Jump to content

Leaderboard

Popular Content

Showing content with the highest reputation on 07/05/20 in all areas

  1. GF v20.3.3 patch (Metin2 Download) Contents: Some re-exported, new mob models. Simple GUI for WorldBoss event, Flower event. Removed FindM event perhaps by mistake. New skill icon for wolfman(?) Probably soon the new skills are coming too. root+dump, locales+protos
    2 points
  2. M2 Download Center Download Here ( Internal ) Hi, folks! With this guide you will be able to combine textlines with images, like rubinum does. Usage is simple: emojiTextLine.SetText("|Eemoji/key_ctrl|e + |Eemoji/key_x|e + |Eemoji/key_rclick|e - Direct sell") The files are located in the icon pack, so basically the code will load from icon/{GIVEN_PATH}.tga - in the sample the path for the X is: icon/emoji/key_x.tga Here are the images from rubinum client:  Howto: Have fun Sorry for arab players , for sure they have also developers, so let's go guys, finish it ? If you have problem, maybe I made a mistake in the guide of missed out something, just leave a comment below. PS.: Sometimes the code tag of the board puts an extra invisible character mostly the end of the lines, if your IDE cries for syntax error, but it seems correct, check that part of the file with notepad++, it will show a ?(question mark) where the problem is.
    1 point
  3. Hi guys, A guy reported to me a weird bug about shamans w/m which are skipping collision when they are too fast to attack. On default source files it is still an unresolved bug which appear when the shaman's attack speed is more than 145/150. here a video which show how it is not getting the damage text for each hit on the stone. here the FIX. ATTENTION: Since the problem is the InvisibleTime on Attack.msa which it is too high, we could think to reduce it without need to edit nothing in our source (and it may be more efficient), but honestly i preferred to make a function which calculating the "adjustment" of the invisible time using the speed attack to don't risk to get the reversed problem (2 damage on 1 hit when the attack speed is low) feel free to use one of the two options.
    1 point
  4. M2 Download Center Download Here ( Internal ) Download Here ( GitHub ) Hello community, this is my first tool shared on the forum, hope it helps a lot as it helped me. I know @Mali61 has already shared the tool on the forum but mine is open source so you can change what ever you want. The code is not the best but it does what it's supposed to, good uses. Credits: @WLsj24 for setting up the base locale_string.txt for translations.
    1 point
  5. M2 Download Center Download Here ( Internal ) Download VT
    1 point
  6. Hi guys, Since I keep seeing more and more people who want to get help to create their own server, very often with the idea of opening it to the public, I thought that it's time that someone explained to the beginners what this means in it's full depth. Some parts of this text may sound harsh but believe me I wish I had been told some of this stuff when I started. First of all, do not let the existence of "instant files" mislead you. A metin2 server is not something you install with an intutitive wizard and then edit to your liking with a point and click interface. YMIR never intended this software to be used by anybody else but people who have degrees in programming and design. This is though shit. There is a series of technologies involved which can take years to master separately. FreeBSD. Python. LUA. C++. DirectX. Mastering just one of these disciplines can get you a high paid job in Silicon Valley. If you don't have a bit of curiosity for learning and analytical thinking, just forget it. You will do yourself and everyone else a favor if you don't try to take on tasks that are beyond your abilities. Forget about the one man army. It's impossible to create anything worth playing just by yourself. Team up with people who complement your knowledge. Don't be greedy and offer to share your earnings with the people who help you. Respect those who worked to provide you with this game, YMIR. Respect those who worked to privide you the tools you use and give credit when due. Don't try to pass someone else's work as yours; this is the lamest thing on earth. Respect the players. Don't expect them to spend their time, money and effort on your game when you didn't do that yourself. If you have the time, play your own server (without using edited stuff and such of course) so you can get in the skin of your players. Don't be tempted to gift stuff and kick any GM that does so. Be in control of your server and get a good admin panel so you can see everything that's going on. Get DDoS protected hosting. Use SSH keys. Use Cloudflare for the website. Set up pf on the game server. Always look at the logs and read them instead of assuming it's gibberish. How often I have seen people puzzled at logs when the answer is written there in plain english. Make sure your dbcache port is not open to outside, and be careful who you give access to your server's shell. Make backups of your database at least daily. When you get stuck at a problem, use damn Google! Metin2 pservers and FreeBSD have existed for many years and copying and pasting an error message in the search bar will more often than not bring up posts from people who had the same issue before. Create something unique that will attract players to your server. Don't expect to upload some pub files, announce your server and get rich. It doesn't work like this, not for the last 3 years. There is a lot of competition and teams who started working years ago already are far ahead of whatever the [insert random pub files] have to offer. Use the newest files possible, even if you don't need the new features. Keep your FreeBSD up to date as well. Using old software is a security risk, and you could write a book with all the security flaws of game 2089. Promotion is everything. Hype your server. Make sure that the opening is announced well in advance and have the players excited to play it. The opening day will make or break your server. Get a Youtuber to review your game, preferably one who works for money if you can afford it (and if you don't have at least some money, opening a server might not be the best idea). If you have enough, open a Facebook account and take good care of it and promote your server through Facebook Ads (do not confuse with the fake likes that some people sell in places like epvp). Use remarketing with AdRoll (its quite cheap) to chase your visitors who did not sign up with banner ads. Watch your account table in Navicat so you see who is signing up. And if all of this sounds like too much work then just don't do it. There are plenty of people happily contributing as GM, designers, developers or server administrators in projects lead by other people, and that doesn't make them less important.
    0 points
  7. Version of Files : 40k Hi, I noticed that some server are now using hacktrap as anti-hack protection and it is working quite well. Do you know how to re-enable hacktrap on 40k file server? Thanks!
    0 points
  8. Sure, it's pretty easy! Please click the image in my signature which takes you to the right tutorial!
    0 points
  9. M2 Download Center Download Here ( Internal ) Download Here ( GitHub ) I know this is very old idea but it's better than quest flag methods etc.
    0 points
  10. FreeBSD 9.7 coming from future? I cannot see it on FreeBSD database.
    0 points
  11. Hello dear minions (oh how I love that one!), for my first guide I'll try to talk a little bit about securing your server. Many people know it: 3 weeks after your server started some wannabe-badass wants to break in. And maybe he'll be successful. It depends on you and just on you. Within the following text (yeah brace yourselves, this is gonna be a wall of text) I'll show you why it is so important that YOU get up your lazy ass and fix some issues. I wrote this guide when many servers got attacked, that's why I was a bit ironic in every part of the guide. If you can deal with it, you're free to read the whole guide and maybe learn something new. It's mainly for beginners, but some experienced users may get something out of it. The guide was published with minor changes long time ago in another board that's now "dead". Anyways, let's get started! Securing isn't just "lul I copied and pasted it, now my server is perfect!!!111oneoneeleventwelve". It's much more! Get that. There are many variables, software versions and things you just NEED to care about. Make yourself comfortable with your system or you'll go down. If you're prepared to spend some time reading this guide written by such an ironic idiot like me you're on the right track! *thumbs up!* First of all we need to concern about the most important things in security. The following things can give you a bad time and maybe some headaches: -> You used a public homepage script without checking for security breaches. In this case: Shame on you. -> You set up a unsecure password for your authentications. In this case: Shame on you again. -> You gave passwords or authentications to people who aren't trustful. In this case you know what I'm going to write here: Sh... False, in this case you're just an idiot. -> The software got a security issue with which people can break in -> You don't protect against bruteforcing your passwords etc... Most of the cases are the 4th, the 3rd and the first one. Very rarely other things come to handy for hackers. But we won't miss them, won't we? Good. You're going to get a cookie at the end of the guide. Let's just start with the most important things and how you can solve them: -> Your homepage script got security issues? <- Don't dare to answer the question. Maybe you aren't aware of it but some issues aren't visible that easy. First of all you need to get used to php at least a little bit. EVERY and yes, EVERY time a user can fill in a formular or has the chance to put something in which will be used for a query, there could be possibly a securits issue. Why? Because this method is called "SQL Injection". When you fill in a formular, you can (if it's not secured) manipulate the query by adding some things. For example you can let the query execute a command to create a new user with full admin rights. Nah, isn't that fun? No, it isn't and you shouldn't do it to others. How to fix this: Everytime a user can access a formular and his input is used to query a command for mysql you need to force him to use only valid answers. But how? It's just easy. PHP offers a function mysql_real_escape_string() You can just use this to clean the input from a user so it won't harm your mysql server. Make sure you clean EVERYONE of these inputs. The next thing are file inclusions. For this, please forgive me but I'm using wikipedia as my source. It's just a good example: <?php if (isset( $_GET['COLOR'] ) ){ include( $_GET['COLOR'] . '.php' ); } ?> Look at this. What does this code do? If (maybe by using a formular button) 'COLOR' is set in the URL, you can simply include files for your script. BUT! Be aware of the risks from this code. Everytime you include something a user can manipulate (maybe through inputs or the url), you're going to have maybe a bad time. In this method the value of 'COLOR' is written in the url. GET's can be seen in the URL (At the end of your URL there should be a ? and then the following names with their values). Let me give you an example. If you open this script like this: index.php?COLOR='blue' Everything goes like you want it. This is a valid color. But if you're a bad user and don't drink your milk, you're going to exploit it: index.php?COLOR='[Hidden Content]' What happens? The server tries to include a script made by another one! If he includes his own script he can cause VERY high damage. Not only minor, but MAJOR damage. Yes. He can use ../../../ to spy your folders too. There are many things a hacker can do with this. What do we learn about this? Never let the user manipulate or influence inclusions like he wants to. YOU are the admin, not he. Let's conclude the things and lock down the topic 'homepage script' for now. These are the most important things you need to do: -> check your script -> No really, check it. -> Now. When you check your script, remember looking for these things: -> Always use mysql_escape_string() to deny user from executing their own queries at your homepage -> Never let the user type in things to include (and really.. Don't use the url to get values for including files..). Except you can make sure that you're filtering the input in such a way that users simply can not manipulate it. If you checked the homepage script and you're happy with it, you can proceed. If not, then what are you waiting for? -> Your software is out to date and got security issues <- If you want to make sure your server doesn't get exploited and you can stand attacks, you need to update and configure it. Yes, it's true. Deal with it. You can't just update every software like you want. It's not like clapping in your hands and then having everything done. You need to know WHAT software you're running. Some programs are just insecure or instable and cause your system to fail. And of course: What OS version do you use? If you answer me '7.1' now you'd feel a hard kick in your... I guess you figured it out... Tricked, I was about writing 'ice cream'. But never ever use outdated software! NEVER. Write it down 15 times and you'll know it. I can't tell how often I saw people using 7.1.. If you don't know what version you're running just type in "uname -a". This will display the version. The first number tells us the branch you're using. For example '7.1' is a part of the 7th branch. If you want to upgrade your system, you'd use the built-in commands. You can try to use the latest versions, but you don't really need to get the 9-branch that fast. You can stay at the 8th branch for a while (but please, don't use the 7th branch). Use the following command to fetch the updates: freebsd-update upgrade -r 8.3-RELEASE This will fetch the updates to upgrade your system to 8.3. You can jump from the 7th branch to the 8th. If you're running 9.2 or better 10.0 everything seems fine. Yes, you read the wright word: SEEMS. Make sure you're running the LATEST patch-version of your system. This means you need to check for updates sometimes with the following command: freebsd-update fetch This will just fetch the updates for your version. You'll stay on the branch and the lower version of your branch, but you'll get the latest updates for your system. To install fetched upgrades you just need to type in: freebsd-update install This will give you a HUGE advantage if you're moving from 7.1 to 8.3 for example. The old verions are just obsolete. Don't use them. You can visit the freebsd homepage to get information about the latest versions. The next thing is the software. You can list your software with this command: pkg_info or with the new pkg management tool: pkg info This will list every package you installed and it's version. For software like php or mysql you'd use google to get a little bit more about the latest version. Sometimes things aren't that good with the newest version. Maybe some new bugs occur or php killed some old functions and destroyed your homepage with it's latest update. If you're going to update your software, you can use a pretty good package for it. It's called portupgrade. Before you're going to install it you need to learn how the ports-tree work. It's quite simple: Every programm FreeBSD accepts to the ports-tree will be added to the ports-list. It's installation files can easily be fetched and you can just install it from there. To fetch a whole new ports-tree (like when you set up your system and now want to install ports for the first time) you can use this command: portsnap fetch extract This will fetch the latest portsnap (like a bundle of every package) and extract it to /usr/ports If you already have the ports-tree, you can simply update it with this command: portsnap fetch update Make use of it!!! But updating the ports-tree isn't enough to keep your software at the newest version. If you update your ports-tree you've updated the installation files, but not the softwares itselves. You can simply update the software AFTER YOU UPDATED THE PORTS-TREE with the program mentioned above: portupgrade! You can install portupgrade with this: cd /usr/ports/ports-mgmt/portupgrade && make install clean After the installation you can just type in 'rehash'. Now make sure you really updated the ports-tree with portsnap fetch update. Type in the following command to run portupgrade then: portupgrade -ai It'll check every version and asks you wheter to install the newer version or not. You can simply decide yourserlf! Make sure you update your ports-tree sometimes and your software too! Also the choose of your serverfiles is important! You'd better use serverfiles that are trustful and not modified with backdoors etc.. Better use untouched serverfiles and do the stuff yourself instead of using instant tea that's poisoning you. You get the drift, right? Especially the gamefile is important. You'd either compile one yourself or use a gamecore that's proven to be stable und secure. I'd now advertise my gamefile and tell you hooow good it is but I won't, it's up to you to make your decisions. Just make sure you're using something that won't kill your server at last. -> You misconfigured your software. It can't stand attacks <- To secure your server even more, you need to configure it properly. Most programs offer you to configure it with a configuration file. PHP allows you to set up a php.ini-file (I won't get into this), mysql offers you the my.cnf (too) and ssh gives you the opportunity to set up sshd_conf So first of all we need to configure the basics! What is the most important thing on your server? Right! The SSH-authentication. If someone breaks in there you can say good bye to your server, maybe once and for all (if you haven't got backups and time to reinstall everything). So we need to set up ssh. In freeBSD there is the following file: /etc/ssh/sshd_config You can simply edit it. Look over it and maybe google what the settings mean at all. It's very important. The most important thing is the "protocol" setting. It's set to the old version by default. Make sure this line is in your sshd_config: Protocol 2 If you're using Protocol 1, people can break down your machine within a snip of your fingers. After you edited your sshd_conf you can restart sshd by using this command: /etc/rc.d/sshd restart TRY to connect to your server via a new putty instance after you restarted ssh! If it won't work you'd better NEVER reboot your machine or close putty until you fixed this!!! The next thing is the firewall. ALWAYS make sure you got one. I recommend pf, but for this I'll write more another day. Not this time. Maybe you can use a sample script but CONFIGURE IT! You need to block every p2p port from outer access so people can't use the API to kill your metin2 server. I'll tell more about this another time and maybe add it if this topic goes well. And at last you'd consider your user restrictions. If someone is able to break in, he shouldn't be allowed to cause much damage. In the best case you'd set up another user and restrict 'root' from logging into your server. Of course you can do this for mysql too! And yes, DO IT! Connect to mysql via navicat. After that click on the Button "User" in the upper menu. You can edit, create and delete users you don't like to have. Or you can change their passwords. And of course, you can restrict them in many different ways. For example you can create a homepage user which is only allowed to insert/modify the tables it needs in the right way. Why do they need to be able to delete tables? Just give them only the rights they need. Even if someone can break in with this user, it wouldn't be that hard for you since he can't destroy your whole server. Finally there are some important things you should always have. Never let anyone work on your server unless you have to full control about it. This means, you shouldn't give access to your server (ssh AND mysql) to anyone except yourself and people you can REALLY REALLY REALLY REALLY REALLY REALLY REALLY (and take care of a big REALLY) trust and they also contribute to the project. If someone goes mad he can simply hack your server or just release the authentication data. Why do you think there are so many serverfiles released without the owners permission? And at least: always be paranoid. Never think "ohoho this won't affect me". You should consider EVERY option and let your attackers NO chance to break in. Get used to your machine, your system and your software and everything will be fine. Don't be lazy. Just be paranoid. Best Regards, Vanilla
    0 points
×
×
  • Create New...

Important Information

Terms of Use / Privacy Policy / Guidelines / We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.