Private Server Advertisement Rules Update

Heya,

In the "Private SilkroadOnline Advertisement" section we've recently had an issue with a private server owner directly or indirectly binding a virus into the executables. I've failed to realize that it'd be useful for all the gaming section and "Spidy" asked me to re-post this here since its the proper place.

The suggestion is as following:

So since the very recent event of a client being horribly infected, I tried to come up with a GOOD solution to solve this problem in future.

Create an advertisement rule, that all DLL files and all EXE files have to be in a SEPERATE download. So people can download those first and check them.

This way it will automatically solve itself, since somebody will always post if there's a virus in the client files.

This might become a pain in the ass, but just start the rule this week and say it will be enforced on all "new" threads after 3 weeks. This should give server owners more than enough time to re-upload their clients.

Of course, this doesn't completely prevent it, but it makes it a lot harder.

Thanks,
RB

I don't really see the point, thread is closed and links are removed IN CASE there's a report about the client being infected, even if they could be detected faster or not, the reviewing is not applied to this section. Instead of that, I think the rule should be rephrased to something like "adding a scan result of these files" along with the thread links. Y'know if we did that and the files were actually infected we're like spreading malwares with the members. Scan result seems more reasonable and leads to the same.

Quote:

Originally Posted by Exo I don't really see the point, thread is closed and links are removed IN CASE there's a report about the client being infected, even if they could be detected faster or not, the reviewing is not applied to this section. Instead of that, I think the rule should be rephrased to something like "adding a scan result of these files" along with the thread links. Y'know if we did that and the files were actually infected we're like spreading malwares with the members. Scan result seems more reasonable and leads to the same.

So what, they can show the virustotal result before binding their virus into the file...

This literally does nothing. At the sro section, the "Eirene" thread had 50 pages until I posted that the client is infected. Now around 500 people are infected.

Also your idea helps ONLY if we check the hash ourselves... but tbh, who checks the hashes? Nobody.

If you explicitly create a rule to upload them separately, it indirectly tells people to beware and check the file themselves.

At least 1 person out of those 500 would have checked it that way and posted about it. You know that nobody in 'our' section ever checks for viruses. They just believe the server owners. For example, my server had a dll with tons of false positives because it was packed.. I asked people to turn off their antivirus or make an exception. Do you think a single person ever questioned me? Nobody did, they all just disabled their antivirus cause I asked them to...

Now what would happen if I wanted to infect them, I could simply update the file and nobody would've wondered about it.

I know that it's impossible to protect the completely, but shouldn't we go far enough to do something this simple. The server owners (100 ppl) have to upload things separately. Thus 10k ppl are safer. Kinda worth it right? And those half-made up stats are only for the Silkroad section. They should be pretty close though.

BTW this is easy to check, elitepvpers has a "BackLink" rule.. meaning mods already check the website, since they are already on the website, they can go and check the download section as well.. dont have to DL it.. just do a general check. If somebody reports that its done wrong, mods can DL the first few bytes of the .rar file and check the content of it without needing to extract the whole thing. It's pretty easy dude.

I agree with this since it would be much safer for users to download/check within if the client is infected or not, usually the OP add a fake clean scan results of his files at his thread to encourage users to download his infected files for personal reasons or whatever.. however seems it would be hard to be implement.

GFXFileManager.dll 500kb
srclient.dll 20kb
stlport_vc645.dll 800kb
Silkroad.exe 800kb
sro_client.exe 10mb
replacer.exe 320kb
Remove.exe 223kb

Total size of ddl and exe files: 13mbs

Total size of whole client: 1.5-2.1gbs

In other words, easier and faster for people in charge to download the possible infected files and check whether they are infected or not (This line is Spidy's words actually, rephrased a bit tho)

Therefore, I'm with this suggestion a 100%.

I just think like a developer...
Develop something for the DAU (dumbest assumable user).
What if someone dont understand how to copy dlls / binaries into the client?

way to abuse:
Upload clean files for elitepvpers and create a silkroad patch with infected files.
on next start the launcher will automaticly download the patch and starts the new files.

my opinion:
you are still allowed to upload your client like befor but you have to create a list like this


The list should contain all dll / binary files inside the uploaded client and all updated / added dll / binary files after the patch is completed.

How to get checksums?

Linux:

Quote:

SHA-1: terminal > sha1sum {filename} MD5: terminal > md5sum {filename}

Windows:
[Only registered and activated users can see links. Click Here To Register...]

Problem:
Since the binaries get packed and unpacked in the patch process i dont know if the checksum changes, can someone test this for me please?

Quote:

Originally Posted by Syloxx What if someone dont understand how to copy dlls / binaries into the client?

How hard is it to extract 2 .rar files into one folder? I mean for fuck's sake, we're in 2015 so if people are still that stupid then I believe it is not our problem.

Quote:

Originally Posted by Bodo1995 How hard is it to extract 2 .rar files into one folder? I mean for fuck's sake, we're in 2015 so if people are still that stupid then I believe it is not our problem.

check some topics here:
[Only registered and activated users can see links. Click Here To Register...]

and u'll see that its still possible :D

Quote:

Originally Posted by Syloxx check some topics here: [Only registered and activated users can see links. Click Here To Register...] and u'll see that its still possible :D

Drop the sarcasm cause it really doesn't suit you.