Jump to content
Sign in to follow this  
-Total-

How to configure your dedicated server so it prevents ACE users joining

Recommended Posts

Yes indeed, thanks to him too.

I've asked for the thread to be renamed to something more descriptive.

Share this post


Link to post
Share on other sites

This is an awesome idea/implementation guys! Very crafty. But there are other reasons to turn on signature checks.. namely stability and cheating. (the latter less of an issue if you have an admin 24/7)

With sigchecks on, the server doesn't crash hardly ever, even when full. With it off, it does. And it's due to crummy addons with errors, outdated addons, or ones that are ment to also run on the server side. You won't be able to control your clients, what they bring on your server without kicking sigchecks. They can come on with addons that modify their guns to have no recoil and bullets that do more damage, and other subtle things and you wouldn't even notice it unless they put it right in your face.

Public servers without properly working sigchecks (ie, kick on bad sig) tend to ruin the online experience (esp when lacking admins), even ruining it for the people that don't run any addons. The result is greifers with cheats, lots of crashing, popup errors, etc. When OA first came out, I was reminded of how really bad it can be, with people joining with all kinds of popup-error and CTD causing crap.

IMO, now is the time to turn it on, and let it kick like it's supposed to. And build up a group of 'regulars' to your server while you can. We've had it on for 3 weeks, the server has still been full for 3 weeks, day and night. It is not that hard to gather up lists of mp-friendly addons that are approved by adding their key to the server. All kinds of people have messed up or edited stock game files. Letting those folks on is what causes crashes. It's the only way to maintain client-server consistency and a good experience for players.

Even with 10 admins and no greifers, you're still going to have people with inadvertently corrupted data that can crash your players and server out. Is that a worthy tradeoff? I'll say again, as far as I can tell, (likely due to the lack of mods) sigchecks has no affect on player count at this time.

Just remember, without sigchecks, people can do anything - absolutely anything to their game that they want and still join your server. I hope non-sigcheck admins never host PvP where people are a bit competitive, then it gets really ugly!

Best to build a dam and poke holes, not the other way around. :D

Edited by oktane

Share this post


Link to post
Share on other sites

You're right, Oktane.

Now that many servers are almost virgin and unsullied by addons, now IS the time to turn sig checks on, and leave them on. Once users get used to them, they'll accept them as normal.

This move by server admins should go hand in hand with pressure on addon authors to create keys for their addons. Still, one or two well used addons don't have keys.

Share this post


Link to post
Share on other sites
You're right, Oktane.

Now that many servers are almost virgin and unsullied by addons, now IS the time to turn sig checks on, and leave them on. Once users get used to them, they'll accept them as normal.

This move by server admins should go hand in hand with pressure on addon authors to create keys for their addons. Still, one or two well used addons don't have keys.

While I sympathize, that's not really a roadblock. I assume you are talking about client side only, non-required addons. You can turn on sig checks TODAY, and if you have a few addons with no keys, sign them yourself and offer them for download to your users. It is acceptable to inconvenience just a few people with the unsigned mod you speak of, compared to the amount of players and good impressions you could be making with a stable and consistently running server. :D

The first MOTD line is visible to clients, if they get kicked or not. So you can put info/url/help in there. (at least that was the case with A2, haven't checked with OA yet, hopefully the same)

Edited by oktane

Share this post


Link to post
Share on other sites

Good points, well made. I'm in full agreement with you.

I'd never thought about self signing unsigned addons. Cunning. :)

Share this post


Link to post
Share on other sites

Now that many servers are almost virgin and unsullied by addons, now IS the time to turn sig checks on, and leave them on. Once users get used to them, they'll accept them as normal.

It makes me feel sad to see so much public servers running without signature checking turned on. I could easily join such servers, do whatever havoc I want and even kick and ban logged in admins without a problem. They would never now who it was (luckily I don't do it :))

It's not only a problem of mods or addons crashing a server, it also helps against cheaters and hackers.

The good thing for you as a server admin is that you decide what addons should be used on your server and if addon makers create a new key for each release (and not like now where addon makers have just one key) it also removes version problems.

Xeno

Edited by Xeno

Share this post


Link to post
Share on other sites

is this a solution for the ArmA2 server or for OA aswel?

'Cause i tried to add those lines to config file of OA server, but then the server doesn't even appear in the browser anymore.

i put this code under the verifySignatures command:

onUnsignedData = "name_test=toArray (_this select 1);name_cut=[];for '_l' from 0 to 4 do{name_cut set [_l,name_test select _l];};name_test=toString name_cut;if(toLower(name_test)==""@ace\"")then{kick (_this select 0);};";

onDifferentData = "name_test=toArray (_this select 1);name_cut=[];for '_l' from 0 to 4 do{name_cut set [_l,name_test select _l];};name_test=toString name_cut;if(toLower(name_test)==""@ace\"")then{kick (_this select 0);};";

onHackedData = "name_test=toArray (_this select 1);name_cut=[];for '_l' from 0 to 4 do{name_cut set [_l,name_test select _l];};name_test=toString name_cut;if(toLower(name_test)==""@ace\"")then{kick (_this select 0);};";

Share this post


Link to post
Share on other sites

Hey guys, i'll post this in here rather than creating a new thread. My question is regarding the use of ACE with signature verification.

I have the latest version of ACE running on my OA:CO server. I have the relevant keys in the place on both the server and my own game. i.e

ace_b380.bikey

acex_b257.bikey

cba_b112.bikey

acex_sm.bikey

bi.bikey

The problem is i just cant get it to let me into the server. Everytime i connect i stay in for mabe 2/3 secs the just get "session lost" and get dropped back to the browser. Does anyone have an idea of why this is?? Am i missing something in the key process to allow me in?

Thx for any help.

Share this post


Link to post
Share on other sites
@RT. Green Label: you have some extra spaces in there. Not sure if that's the problem though.

The extra space is from the "Quote" bug in this forum.. i suggest you to use CODE or PHP when adding long lines.

Share this post


Link to post
Share on other sites

To throw another idea in here (This wasn't my idea, I havent done any testing on it, but here's the theory)

What you need is a blacklist system, not a whitelist system to be able to work for any mod/addon that you do not want your clients to run on the server

1) Server needs extended EH (Serverside only) which should not create any problems

2) Serverside addon creates a logic at mission start, clients are forced to run code defined in the logic's init field.

3) An array variable defined on the server containing blacklisted config classes or global variables defined by addons/mods are then checked for presence on the client.

If any of these array elements are defined or classes exist then the client runs the code defined in the logic's "INIT". For example you could

a) Fade to black

b) titletext message "You need to rejoin the server after disabling XAddon, YMod

c) Leave the message on for 30 seconds

d) Then locally end the mission on the client

In theory some code could be run before time 0, eg pre_init.sqf which could then be used to reduce any mission based issues caused by the client actually joining the mission.

Also it would be possible to have the admin client run a kick command via scripting to automate the process.

I am sure there will be some issues that need ironing out, but the sheer fact that the blacklist client receives a message that means something to him makes this worthy of investigation

Edited by Terox

Share this post


Link to post
Share on other sites

onUnsignedData = "name_test=toArray (_this select 1);name_cut=[];for '_l' from 0 to 4 do{name_cut set [_l,name_test select _l];};name_test=toString name_cut;if(toLower(name_test)==""@ace\"")then{kic k (_this select 0);};";
onDifferentData = "name_test=toArray (_this select 1);name_cut=[];for '_l' from 0 to 4 do{name_cut set [_l,name_test select _l];};name_test=toString name_cut;if(toLower(name_test)==""@ace\"")then{kic k (_this select 0);};";
onHackedData = "name_test=toArray (_this select 1);name_cut=[];for '_l' from 0 to 4 do{name_cut set [_l,name_test select _l];};name_test=toString name_cut;if(toLower(name_test)==""@ace\"")then{kic k (_this select 0);};"; 

this is the 'codeform' maybe this will be clearer for you.

Share this post


Link to post
Share on other sites
onUnsignedData = "name_test=toArray (_this select 1);name_cut=[];for '_l' from 0 to 4 do{name_cut set [_l,name_test select _l];};name_test=toString name_cut;if(toLower(name_test)==""@ace\"")then{kick (_this select 0);};";
onDifferentData = "name_test=toArray (_this select 1);name_cut=[];for '_l' from 0 to 4 do{name_cut set [_l,name_test select _l];};name_test=toString name_cut;if(toLower(name_test)==""@ace\"")then{kick (_this select 0);};";
onHackedData = "name_test=toArray (_this select 1);name_cut=[];for '_l' from 0 to 4 do{name_cut set [_l,name_test select _l];};name_test=toString name_cut;if(toLower(name_test)==""@ace\"")then{kick (_this select 0);};";

Edited by MJK-Ranger

Share this post


Link to post
Share on other sites

so you just add those lines to the server.cfg in addition to the ones already there?

Anyone willing to share his cfg entry with this working?

For lazy copy+paste fans?

Pwetty please?:cool:

Share this post


Link to post
Share on other sites

yes just add those 3 lines but also change the verifysignatures=0 to =1

i also have a seperate but kinda related question to anyone that knows or the guy that posted said 3 lines to kick ace users:

can we add more @names to that list? i mean i use this for kicking ace users and it works a treat, but there is a couple other mod that really screw up the server and am wondering if we can add a few more. and if so how?

(i know verifysigs=1 is the best way but that just crashes the server... dont ask, its a long story ive gone throo in another thread, so instead of having a white list, i'd rather use this as a black list ( would only be maybe 2 or 3 other mods i'd wanna block)

so can i just add ;@badmod;@otherbadmod etc etc to this ace kicker? or is that not possible?

Share this post


Link to post
Share on other sites

In theory, yes. Those three lines look for folder name beginning with @ACE so you could do it for any folder name.

Something to remember though, when I ran JTD Fire & Smoke and warfx, I used to dump the folders in an addon folder called @effects. This method of addon checking wouldn't find them.

Share this post


Link to post
Share on other sites
In theory, yes.

anyone know how i'd add another mod folder or 2 for that to work?

Share this post


Link to post
Share on other sites

I've not tested it, but you could modify the if statement as follows.

if(toLower(name_test)==""@ace\"")then

Replace the part that looks like the code above with the code below.

if(toLower(name_test) in [""@ace\"",""@badmod\"",""@otherbadmod\""])then

After that you would then need to increase the number of loops the for loop goes through to one less than the maximum number of characters of the addon with the longest name.

Share this post


Link to post
Share on other sites

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
Sign in to follow this  

×