SRCDS Steam group


Server Cpu Overload Script
#1
Rolleyes 
Hello


Here is my best guess and what is happening, someone is coming into the server and runing a script and then leaving because I have kicked everyone from the server so its empty and the cpu still hangs and the ping is 800+. What the exploit is doing is it is making the cpu's process hang at 50% (dual cpu, 50 would be using one cpu max). The only way to fix it is reset the server itself which is not an option to reset every 5min when this individual can just easily come back in. Another theory is it is being done remotely but no log's on the box itself show this, it is NOT a dos attack and everything shows up fine. No logs on the server show up as somebody doing something, I am not sure if logs can detect every specific command and client types in console but nothing has showed up. This box is dual xeon 3.2's with 2gigs of memory runing windows server 2003 (latest patches..ect). My provider has never seen anything like this before and he is 100% this is an exploit of some sort as it is being directed to my server only and no other clients on the machine are experiencing this. Here is what we have tryd out thus far.

1. Reinstall just the basic css source dedicated files, after about 20min the individual came back and it started happening again.

2. Moved everything to a new IP, after about a day it started happening again.

3. Moved it to a third IP(amd machine) after about 2 days it started happening again.

My prodiver along with servercentral have looked at the graph and logs and NOTHING has shown up.


So this cannot be pinned to one single person because there is no evidence or anything that shows who is doing this.

My honest opinion is this must be some new exploit that came with the last major update and this must be connected with the problem people are having with there cpu utilizing 100% cpu.

I cannot run my server anymore (ranked 3rd in the US) which is a shame because so much time and money and been placed into it.

I spoke with other top server's and they have experienced the same issues.

If there is anything els I can do to help resolve this issue then by all mean's tell me.

Thank you
Reply
#2
hmmm.. this might be an exploit.. i haven't heard of it.. you should post this exact thing on the hlds list... sign up for that, and hopefully alfred from valve isn't on vacation and he can look into it..

link to sing up for the list. http://list.valvesoftware.com
Reply
#3
*UPDATE* Somebody has just brough this up to my attention that this "could" be the issue reguarding the server cpu to hang.

"it's a cvar command called "mat_slopescaledepthbias_normal .001" It's the wallhack that's been out there and he said when spammed the server doesn't know how to proccess it or something along those lines and screws the server up. He is 75% sure what it is because it's been happening on other servers

the server processes the weird code too fast and valve has not disabled it yet, so it seems. He's not sure how the command works, but again he says when spammed it messes the proccesses up.


Thanks for the advice skeletor, will go do that right now.
Reply
#4
yea i have heard a little about that cvar, haven't heard of it makin the server over load itself, but that doesn't mean it isn't. lol.

and also just to post this out there, there was an update for source servers today. alfred announced it on the list, so hes not away Smile
Reply


Forum Jump:


Users browsing this thread: 2 Guest(s)