Yesterday I was playing ctf in some server I met a person he played very good
after the match i lost against him (I'm a skillfull ctf player) 228:52
he told me he could only win against me because he use a program with the name <cheat name here, edited by SavageX>
with <cheat name here, edited by SavageX> u can see true walls and u always know where the flag carrier is
and he told me also there are more player who use this program...
for me its a kind of cheat
can some do something against this kind of program?

There is a server side option which prevents wallhacks quite effectively: sv_cullentities_trace 1. But it means much higher CPU load on the server and does not work on all maps (currently it has a bug: it also hides players who are just behind a grate or fence, like on toxic). But as it should work on all CTF maps out there... when it happens next time, let the server admin silently enable that cvar and look if the player suddenly plays worse. On competition CTF servers, this option should be ALWAYS set to 1.

On a side note: in Dresk's Spidflisk mod, you can always see the flag carrier through walls, it's a feature in that mod and does not depend on special tools.

LordHavoc has planned to fix the grate/fence issue with sv_cullentities_trace by making a new trace function that traces according to visibility, if he gets that done, the option will be likely to be enabled by default.

yes i know the map
but in normal maps its a kind of cheat because the flagcarrier must hide himself from the other player...

Well, obviously that guy sucks. That program you have mentioned is a cheat and it does make no difference if several people use it or not - all of them are brain damaged.

In future releases we may indeed want to have tighter entity culling so wallhacks are senseless.

its sad and pathetic that people feel the need for these cheats, it completely degrades the value of the experience. sad sad sad

This could explain how I always got seen in an enstagib round at some point. I wouldn't want to accuse the guy of something he didn't do (there are many players so good it's almost hard to believe ) but it was weird. I may still have the replay if anyone's interested (not sure though, gotta check).

Actually, if you play the demo with a wallhack enabled yourself, you can often spot people using a wallhack... because they tend to aim at enemies too exactly before they actually can see them.

However, you would need a demo from his perspective then.

it would be pretty funny if the engine generated several invisible "decoy" meshes around the player, that could not be seen or interacted with witout a wallhack. It would fuck with wallhackers in a mean way, who would see a mob on the other side o the wall.

divVerent wrote:Actually, if you play the demo with a wallhack enabled yourself, you can often spot people using a wallhack... because they tend to aim at enemies too exactly before they actually can see them.

I do one better, I always play with a wallhack enabled just to spot malicious wallhackers.

torus wrote:it would be pretty funny if the engine generated several invisible "decoy" meshes around the player, that could not be seen or interacted with witout a wallhack. It would fuck with wallhackers in a mean way, who would see a mob on the other side o the wall.

Yeah I thought of that years ago, but it also eats network bandwidth

So the feared wallhack is not a myth.

But when CTF would provide this by default, like the Spidflisk server, then that would take away the advantage of that cheat. (not really, but you get my point)

I can understand why some people cheat. Some want to win by any means, others have fun fooling others, and some just like to have fun.
Thats why i think there should be official "cheat servers". It would take the "underground"-feel out of cheating in general.

I dont like the term "cheat" for the cheat mode anyway. I like to call it "game enhancement".

How bad does it affect server performance exactly?

Ok, so we need a system where each server tells the master server what players are banned and which ones are not. If enough servers have the player banned, then it will blacklist that player. Also, we need a method of banning people. Each person would have a random hash ID. That ID is sent to the server when connecting. If it is blacklisted or banned, then the player is disconnected. It would require alot of scripting, but there is NOTHING worse then seeing a cheater on a server and not being able to do anything about it, even as a server admin.

The worst thing about cheaters is, imo, not the effect they have on individual games, but the corrosive effect they have on the whole community - once people know cheats are around, they tend to see them everywhere. Enstagib is an obvious example - all you have to do is spam all the doorways randomly and you get accused of cheating

As for determining if people are using wallhacks, it is NOT easy to spot people using them - in my previous life as a UT99 community admin, I would frequently have to give a view on demos from suspected aimbot/radar users. Aimbots are reasonably easy to spot (although the external ones hooked into the running code, having lower accuracy take longer to spot). Radar though is a nightmare to judge, unless it is 1v1 - it is easy to spot a rubbish player using one, but a medium-skilled and above player often required several game-length demos to be sure. Medium-good and above players often "pre-aim" or spam near corners knowing that that particular spot is heavily-used.

Bans - If server admins can pipe from the game into IRC and vice-versa, they can already effectively ban individual ips, ranges, nick patterns and smack-talk, and all combinations of them, as (for instance) an IRC client like Xchat can be extended with perl (or a.n.other.language) to respond by recognising a banned combination, and issuing a kick. I have a UT-specific set of scripts somewhere that a couple of commercial GSP's still use.

If developers and server admins can close the door on this cheat asap, it would be hugely appreciated - the kiddies that do cheat will wander off and irritate someone else if no easy cheats exist - but if they hang around too long, they may start to create an audience for real hackers to play to.

[TSA] Psychiccyberfreak wrote:Ok, so we need a system where each server tells the master server what players are banned and which ones are not. If enough servers have the player banned, then it will blacklist that player. Also, we need a method of banning people. Each person would have a random hash ID. That ID is sent to the server when connecting. If it is blacklisted or banned, then the player is disconnected. It would require alot of scripting, but there is NOTHING worse then seeing a cheater on a server and not being able to do anything about it, even as a server admin.

And how are you going to prevent them from just creating a new random ID? Deleting config.cfg should suffice for that.

And even if they have to create an account on a website, nothing can prevent them from registering a new one.

Don't whine u can't prevent hackers in an open source game ffs. Its expected imo, i said this a year ago

It can't be so hard to use GPG or something similar to create a unique hash that can be identified. Even using IP address would be reasonably effective, since most people playing have static IPs. It doesn't need to be a 100% foolproof system; it just needs to work well enough to make cheating more trouble than it's worth. Bans on IRC can be circumvented too, but they still work quite effectively—especially since as soon as the bannee returns, he starts the same old crap and just gets banned again.

The issue is not to make a system that is so airtight that no one who is banned can ever return. The issue is to change the cost:benefit ratio in the favor of the server admin and legit players, so that cheating just isn't worth it.

Don't whine u can't prevent hackers in an open source game ffs. Its expected imo, i said this a year ago

Heh, you obviously have utterly no idea what you're talking about. The most secure systems in the world are open source. Security through obscurity is provably less effective than open, much-audited code. Also, in the open source community, hacking refers to modifying code to include additional functionality (and then often releasing it back to the community for their benefit so that the cycle of development can be advanced). So I'm sure the Nexuiz developers would be quite happy for people to hack their code, although they are under no obligation to accept the changes made if the hacker submits them. What you're talking about is cracking—although, frankly, cheating is such a minor, pathetic form of cracking it barely even warrants that name.

Sir since the DP engine is open source anyone with a little brain can create a wall hack within 5 mins.

Other than that u can just replace the textures on the maps with the wall glass like Q2 texture.

Bnonn wrote:It can't be so hard to use GPG or something similar to create a unique hash that can be identified.

That wouldn't be any different from a totally random ID. As soon as you delete your config.cfg or change that ID manually the ban is ineffective.

Even using IP address would be reasonably effective, since most people playing have static IPs.

Not where i live. Almost all major german DSL providers here are using dynamic IPs and most of them are forcing you to reconnect every 24 hours...

Sticter culling as SavageX suggestest would be the best solution imho since it makes wallhacks impossibles and therefor there would be no need for a global ban system.
(i wouldn't like such a system anyway, because it would raise the question who has the right to ban ppl and for what reasons)

In the meantime i would rather suggest a "kickban" command which kicks a player and bans his IP for the rest of the map (or a certain time), since the current ban feature is not very "vote-friendly".

Bnonn wrote:It can't be so hard to use GPG or something similar to create a unique hash that can be identified. Even using IP address would be reasonably effective, since most people playing have static IPs.

That's already possible using the net_banlist cvar... it takes a space separated list of IP addresses or 192.168.1.0/24 network addresses.

Unfortunately, the only idiot I ever needed to ban - XSAX LTU - then just gets a new IP. And I don't want to ban his whole ISP as it could be the only one in Lithuania (it is called something like "Telecom").

The issue is not to make a system that is so airtight that no one who is banned can ever return. The issue is to change the cost:benefit ratio in the favor of the server admin and legit players, so that cheating just isn't worth it.

We can't require every legitimate player to pass an email verification and that stuff, and a cheater can still use services like mailinator.com.

Heh, you obviously have utterly no idea what you're talking about. The most secure systems in the world are open source.

Actually, our security problem is no open/closed source problem, but a money/free problem. If the game would get sold, we would supply a CD key with it that is checked against a whitelist (so no keygens can work, only keys that got actually shipped to vendors would work). A server admin could then ban players based on the CD key (in this scenario, servers would see a hash of the CD key that's sent from the auth server so they can't use to pass authentication). The only way to bypass this would mean getting another CD key, which one could either steal from legitimate players (but not everyone will give his key away as he then can't play when the other one does), or pay for it.

In a free game, such a key system obviously can't work - if getting a new key is free, everyone can just get a new one when banned.

In commercial systems that doesn't work either. And it should be obvious to everyone that closed source games also have wallhacks, so the fact that it's easier to make one for an open source game is really beside the point. A good game will make wallhacking impossible (as Nexuiz does if you enable the correct server variable).

So again, cyan's argument is both stupid and wrong.

Bnonn wrote:In commercial systems that doesn't work either. And it should be obvious to everyone that closed source games also have wallhacks, so the fact that it's easier to make one for an open source game is really beside the point. A good game will make wallhacking impossible (as Nexuiz does if you enable the correct server variable).

So again, cyan's argument is both stupid and wrong.

lol u telling me its hard to make a cheat/hack on an engine that is so old no one other than open source communities remembers it? - its not.

cyan wrote:Don't whine u can't prevent hackers in an open source game ffs. Its expected imo, i said this a year ago

God, your a grumpy git at times! haha

k0jak wrote:God, your a grumpy git at times! haha

I know

lol u telling me its hard to make a cheat/hack on an engine that is so old no one other than open source communities remembers it? - its not.

I have trouble replying to you because your posts are so incoherent and badly written, but I presume you're trying to say that the Nexuiz engine is easy to create cheats for. And obviously it is—except that it's also easy to patch so that the cheats become ineffective, and it's easy to enable server-side options to ensure that cheats won't work anyway.

So again, what the heck is your point? The most cheated-on game of all time must be CounterStrike, which to the best of my knowledge was never open source.

Bnonn wrote:

lol u telling me its hard to make a cheat/hack on an engine that is so old no one other than open source communities remembers it? - its not.

I have trouble replying to you because your posts are so incoherent and badly written, but I presume you're trying to say that the Nexuiz engine is easy to create cheats for. And obviously it is—except that it's also easy to patch so that the cheats become ineffective, and it's easy to enable server-side options to ensure that cheats won't work anyway.

To our knowledge the only cheat that is truly a clientside exploit with no reliable method of prevention is aimbots, as they are simply producing valid input.

All others are some form of 'enriched playing experience' (radar/wallhack, glowing players, timers on how soon an item will respawn, replaced textures, replaced sounds, changed settings, etc), which can only make use of data the server willingly provides.

Bnonn wrote:So again, what the heck is your point? The most cheated-on game of all time must be CounterStrike, which to the best of my knowledge was never open source.

I've been told aimbots exist that intercept rendering calls and stuff mouse input, which makes them completely unblockable, regardless of open/closed source.

I stand by my opinion that the problem is the punks (a category encompassing generally obnoxious players as well as cheaters), not the technology, and the only language they speak is consequences.

Bans are a simple form of consequences, but they only work if people can be identified.

The only people you can be certain are playing honestly are members of respectable clans, because respectable clans immediately discipline members found to be cheating or annoying other people, lest their reputation be tarnished.

Peer pressure works, everyone likes to have friends.

That said, there is another approach, which is matching annoyance with annoyance - make it unpleasant to be a punk, making votable one-hour single-IP bans be quick and easy would suffice to annoy punks, as they must either change IP address and rejoin, or go to another server (and most servers are empty!), and they can only be in one place at a time, so their annoyance factor is quite limited

LordHavoc wrote:
To our knowledge the only cheat that is truly a clientside exploit with no reliable method of prevention is aimbots, as they are simply producing valid input.

--snip--

I've been told aimbots exist that intercept rendering calls and stuff mouse input, which makes them completely unblockable, regardless of open/closed source.

Yep they do exist - these are the external apps that hook into running processes that I mentioned. They are very hard to stop, but NOT unstoppable. The only problem is that to some extent the methods of stopping them rely on obfuscation (aka security through obscurity), as anyone with the skills to code them would easily have the skills to bypass open-source anti-hook code (indeed some of these scumbags are very talented and have beaten CLOSED-source security code with debuggers).

Stopping cheaters relies on the following lines of defense:

1. Tight gamecode, with exploits closed asap by developers.

2. Admins contactable, skilled in spotting cheaters from demos, willing to ban players.

As for the bit about players from respectable clans being trustworthy, I am afraid we will have to agree to disagree on that issue. My experiences with catching cheaters is that clan players were no more or less likely to cheat, and that the clans, due to their close ties, would sometimes (not always) defend the cheaters despite clear evidence. Some people respond to the peer pressure of a clan by identifying with the camaderie and sense of honour that clans can encourage, some identify with the pressure to play hard, and be a strong player, and some take that to the extent of cheating to keep up.

The answer is obvious to me - only the under-25's kiddies cheat, so how about simply making downloads of Nexuiz available to the over 25's?

But I'm 24 D:

Bnonn wrote:But I'm 24 D:

Then you can't be trusted yet!
(same thing goes for me btw...)

As if someone who calls himself Kadaverjack could be trusted next year...