[PSA] Font Exploit

[Latte]

This is to anyone actively playing on public Blockland servers, as one or more hosts (or a backdoor) has been spamming client commands to create thousands upon thousands of meaningless cached font files. I discovered this by chance after seeing my base/client/ui/cache folder is a quarter of a gigabyte in size. It could be happening without you noticing. And this is recent, just over 3 days old, so it's likely still happening.

Your first guess was probably the same as mine. "Doesn't that accumulate over time, like cache.db?"
These are all from December 2, between 1:49PM and 1:55PM.

(notice the scrollbar)

3,849 files with random numbered names, 217 MB in size.
217MB in only 6 minutes. That's around 2.2 gigs an hour if you stay on an affected server for that long.


Unfortunately I don't remember what I was playing this exact time on Saturday so I can't point fingers, but I really doubt it's just one person.

Right now, my suggestions are:

• Check your cache folder to see if it's already happened
• Keep an eye on the folder until this gets patched
• Post in this thread for any updates and tell your friends to make sure their hard drives aren't filled with this trash

If you notice it's happening, please type trace(1); in your console, close Blockland, and upload the end of your console.log.

[Ad Bot]

[cooolguy32]

holy forget

[Darth C3P0²]

Holy stuff
Is it possible for this to happen without someone doing it?

[Latte]

Thought about it some more. If a stuffty Add-On lets people somehow type <font:x:x>, they could be doing it that way too. So it could be a client or a server.

[PhantOS]

I'm sure this happens when you try to use a font not on the clients machine. It probably just inadvertently creates these files

[Gytyyhgfffff]

Thought about it some more. If a stuffty Add-On lets people somehow type <font:x:x>, they could be doing it that way too. So it could be a client or a server.

wow holy forget i didn't know torque handled fonts so badly

[Latte]

I'm sure this happens when you try to use a font not on the clients machine. It probably just inadvertently creates these files

Inadvertently creates a gigabyte in half an hour? That's still an exploit

[Electrk..]

all I hope is that this exploit doesn't make badspot remove the ability to add custom fonts or something
I really like my calibri :(

[Verification]

all I hope is that this exploit doesn't make badspot remove the ability to add custom fonts or something
I really like my calibri :(

hold up when did you get this alt

[AverageDude]

hold up when did you get this alt

[Electrk..]

hold up when did you get this alt

probably yesterday

[PhantOS]

Inadvertently creates a gigabyte in half an hour? That's still an exploit

well... yea. imagine if someone had a center print loop that used some silly font name and that created a temp file. if that's the source of the issue it would make sense because that stuff loops every 100ms

[Latte]

well... yea. imagine if someone had a center print loop that used some silly font name and that created a temp file. if that's the source of the issue it would make sense because that stuff loops every 100ms

Misread your first post I guess. That's probably exactly what it is. ex <font:159176:79> would create "159176_79.gft"

[Gytyyhgfffff]

well... yea. imagine if someone had a center print loop that used some silly font name and that created a temp file. if that's the source of the issue it would make sense because that stuff loops every 100ms

they're intentionally increment the font name by 1 every single time they display the bogus font to create as many .gft files as possible. this isn't just one misspelling of a font name or some stuff

[PhantOS]

That makes sense. It's weird that the values are increasing by around 40-50 and it changes each time. my guess is it's an engine issue or maybe the font name is being converted to wacky integers