Tutorials: New destructive HLDS exploits - hlds_fuck and hlds_vcrash

I) hlds_vcrash

Description: Other names of this exploit is hlds_vcrash2, hlds_vcrash_fuck, hlds_vshell and numerous variations for use in cron. This exploit causes the error "FATAL ERROR (shutting down): Host_Error: SV_ParseVoiceData: invalid incoming packet".

Vulnerable/Protected: It affects to all server protocols 47/48. Very old 46 protocol builds can withstand the attack due to an exploits authorization error on the server.
The first information about the vulnerability appeared in 2002 (proove). Hlds_vcrash exploits the error in processing SV_ParseVoiceData (voice data's from the clients).
And this is what we get in a server console: (you can see attacker IP in there )

Treatment?! Now the most interesting - how to fight?
1. The first and easiest option - install Anti CS-DoS by Shockler. Starting from version 3.5 it comes with a fix for the "Host_Error: SV_ParseVoiceData". However, easiest - not always the right one. Tools itself periodically crashes with "OUT OF MEMORY", and the author self says "Use at your own risk".
For Linux you can install HLShield 2.10.
2. Use patch VUP 2.7 (ViTYAN's GameServers Universal Patch) or newer from vityan666 (supports both Windows and Linux).
3. Another option is patching server binaries with hex-editor, for example, HxD.
4. For sick bonkers. You can install Orpheu Module 2.2 + special plugin + script which can protect the server. How much memory will consume this module itself, wouldn't this add new problems - nobody knows. But conditionally this is the only legal way of protection from this exploit (perfect for sick STEAM lovers ).
P.S: On the Internet lined out a lot of ready patched libraries for different version servers builds. Remember that you must download proper patched .dll (.so) which is compatible with your server! Also, some info about patched .so from Shocker (Anti CSDoS Developer)