CRITICAL UPGRADE: Soldat Dedicated Server 2.5.4

[EnEsCe]

As some of you may be aware, an exploit was discovered earlier today which allows skiddies to send poisoned strings to ANY Soldat Dedicated Server and download your soldat.ini file, aswell as ANY other file on the system hosting the Soldat Server.

Download Link: http://enesce.com/go.php?id=23 [/color]

If you run a Dedicated server, you MUST download and install this fix A.S.A.P!
And change your admin password while you are at it.


Addendum: Choose a new admin password when you upgrade; over 100 servers are known at this time to have had the admin password stolen.

[Clawbug]

Good job there.

[khoacalacan]

EnEsCe is always there when theres serious trouble in soldat. Good Job!

[EnEsCe]

I forgot to mention, this also includes a fix for the invisible pants cheat.

[deevus]

Well I'm glad I could help prove the "invisble pants" trojan was a coverup.

[EnEsCe]

Well I'm glad I could help prove the "invisble pants" trojan was a coverup.

Its not a cover up, lurk the forums more.

[Replica]

I don't think this'd be just me, but apparently since I loaded this version up it shows everyone in the f1 screen is registered, when not everyone there is... 

Pretty minor bug, but still. 

[deevus]

Well I'm glad I could help prove the "invisble pants" trojan was a coverup.

Its not a cover up, lurk the forums more.

The reason I called it a cover up was that the hacker told you that was how they retrieved the passwords, which isnt the case. I am aware that the invisible pants program could retrieve such information, but it was used to cover up (by the hackers) that there was another exploit being used.

[Toumaz]

Well I'm glad I could help prove the "invisble pants" trojan was a coverup.

Its not a cover up, lurk the forums more.

The reason I called it a cover up was that the hacker told you that was how they retrieved the passwords, which isnt the case. I am aware that the invisible pants program could retrieve such information, but it was used to cover up (by the hackers) that there was another exploit being used.

Then explain to me how the registration keys were stolen. Unless that file download exploit could download registry values showhow, it was on behalf of the skin hack trojan.

[Replica]

That trojan has nothing to do with the problem that deevus is talking about.  If it was the trojan, how could a server fix clear that up?  Look at what NSC wrote in the first line there... this server version fixes an exploit that allows for files to be downloaded from the server. 



But yes, another problem in 2.5.4 is that in DeathMatch all player names in the f1 screen are erroneously the same colour. 

I'm not sure if this has been the case since 2.5.3 since GA never upgraded to that version. 

[Toumaz]

But yes, another problem in 2.5.4 is that in DeathMatch all player names in the f1 screen are erroneously the same colour. 

Indeed, and all players got a star next to their name no matter if they registered or not.

[chrisgbk]

Well I'm glad I could help prove the "invisble pants" trojan was a coverup.

Its not a cover up, lurk the forums more.

The reason I called it a cover up was that the hacker told you that was how they retrieved the passwords, which isnt the case. I am aware that the invisible pants program could retrieve such information, but it was used to cover up (by the hackers) that there was another exploit being used.

Then explain to me how the registration keys were stolen. Unless that file download exploit could download registry values showhow, it was on behalf of the skin hack trojan.

He's not saying that that trojan -didn't- do anything; it did. He's saying that it was used as a cover story behind the real way all the -admin- passwords were stolen; which it was.

[Toumaz]

Well I'm glad I could help prove the "invisble pants" trojan was a coverup.

Its not a cover up, lurk the forums more.

The reason I called it a cover up was that the hacker told you that was how they retrieved the passwords, which isnt the case. I am aware that the invisible pants program could retrieve such information, but it was used to cover up (by the hackers) that there was another exploit being used.

Then explain to me how the registration keys were stolen. Unless that file download exploit could download registry values showhow, it was on behalf of the skin hack trojan.

He's not saying that that trojan -didn't- do anything; it did. He's saying that it was used as a cover story behind the real way all the -admin- passwords were stolen; which it was.

Ah sorry, misunderstood it then.

[HEX]

I thought my servers were hacked and changed the password twice. Thank you very much

[The Bone Collector]

EnEsCe....I don't mean to be rude...but....

Were you in a hurry to release the new dedicated server.....cause you seem to be releasing alot of bug fixes and stuff....Maybe you should revise your code a bit more before you release.....This might make server owners a little less antsy when using your program....

[FliesLikeABrick]

EnEsCe....I don't mean to be rude...but....

Were you in a hurry to release the new dedicated server.....cause you seem to be releasing alot of bug fixes and stuff....Maybe you should revise your code a bit more before you release.....This might make server owners a little less antsy when using your program....

Overall, the new server versions have been much more complete and bug-less than they were before he started maintaing the server.  The hackers are just getting better at finding and exploiting bugs.

The other difference is that a lot of these updates he's releasing contain many anti-hacks.  Before EnEsCe took over, these hacks would have had little or nothing done to prevent them being used, and it wouldn't have happened before a new version of Soldat is out.  He's releasing new servers more often to help keep up with new hacks and exploits being found in Soldat.  Only of the many things addressed in these updates have been attacks through the server itself, the rest have been the additions of anti-hacks

Lastly, he added in the entire scripting engine for 2.5.2 and has been constantly updating that and adding new features.  There's nothing wrong with making more release of the server if it means increasing the quality and adding tons of new features...

[The Bone Collector]

Ahh....My mistake....I thought the frequent releases were to cover his ass for being careless. Simple mis-understanding.
But, this goes without saying.....There is still alot of bugs in the code....right? (not that this is EnEsCe's fault....). It's alot of work....but is there ANY way that you could rewrite the coding, from scratch? Maybe this might take the work out of searching for bugs. From what I have read in the forums over the last 2 years I've prowled here....MM fucked up badly with the original netcode in Soldat, and the Dedicated server....So a new netcode from scratch might not be a bad idea.

EnEsCe....A little suggestion....why don't you write a program to go with the dedicated server, that auto-updates everytime you release a new version....This could make it ALOT easier for server owners, and other people who use the dedicated server.

[FliesLikeABrick]

Ahh....My mistake....I thought the frequent releases were to cover his ass for being careless. Simple mis-understanding.
But, this goes without saying.....There is still alot of bugs in the code....right? (not that this is EnEsCe's fault....). It's alot of work....but is there ANY way that you could rewrite the coding, from scratch? Maybe this might take the work out of searching for bugs. From what I have read in the forums over the last 2 years I've prowled here....MM ****ed up badly with the original netcode in Soldat, and the Dedicated server....So a new netcode from scratch might not be a bad idea.

EnEsCe....A little suggestion....why don't you write a program to go with the dedicated server, that auto-updates everytime you release a new version....This could make it ALOT easier for server owners, and other people who use the dedicated server.

1) He has been cleaning up MM's code ever since he took over the Dedicated server from MM
2) He plans to add something like that since we're working on a new lobby.  We're going to add something that will have it check periodically, and the lobby will say if there is a new version available

[iDante]

so basically MM is god and enesce is jesus?

yes, any server I go on says that everyone is registered and all have little stars.

[FliesLikeABrick]

I don't think this'd be just me, but apparently since I loaded this version up it shows everyone in the f1 screen is registered, when not everyone there is... 

Pretty minor bug, but still. 

so basically MM is god and enesce is jesus?

yes, any server I go on says that everyone is registered and all have little stars.

But yes, another problem in 2.5.4 is that in DeathMatch all player names in the f1 screen are erroneously the same colour. 

Indeed, and all players got a star next to their name no matter if they registered or not.

see this thread: http://forums.soldat.pl/index.php?topic=11674.msg131529#msg131529