crashvector 0 Posted August 20, 2007 This morning on our server (=SF= Server) someone was killing everyone on the opposite team. Another player said something about it being a debug console hack of some sort, and that he could see the command he was using. Does anyone know anything aobut this and how to stop it? If someone can come in our server and basically kill everyone on the opposite team, it quickly ruins the game. BTW: I am an admin recruit for =SF=, not some wannabe looking for a new hack. I need as much information as possible on how this can be stopped, or at LEAST how to see what command they are using so I can possibly figure out a way to stop it. Share this post Link to post Share on other sites
zaphod 0 Posted August 20, 2007 do not allow addons and modified files, as such a thing like a debug or cheat console can be implemented into arma itself. set customfilesize=0; this will improve server capabilities and increase player maximum to over 80, and you avoid custom sound spamming. ... this is not a real "solution" for these problems, but will reduce many of them. Share this post Link to post Share on other sites
crashvector 0 Posted August 20, 2007 do not allow addons and modified files, as such a thing like a debug or cheat console can be implemented into arma itself. set customfilesize=0; this will improve server capabilities and increase player maximum to over 80, and you avoid custom sound spamming. ... this is not a real "solution" for these problems, but will reduce many of them. Do you know anything about this Zaphod? BTW: I am =SF=WaltherP99 Share this post Link to post Share on other sites
zaphod 0 Posted August 20, 2007 hi WaltherP99! its easy to create a selfmade "console" ... you just need to implement a way to enter code somewhere (a modified arma dialog with edit input field, or create a new one) and execute it with a button or on <ENTER> key. this is very useful on testing and debugging new missions, but in a multiplayer game, it's a very powerful cheat possibility, as you can enter and execute any type of code. (call compile edit field content) for example .. {_x setdammage 1;} foreach [e1,e2,e3,e4]; will kill these 4 players ... even over MP executed on a client. same problem with setpos, addscore, setvelocity and so on ... in my opinion, the major problem is, that BI allows really dangerous scripting functions to be executed on a client ... this might be the easiest way for creating SP missions ... as i wrote in another thread, i wish that BI makes critical functions only available on the server... but i don't really know what i'm talking about, as i just know of the scripting language and nothing about the BI game code itself... Regards & nice games on =SF= anyways, Zap Share this post Link to post Share on other sites
whisper 0 Posted August 20, 2007 Agree completely with Zaphod on what BI could do for better MP security. A "level" of security per server config file could/should be added, listing the scripting commands available to clients on said server, for example. Mmmmh, think I gonna create a BT ticket for that. Excellent suggestion! EDIT : done : TT 2751 Share this post Link to post Share on other sites
zaphod 0 Posted August 20, 2007 *THUMBS UP* this is the best solution i've seen until now ... I will be one of the first supporters with berzerk map pack, as most missions will not work anymore with these heavy limitations ... but let's DO IT ... funky cold medina! Share this post Link to post Share on other sites
Hyrax0740 0 Posted August 20, 2007 off topic zaphod on your berzerk 2.0 any thought of limiting that javalin like the sniper rifles? will add that code to the server in a few hours Share this post Link to post Share on other sites
zaphod 0 Posted August 20, 2007 limitations in berzerk v2.0 are still done ... all limit ratios belong to the playercount on each side: sniper rifles 1/8 AA Launchers 1/4 AT Launchers 1/2 so in a team with 16 players there can be 2 snipers,4 AA Launchers and 8 AT Launchers. in addition a sniper cannot carry a launcher anymore, like MG soldiers... Tipps for configuring server can be found in berzerk map pack readme... a example server.cfg will follow in next map package (for veteran mode +/- 3rd person) Regards, Zap Share this post Link to post Share on other sites
Hyrax0740 0 Posted August 20, 2007 Sweet! cant wait to throw it on the sever! Share this post Link to post Share on other sites
whisper 0 Posted August 20, 2007 *THUMBS UP* this is the best solution i've seen until now ... I will be one of the first supporters with berzerk map pack, as most missions will not work anymore with these heavy limitations ... but let's DO IT ... funky cold medina! Yup, limiting createVehicle on server only would limit the spawning capacities, of both cheaters.... and mission makers. But it's still feasible for mission makers, harder but still feasible, and with tighter control over what is created. Ofc, it's absolutely not a complete 100% hacker-proof solution (moreover depending on how such limitations are implemented), but anything making their their work harder is good. Share this post Link to post Share on other sites
deady 0 Posted August 20, 2007 I would have to agree. Allowing clients to spawn vehicles in MP games is rather asking for trouble. There would be no inconvenience to mission makers by making only the server able to do such things. Share this post Link to post Share on other sites
zaphod 0 Posted August 20, 2007 there is much more on clients ... addweapon+addmagazine+createvehicle -> as described above ... setdammage -> without words ... setvelocity -> kick anything in the air setpos -> beam player addscore on server -> doesn't work .. MUST on client!? this is what i remember right now ... but there's more, i'll update this list. Share this post Link to post Share on other sites
InqWiper 0 Posted August 20, 2007 What about the good old equalmodrequired ? Not as easy to come in with a console then I guess? Share this post Link to post Share on other sites
Maddmatt 1 Posted August 20, 2007 What about the good old equalmodrequired ? Not as easy to come in with a console then I guess? Actually it's still pretty easy Share this post Link to post Share on other sites
.kju 3244 Posted August 20, 2007 Scripting isn't really my domain ... however isn't there some usefulness within Server_Side_Scripting: event: onUnsignedData description: unsigned data detected handler parameters: user id, file name //pseudo code if (file name not in ArmAOriginalFiles): kick player Share this post Link to post Share on other sites
whisper 0 Posted August 20, 2007 Well, I was more thinking of a server interdiction/check of said use (and mis-use) of script commands on client side, independantly of mods/addons check system. I guess code can be "injected", without the need of addons/mods. Share this post Link to post Share on other sites
.kju 3244 Posted August 20, 2007 no question about that whisper. this suggestion / thought was meant for in between also these config related script commands could be of some use. it seems not many people got into them though Share this post Link to post Share on other sites
zaphod 0 Posted August 20, 2007 as i know this server side scripting is new and very basic ... maybe it can be extended with critical functions not really needed on clients... i'll take a closer look at it... Share this post Link to post Share on other sites
crashvector 0 Posted August 20, 2007 one of the other players in the server said he could see the commands the player was using... THAT is what I'm interested in...seeing the commands they are trying to use because it pinpoints who it is without any doubts as to who the user is, plus it shows their IP. Share this post Link to post Share on other sites
Nutty_101 0 Posted August 20, 2007 This morning on our server (=SF= Server) someone was killing everyone on the opposite team.Another player said something about it being a debug console hack of some sort, and that he could see the command he was using. Does anyone know anything aobut this and how to stop it? If someone can come in our server and basically kill everyone on the opposite team, it quickly ruins the game. BTW: I am an admin recruit for =SF=, not some wannabe looking for a new hack. I need as much information as possible on how this can be stopped, or at LEAST how to see what command they are using so I can possibly figure out a way to stop it. There are ways to see what everyone is doing on the server thru the packets. I can tell you that you can see the events being sent out to the clients. With that there are ways to determine what all is being done. Share this post Link to post Share on other sites
jasono 0 Posted August 21, 2007 Is there an easy way to detect local client scripts (aka cheat scripts) being executed and the result sent to the server? If a script has setdammage 1, and the packet with that is found and connection cut from that person, the effect won't be executed on the server or clients right ? Share this post Link to post Share on other sites
Nutty_101 0 Posted August 22, 2007 Is there an easy way to detect local client scripts (aka cheat scripts) being executed and the result sent to the server?If a script has setdammage 1, and the packet with that is found and connection cut from that person, the effect won't be executed on the server or clients right ? You could just drop the packet and stop all information from the client. However if a script is written like that then you would call the player a cheater when they are not. Kinda lame. Share this post Link to post Share on other sites
TeRp 1 Posted September 1, 2007 I think restricting the commands that can be used by a client is not a solution. If you do so, you _are_ affecting addons that are using of these scripting commands (e.g. addWeapon / addMagazine is used for dynamic loadouts on vehicles) and make these addons unusable in MP. I really understand your point because there are cheaters on public servers everywhere now, but if such things as above are done, addon creation will be restricted to a point where it is impossible to achive any scripting functionalities in vehicles. This will also make it harder to design or achive specifing things in missions, as some missions may use scripts or comamnds which are and can not be executed by the server. Just say you do a mission where at one point a player will be rewared with a new gun. As addWeapon & addMagazine only work localy to the unit, this won't be possible if it's put on the script.deny list. Share this post Link to post Share on other sites
Michael_Wittman 0 Posted September 1, 2007 I think restricting the commands that can be used by a client is not a solution.If you do so, you _are_ affecting addons that are using of these scripting commands (e.g. addWeapon / addMagazine is used for dynamic loadouts on vehicles) and make these addons unusable in MP. I really understand your point because there are cheaters on public servers everywhere now, but if such things as above are done, addon creation will be restricted to a point where it is impossible to achive any scripting functionalities in vehicles. This will also make it harder to design or achive specifing things in missions, as some missions may use scripts or comamnds which are and can not be executed by the server. Just say you do a mission where at one point a player will be rewared with a new gun. As addWeapon & addMagazine only work localy to the unit, this won't be possible if it's put on the script.deny list. So, what we need is a much better editor. Share this post Link to post Share on other sites
TeRp 1 Posted September 1, 2007 Sorry, but what's the link from an editor to an anti-cheat solution and allowing the usage of scripts in addons and missions? Share this post Link to post Share on other sites