[QUOTE=Kopimi;20318158]I don't know how, but isn't it possible to return a table of the player's steam friends? I've seen little addons in servers that'll highlight your steam friends names in chat and such, why not just see if the table of the player's friends is equal to the table of the steamid's frie--
Oh god I'm stupid, you cant get the steamid's friends list because--
Nevermind I dont know what I'm talking about :|[/QUOTE]
Just say what you were gonna say, im interested :D
Well I had figured you could check the player in suspect's friends list using steamworks, and then compare his friends to the friends of the actual steamid, but because this fakes the auth packet it would just return the friends of the original steamid always, and never the actual hackers steamid.
Which is why I suck at sentence structure and Lua coding :|
[QUOTE=Kopimi;20319899]Well I had figured you could check the player in suspect's friends list using steamworks, and then compare his friends to the friends of the actual steamid, but because this fakes the auth packet it would just return the friends of the original steamid always, and never the actual hackers steamid.
Which is why I suck at sentence structure and Lua coding :|[/QUOTE]
Plus if they added a friend it would ruin it.
You can get their friends with steamworks only if their profile isn't private. You
can get private friends only when two friends are on the same server.
[QUOTE=yakahughes;20322047]Plus if they added a friend it would ruin it.[/QUOTE]
Not necessarily, it'd be hard for them to add ALL the friends of their fake steamid, for 2 reasons:
They'd have to have an exact match in the tables for it to verify them, and its a random generator, so most people wouldnt even pay attention.
[QUOTE=Kopimi;20329237]Not necessarily, it'd be hard for them to add ALL the friends of their fake steamid, for 2 reasons:
They'd have to have an exact match in the tables for it to verify them, and its a random generator, so most people wouldnt even pay attention.[/QUOTE]
What
I meant if the person who has the real steamid joined the server and you stored his friends to compare with him later, and he left, added a friend, and came back, he would not match his own old friends list and would be treated like an impersonator.
[QUOTE=yakahughes;20329571]What
I meant if the person who has the real steamid joined the server and you stored his friends to compare with him later, and he left, added a friend, and came back, he would not match his own old friends list and would be treated like an impersonator.[/QUOTE]
I meant get the active friends list the moment you compare
is it possible to check the steamID that is presented to the server's Avatar, and compare it to the ACTUAL avatar, i mean like its filesize or something, somehow, its the first thing that popped into my mind :S its stupid idea, but it might get ball rolling for other people ;)
isnt it easier to check their FriendID when you ban them.
and if they join again with serenity lua checks their friendID and steamID if friendID is in the db but the steamID dont match it bans/kicks the guy
Valve has to fix.
It matches the names to the same the original owner has and now also the client steamid.
Lol... anti-steamid change fail.
Could always use gatekeeper with a table with allowed ip's.
wow... and then you have like 4 players on your server. Congratz. (Especially when they have dynamic ips)
- Then you can also password your server.
Suggestion: Save the IP of the person then save the steamid if the steamid doesn't match the ip or then ban them.
data/steamids/steamids
127.0.0.1 STEAM_0:0:1233934
127.0.0.1 STEAM_0:0:1430653
Sorry your steam id doesn't match previous steamid Ban them permanent.
Relating to blackops post.
If ip doesn't match old steamid then ban.
[QUOTE=Cubar;20551863]Suggestion: Save the IP of the person then save the steamid if the steamid doesn't match the ip or then ban them.
data/steamids/steamids
127.0.0.1 STEAM_0:0:1233934
127.0.0.1 STEAM_0:0:1430653
Sorry your steam id doesn't match previous steamid Ban them permanent.
Relating to blackops post.[/QUOTE]
Quite a lot of people have dynamic IP addresses.
[QUOTE=MakeR;20551904]Quite a lot of people have dynamic IP addresses.[/QUOTE]
If ip doesn't match old steamid then ban.
[lua]local Bans = {
"leetkiller1992",
"stupidguy18",
}
hook.Add("PlayerInitialSpawn", "stmlgnban", function(ply)
if (Bans[ply:GetInfo("stmlgn")]) then
ply:Kick("Serenity fails")
return
end
end[/lua]
Bans based on steamlogins! It may work, depends on if Serenity also changes the 'stmlgn' cvar.
Edit:
Apparently they removed that cvar in the orangebox engine :(
[QUOTE=Cubar;20551916]If ip doesn't match old steamid then ban.[/QUOTE]
How should it match if they have a dynamic ip?
It would change all 24 hour, so after 24 hour you have 50 banned people!
Also, sometimes its always the first time someone joins.
Also, it could be possible the guy with the faked id joins first, and then the real user getting banned.
:siren: FORGET IT :siren:
Firstly, the best thing you could do is set up an auto-kick for it, NOT a ban. If you ban the spoofed ID, you are banning the ID of some poor player who got spoofed and may want to play on your server, not the guy spoofing it.
Secondly, one thing that worked for Pulsar Effect is to have a Que server. This is a server in which a user connects and all they see is a GUI. From the GUI they can then connect to another server by pressing some fancy shiny button. When a person using Serenity tries to connect, they CAN get in the queue server but when they join the other server from the queue server, their steam ID reverts back to their true ID. While in the queue server though, the admins would have to take some measurments to ensure that while connected, they cannot do anything to harm other players. Make sure that all player's movements are strictly disabled. If anything, players can still chat via the console using "say" but that too can easily be disabled.
Edit:
Also, people using serenity CAN spoof the ID's of an admin in game. If they spoof the ID of a server admin, they get all the powers of that admin. They can kick, ban, slay, whatever. One easy measurement against this is to have certain IP's linked to your admin's accounts. If your IP changes too often, an alternative would be to have each admin use a specific and secure password to log in while in game to access their admin commands. This would also help prevent certain programs, such as BaconBot, from seeing which players in a server are admins until they log in, thus making the job of being an under cover admin much easier.
I don't like pe very, but what lombax said is true. With the queue server it was possible, but it also has some contras. Also, for 1 servers it's very... dumb?!
[QUOTE=leeetdude;20554061]I don't like pe very, but what lombax said is true. With the queue server it was possible, but it also has some contras. Also, for 1 servers it's very... dumb?![/QUOTE]
The que server requires no extra addons and takes up very little resources. Other than a few files for the GUI, everything you need is already included in the game. Loading into the que server just takes a few seconds, even if you only have 1 server to connect to, but you gotta ask yourself this...
Would you rather have a bunch of idiots in the que server yelling racial slurs, or would you rather have them in your actual server running around, breaking all your rules and causing havoc and chaos while you sit by and watch them, unable to kick or ban them?
1st Contra: You need another Gameserver for that. Not everyone has a dedicated server.
2nd Contra: If someone sees that the server has many players, he would not be able to join (and to lazy to search for the queue server.)
And to make you finally hate me, i am from gmod.biz ;)
[QUOTE=leeetdude;20554212]1st Contra: You need another Gameserver for that. Not everyone has a dedicated server.
2nd Contra: If someone sees that the server has many players, he would not be able to join (and to lazy to search for the queue server.)
And to make you finally hate me, i am from gmod.biz ;)[/QUOTE]
You could host the queue server locally, but if you run off a private server rather than a dedicated server (as your primary play server) chances are your server isnt too popular due to low bandwidth or a maxed out CPU. If you privately host, making a second queue server on a different port isnt too much of a hassle.
All you have to do for your main play server is disable heartbeat so it does not show up on the GMod master server list. Assign a long secure password and apply a command in the queue server to connect to it. You can even make it so players wait in line based on when they hit "Queue for server" so that whoever queues first will be first to join. Doing this would not only set up a fair joining system and easy way to connect, but will also make it so these ID spoofers cannot get in your main server. Another bonus is it eliminates join spam if some idiot wants to try and reconnect 10 times a second.
They cannot just spoof any SteamID from what I'm aware of, they need the packet containing the data which is sent via "fake" (I say fake, but yeah) servers, therefore they cannot just become anyone they wish to be.
At least, that's from what I know.
[QUOTE=Teddi Orange;20554805]They cannot just spoof any SteamID from what I'm aware of, they need the packet containing the data which is sent via "fake" (I say fake, but yeah) servers, therefore they cannot just become anyone they wish to be.
At least, that's from what I know.[/QUOTE]
Yes, but what if an admin of yours accidentally joined the fake server that collects the packets?
[QUOTE=Teddi Orange;20554805]They cannot just spoof any SteamID from what I'm aware of, they need the packet containing the data which is sent via "fake" (I say fake, but yeah) servers, therefore they cannot just become anyone they wish to be.
At least, that's from what I know.[/QUOTE]
That may not be entirely true.
An admin in the PE community was spoofed on our servers. They banned every player in the server, changed her forum account password, logged in, and started banning players from the forums as well. That is why our "!manageaccount" command was disabled in our servers. They specifically chose her ID and went into our servers, so yes, I think they can choose any steam ID they want.
[QUOTE=LombaxPE;20555075]That may not be entirely true.
An admin in the PE community was spoofed on our servers. They banned every player in the server, changed her forum account password, logged in, and started banning players from the forums as well. That is why our "!manageaccount" command was disabled in our servers. They specifically chose her ID and went into our servers, so yes, I think they can choose any steam ID they want.[/QUOTE]
She must have connected to one of the Serenity servers. You can't create a SteamID, as far as I am aware.
[QUOTE=|FlapJack|;20555099]She must have connected to one of the Serenity servers. You can't create a SteamID, as far as I am aware.[/QUOTE]
Serenity does not create brand new Steam ID's out of thin air. It takes pre-existing ID's from accounts already made and tricks the server into thinking you are that person. It does not create, it only copies.
[QUOTE=LombaxPE;20557439]Serenity does not create brand new Steam ID's out of thin air. It takes pre-existing ID's from accounts already made and tricks the server into thinking you are that person. It does not create, it only copies.[/QUOTE]
If that were possible why wouldn't it have been done before?
[QUOTE=LombaxPE;20557439]Serenity does not create brand new Steam ID's out of thin air. It takes pre-existing ID's from accounts already made and tricks the server into thinking you are that person. It does not create, it only copies.[/QUOTE]
You don't pick a SteamID from any random account - the auth packet is saved, decrypted and the parts of it containing the SteamID are swapped with your own and re-encrypted. Then, when you connect to a server, that auth packet is used (With the other SteamID)
If you join servers which have lots of players, has the same name as another server with a lot of players, is running on 20001(I Think), and when you join it says "Server is full.", then your steamid was copied.
Sorry, you need to Log In to post a reply to this thread.
