Comments (11)
Someone nuked by guessing the code
from cev-eris.
If they've gotten 4/6 codes I reckon they've already put considerable effort into blowing up the ship, so if they brute force it let them
from cev-eris.
Let em brute force it lol
from cev-eris.
A topic limit should be introduced regardless, if not specifically a way of stopping people from brute forcing the nuke code. Lots of ways to lag/crash the server by spamming topics.
from cev-eris.
Bullshit , we have topic limited.
from cev-eris.
Bullshit , we have topic limited.
You do not.
from cev-eris.
Bullshit , we have topic limited.
You do not.
Prove it
from cev-eris.
Bullshit , we have topic limited.
You do not.
Prove it
`/client/Topic(href, href_list, hsrc)
if(!usr || usr != mob) //stops us calling Topic for somebody else's client. Also helps prevent usr=null
return
//search the href for script injection
if( findtext(href,"<script",1,0) )
log_world("Attempted use of scripts within a topic call, by [src]")
message_admins("Attempted use of scripts within a topic call, by [src]")
//del(usr)
return
// asset_cache
var/asset_cache_job
if(href_list["asset_cache_confirm_arrival"])
asset_cache_job = asset_cache_confirm_arrival(href_list["asset_cache_confirm_arrival"])
if (!asset_cache_job)
return
// Tgui Topic middleware
if(tgui_Topic(href_list))
return
// if(href_list["reload_tguipanel"])
// nuke_chat()
// if(href_list["reload_statbrowser"])
// src << browse(file('html/statbrowser.html'), "window=statbrowser")
// Log all hrefs
if(config && config.log_hrefs && href_logfile)
DIRECT_OUTPUT(href_logfile, "<small>[time2text(world.timeofday,"hh:mm")]</small>[src] (usr:[usr]\[[COORD(usr)]\]) : [hsrc ? "[hsrc] " : ""][href]")
//byond bug ID:2256651
if (asset_cache_job && (asset_cache_job in completed_asset_jobs))
to_chat(src, span_danger("An error has been detected in how your client is receiving resources. Attempting to correct.... (If you keep seeing these messages you might want to close byond and reconnect)"))
src << browse("...", "window=asset_cache_browser")
return
if (href_list["asset_cache_preload_data"])
asset_cache_preload_data(href_list["asset_cache_preload_data"])
return
//Admin PM
if(href_list["priv_msg"])
var/client/C = locate(href_list["priv_msg"])
if(ismob(C)) //Old stuff can feed-in mobs instead of clients
var/mob/M = C
C = M.client
// its a fucking ckey
if(istext(C))
C = directory[C]
cmd_admin_pm(C,null)
return
if(href_list["irc_msg"])
if(!holder && received_irc_pm < world.time - 6000) //Worse they can do is spam IRC for 10 minutes
to_chat(usr, SPAN_WARNING("You are no longer able to use this, it's been more then 10 minutes since an admin on IRC has responded to you"))
return
if(mute_irc)
to_chat(usr, "<span class='warning'You cannot use this as your client has been muted from sending messages to the admins on IRC</span>")
return
cmd_admin_irc_pm(href_list["irc_msg"])
return
switch(href_list["_src_"])
if("holder")
hsrc = holder
if("usr")
hsrc = mob
if("prefs")
return prefs.process_link(usr,href_list)
if("vars")
return view_var_Topic(href,href_list,hsrc)
if("chat")
return chatOutput.Topic(href, href_list)
switch(href_list["action"])
if("openLink")
src << link(href_list["link"])
if (hsrc)
var/datum/real_src = hsrc
if(QDELETED(real_src))
return
//fun fact: Topic() acts like a verb and is executed at the end of the tick like other verbs. So we have to queue it if the server is
//overloaded
if(hsrc && hsrc != holder && DEFAULT_TRY_QUEUE_VERB(VERB_CALLBACK(src, PROC_REF(_Topic), hsrc, href, href_list)))
return
..() //redirect to hsrc.Topic()
`
I also wrote a very shitty python program recently to try and bruteforce the nuke code, never hit any form of topic limit like you would on TG(~50 topic calls per minute)
from cev-eris.
My dude average eris players aren't writing python programs to brute force the nuke.
from cev-eris.
My dude average eris players aren't writing python programs to brute force the nuke.
That's like saying the average tarkov player doesn't cheat so you don't need to fix vulnerabilities. (There has even been multiple paid hack clients.)There are hundreds of videos on YouTube of people griefing SS13 servers. ~100 topic calls per minute would allow players to brute force the code within reason while stopping outright cheating from taking place.
from cev-eris.
its a shame that if they dont know any number of the code , it'd take them optimistically 5000 minutes(considering they're only doing 50 topic calls per minute) to guess the code , considering theres 500k possibilities and testing all of them would take 11000 minutes
I also like to see actions , not words , so post a video of it and i might as well look into fixing it
from cev-eris.
Related Issues (20)
- Vintorez Doesnt Correctly display extendo mags
- Vagabonds opening accounts doesn't let them create custom vendors HOT 6
- infinite mice
- stepping on glass sends you into a temporary coma HOT 1
- carrion cannot use spider control while handcuffed
- The Sword of Truth Pedestal and swing
- The Sword of Truth Pedestal and tool health HOT 1
- Supermatter shards don't arrive with a crate HOT 6
- Stinger rounds can ricochet hundreds of times
- All DNA and Fingerprints are always the same and preset for ALL crewmembers! HOT 1
- Skeletons turn meat spikes invisible
- Guest pass console works in reverse
- Guest pass console can assign access that the giver ID doesn't have
- Guild can create infinite credits
- SDQL2 is vulnerable HOT 2
- Service Cyborgs can't pick-up fruits. HOT 1
- Shotgun magazines sprites invisible, both as items and when in the gun HOT 1
- Batteryracks have no user input for smaller cells
- Climbing while in mech will broke mech
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from cev-eris.