Some skid came into my server and began removing player's weapons with lua (I allow clientside lua). I am certain it was him because everyone on my server were friends of mine. I know it was their own lua because the server logs don't show any e2's or sweps.
Quinn [STEAM_0:0:7291863|72.192.161.85:27005]
He also had a sky changer and other mingy things.
I'm currently using nadmod prop protection. I guess I need to add some code to give ownership of player's weapons when they spawn?
[editline]26th December 2014[/editline]
Also, I should mention the remover particle effects appeared when it happened, so it's probably something to do with the remover tool.
[QUOTE=thegrb93;46796578]Some skid came into my server and began removing player's weapons with lua (I allow clientside lua). I am certain it was him because everyone on my server were friends of mine. I know it was their own lua because the server logs don't show any e2's or sweps.
Quinn [STEAM_0:0:7291863|72.192.161.85:27005]
He also had a sky changer and other mingy things.
I'm currently using nadmod prop protection. I guess I need to add some code to give ownership of player's weapons when they spawn?
[editline]26th December 2014[/editline]
Also, I should mention the remover particle effects appeared when it happened, so it's probably something to do with the remover tool.[/QUOTE]
Remove his IP.... Secondly explain on what you mean by "Sky Changer"
Exploits the sky editor to make the sky a spinning missing texture. I don't think a sky editor entity even has to be present for this to be done.
[QUOTE=thegrb93;46796578](I allow clientside lua)[/QUOTE]
There is your problem right there.
That is just asking to be hacked.
EDIT: Everyone who rated this dumb hasn't seen certain exploits then.
Woops I was wrong about the sky-editor. Apparently anyone can duplicate admin only entities for some reason. I opened a ticket about this.
[editline]26th December 2014[/editline]
Looks like player's own weapons are prop protected so I have no idea how something like this could have happened.
Fixed the duplicator issue. Advdupe2 doesn't check if entities it spawns are admin only or not. I wrote a pull request for it.
Check all your addons, I have seen so many darkrp servers running addons that can easily compromise the security of your server.
My only guess is something with wire, but wire will check the owner of props afaik. I'll take a look and see if there's a break somewhere with e2.
[editline]28th December 2014[/editline]
propDelete() doesn't do it. Even if I'm admin.
Forgot to mention this is in sandbox.
[QUOTE=The Commander;46797605]There is your problem right there.
That is just asking to be hacked.
EDIT: Everyone who rated this dumb hasn't seen certain exploits then.[/QUOTE]
No.
People can activate any property on any entity with netmessages. Many entities aren't protected with prop protection so this will have to do.
[lua]
hook.Add( "CanProperty", "block_properties", function( ply, property, ent )
return false
end )
[/lua]
The only I could someone stripping all players weapons with running clientside Lua is if there was an exploit in an addon that server has, because both StripWeapons and StripWeapon functions are server side.
[QUOTE=The Commander;46819924]Yes
[media]http://www.youtube.com/watch?v=G_NAriv6Uok[/media][/QUOTE]
If you find that servers enabling clientside lua makes this easier for you to do, you have no idea what you're doing.
I got in touch with the maker of Nadmod PP and he is currently updating it to prevent people from taking ownership of entities that are normally uninteractable. Thanks to those who pm'd me about the exploit and where its roots were.
[QUOTE=The Commander;46819924]Yes
[media]http://www.youtube.com/watch?v=G_NAriv6Uok[/media][/QUOTE]
I think it's funny you're trying to explain cheating to me (someone who wrote a couple of cheats and a couple of anticheats, and released all publicly).
Aimbots aren't a security issue. That's just someone cheating. The cause of server security issues are:
1) shit exploitable server side lua
2) shit security practises on the box itself
3) shit security practises in gameserver configuration
4) unpatched source exploits (rarer these days)
Yup, you have sure know what you are talking about.
I'll leave it all to you lua king.
[QUOTE=The Commander;46821001]Yup, you have sure know what you are talking about.
I'll leave it all to you lua king.[/QUOTE]
Both of the people who replied to you know much more about that sort of stuff than you do.
[QUOTE=The Commander;46821001]Yup, you have sure know what you are talking about.
I'll leave it all to you lua king.[/QUOTE]
You're saying that allowing clientside lua enables server side exploits that wouldn't otherwise be available. This isn't true.
[QUOTE=sasherz;46825109]Both of the people who replied to you know much more about that sort of stuff than you do.[/QUOTE]
Stating that like he knows who I am.
Nice.
[QUOTE=The Commander;46826692]Stating that like he knows who I am.
Nice.[/QUOTE]
It's pretty easy to judge your knowledge based on the bullshit you said.
It's nice to see that no one has yet explained what's going on in the video if you are all such experts.
[QUOTE=The Commander;46828188]It's nice to see that no one has yet explained what's going on in the video if you are all such experts.[/QUOTE]
Looks like an aimbot, speedhack and exploiting a poorly written gamemode to me.
Not a security issue.
[QUOTE=The Commander;46828188]It's nice to see that no one has yet explained what's going on in the video if you are all such experts.[/QUOTE]
What you don't seem to understand is that you can't prevent players completely from running cs lua on your server. You saying that "it's just asking to be hacked" if you allow clientside lua is very dumb since being hacked isn't made easier because you allow cs lua. People who are able to exploit bad written serverside code can easily run lua and other stuff even though you don't allow it. Kids cheating on the server is indeed made easier, since some might not know how to bypass your restriction.
That's a better reply ms333.
Looks like the community hasn't changed at all while I was gone.
Sorry, you need to Log In to post a reply to this thread.
