OldUnreal (Engine)

xCoop 1.5 has just been released by Pcube. He is going away to college (lol) so he will be inactive at the most to 3 months.

Check it out here www.freewebs.com/unrealpcube

Crashware alert!

Servers that are running this software allow it's administrators to crash a players Unreal client. This can cause problems if the admin is immature, if the server has been hacked or maybe just if the admin as a bad mood. This is not the only software with this kind of 'features' but I don't like this kind of crashware.

Here is the resposible code, as visible in the xCoop.u file:

I agree with Hyper. If anyone wants to be crash-proof from this mod send me an e-mail at: Smartball@smartball-unreal.com

lol...wait till Pcube hears about this

lol...wait till Pcube hears about this

Nothing funny about it. Since PCube wrote it I'm sure he is well aware. It's code like this, that ruin the game for others. It's a shame people must stoop to such levels.

lol...wait till Pcube hears about this

Nothing funny about it. Since PCube wrote it I'm sure he is well aware. It's code like this, that ruin the game for others. It's a shame people must stoop to such levels.

i have to agree here. This kind of crash is not harmless, thats not really funny anymore, although some players need some kind of "punishment" for behavior on some servers. I loved the possibility years ago from HbG which allowed me to set the players fire button to "exit"

What's the big deal I have had this done to me before all it does is close Unreal. You can just open it right back up. XCoop is very customizable if you don't like one of the functions just take it out of the admin authority table. There are many mutators that do the same thing as well that I have seen so even if someone is using a different gametype it doesn't mean they can't do the same thing.

lol

What's the big deal I have had this done to me before all it does is close Unreal. You can just open it right back up. XCoop is very customizable if you don't like one of the functions just take it out of the admin authority table. There are many mutators that do the same thing as well that I have seen so even if someone is using a different gametype it doesn't mean they can't do the same thing.

Of course, but that is not the question here. No admin should be allowed to simply crash someone, for whatever reason. As already mentioned above, simply exit the game if really necessary (and even that is already questionable), but don't crash it. Its simply bad behavior, and as already explained, it can cause system trouble as well. Regarding how it is done, its something more or less equal like nuking or DOS'ing a pc, so it can and must be considered as net attack. That unreal can be abused by something like that is worse enough.
If the only reaction of Pcube is "LOL" about this, I only can hope that more people will not using it, whats a pitty, because its maybe a very good mod, and it was surely a lot of work.
But still many people are not aware about such problems, and are simply victims of that. I had more than enough examples of what could happen if some admin abuses something like that in the past.
So its fully ok in my eyes that people criticize this, because if some not so well aware player gets the feeling of being "hacked" in such a manner, they will blame Unreal for it, and not the mod.
If you tolerate that, the next step will be maybe to plant some kind of virus on the pc, or to delete some system data, to flood the hard disk until its full, or whatever you like. Where is the end of that? Any admin must be able to protect his server, no question, but its about how it is done.

Well i agree with 9svn6 here...cause i've had it done to me to...on a crappy Windows 98 and nothing happened except Unreal closing...that was it. And the person that did it to me was myself I haven't met any noob admin that crashes ppl for the hell of it using xCoop.

Also just bout every server i know has already switched to this awesome Game Type

And JackRabbit told me the other day that it was him who made the command Debug Eatmem so blame him not Pcube lol

I haven't met any noob admin that crashes ppl for the hell of it using xCoop.

Really? Oh...! I'm so happy for you that you've never met a bad admin yet!

And its not about blaming someone here, you completely missed the point.

Smirftsch... you're talking to a CHILD... what do you expect?

Smirftsch... you're talking to a CHILD... what do you expect?

No idea, maybe its because I spend a lot of time teaching people to be aware of such things...can't help it

But i thought a while about it, and maybe I can explain it this way:

Why do you think especially this command was used? Why not using "debug crash" instead? Or "Exit"? The author, whomever it was now (I really don't care) knew exactly that this command can be potentially dangerous and may lock up the complete system or other running programs and tasks.

Think about this scenario: Your own server gets hacked, and the hacker randomly crashes everyone who is playing at your server. Someone gets locked up, and loses a lot of work currently open. He contacts your provider because of Netabuse and your ISP kicks you out (no idea what else the law "provides" in the USA in this case).

Or this: Your server is being crashed somehow because of such a script. But you rent it somewhere, and you need to phone them to restart the machine because no remote access is possible anymore. This happens- as usual- on a weekend....

there are countless scenarios which I could tell here now, just think a lil while about it, and maybe then you'll see what this is about, and why this is discussed at all here.

I've been crashed several times, not by XCoop but with similar tools, also at Pcube's server, with Pcube's mod (Idiot curse if I'm correct) by Pcube himself. Well, this was a long time ago and he apologised. But it's not limited to Pcube. Some INF server also had an admin who liked to crash clients and mess with ini files. (Binding essential keys to suicide and stuff like this) A long time ago I just out curiosity did a search for any .uxx (cache) files containing the text "debug crash" and I was surprised by the number of hits.

Issues like this really are old as dirt. I don't have problems with anyone but I think players should be aware of the this, and developers should no longer include this kind of crap into their software.

Over the years I learned a few basic protections like aliasing unwanted functions, maintaining files as read-only and not including sensitive passwords and of course having a backup. But these measures are of course not enough for a good defense. From a security standpoint the Unreal client is a laugh. The Unreal client is just a slave to the server and executes any destructive code. It's simply not designed with security in mind. It would be nice to have a 'firewall' option where you need to give permission before a command gets executed: "Xcoop.whatever tries to execute the command at your client. Do you permit this action (yes/no) [x] remember choice".

But as long we don't have this kind of client protections, I just kindly wanna ask developers to not include these unwanted functions in their code. It's hacking, it's unwanted and it's even illegal. And it's not helping the Unreal community in any way.

such commands as debug eatmem won't be supported by 227 anyway, and this was already included (or more excluded) before this discussion started, but that doesn't change the real problem, unfortunately

such commands as debug eatmem won't be supported by 227 anyway, and this was already included (or more excluded) before this discussion started, but that doesn't change the real problem, unfortunately

Debug is only the smallest problem. More serious abuse is possible with commands to change INI settings, overwrite files and farm for passwords.

Allow me to first state that my previous response, "lol," was given at a time where I was simply too tired to give a full answer. Having said that, I have taken your accounts into consideration and I'm nullifying the commands ForceCommand and CrashID altogether in the next release of xCoop. Contrary to what some have said, here, I HAVE seen a couple instances of flagrant admin abuse involving these commands.

As for my server, however, I use the commands responsibly (ie someone wants to change their "face texture" but doesn't know how, I'll reconnect them with ?Face=whateveritis) Occasionally it's beneficial to everyone to issue a command in the context of the client, but I definitely see where abuse can occur. Indeed, as of late, a couple of my administrators fall subject to this claim.

I'm going to build off of what you have said and add my own rhetoric:

No good Unreal player should have their game frozen or binds reset.

From my point of view, Unreal has had its fair share of jerks over the years (Packleader, Father Tim etc.) and in all honesty they deserve to have their installations thrown into the furnace. I'm not a very tolerant person when it comes to people like this.

Also, allow me to point out that any misuses of these commands are not my fault. I am simply providing a tool - whether an admin goes berserk and decides to start crashing people, that is his or her choice, not mine. A similar incident happened with my "xconsole" console, in which a certain player went around spamming, got banned from various servers, and ended up placing the blame on me... The issue is very similar to gun control. I can legally sell the guns, and if you pull the trigger, I did not force you.

Points taken, I am very glad that nobody here attacked me as a person for including such commands, but rather the gametype. I'm sure that at times each of you has also thought of crashing a certain very problematic player - it's human intuition. Anyways, thank you for that.

xCoop 1.6 will have these commands removed.

I'd just like to point out that you can limit what your generic client-side consolecommand function can do to a client. It isn't even difficult. You could just make it auto-reject any strings beginning with "debug" for starters. Limiting the functionality of 'set' is harder if you want it to still be able to do stuff (e.g. "hey check out this cool command!" ), but it'd still be trivial to prevent 'set input', or prevent 'get input' from being used for password mining.

Wow. I seriously don't understand why the heck you people are so concerned. Sure, debuging someone is a mean thing to do. I've had it happen to me at least 10 times (thank you Red-Horned-Murderer, for contributing to most of those). Usually, it just shut off my Unreal. My computer is a piece of bull %*&$, but it's still perfectly fine. You guys are making too big a deal of this.

Well for one thing it's possible to make unreal unplayable using similar commands. It's nothing a total reinstall won't fix (or a simple INI delete for most), but it is possible to make unreal crash on startup. Also, as discussed, it's possible to steal adminlogin passwords. Crashing a server is ridiculously easy if you have admin, and again, it's possible to make it unplayable.

Debug eatmem supposedly has a lot of huge potential risks, but I don't know much about them. I've been debugged and I haven't faced any real problems, but I have heard of some people getting really messed up from it.

Smirftsch... you're talking to a CHILD... what do you expect?

Admin-Edit: you may be upset because of this comment, but this does not justify such behavior.

It's nice to see that future XCoop versions will no longer have these unwanted functions. Thanks for listening there. GL with the programming.

Smirftsch... you're talking to a CHILD... what do you expect?

Admin-Edit: you may be upset because of this comment, but this does not justify such behavior.

Yeah sorry bout that...i had a bad day and this little comment just made it worse

Lol, shivaxi got owned