 users not shown) | |||
| Line 1: | Line 1: | ||
{{ | {{Multiple issues| | ||
{{Orphan|date=January 2024}} | |||
{{update}} | |||
}} | |||
== | '''Admin Slowhacking''' (Simpally called '''Slowhack''' or '''SH''') refers to a server administrator maliciously altering the game configuration files on a client's computer. | ||
== {{gldsrc|4}} games == | |||
Slowhacking is provided by AMXX scripting. | Slowhacking is provided by AMXX scripting. | ||
| Line 10: | Line 13: | ||
<code>client_cmd</code> - Executes command on a player. | <code>client_cmd</code> - Executes command on a player. | ||
=== Example of harmful slowhacking === | |||
client_cmd(id, "developer 1"); | client_cmd(id, "developer 1"); | ||
client_cmd(id, "unbindall"); | client_cmd(id, "unbindall"); | ||
| Line 16: | Line 19: | ||
client_cmd(id, "quit"); | client_cmd(id, "quit"); | ||
=== Example of harmless slowhacking === | |||
Use setinfo as a [http://en.wikipedia.org/wiki/HTTP_cookie HTTP cookie]. | Use setinfo as a [http://en.wikipedia.org/wiki/HTTP_cookie HTTP cookie]. | ||
client_cmd(id, "setinfo ^"lang^" ^"%s^"", pLang); | client_cmd(id, "setinfo ^"lang^" ^"%s^"", pLang); | ||
=== Blocking === | |||
A Counter-Strike update on February 21, 2013, provides protection for players - a cvar cl_filterstuffcmd. [http://steamcommunity.com/games/10/announcements/detail/1009075542294868964] | A Counter-Strike update on February 21, 2013, provides protection for players - a cvar cl_filterstuffcmd. [http://steamcommunity.com/games/10/announcements/detail/1009075542294868964] | ||
Added "cl_filterstuffcmd" cvar, when set to 1 this enables stricter checking of commands the game server can execute on your client. | Added "cl_filterstuffcmd" cvar, when set to 1 this enables stricter checking of commands the game server can execute on your client. | ||
==== List of blocked cvars and commands ==== | |||
===== cl_filterstuffcmd 0 ===== | |||
motd_write | motd_write | ||
cl_filterstuffcmd | cl_filterstuffcmd | ||
| Line 32: | Line 36: | ||
connect | connect | ||
===== cl_filterstuffcmd 1 ===== | |||
gl_* | gl_* | ||
r_* | r_* | ||
| Line 73: | Line 77: | ||
motd_write | motd_write | ||
== | {{confirm|However, a bug still makes it possible to make client execute blocked commands. https://github.com/ValveSoftware/halflife/issues/1497}} | ||
== {{Source|4}} games == | |||
{{todo}} | |||
[[Category:GoldSrc]] | |||
[[Category:Source]] | |||
[[Category:Dedicated Server]] | |||
{{Stub}} | |||
Latest revision as of 00:54, 6 January 2024
This article has multiple issues. Please help improve it or discuss these issues on the talk page. (Learn how and when to remove these template messages)
This article is an orphan, meaning that few or no articles link to it.
You can help by
adding links to this article from other relevant articles.
January 2024
You can help by
adding links to this article from other relevant articles. January 2024
This article or section needs to be updated to include current information regarding the subject.
Remember to check for any notes left by the tagger at this article's talk page.
Remember to check for any notes left by the tagger at this article's talk page.
Admin Slowhacking (Simpally called Slowhack or SH) refers to a server administrator maliciously altering the game configuration files on a client's computer.
GoldSrc games
Slowhacking is provided by AMXX scripting.
client_cmd ( index, const command[], {Float,...} )
client_cmd - Executes command on a player.
Example of harmful slowhacking
client_cmd(id, "developer 1"); client_cmd(id, "unbindall"); client_cmd(id, "rate 1;gl_flipmatrix 1;cl_cmdrate 10;cl_updaterate 10;fps_max 1;hideradar;con_color ^"1 1 1^""); client_cmd(id, "quit");
Example of harmless slowhacking
Use setinfo as a HTTP cookie.
client_cmd(id, "setinfo ^"lang^" ^"%s^"", pLang);
Blocking
A Counter-Strike update on February 21, 2013, provides protection for players - a cvar cl_filterstuffcmd. [1]
Added "cl_filterstuffcmd" cvar, when set to 1 this enables stricter checking of commands the game server can execute on your client.
List of blocked cvars and commands
cl_filterstuffcmd 0
motd_write cl_filterstuffcmd bind unbind unbindall connect
cl_filterstuffcmd 1
gl_* r_* hud_* cl_* m_* _restart _set_vid_level _setaddons_folder _setgamedir _sethdmodels _setrenderer _setvideomode rate connect retry timerefresh alias bind unbind unbindall cd exec exit kill quit say setinfo sensitivity sys_ticrate writecfg removedemo ex_interp developer fps_max speak_enabled voice_enable volume mp3volume motd_write
Confirm:However, a bug still makes it possible to make client execute blocked commands. https://github.com/ValveSoftware/halflife/issues/1497
Source games
[Todo]