alientrap-forum-archives

[The mysterious Mr. 4m]

So the feared wallhack is not a myth.

But when CTF would provide this by default, like the Spidflisk server, then that would take away the advantage of that cheat. (not really, but you get my point)

I can understand why some people cheat. Some want to win by any means, others have fun fooling others, and some just like to have fun.
Thats why i think there should be official "cheat servers". It would take the "underground"-feel out of cheating in general.

I dont like the term "cheat" for the cheat mode anyway. I like to call it "game enhancement".

[Dokujisan]

How bad does it affect server performance exactly?

[Psychcf]

Ok, so we need a system where each server tells the master server what players are banned and which ones are not. If enough servers have the player banned, then it will blacklist that player. Also, we need a method of banning people. Each person would have a random hash ID. That ID is sent to the server when connecting. If it is blacklisted or banned, then the player is disconnected. It would require alot of scripting, but there is NOTHING worse then seeing a cheater on a server and not being able to do anything about it, even as a server admin.

[Vendor]

The worst thing about cheaters is, imo, not the effect they have on individual games, but the corrosive effect they have on the whole community - once people know cheats are around, they tend to see them everywhere. Enstagib is an obvious example - all you have to do is spam all the doorways randomly and you get accused of cheating

As for determining if people are using wallhacks, it is NOT easy to spot people using them - in my previous life as a UT99 community admin, I would frequently have to give a view on demos from suspected aimbot/radar users. Aimbots are reasonably easy to spot (although the external ones hooked into the running code, having lower accuracy take longer to spot). Radar though is a nightmare to judge, unless it is 1v1 - it is easy to spot a rubbish player using one, but a medium-skilled and above player often required several game-length demos to be sure. Medium-good and above players often "pre-aim" or spam near corners knowing that that particular spot is heavily-used.

Bans - If server admins can pipe from the game into IRC and vice-versa, they can already effectively ban individual ips, ranges, nick patterns and smack-talk, and all combinations of them, as (for instance) an IRC client like Xchat can be extended with perl (or a.n.other.language) to respond by recognising a banned combination, and issuing a kick. I have a UT-specific set of scripts somewhere that a couple of commercial GSP's still use.

If developers and server admins can close the door on this cheat asap, it would be hugely appreciated - the kiddies that do cheat will wander off and irritate someone else if no easy cheats exist - but if they hang around too long, they may start to create an audience for real hackers to play to.

[divVerent]

Ok, so we need a system where each server tells the master server what players are banned and which ones are not. If enough servers have the player banned, then it will blacklist that player. Also, we need a method of banning people. Each person would have a random hash ID. That ID is sent to the server when connecting. If it is blacklisted or banned, then the player is disconnected. It would require alot of scripting, but there is NOTHING worse then seeing a cheater on a server and not being able to do anything about it, even as a server admin.

And how are you going to prevent them from just creating a new random ID? Deleting config.cfg should suffice for that.

And even if they have to create an account on a website, nothing can prevent them from registering a new one.

[cyan]

Don't whine u can't prevent hackers in an open source game ffs. Its expected imo, i said this a year ago

[Bnonn]

It can't be so hard to use GPG or something similar to create a unique hash that can be identified. Even using IP address would be reasonably effective, since most people playing have static IPs. It doesn't need to be a 100% foolproof system; it just needs to work well enough to make cheating more trouble than it's worth. Bans on IRC can be circumvented too, but they still work quite effectively—especially since as soon as the bannee returns, he starts the same old crap and just gets banned again.

The issue is not to make a system that is so airtight that no one who is banned can ever return. The issue is to change the cost:benefit ratio in the favor of the server admin and legit players, so that cheating just isn't worth it.

Don't whine u can't prevent hackers in an open source game ffs. Its expected imo, i said this a year ago

Heh, you obviously have utterly no idea what you're talking about. The most secure systems in the world are open source. Security through obscurity is provably less effective than open, much-audited code. Also, in the open source community, hacking refers to modifying code to include additional functionality (and then often releasing it back to the community for their benefit so that the cycle of development can be advanced). So I'm sure the Nexuiz developers would be quite happy for people to hack their code, although they are under no obligation to accept the changes made if the hacker submits them. What you're talking about is cracking—although, frankly, cheating is such a minor, pathetic form of cracking it barely even warrants that name.

[cyan]

Sir since the DP engine is open source anyone with a little brain can create a wall hack within 5 mins.

Other than that u can just replace the textures on the maps with the wall glass like Q2 texture.

[KadaverJack]

It can't be so hard to use GPG or something similar to create a unique hash that can be identified.

That wouldn't be any different from a totally random ID. As soon as you delete your config.cfg or change that ID manually the ban is ineffective.

Even using IP address would be reasonably effective, since most people playing have static IPs.

Not where i live. Almost all major german DSL providers here are using dynamic IPs and most of them are forcing you to reconnect every 24 hours...

Sticter culling as SavageX suggestest would be the best solution imho since it makes wallhacks impossibles and therefor there would be no need for a global ban system.
(i wouldn't like such a system anyway, because it would raise the question who has the right to ban ppl and for what reasons)

In the meantime i would rather suggest a "kickban" command which kicks a player and bans his IP for the rest of the map (or a certain time), since the current ban feature is not very "vote-friendly".

[divVerent]

It can't be so hard to use GPG or something similar to create a unique hash that can be identified. Even using IP address would be reasonably effective, since most people playing have static IPs.

That's already possible using the net_banlist cvar... it takes a space separated list of IP addresses or 192.168.1.0/24 network addresses.

Unfortunately, the only idiot I ever needed to ban - XSAX LTU - then just gets a new IP. And I don't want to ban his whole ISP as it could be the only one in Lithuania (it is called something like "Telecom").

The issue is not to make a system that is so airtight that no one who is banned can ever return. The issue is to change the cost:benefit ratio in the favor of the server admin and legit players, so that cheating just isn't worth it.

We can't require every legitimate player to pass an email verification and that stuff, and a cheater can still use services like mailinator.com.

Heh, you obviously have utterly no idea what you're talking about. The most secure systems in the world are open source.

Actually, our security problem is no open/closed source problem, but a money/free problem. If the game would get sold, we would supply a CD key with it that is checked against a whitelist (so no keygens can work, only keys that got actually shipped to vendors would work). A server admin could then ban players based on the CD key (in this scenario, servers would see a hash of the CD key that's sent from the auth server so they can't use to pass authentication). The only way to bypass this would mean getting another CD key, which one could either steal from legitimate players (but not everyone will give his key away as he then can't play when the other one does), or pay for it.

In a free game, such a key system obviously can't work - if getting a new key is free, everyone can just get a new one when banned.