BaseJKA Security Fix

Miscellaneous programs and scripts, opensource or not, and sometimes, random mathematical stuff.
Post Reply
User avatar
cybermaniac
Posts: 30
Joined: Tue Apr 10, 2007 12:05 am

Re: BaseJKA Security Fix

Post by cybermaniac » Wed Aug 22, 2007 11:10 pm

under normal circumstances yes, but when you have about 30-40 logs to look through, and them being from different servers, things get slightly complicated.


feel free to contact me on xfire or msn and i can go through the details of this further:

msn: modem7@hotmail.com
xfire: modem7
Admin and Owner of Baskerville Server
87.117.202.147:29070
62.4.74.231:30400

User avatar
Gamall
Hic sunt dracones
Posts: 4146
Joined: Fri May 26, 2006 11:09 pm
Contact:

Re: BaseJKA Security Fix

Post by Gamall » Wed Aug 22, 2007 11:28 pm

If you look daily at the logs of 30 to 40 servers to debunk lamers, then you are even more paranoid than I ever was :lol

I will add the IP to name change logs, but it will be optional (cvar).

Note that you can use tools such as *nix grep or variants of regex to make your daunting task much easier... judicious use of them can replace (and outshine) logs redundancy ;).
{<§ Gamall Wednesday Ida §>}
{ Mods and Programs - Mods TES-IV Oblivion }

User avatar
cybermaniac
Posts: 30
Joined: Tue Apr 10, 2007 12:05 am

Re: BaseJKA Security Fix

Post by cybermaniac » Wed Aug 22, 2007 11:37 pm

Gamall wrote:If you look daily at the logs of 30 to 40 servers to debunk lamers, then you are even more paranoid than I ever was :lol

I will add the IP to name change logs, but it will be optional (cvar).

Note that you can use tools such as *nix grep or variants of regex to make your daunting task much easier... judicious use of them can replace (and outshine) logs redundancy ;).
i have a program already in the works that takes your logs, and sorts them out on IP vs Name.

however, the issue arises when people connect as "padawan" and change later on, thats where my program is currently failing :(

what can i say - im a paranoid little nerd :P
Admin and Owner of Baskerville Server
87.117.202.147:29070
62.4.74.231:30400

User avatar
Gamall
Hic sunt dracones
Posts: 4146
Joined: Fri May 26, 2006 11:09 pm
Contact:

Re: BaseJKA Security Fix

Post by Gamall » Wed Aug 22, 2007 11:53 pm

cybermaniac wrote:i have a program already in the works that takes your logs, and sorts them out on IP vs Name.
That is Good :ouioui
cybermaniac wrote:however, the issue arises when people connect as "padawan" and change later on, thats where my program is currently failing
As a workaround before I add more redundancy, you can track these back through client number: for instance have your prog detect connect statements and extract the ip and client number (easy), and replace every subsequent occurence of ClientUserinfoChanged : N by the same plus the ip corresponding to client N. This will emulate the wanted redundancy.

I think that after the next release I shall make the thing open-source, that way everyone can make that kind of custom modifications to their liking :?
what can i say - im a paranoid little nerd :P
Now I'm really scared :fuite
{<§ Gamall Wednesday Ida §>}
{ Mods and Programs - Mods TES-IV Oblivion }

User avatar
Gamall
Hic sunt dracones
Posts: 4146
Joined: Fri May 26, 2006 11:09 pm
Contact:

Re: BaseJKA Security Fix

Post by Gamall » Sat Sep 08, 2007 12:58 pm

Ok, I am at last resuming work on this thing.

What I intend to do is
  • Clean some parts of my code.
  • Add as many of the requested features as I can and have time to, given my timetable.
  • Rewrite the documentation with GaTeX.
  • When I'm through, I'll make a final build and release the whole source code under the terms of the GNU General Public License, so you can add any other desired feature yourself.
After that, I won't be adding any feature any more, as I stopped playing JKA too long ago :?

I'll still support the mod though, and to some extent help with the code if need be.
{<§ Gamall Wednesday Ida §>}
{ Mods and Programs - Mods TES-IV Oblivion }

User avatar
Gamall
Hic sunt dracones
Posts: 4146
Joined: Fri May 26, 2006 11:09 pm
Contact:

Re: BaseJKA Security Fix

Post by Gamall » Sat Sep 08, 2007 3:17 pm

First off, the 1.0f version for Linux. Identical to 1.0f May 11 07, but for Linux ;)

Just replace the jampgame.so by this one. Test server: 213.251.186.99:29070
Attachments
basejka_Gamalls_fix_10f_linux.zip
(766.64 KiB) Downloaded 367 times
{<§ Gamall Wednesday Ida §>}
{ Mods and Programs - Mods TES-IV Oblivion }

User avatar
Gamall
Hic sunt dracones
Posts: 4146
Joined: Fri May 26, 2006 11:09 pm
Contact:

Re: BaseJKA Security Fix

Post by Gamall » Sat Sep 08, 2007 5:49 pm

Humm... I cannot reproduce the /model jedi_hm/head_a1|head_a1|head_1 bug you mentioned. It yields a seemingly normal human skin, which appears "silver" in the skin selection screen, but that is about it... No invisible skin :?
{<§ Gamall Wednesday Ida §>}
{ Mods and Programs - Mods TES-IV Oblivion }

User avatar
John Preston
Posts: 14
Joined: Thu May 10, 2007 3:08 am

Re: BaseJKA Security Fix

Post by John Preston » Mon Sep 10, 2007 12:22 am

/model jedi_hm/head_a1|head_a1|head_1
Mistake - head_a1

User avatar
John Preston
Posts: 14
Joined: Thu May 10, 2007 3:08 am

Re: BaseJKA Security Fix

Post by John Preston » Mon Sep 10, 2007 12:28 am

also u can try
/model jedi_hm/model_siege|head_a1|torso_a1
Its more weird :)

btw, if u want to prevent new bugs & glitches, dont release source code :D It is not so needfull.
Just make a final version.

User avatar
Gamall
Hic sunt dracones
Posts: 4146
Joined: Fri May 26, 2006 11:09 pm
Contact:

Re: BaseJKA Security Fix

Post by Gamall » Tue Sep 11, 2007 6:40 pm

Ok, I'll test that, I didn't notice the mistake :)

While I'm at it, here is what I've done so far:

Version 1.0f to 1.1 changelog:
  • fixed a false positive: bots were detected as a fake player attack ; although this had no real consequence, it was a source of confusion in the logs.
  • Logs now differentiate connexions from bots and from real players.
  • messages from the dedicated server have been made slightly more visible: the tag is now [SERVER], with colors.
  • :n on the other hand, the /svsay command can't be altered, as it is hard coded into jampded instead of jampgame.
  • The IP is now logged each time somebody changes their names.
  • Added the /(t)ime client command, displaying the local time of the server:
    servertime.PNG
    servertime.PNG (17.25 KiB) Viewed 11380 times
  • Added cvar ga_doNotAllowDualKataSpin, default 0, preventing anyone in a dual kata from spinning like a madman. (slightly buggy, as the screen seems to vibrate when moving the mouse, but it works. I'll improve that if I find a way)
  • Added cvar ga_nameLengthLimit: names will be truncated not to exceed that length. Note that color escape sequences, such as ^1, are not counted.
  • Some ga_* cvars are now marked as serverinfo (external tools can read them).
  • Added the /info client command and ga_serverInfo cvar. /info displays the contents of the cvar. Admins can put rules, etc in there, and any player can read it anytime.
  • Anti model/color change spam/lag: any player can now freely change their info only 50 times per map (unless they reconnect of course). After that, they need to wait three full seconds between each change.
left to do: connection log.
John Preston wrote:btw, if u want to prevent new bugs & glitches, dont release source code :D It is not so needfull.
Just make a final version.
The source code of that jampgame component is already out :D It is what I'm working on :huhu

Besides, security through obscurity (ie. puting your code in a vault hoping nobody will find anything without it) does not work ;)
{<§ Gamall Wednesday Ida §>}
{ Mods and Programs - Mods TES-IV Oblivion }

User avatar
cybermaniac
Posts: 30
Joined: Tue Apr 10, 2007 12:05 am

Re: BaseJKA Security Fix

Post by cybermaniac » Tue Sep 11, 2007 10:28 pm

fantastic work so far

thx
Admin and Owner of Baskerville Server
87.117.202.147:29070
62.4.74.231:30400

User avatar
John Preston
Posts: 14
Joined: Thu May 10, 2007 3:08 am

Re: BaseJKA Security Fix

Post by John Preston » Thu Sep 13, 2007 8:33 am

Great job, thanx.
we'll be waiting...

User avatar
Gamall
Hic sunt dracones
Posts: 4146
Joined: Fri May 26, 2006 11:09 pm
Contact:

Re: BaseJKA Security Fix

Post by Gamall » Sun Sep 16, 2007 10:15 pm

Hello :)

Changes made since last time:
  • Another log file, ga_ConnectLog.txt, listing every connection is now created by the server: for instance

    Code: Select all

    [Sun Sep 16 20:23:02 2007] [========================== SERVER START ==========================]
    
    [Sun Sep 16 20:23:11 2007] Connect :: name(num) = [^5G^7amall ^5W^7ednesday ^5I^7da]( 2) :: ip = [      127.0.0.1] :: userinfo = [COMPLETE USERINFO STRING LOGGED HERE]
    
  • The logs now use real time:

    Code: Select all

    [Sun Sep 16 20:24:03 2007]  Kill: 2 1 3: ^5G^7amall ^5W^7ednesday ^5I^7da killed Desann by MOD_SABER
    [Sun Sep 16 20:24:07 2007]  say: (1)Desann: Impressive, most impressive... but you are not a Jedi yet!
    [Sun Sep 16 20:24:11 2007]  Kill: 2 4 3: ^5G^7amall ^5W^7ednesday ^5I^7da killed Imperial Saboteur by MOD_SABER
Here is a windows build, so you can test the new features of v1.1 on your computer.

At the time, I cannot build it on linux (strange bug with the time functions).
Attachments
GamallFix DEV.pk3
(594.51 KiB) Downloaded 352 times
{<§ Gamall Wednesday Ida §>}
{ Mods and Programs - Mods TES-IV Oblivion }

User avatar
John Preston
Posts: 14
Joined: Thu May 10, 2007 3:08 am

Re: BaseJKA Security Fix

Post by John Preston » Sat Sep 22, 2007 9:07 pm

aha...
any news?

User avatar
Gamall
Hic sunt dracones
Posts: 4146
Joined: Fri May 26, 2006 11:09 pm
Contact:

Re: BaseJKA Security Fix

Post by Gamall » Sat Sep 22, 2007 9:24 pm

John Preston wrote:aha...
any news?
Er, no, I'm waiting for feedback on the test version I have uploaded :?

Most of the changes since v1.0f are features you requested, you know, so I'm waiting for you to confirm that you have tested the thing and that they do work the way you wanted them to before moving on.
{<§ Gamall Wednesday Ida §>}
{ Mods and Programs - Mods TES-IV Oblivion }

Post Reply

Who is online

Users browsing this forum: No registered users and 74 guests