SpaydCBR 11 Posted November 2, 2016 I was just wondering, is it any "safer" (from hackers) to run code on server rather than on clients? Like is it any less exploitable to create a vehicle on the server rather than on the client even though its effects are global and would work either way? Maybe that's a bad example but I think you get the idea of what I'm trying to ask. I have absolutely no idea how hackers manage to inject their own code into a game. Share this post Link to post Share on other sites
dr death jm 117 Posted November 2, 2016 i think steps are to compile code but don't recompile. and I've seen scripts with black listed or white listed vehicles/weapons and what not. I can't say server side is or not safer but make sure your server.cfg is correct, I'm not using anything other than BE and server.cfg and have over 300 bans within a few months. So something is working "if it's set up correctly". hope this helps, Share this post Link to post Share on other sites
Guest Posted November 2, 2016 They can't exec shit on the server if you use a properly configured cfgRemoteExec. Anyway, nowadays having only Battleye enabled takes cares of 99% scripts kiddies and all the bullshit since you need to write a complex cheat to bypass battleye (driver based) Share this post Link to post Share on other sites
MrCopyright 107 Posted November 2, 2016 It is definitely more secure to have the server execute code. It is far less likely to be injected into or interfered with when compared to client-side code. However, if the code is not optimised, the server's performance can decrease significantly. This ultimately leads to vast amounts of desync and slower response times. As harmdhast mentioned, correctly configuring CfgRemoteExec in addition to the BE filters will render cheating almost null. It is impossible to completely stop cheating, but you can make it extremely difficult. Share this post Link to post Share on other sites
SpaydCBR 11 Posted November 3, 2016 Thanks for the info guys. So basically I want to make sure any commands a client sends to the server is properly configured in CfgRemoteExec? What about something like MP event handlers, are they safe to use, as opposed to managing regular event handlers? Like "Killed" vs "MPKilled" to run code upon someone's death. Or is BE really just good enough that I don't have to worry too much about this? Share this post Link to post Share on other sites
MrCopyright 107 Posted November 3, 2016 A cheater could set a global event handler with their own code inside it. To avoid this, you can simply block the use of the command with BE filters. Share this post Link to post Share on other sites
fn_Quiksilver 1636 Posted November 4, 2016 BE filters apply to compiled/executed client code. By handling most things on server machine, you can more easily filter out noise in your BE filters. For instance, if all land/ship/air vehicles are created on server, you know that if you're seeing land/air/ship vehicles created in your createvehicle.log are either admins or malicious injections. same with the other BE files. rremoteexec.log are good for detections, as is publicvariable.log. most hackers I've caught via BE has been in publicvariable.log and scripts.log. these days most of the hackers left can get around battleye with memory editors, you'll have to detect issues with those further downstream. 2 Share this post Link to post Share on other sites