Teeworlds - general

Deleted User joined the server. 2019-05-08 15:48:00Z

So, basically what's up about Vanilla? Also I don't get why all of those dm/ctf servers are being overcrowded with bots. What's the interest? I'd like to know if some modes are gonna comeback in Europe like BALL or zEsc. Thanks! (edited)

Hey @Deleted User, I have only seen one bot ctf server. Is there any new one?

I think he's talking about the masters getting attacked in 0.6

Ah, dummies

I saw 3 this afternoon, couldn't play at all.

This exploit is fixed in 0.6.5 afaik

Dudes, why attacking those? What for?

15:55

wanting them to update?

15:55

I use DDNet client, seemingly not fixed.

That's irrelevant, there's an exploit, people will exploit

LOL: "Update or we attack." Doesn't look very efficient.

I doubt that's the reasoning either way

People are dumb.

15:58

So yeah, w/ DDNet it seems like those servers are still attacked. Same in iCtf, fng, zCatch. Waiting for update. I thought they'd fixed it 'cos it already happened few months ago and then they found the way to block them.

The 0.7 release happened because of this attack (and because it cannot be fixed in a 0.6 minor release)

Now it's coming back. And I can barely play. I'm kinda pissed of, ahah. (edited)

As long as servers don't upgrade they will be vulnerable (or there is something I do not know)

I guess. Thanks. Hope it won't take too long.

Most of the servers that people play on are fixed already I'm pretty sure. It's just the servers running vanilla game modes that are attacked

If it could be fixed with a 0.6 modification, we would have done that

Well. I was just freaking out this afternoon about finding a safe server.

What do you mean by safe?

Not being joined by bots every second.

This is fixed in 0.6.5

16:02

If you're having this issue, the server is not being maintained

Yeah that only happens on vanilla game modes

I know, right? I just don't really get why I can't find the other servers.

it's not vanilla related. Probably just that the vanilla servers that upgraded went straight to 0.7 so 0.6 only has unmaintained servers

Well yeah I mean most of the vanilla servers don't get updated

Well, there's a good chance that those that appear in the 0.6 server list don't, yeah

@Dune you thought about adding auto update to tw?

Okay. I'll check tonight. Does DDNet make any difference? Don't think so, just checking. (edited)

this isn't really in the FOSS spirit

16:05

@Deleted User the 0.6.5 patch that fixes dummies is small and probably in any updated 0.6 mod, so definitely in there too

Oh. Gotcha, thanks.

there are other vulnerabilities though

Those weaknesses are new, though? I mean, never seen something like that before 0.6.

This issue has happened quite a few times in 0.6 before

Right. So does anybody know the origins of those vulnerabilities?

reflection attacks: https://www.cvedetails.com/cve/CVE-2018-18541/

CVE-2018-18541 : In Teeworlds before 0.6.5, connection packets cou...

CVE-2018-18541 : In Teeworlds before 0.6.5, connection packets could be forged. There was no challenge-response involved in the connection build up. A remote attacker could send connection packets from a spoofed IP address and occupy all server slots, or even use them for a r...

Oh, damn! Thanks a lot @Dune.