Corewarp 10 Posted November 15, 2012 (edited) Alright so, there's a wasteland server. And hackers flock to it for some reason. This guy called Ù€Mr.FoXå has managed to SOMEHOW hide his presence in the ingame player list and also magically not make the server console print out his ID even though it prints out his name. Here's a little snippet of the console log: 9:44:36 PFC Egger uses modified data file 9:44:36 Player PFC Egger connecting. 9:44:39 Player PFC Egger connected (id=XXXXXXX). 9:50:15 firewolf uses modified data file 9:50:15 Player firewolf connecting. 9:50:15 Player firewolf connected (id=XXXXXXX). 9:52:12 sindromatic uses modified data file 9:52:12 Player sindromatic connecting. 9:52:14 Player sindromatic connected (id=XXXXXXX). 9:53:35 Ù€Mr.FoXå uses modified data file 9:53:36 Player Ù€Mr.FoXå connecting. 9:53:43 Player Ù€Mr.FoXå disconnected. 9:54:15 Ù€Mr.FoXå uses modified data file 9:54:15 Player Ù€Mr.FoXå connecting. 9:56:30 Player [MIB]GhostFox disconnected. 9:56:37 Player Ù€Mr.FoXå disconnected. Someone his ID is not popping up even though he clearly gets on the server and proceeds to crash it. (He didn't do it this time 'round for some weird reason). It's driving me absolutely insane that he can do this. And he keeps doing it. He just pops on for a second, makes the server dead and then we lose potentially 40 players. And it gives the server an overall bad reputation. Can anyone help? ALSO: Why in gods name can't we ban someones IP? I can't even ban their name or PID. I have to do this: #userlist #exec ban <Player number> Seriously.. wtf is wrong with this crap. Edited November 15, 2012 by [FRL]Myke UID's masked Share this post Link to post Share on other sites
sickboy 13 Posted November 15, 2012 If you would like to ban by IP, go into your Windows firewall and make it so. Share this post Link to post Share on other sites
Corewarp 10 Posted November 15, 2012 How do I find their IP anyway? It doesn't display it in the console window on the server. Share this post Link to post Share on other sites
derdoe 10 Posted November 15, 2012 Can you please mask the UIDs of the other players? Noone needs to know their UIDs in this context. Thanks! Share this post Link to post Share on other sites
Corewarp 10 Posted November 15, 2012 That's the same herpyness that forums has with only moderators being able to see people's IPs. The fact that people can see your IP(LIKE EVERY WEBSITE YOU VISIT EVER!) doesn't mean anything. And UIDs visible to any and all server admin(And they're logged too). So, bottomline. I'm not going to mask the other player's UIDs because what will you do with them? Nothing. EDIT: OH WAIT, SOME "NICE" MODERATOR DID IT FOR ME. Keep spreading the ignorance guys. Share this post Link to post Share on other sites
maddogx 13 Posted November 15, 2012 Masking other people's info should be done as a matter of courtesy, no matter how trivial it may seem to you. Not to mention that being a dick about it probably took you 2-3 times longer than if you had simply edited the three IDs in your post. Great job, tough guy. :rolleyes: Anyway, people (ostensibly) being able to mask their IDs is obviously a new and serious issue that needs to be dealt with ASAP. Since I can't access dev-heaven right now, I'll PM Dwarden about it. Share this post Link to post Share on other sites
derdoe 10 Posted November 15, 2012 (edited) That's the same herpyness that forums has with only moderators being able to see people's IPs. The fact that people can see your IP(LIKE EVERY WEBSITE YOU VISIT EVER!) doesn't mean anything. And UIDs visible to any and all server admin(And they're logged too). So, bottomline. I'm not going to mask the other player's UIDs because what will you do with them? Nothing. EDIT: OH WAIT, SOME "NICE" MODERATOR DID IT FOR ME. Keep spreading the ignorance guys. Considering the recent events of CD-Key theft it is absolutely necessary to mask the UIDs. And yes i know, the UID cannot be compared to the CD key itsself but you never know how those individuals behind those CD key thefts got them and what else they can do with that UIDs. Thats why i asked you nicely and kindly to mask them. I didnt mean to offend you but you are exposing other players to a certain risk that is totally unnecessary. And i dont think the UIDs that were plain text have anything to do with your report. So please, you asked for help and the community asks something back from you. Even if it is simply to mask some numbers. Thats not much that you are being asked to do. Actually it should be a forums rule that you may not post UIDs in public. And btw: §18) No public discussion on how the forum is moderated If you have questions/complaints/comments about the forum or moderators please PM them to a moderator, we will do our utmost to reply to any that we receive. If you have an issue that you feel cannot be solved by another moderator then please PM the head moderator (Placebo), he will be happy to look into the matter. You may also ask your questions in the "Ask a mod" thread; however that thread is not to be used to attack/rant against specific moderators or about specific rules but more for questions/answers. Edited November 15, 2012 by derdoe Share this post Link to post Share on other sites
[frl]myke 15 Posted November 15, 2012 Actually it should be a forums rule that you may not post UIDs in public. Nope, it doesn't. It should be common sense that personal Info shouldn't be spreaded without the knowledge and permission of the affected people. EDIT: OH WAIT, SOME "NICE" MODERATOR DID IT FOR ME. Keep spreading the ignorance guys. Actually i really thought i would do you a favor with editing your post and masking those UID's. It was my intention to be helpful but if this is not wanted, i can be the bad guy as many do think about me. +1 Infraction for public discussion about how this forum is moderated. Share this post Link to post Share on other sites
giorgygr 61 Posted November 15, 2012 Anyway..i encountered myself recently 2 players on a i44 server with No names visible in server console and god-mode-on. I also remember pretty well the server WAS using Battleye in that moment. So.. What can be done for such cases? Verify signatures can help? How can we protect against those? Share this post Link to post Share on other sites
t0t3m 1 Posted November 15, 2012 Sorry guys, a stupid question, are all that squad.xmls on google at risk ? Share this post Link to post Share on other sites
Dwarden 1125 Posted November 16, 2012 (edited) are you using latest beta 99113 on server? note to derdoe : you can't get CDkey from UID so stop creating 'panic' Edited November 16, 2012 by Dwarden Share this post Link to post Share on other sites
Corewarp 10 Posted November 16, 2012 Haven't updated fully. We'll try that. Also note, we're NOT using Battleeye. Centralized and Global banning is not a concept we appreciate. Had bad experience with false positives back in the day of Punkbuster and have never used stuff like it since. And neither should any of you for that matter. Just give the server admin the right tools to moderate their own server independantly. All you need. Share this post Link to post Share on other sites
Overlord 0 Posted November 16, 2012 Alright so, there's a wasteland server. And hackers flock to it for some reason.... It's driving me absolutely insane that he can do this. And he keeps doing it. He just pops on for a second, makes the server dead and then we lose potentially 40 players. And it gives the server an overall bad reputation. Can anyone help? ALSO: Why in gods name can't we ban someones IP? I can't even ban their name or PID. I have to do this: #userlist #exec ban <Player number> Seriously.. wtf is wrong with this crap. Also note, we're NOT using Battleeye. Centralized and Global banning is not a concept we appreciate. ... And neither should any of you for that matter. Just give the server admin the right tools to moderate their own server independantly. All you need. Reading your posts, it strikes me; YOU need to start admining your server properly, use tools available. Don't expect anyone to solve your problems when you totally neglect powerful tools you're given for free. Do you feel less of a man if a player is banned by BE before you get a chance to ban him yourself? And do you fully understand the meaning of IP ban? It's only a temporary solution anyway. I bet you'll get much more help if you try to cooperate with people trying to help you, instead of arguing on every comment you get. Share this post Link to post Share on other sites
TSAndrey 1 Posted November 17, 2012 Haven't updated fully. We'll try that.Also note, we're NOT using Battleeye. Centralized and Global banning is not a concept we appreciate. Had bad experience with false positives back in the day of Punkbuster and have never used stuff like it since. And neither should any of you for that matter. Just give the server admin the right tools to moderate their own server independantly. All you need. WTF? No wonder you get hacking, when you disable BE FFS BE (anti-cheat) is the number 1# tool against cheaters the second one should be the admin. False-positives?! You do understand that if they happen (rare) they get removed? And what's wrong with Global banning? Share this post Link to post Share on other sites
[aps]gnat 28 Posted November 18, 2012 we're NOT using Battleeye. Centralized and Global banning is not a concept we appreciate. !! wow ... expect to become a target for all those reprobates who enjoy wrecking anything where the defences have been slightly lowered. And all those who ARE using hacked ID's Share this post Link to post Share on other sites
Dwarden 1125 Posted November 18, 2012 (edited) Haven't updated fully. We'll try that.Also note, we're NOT using Battleeye. Centralized and Global banning is not a concept we appreciate. Had bad experience with false positives back in the day of Punkbuster and have never used stuff like it since. And neither should any of you for that matter. Just give the server admin the right tools to moderate their own server independantly. All you need. banning based on secure GUID is the only way how secure Your servers enough , global bans are very useful too and the amount of false positives is extremely low (<0.1% of total bans) and fastly fixed for quite some time the UID is completely useless as it can be generated anytime by anyone little skilled with coding... before You go on comparsion between PunkBuster and BattlEye i suggest You think out why we chosen BE over PB :) BE RCON is also swiss knife of any good admin ... technically w/o BE your servers are bound to be infested with cheaters (if public) Edited November 18, 2012 by Dwarden Share this post Link to post Share on other sites
Tankbuster 1747 Posted November 18, 2012 technically w/o BE your servers are bound to be infested with cheaters (if public) Yep. Not having BE on is shown in the server browser. It's going to attract cheaters and hackers. Share this post Link to post Share on other sites
giorgygr 61 Posted November 18, 2012 As i already stated some posts before ..i encountered myself recently 2 players on a i44 server with No names visible in server console and god-mode-on. I also remember pretty well the server WAS using Battleye in that moment. So.. What can be done for such cases? Verify signatures can help? How can we protect against those? So i think BE on or off is irrelevant Share this post Link to post Share on other sites
TSAndrey 1 Posted November 18, 2012 As i already stated some posts before So i think BE on or off is irrelevant In this case? Maybe In general? No! BE is extremely important Share this post Link to post Share on other sites
giorgygr 61 Posted November 18, 2012 Of course BE is important-and we always using it when hosting pubs. On the other hand-having evidence on cases that BE is inefficient..this is scary because BE not only will not stop the bad guy..but also it will 'burden' the servers performance/sync.. Share this post Link to post Share on other sites
TSAndrey 1 Posted November 18, 2012 Of course BE is important-and we always using it when hosting pubs. On the other hand-having evidence on cases that BE is inefficient..this is scary because BE not only will not stop the bad guy..but also it will 'burden' the servers performance/sync.. How do you mean? BE stops most hacks and barely does any impact on the server perfomance. Share this post Link to post Share on other sites
scajolly 14 Posted November 18, 2012 So how is the hacker hiding his name and PID? Anyone with an answer to that yet? Share this post Link to post Share on other sites
giorgygr 61 Posted November 19, 2012 How do you mean? BE stops most hacks and barely does any impact on the server perfomance. Yes..it might be stopping most known hacks and i will not stop using it when hosting public games with people outside of our team but right now the important matter is how the 'new threat' can be dealt..and not if BE (in general) does it's job. As i stated..i have never stopped using it. :) Share this post Link to post Share on other sites
TSAndrey 1 Posted November 19, 2012 Yes..it might be stopping most known hacks and i will not stop using it when hosting public games with people outside of our team butright now the important matter is how the 'new threat' can be dealt..and not if BE (in general) does it's job. As i stated..i have never stopped using it. :) BE detects public hacks in a hearthbeat and private hacks a bit later, but still detects them Share this post Link to post Share on other sites
giorgygr 61 Posted November 19, 2012 Ok ..let's hope a solution will be found really soon (regarding the specific hack) because i cannot really know how to kick or ban a 'non-existing' client Share this post Link to post Share on other sites
