Hey guys. Someone spawned a bunch of stuff on our Toronto server last night. Checking the logs, it turns out they did it via rcon. After some consideration of  how they may have got the rcon password to the server, I found an exploit. This exploit, if done correctly, reveals the rcon password to a client. I think we caught this one pretty early and I acted as swiftly as I could.

So if you’re a server owner make sure your server is up to date and change your rcon password as a precaution. It may be worth your time checking your logs for any suspicious rcon activity, and check your user lists to make sure no admins have been added.

If you’re a player and you can’t join your favourite server – then it is out of date. I know this is a shitty time to force a server update but this really couldn’t wait.

Changelist

Fixed rcon password exploit
Fixed item dupe exploit

Performance

We’ve started adding LODs to the building parts – which is having a hugely positive impact on performance. We’ve only done walls so far, but we’re working through the entire set. What this means is that we’re using a different rendering mesh for models that are far away, which is lower resolution – which obviously doesn’t take so much power to render. Because obviously it’s a waste of time rendering a highish poly model for something that will only be about 6 pixels tall on the screen.

We’ve also done a lot of work on serverside performance. The AI now thinks at a fixed rate. Previously it tried to think every frame.
Continue reading