Point Server Command Question.

r3dw3r3w0lf

L1: Registered
Nov 19, 2009
32
1
I am currently designing a customized map for my minigames server and it's gonna be called the Map Center. I'm taking an idea i saw off this one server and adding in my own ideas and style of the map for my server to give it a good feel to it.

This idea is that you could make a map that's what the server changes after every map change and that map allows users to choose which map they wanna go too next without dealing with the voting system. The idea i saw from a server with the name axle in it but i'm not too sure about it but that's not the point.

My question is that if i use a point_servercommand entity, will that make my server more open to hackers/exploiters or ALLOW a hacker/exploiter to take control of my server. If yes then is there a way i can use something different to do a map change that's more safe or how would i go about this.

Reason i ask is because i'd rather NOT get my server hacked as well as my databases(If the hacker knew how to do that) and just completely take my server over.

Thank you for your time.

Have a good day.
 

A Boojum Snark

Toraipoddodezain Mazahabado
aa
Nov 2, 2007
4,775
7,669
I'm not well versed in the hack side of things, but as far as the entity goes it is safe. Only the map can do anything with it, and if it's your map then you know what it is doing.

Anything malicious that could be done with it would require a client to gain access to the server console in the first place (the same access that would allow them to create the entity on any map).
 

KingOfSandvich

L1: Registered
Jan 18, 2011
26
12
I think the exploit was caused by people using ent_fire to tell the point_servercommand to change the rcon password. Then they use that rcon password to issue any command to the server that they want.

I remember TF2 was patched at some point saying it prevented a point_servercommand related exploit. Hopefully that either means that ent_fire won't work on point_servercommand, or that a point_servercommand can't change the rcon password.

Anyway, as long as cheats are turned off, clients shouldn't be able to use ent_fire, so they can't control the point_severcommand directly. As long as your server doesn't do anything that requires cheats to be on, then I'm pretty sure point_servercommand is safe to use.