SA-MP Forums

Go Back   SA-MP Forums > SA-MP Server > Server Support

Reply
 
Thread Tools Display Modes
Old 18/07/2018, 07:43 AM   #1
iLearner
Gangsta
 
iLearner's Avatar
 
Join Date: Apr 2017
Posts: 570
Reputation: 117
Default NPC exploit.

Hello,

Recently server's been target of a few retards (the usual retards) that are somehow using a NPC exploit to connect to the server as NPCs, as my server is based on NPCs (zombies) that means the player won't get damaged nor can be banned, but I tried every solution via the script (even with pawn.raknet) but somehow they can still connect and do whatever they want.

The only valid solution I could find was setting maxnpc limit to the number of zombies (NPCs) I use, means no more NPCs will be allowed, but I need another solution as I've got several events in my server that require NPCs to connect and disconnect during the event.

How can someone even do that?

Code:
[14:44:38] [connection] incoming connection: 176.231.72.244:64068 id: 15[14:44:38] 
[npc:join] Darren_Blacks has joined the server (15:176.231.7$)
connection] incoming connection: 176.231.72.244:50726 id: 19
[08:04:00] [npc:join] Darren_Blacks has joined the server (19:176.231.7$[08:04:30]
Note the IP as well, in connection message its kind of altered?
iLearner is online now   Reply With Quote
Old 18/07/2018, 07:52 AM   #2
NaS
High-roller
 
NaS's Avatar
 
Join Date: Mar 2008
Posts: 1,482
Reputation: 451
Default Re: NPC exploit.

Kick/ban any NPC that is not connecting from 127.0.0.1 or 255.255.255.255 (FCNPC), if the IP returned by GetPlayerIp doesn't help, FCNPC_IsValid should work perfectly fine as the NPCs that connect from this exploit won't be FCNPCs.

If neither of this helps choose cryptic names for your NPCs and instantly block any packets from NPCs that connect with any other name and ban the IP. Basically a whitelist by name with names that are impossible to guess. But that shouldn't even be neccessary.

Also the maxnpc value can be changed during runtime, so you could adjust it as needed (as a workaround).
NaS is offline   Reply With Quote
Old 18/07/2018, 08:00 AM   #3
iLearner
Gangsta
 
iLearner's Avatar
 
Join Date: Apr 2017
Posts: 570
Reputation: 117
Default Re: NPC exploit.

Quote:
Originally Posted by NaS View Post
Kick/ban any NPC that is not connecting from 127.0.0.1 or 255.255.255.255 (FCNPC), if the IP returned by GetPlayerIp doesn't help, FCNPC_IsValid should work perfectly fine as the NPCs that connect from this exploit won't be FCNPCs.

If neither of this helps choose cryptic names for your NPCs and instantly block any packets from NPCs that connect with any other name and ban the IP. Basically a whitelist by name with names that are impossible to guess. But that shouldn't even be neccessary.

Also the maxnpc value can be changed during runtime, so you could adjust it as needed.
I already tried methods above except FCNPC_IsValid, I'll try to use that.
About changing maxnpc on runtime, do you mean by using the plugin by kurta? It crashes my server after a few hours somehow...
iLearner is online now   Reply With Quote
Old 18/07/2018, 08:04 AM   #4
NaS
High-roller
 
NaS's Avatar
 
Join Date: Mar 2008
Posts: 1,482
Reputation: 451
Default Re: NPC exploit.

Quote:
Originally Posted by iLearner View Post
I already tried methods above except FCNPC_IsValid, I'll try to use that.
About changing maxnpc on runtime, do you mean by using the plugin by kurta? It crashes my server after a few hours somehow...
No, just use SendRconCommand. The server var is not read-only so you can change it any time.

Code:
SendRconCommand("maxnpc 500");
Also, what does GetPlayerIp return? The IP from the logs or 127.0.0.1/255.255.255.255?
NaS is offline   Reply With Quote
Old 18/07/2018, 09:15 AM   #5
dugi
Beta Tester
 
Join Date: Jun 2007
Location: Poland
Posts: 4,856
Reputation: 800
Default Re: NPC exploit.

Nothing new, the solution for it is in the gl_npcs filterscript from 2010:

Code:
//-------------------------------------------------
// IMPORTANT: This restricts NPCs connecting from
// an IP address outside this server. If you need
// to connect NPCs externally you will need to modify
// the code in this callback.

public OnPlayerConnect(playerid)
{
	if(IsPlayerNPC(playerid)) {
	    new ip_addr_npc[64+1];
	    new ip_addr_server[64+1];
	    GetServerVarAsString("bind",ip_addr_server,64);
	    GetPlayerIp(playerid,ip_addr_npc,64);
	    
		if(!strlen(ip_addr_server)) {
		    ip_addr_server = "127.0.0.1";
		}
		
		if(strcmp(ip_addr_npc,ip_addr_server,true) != 0) {
		    // this bot is remote connecting
		    printf("NPC: Got a remote NPC connecting from %s and I'm kicking it.",ip_addr_npc);
		    Kick(playerid);
		    return 0;
		}
        printf("NPC: Connection from %s is allowed.",ip_addr_npc);
	}
	
	return 1;
}
dugi is offline   Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
New exploit? No not again please! Pravin Server Support 15 19/12/2014 11:37 AM
New Exploit 0.3z..(HELP) SPA Scripting Help 2 04/09/2014 06:59 PM
Another exploit niCe Server Support 0 30/07/2014 05:38 AM
New Exploit? DJ_Shocker Server Support 26 11/04/2014 08:43 PM


All times are GMT. The time now is 06:39 AM.


Powered by vBulletin® Version 3.8.6
Copyright ©2000 - 2018, Jelsoft Enterprises Ltd.