Preventing steam id changing? - Developers

[QUOTE=VoiDeD;20775066]I'm the leak. It's me.[/QUOTE] :cop:

Assuming 50% of all the steam users have a [url=http://dd-wrt.com/wiki/index.php/Supported_Devices]dd-wrt supported[/url] router, 50% of all steam users can change their mac address with an interface a baby can use. Still i dont think you know what a mac address is, it doesnt have a [b]SHIT[/b] to do with serenity, steam, or your ip. Assuming 99.9% of everyone playing gmod, with serenity, being a jerk, knows how to plug a cable and plug it back in, that means around maybe 70% of all serenity fags can change their ip. Yes, i can also pull number out of my ass :v:

And 83 percent of all statistics are made up. [quote=Gbps]Hey guise, ever heard of this really cool technology called MAC addresses?[/quote] As soon as you banned anyone by their MAC address, you would find that they are not receiving any packets at all, since all the packets you get will have the same mac address. Like azu said, all the packets come from my router, so they all have my router's mac address. Plus, I've never had a router that can't change it's mac, and I've had the cheap ones you get from best buy.

ok so let me try to get this... gbps..is an alt of nullsquared. and, helix alioth is trying to be gbps?? nullsquared must be honored... btw @ steamid spoofing: addip, gg noobs problem solved (that is the solution and believe it or not many people have a semi-static ip which doesn't change very often or without prolonged disconnection from the ISP's network dynamic ips are not all that common) wow why are you people even talking about mac addresses that is probably the dumbest suggestion ever everyone in #opensteamworks is probably laughing at you

[QUOTE=Soda;20778041]ok so let me try to get this... gbps..is an alt of nullsquared. [/quote]No [QUOTE=Soda;20778041]addip, gg noobs problem solved[/QUOTE]No, you can change your visible IP with a vpn or whatever it's called (like hotspot shield) or by the other methods mentioned in this thread. So while it helps a lot, it's not the solution.

[QUOTE=Soda;20778041]wow why are you people even talking about mac addresses that is probably the dumbest suggestion ever everyone in #opensteamworks is probably laughing at you[/QUOTE] Why would I ( Or anyone else here ) care if they were?

[QUOTE=yakahughes;20778111]No, you can change your visible IP with a vpn or whatever it's called (like hotspot shield) or by the other methods mentioned in this thread. So while it helps a lot, it's not the solution.[/QUOTE] Sure, you can do this. Ip bans are not meant to be effective until the end of time. But just consider about this again: [list] [*]Just a minority will change their IP after they got SteamID + IP banned, because doing this means effort. [*]They want to grief in most cases. If they can't immediately rejoin, they'll take another server. [*]A bike lock is also no solution preventing someone to steal it. But as harder it is or as more locks you use as less will be the motivation for the thief to steal it. [/list] Of course it's no solution. But it's a useful tool to get rid of those idiots easily. Can/Should be combined with other techniques. I once started a project, but I've been unable to test it yet "in the wild" because I do not know anyone who has Serenity.

[QUOTE=aVoN;20778888]Sure, you can do this. Ip bans are not meant to be effective until the end of time. But just consider about this again: blah more stuff lists[/QUOTE] All your points are valid, but your post was unnecessary because the only point I made was that IP banning is not the solution, just very helpful. The other guy implied it was the end-all solvent. IP banning is definitely something I would do, but it's not all I would do.

He never said it was end-all, just that most people would be completely stopped by it, which is correct. Most pure trolls wouldn't go to the trouble of changing their IP just for a few seconds of griefing a server. If anyone has a serious hate of your server, then they won't be much of a problem, because it will anyway take a few minutes before each connection of theirs, and as long as you ban them relatively quickly, they can't do much damage.

[QUOTE=Soda;20778041]ok so let me try to get this... gbps..is an alt of nullsquared. and, helix alioth is trying to be gbps?? nullsquared must be honored... btw @ steamid spoofing: addip, gg noobs problem solved (that is the solution and believe it or not many people have a semi-static ip which doesn't change very often or without prolonged disconnection from the ISP's network dynamic ips are not all that common) wow why are you people even talking about mac addresses that is probably the dumbest suggestion ever everyone in #opensteamworks is probably laughing at you[/QUOTE] No I'm not.. Just Gbps is so awesome that I used his avatar concept. Anyways, what I posted should work if you fix the troll attempts.

I don't think Gbps is an alt of nullsquared. No offence Gbps, but I think null would be a bit offended by that.

Guys lets just email whoever join's ISP and tell them they're hacking, then they'll get banned from the internet! In all seriousness, I'm working on a fix. I'll get back soon with it.

[QUOTE=nicatronTg;20787314]Guys lets just email whoever join's ISP and tell them they're hacking, then they'll get banned from the internet! In all seriousness, I'm working on a fix. I'll get back soon with it.[/QUOTE] Yes, you would most certainly win in court.

I got a great fix! I just thought of it! Remember how the real person can't be on the same server as the spoofer? Well, why not check if the spoofer's community ID is in that server? [url]http://steamcommunity.com/profiles/ID?xml=1[/url] with a quick XML parser, this could work!

Is only GMod affected by this exploit? If yes, is that just because of the modified fake servers? Why not report it to Garry then?

[QUOTE=Map in a box;20793541]I got a great fix! I just thought of it! Remember how the real person can't be on the same server as the spoofer? Well, why not check if the spoofer's community ID is in that server? [url]http://steamcommunity.com/profiles/ID?xml=1[/url] with a quick XML parser, this could work![/QUOTE] Does not work if the profile is private. All you can do is checking their community-name against the one of the player on the server. And even this can be spoofed. I once made an attempt using this idea. [code]http://svn.daggeringcats.com/antispoof User: anon Pw: anon[/code] It kicks user if the username does not fit the one on the community-page. It bans a user by IP after he got steamid banned. Anyone who wanna join or contribute more effective ways and anyone who actually has a way to spoof the steamid is welcome to test it. [editline]11:55AM[/editline] It should be a problem in every source-engine based game. [QUOTE=Ywa;20793943]Is only GMod affected by this exploit? If yes, is that just because of the modified fake servers?[/QUOTE]

I wrote this script a few days ago. [url]http://pastebin.com/qXdsPfhk[/url] It's a serverside script that kicks (and IP-bans for two days) the player if his possibly spoofed SteamID isn't actually playing on the server. Doesn't work if the player has a private profile through, but you could just kick him and tell him to make his profile public. The code has an awful pyramid of if-statements, but just because I wanted to catch the reason of the kick while debugging. Could be easily compressed into one statement. I hope that you find this snippet useful. The XML-parser was stolen from [url]http://lua-users.org/wiki/LuaXml[/url].

Nice! And yeah, i really like this idea

Private profiles are still really anoying to deal with.

[QUOTE=yakahughes;20784379]I made was that IP banning is not the solution[/QUOTE] uh yes it is doing anything else would be just dumb because it is relying on external information from the steamcommunity(which is very very dumb, especially the part where you're making a request to the page every time you need to check someone) [QUOTE=Helix Alioth;20786604]No I'm not.. Just Gbps is so awesome that I used his avatar concept. Anyways, what I posted should work if you fix the troll attempts.[/QUOTE] yeah i am 100% correct as always what you posted is disgusting I don't know why anyone would use something that overengineered or anything made by you really just like at your youtube "look guys i made a iluainterface hook im a fuckin leet i hacked noxiosnnettttttmmmmmmmmh nmmmhhh hwelix hackker script its private tho.. ya..hmmhhmmmm hahhh ~squirt~ ,lookm y darkrp servr.r.... its fuckin leet...gui vuguii antihecked and seth protected..mhmhmmabhhhhh " ^^ actual quote flapjack i totally meant you when I said #opensteamworks not voided or the other many people in that channel who made synergy gg

IP banning is the only good solution. That or try using sv_password. All of these other "workarounds" are stupid and pointless.

Guys! I was wiresharkin serenity and found this secret page!!!! [url]http://204.45.55.242/serenity/[/url] !!! [highlight](User was banned for this post ("What are you doing?" - grea$emonkey))[/highlight]

[QUOTE=Ragnarox;20796436]Guys! I was wiresharkin serenity and found this secret page!!!! [url]http://xxx.xxx.xxx.xxx/serenity/[/url] !!![/QUOTE] Don't think it's safe to goto that "website". The IP address listed matches a server, I have found to be a "nasty"..

He is probably trying to get your serenity details.

.

[QUOTE=Soda;20796200]flapjack i totally meant you when I said #opensteamworks not voided or the other many people in that channel who made synergy gg[/QUOTE] Why would I care if someone who made some shitty HL2 multiplayer mod was laughing at me? Also, lrn2engsh

[QUOTE=DarKSunrise;20794749]I wrote this script a few days ago. [url]http://pastebin.com/qXdsPfhk[/url] It's a serverside script that kicks (and IP-bans for two days) the player if his possibly spoofed SteamID isn't actually playing on the server. Doesn't work if the player has a private profile through, but you could just kick him and tell him to make his profile public. The code has an awful pyramid of if-statements, but just because I wanted to catch the reason of the kick while debugging. Could be easily compressed into one statement. I hope that you find this snippet useful. The XML-parser was stolen from [url]http://lua-users.org/wiki/LuaXml[/url].[/QUOTE] Just thought I would mention this. [lua] GetConVarString( "ip" ) --Gets the servers ip [/lua] No need to http.Get the servers IP.

[QUOTE=Soda;20796200]uh yes it is doing anything else would be just dumb because it is relying on external information from the steamcommunity(which is very very dumb, especially the part where you're making a request to the page every time you need to check someone) yeah i am 100% correct as always what you posted is disgusting I don't know why anyone would use something that overengineered or anything made by you really just like at your youtube "look guys i made a iluainterface hook im a fuckin leet i hacked noxiosnnettttttmmmmmmmmh nmmmhhh hwelix hackker script its private tho.. ya..hmmhhmmmm hahhh ~squirt~ ,lookm y darkrp servr.r.... its fuckin leet...gui vuguii antihecked and seth protected..mhmhmmabhhhhh " ^^ actual quote flapjack i totally meant you when I said #opensteamworks not voided or the other many people in that channel who made synergy gg[/QUOTE] No.

[QUOTE=JIAC;20796419]IP banning is the only good solution. That or try using sv_password. All of these other "workarounds" are stupid and pointless.[/QUOTE] I don't know about other countires, But in sweden, Static ip adresses are rare. The biggest providers, Telia, Comhem, Telenor (Bredbandsbolaget) etc don't offer that. Only smaller isp's like bahnof has it.

[QUOTE=blackops7799;20798646]Just thought I would mention this. [lua] GetConVarString( "ip" ) --Gets the servers ip [/lua] No need to http.Get the servers IP.[/QUOTE] Is it just me or ] lua_run_cl print(GetConVarString('ip')) localhost On any server?