How to patch your server to fight against hackers getting admin, teleporting, and killing players.
Disclaimer
This is an unofficial patch made by me. I have no affiliation, relationship or are employed by TheIndieStone in any way. I cannot be held responsible for any issues with servers that have issues following using this patch. This patch only serves to patch network code that is currently exploitable. This patch does not touch any other area of the code in the game. Use this patch at your own risk.
If you feel like this made a huge impact for your community, feel free to buy me a coffee!
https://ko-fi.com/jabdoesthings – [ko-fi.com]
https://www.paypal.com/paypalme/JabJabJab – [paypal.com]
Discord server: https://discord.gg/u3vWvcPX8f – [discord.gg]
Introduction
The issue
People are currently using exploits by hacking clients. This is an issue, and well known to have come since the developers warned that this isn’t a priority fix. Public servers are targeted by these exploits and have sustained significant damages to their community and players.
Known Exploits
Hackers can:
- Give themselves admin privileges.
- Kill other players instantly on the map. (Even if they’re God Mode)
- Teleport people anywhere on the map.
A Solution
I produced this patch to help servers mitigate these attacks while we wait for an official patch.
How it Works
When players attempt to use the listed exploits in hacked clients, they are kicked from the server, appearing in the server’s logs:
Example
Jab was kicked from the server. (Reason: Hack detected!, HackType: Teleport)
Installing & Uninstalling the Patch
NOTES
- This modifies your Steam installation, NOT THE “/Zomboid/” FOLDER IN YOUR USER FOLDER!
- Game directory:“..\Steam\steamapps\common\ProjectZomboid\zombie”
- Dedicated Server directory:“..\Steam\steamapps\common\Project Zomboid Dedicated Server\zombie”
- This patch only applies to the build version 41.65. If the game is quietly updated, you’ll need to reapply this patch. If the version updates and the exploits aren’t patched officially, another patch will need to be produced & provided to install.
Install Instructions:
- Make sure your server is offline.
- Back up your zombie folder.
- Go to the directory that contains the zombie folder.
- Paste the zombie folder provided in the patch, Overwriting existing files.
- Start your server.
Uninstall Instructions:
- Make sure your server is offline.
- Go to the directory that contains the zombie folder.
- If you backed up your zombie folder, delete it and clone your backup folder, renaming it to zombie. If you did not back up your zombie folder, delete it and verify your files through Steam. The zombie folder will be restored through verification to its original state.
- Start your server.
Links and Info
The patch v1.04_02 download:
https://drive.google.com/file/d/1mxNT7JwtEDbMwbbyQ19tMWesmSbc8CR-/view?usp=sharing – [google.com]
All versions:
https://drive.google.com/drive/folders/17ViG-rUOeGgoRt_q1rtHAVVMP2Q75tCO?usp=sharing – [google.com]
Changelog
1.04_02
PATCH BUGS
- Removed safehouse check for days survived. (Seems like safe-houses in Build 41 needs reworking)
1.04_01
PATCH BUGS
- Fixed security check for claiming safehouses.
1.04_00
PATCH BUGS
- Re-deployed the original code for executing queries for the SQLite database.
SECURITY
- Initial public release.
Reported Issues
A list of possible issues from the patch will be listed here. These are reports, possibly not tested by myself.
- 1/1/2022 – A possible issue where players get kicked for the Teleport hack if they remove someone from their safehouse. I suspect that players’ clients are using the same methods hackers use to teleport other players for this function. (Fixed in v1.02)
- 1/2/2022– I’ve had one report about a possible issue with players being teleported back outside their base when entering sometimes, however I cannot reproduce this and only have one source. (Possibly fixed in v1.03)
If you see a player say they got kicked for hacking, it is most likely a false positive. Let them know and gracefully carry on. Most hackers or malicious actors like these won’t invest time into these sorts of attacks so you’ll most likely be talking to an affected player. It’s still good to keep a watch over those players if this recurs.
Hope you enjoy the Guide about Project Zomboid – How to Patch Server to Prevent Hackers Guide, if you think we should add extra information or forget something, please let us know via comment below, and we will do our best to fix or update as soon as possible!
- All Project Zomboid Posts List
The post was updated!
Hi, id recommend getting rid of the specific download link for version 1.04 and leave the all link. People are using the older version instead of version 1.05 because of your article.
Hey, the patch link doesn’t work. Does this patch still work?
Hello, I would love to try this but we are not able to download the file. Error is “File is in owners bin”
This is amazing, I will surely try this in my server “New Hope”