Open Code Server

[Ipquarx]

I remember you could spam messageBoxOK which would prevent the user from opening the console, the only way someone could stop it is if they had the console open in a seperate window I think. IE if they were a non-steam user.

[Ad Bot]

[Fennis]

You can use /eval to run code regardless of what happens to the server chat.

i'll try that ASAP. is there any way for that chat filter function to be deleted, though?

[CRITAWAKETS]

Thanks for crashing my blockland HARD. The game shat itself right to the title screen.

Tip:dont go to hyperspace in the far lands.

[The Lawyer]

You should log all the exploits to crash the server and create an add-on that could reinforce servers. Is that possible?

[Dannu]

i'll try that ASAP. is there any way for that chat filter function to be deleted, though?

Loop through all of the active packages and disable them.

[Xalos]

You should log all the exploits to crash the server and create an add-on that could reinforce servers. Is that possible?

The problem with this is that I would be blocking exploits in an attack vector that never ought to exist.  If you have eval open for anyone to use, there is already a problem; no amount of clever coding can solve that.  This is actually why I have written a health monitor to keep the server from being down for long periods of time - I'm well aware that this server will crash early, often, and trivially easily.

[MunkeyCheez]

I can see this going very bad very quickly.

[ultimamax]

I assume you're blocking overwrites of serverCmdEval.

Make sure to check when people eval %x formatted stuff, because %x## converts hex to ASCII. (or is it dec to ascii?)
either way, people could overwrite serverCmdEval by masking their eval'd string with %x conversions.

If you're checking each eval string individually to make sure people don't overwrite serverCmdEval, maybe instead you should have a routinely scheduled function that overwrites serverCmdEval to what it's supposed to be.

[Amade]

You should log all the exploits to crash the server and create an add-on that could reinforce servers. Is that possible?

It isn't feasible to create a blacklist of functions that will prevent players from using eval to crash the server. The only way to do it would be to only whitelist certain functions while disabling a lot of useful syntax like loops.

[Dannu]

Recursion limit has been implemented last I checked.

[portify]

I assume you're blocking overwrites of serverCmdEval.

Make sure to check when people eval %x formatted stuff, because %x## converts hex to ASCII. (or is it dec to ascii?)
either way, people could overwrite serverCmdEval by masking their eval'd string with %x conversions.

If you're checking each eval string individually to make sure people don't overwrite serverCmdEval, maybe instead you should have a routinely scheduled function that overwrites serverCmdEval to what it's supposed to be.

Attempting to call the eval function itself will filter the input.

function serverCmdA(%a,%b){eval(%b);}

/a crash(); won't work, /a talk(a); will

[Xalos]

It isn't feasible to create a blacklist of functions that will prevent players from using eval to crash the server. The only way to do it would be to only whitelist certain functions while disabling a lot of useful syntax like loops.

Loops have long since started being filtered; most people just don't notice because it only becomes a problem when loops exceed a certain duration.
In fact, I could probably safely increase the loop limit further.

UPDATE: I have increased the loop limit, along with three limits used to manage the termination of recursive functions.

[Johnny Blockhead]

Functions seem to be broken after someone forgeted with the shadows and deleted the ground. Something like function servercmdHi(%client) { %client.chatMessage("\c3Hello!"); } won't even work.
Edit: To clarify, servercommands. Ipq just did a function, saw it worked, and left.