Author Topic: SOLVED: "" is an invalid integer  (Read 593 times)

0 Members and 1 Guest are viewing this topic.

Offline Moroes

  • Soldier
  • **
  • Posts: 147
SOLVED: "" is an invalid integer
« on: August 26, 2017, 03:37:09 pm »
Hi Soldaters,
someone has been busy using an exploit and crashing our servers lately.
Please run this command in your linux console to drop the nasty packet and make your server healthy again.
Code: [Select]
iptables -I INPUT -p udp --dport 23073 -m string --algo kmp --hex-string '|64 29 77 00|' -j DROP
- replace 23073 with the serverport you're using
- I guess windows users gotta use netsh advfirewall/netsh firewall command. Get linux tho.

Credit goes to Helloer, the best soldat developer. Retired unfortunately.

#soldatisdead
#whatisdeadmayneverdie

Offline jrgp

  • Administrator
  • Flamebow Warrior
  • *****
  • Posts: 4959
Re: SOLVED: "" is an invalid integer
« Reply #1 on: August 26, 2017, 04:05:39 pm »
That's good to know. Would be a good idea of the soldatserver could have protection for this sort of attack built in.
Playing Soldat and active on these forums from 2004 - present

Offline helloer

  • Retired Soldat Developer
  • Major(1)
  • ******
  • Posts: 39
Re: SOLVED: "" is an invalid integer
« Reply #2 on: October 21, 2017, 06:19:52 pm »
Someone is now using another variation of this packet to bypass iptables rule. You can use binary patched version of soldatserver (link below) that is not vulnerable to this bug(technical info: replaced the call to the broken function with NOP - 0x00025ae5 e876f7ffff => 9090909090 0x00025ae5).

There is also another bug in the admin protocol that causes high cpu usage/lags on the server. How it works? By sending packet to adminport without \n (newline) at the end of packet.... Sadly i can't binary patch that so for now you can disable adminport by setting Admin_Password to null (disables adminport) or to create whitelist for adminport using iptables:

Quote
iptables -A INPUT -p tcp -s ADMINIP --dport 23073 -j ACCEPT
iptables -A INPUT -p tcp -s ADMINIP2 --dport 23073 -j ACCEPT
iptables -A INPUT -p tcp -s 0.0.0.0/0 --dport 23073 -j DROP

(rename soldatserver.h to soldatserver)

Offline ezanolin

  • Major(1)
  • Posts: 1
Re: SOLVED: "" is an invalid integer
« Reply #3 on: November 15, 2017, 01:04:17 pm »
Thank you for your help and the patched ELF, however it segfaults on my server. possibly because I run 64 bit Linux with 32 bit libs. I watched for packets from outside and came up with an additional rule for users with similar problems. Here are the 2 firewall rules that I am using

Code: [Select]
iptables -I INPUT -p udp --dport 23073 -m string --algo kmp --hex-string '|64 29 77 00|' -j DROP
iptables -I INPUT -p udp --dport 23073 -m length --length 1 -m string --algo kmp --hex-string '|64|' -j DROP

I strongly suspect that there will be other packets that could crash the server but for now this is working for me. As of today the packets are coming from 35.196.253.60. Looks like the server list is scanned an then the servers are attacked. My server was brand new never on the internet before and it crashed within minutes of going up.

GeoIP shows the following

35.196.253.60   US   Mountain View,
California,
United States,
North America   94043   37.419200000000004,
-122.0574   1000   Google Cloud   Google Cloud

Probably some Google services user being an a$$, seriously people need better hobbies. When can we expect an officially released binary patch? (ie available on downloads page) I cant imagine this issue is good for the community.

All the best.
Enrico Zanolin