http://www.youtube.com/watch?v=QillHSGjdoE
Hackers might be able to hijack the connection between a server, but they might not want to target competitive league servers but still be careful.
Not sure if these will help, but use them anyway (unless your league requires you to download files)
cl_allow download 0
cl_allowupload 0
cl_customsounds 0
Disable sprays
Sorry if I posted this in the wrong section, I'm not entirely familiar with this website.
[youtube]http://www.youtube.com/watch?v=QillHSGjdoE[/youtube]
Hackers might be able to hijack the connection between a server, but they might not want to target competitive league servers but still be careful.
Not sure if these will help, but use them anyway (unless your league requires you to download files)
cl_allow download 0
cl_allowupload 0
cl_customsounds 0
Disable sprays
Sorry if I posted this in the wrong section, I'm not entirely familiar with this website.
This needs to be stickied imo.
This needs to be stickied imo.
this exploit is 1 year old and patched in gmod
gg valve
this exploit is 1 year old and patched in gmod
gg valve
This exploit has been about since 2003
This exploit has been about since 2003
sombrezHackers might be able to hijack the connection between a server, but they might not want to target competitive league servers but still be careful.
What? That's not the issue here.
The issue is that server-side plugins can install .dll files to clients and then launch them - think plugins like Sourcemod or Metamod. These are things a server admin has to install manually, a server can't be hijacked unless someone actually gains root access to the server. Not even phishing for an rcon will give them the level of access they need. You'd need either access to the admin panel from a host that lets you mess with plugins, or if they have SSH access you'd need their key.
TL;DR this isn't usually something that can be done from simple hacking or hijacking, this needs to be intentional from the server owner. This is why Valve servers should be okay - because you can trust Valve (le memes). You can't always trust others, so be careful.
In regards to competitive, this is dangerous in situations like TF2Center and UGC, because you don't always know or trust the server you're connecting to. This is not a problem in ESEA because ESEA provides its own servers - or at least, it's not a problem assuming that you trust ESEA.
sombrezNot sure if these will help, but use them anyway (unless your league requires you to download files)
cl_allow download 0
cl_allowupload 0
cl_customsounds 0
Disable sprays
These will not spare you from this exploit, most likely. It might, and if you don't mind the side effects then by all means use these cvars, but I'm fairly certain that an engine-level bug like this would disregard simple cvars.
[quote=sombrez]
Hackers might be able to hijack the connection between a server, but they might not want to target competitive league servers but still be careful.[/quote]
What? That's not the issue here.
The issue is that server-side plugins can install .dll files to clients and then launch them - think plugins like Sourcemod or Metamod. These are things a server admin has to install manually, a server can't be hijacked unless someone actually gains root access to the server. Not even phishing for an rcon will give them the level of access they need. You'd need either access to the admin panel from a host that lets you mess with plugins, or if they have SSH access you'd need their key.
TL;DR this isn't usually something that can be done from simple hacking or hijacking, this needs to be intentional from the server owner. This is why Valve servers should be okay - because you can trust Valve (le memes). You can't always trust others, so be careful.
In regards to competitive, this is dangerous in situations like TF2Center and UGC, because you don't always know or trust the server you're connecting to. This is not a problem in ESEA because ESEA provides its own servers - or at least, it's not a problem assuming that you trust ESEA.
[quote=sombrez]
Not sure if these will help, but use them anyway (unless your league requires you to download files)
cl_allow download 0
cl_allowupload 0
cl_customsounds 0
Disable sprays[/quote]
These will not spare you from this exploit, most likely. It might, and if you don't mind the side effects then by all means use these cvars, but I'm fairly certain that an engine-level bug like this would disregard simple cvars.