Tribes RPG has many security vulnerabilities on it. On this page you can download a copy of the Tribes RPG scripts with those vulnerabilities patched.
Hack fix
Simply over-write the scripts.vol in your RPG folder with the one in that zip.
For extra protection, (requires hack fix version 1.1 and up) open up the rpgserv.cs in your config folder in a plain text editor like notepad and at the bottom of the file put the following: $phantomremoteevalfix = "CHANGETHIS";
Substitute CHANGETHIS with ANYTHING ELSE. No spaces in what you decide to use, though.
Extra optional rpgserv.cs lines:
$extrainfo = "some words"; // Change "some words", except leave the quotes there, to whatever you want to show in your server info, (what comes up when someone has your server selected and clicks the "Info" button). What you choose will appear second line and below (the first line is, by default, reserved). Unfortunately there is a built in limit to how much you can put in Tribes so you can't, for example, put this entire paragraph in there. Something more sizeable however, like "The quick brown fox jumps over the lazy dog." will work fine.
$ferryObject = "KL_longship"; // Changes the object used as a ferry, default is "raft_b", while "KL_longship" is what I use in my server. It's a sail boat. Really you can use any dts object as your ferry, even a tree ($ferryObject = "tree1";).
$bannedip[1] = ""; // Ban IPs with these variables. Supports partial matches (so you can put in the first two octets and ban a range of IPs). This is a particularly fun way to ban people, because it allows them to connect once, but immediately kicks them and then bans them for real.
News:
Monday, April 5, 2011: Version 1.8.1 released. Changes:
Music now ends instantly when exiting a zone (repack users only).
Music now begins soon after entering a zone.
Keybinds (#set) are now included, some for all users and some (numpad) just for repack users.
Monday, February 7, 2011: Version 1.8 released. Changes:
Several significant hacks fixed, most or all were not well known.
Added a small new feature; Repack users get a special base skin.
Saturday, August 14, 2010: Version 1.7.8 released. Changes:
Minor server side documentation changes related to Repack.
Friday, August 06, 2010: Version 1.7.7 released. (in Repack 6 only) Changes:
Changes in comchat to refer to attacks as "exploit" rather than "hack", lessening the ego-boost to the attacking script-kiddy.
Minor server side documentation changes related to Repack.
Monday, June 21, 2010: Version 1.7.6 released. Changes:
Minor client side change related to the Repack.
Server side changes related to numpad key binding; fills in a server console spam hole.
Fixed an old Tribes RPG bug where packs containing a huge number of items would cause some of the items to be lost, or even crash the server when picked up.
Saturday, June 5, 2010: Version 1.7.5 released. (in Repack 4 only) Changes:
Minor client side change related to the Repack.
Monday, March 22, 2010: Version 1.7.4 released. Changes:
Changed the server info text. Default is one line, giving more room for additional info added by the host.
Misc minor changes to client code.
Friday, January 15, 2010: Version 1.7.3 released. Changes:
Tweaks to the hack fixed in 1.7.
Some possible crash fixes.
Thursday, December 24, 2009: Version 1.7.2 released. Changes:
Fixed console spam that can occur in rare cases, a bug left over from base TRPG. I still cannot fix a related crashing bug.
Commented out broken auto-kick code in connectivity.cs.
Other misc minor changes.
Saturday, December 05, 2009: Version 1.7.1 released. Changes:
Fixed some errors in admin.cs
Small change to the tab menu, no longer displays a player's "Tribe"
Monday, November 25, 2009: Version 1.7 released. Changes:
Fix for a possible new hack involving passwords.
Added new facility to ban IPs using $bannedip[num] variables.
Monday, September 05, 2006: Version 1.6.3 released. Changes:
Various bug fixes
Monday, July 24, 2006: Version 1.6.2 released. Changes:
Optimized the hack fix for a smaller file size.
Changed some info in the objectives screen.
Optimized some code for very slightly faster operation.
New rpgserv.cs variable added: $ferryObject.
Sunday, January 01, 2006: Version 1.6.1 released. Changes:
Here's your new years present:
Really just tiny bug fixes, one in the permabanlist and another in admin.cs (just commented out some voting options, they aren't for rpg mod.)
Saturday, December 31, 2005: Version 1.6 released. Changes:
Here's your belated Christmas present:
Fixed some bugs in the hack fix in comchat.cs
Made the hack fix in rpgstats.cs a little better, not entirely blocking out remotefetchdata any more.
Made the $phantomremoteevalfix be unique every time the server is started by adding a random number on the end of it. This way, leaving it as default does not mean you can get hacked.
Friday, December 02, 2005: Version 1.5.1 released. Changes:
Temp fix for new hack, this temp fix will disable most RPG HUDs though.
Tuesday, November 01, 2005: Version 1.5 released. Changes:
Fixed the hacking vulnerability on #spell, equal to #cast.
Sunday, September 04, 2005: Version 1.4.2 released. Changes:
And neither did it in that. (see last release date's note)
Also, I forgot to set the version number for a couple releases.
I have also given saveworld a little extra chance at finding dropped packs to save. If this causes too much of a lag problem, or it still doesn't find packs, you can change the value of $saveworldsearch to what you wish. Default is 25.
Thursday, September 01, 2005: Version 1.4.1.1 released. Changes:
The new ban did not work in the previous version.
Saturday, August 27, 2005: Version 1.4.1 released. Changes:
Permanant banlist update to stop one or more people who have been going around crashing servers from the outside.
Tuesday, August 23, 2005: Version 1.4 released. Changes:
Fixed many line break vulnerabilities.
Fixed #roll vulnerability by disabling #roll.
This is a major release because both vulnerabilities are severe, and are exploited to crash your server.
Tuesday, August 16, 2005: Version 1.3 released. Changes:
In the last version I forgot to increment the version number in the objectives screen.. Well, not this time.
More importantly, I fixed another hack, this one is MAJOR as well. This hack involved the #cast command. Take note for your own sake to not use a quote in a spell any more or it will get you banned. ;)
Tuesday, August 9, 2005: Version 1.2 released. Changes:
Fixed major bug in comchat where a quest script or other server side code could accidentally use #anon to say the value of "$phantomremoteevalfix", which is obviously not good.
Monday, August 8, 2005: Version 1.1.1 released. Changes:
Fixed objectives screen. There was an extra entry there left over from my status system which doesn't come with these releases of my RPG mod. Of course it didn't show because it was hidden by another mistake of mine which is also fixed. Neither of these were a big deal. Hence minor version.
Undated: Version 1.1 released. Changes:
Made more secure by letting people set the "remote eval fix" name.
Added a new race for admins to use with the #setrace command: MagicMooCow.
Undated: Version 1.0.1 released. Changes:
Status menu option that was accidentally imported from my own mod has been removed. There was nothing in that menu.
Added version number to objectives screen
|
|