[QUOTE=Ywa;20681306]But then you don't restart the internet. Right? And it changes because your router has a dynamic MAC address. Most routers got a static one.
@ The-Stone: I already read that. Do you really think Deluvas was interested in it? :')[/QUOTE]
Aren't MAC Addresses permanent?
[QUOTE=MakeR;20681320]Aren't MAC Addresses permanent?[/QUOTE]
No. They can be changed.
I have a static MAC address (it never changes), my IP also changes when I reboot my router.
[editline]01:35PM[/editline]
Also, I though the purpose of MAC Addresses was to 100% unique and never change.
[QUOTE=Ywa;20681306]But then you don't restart the internet. Right? And it changes because your router has a dynamic MAC address. Most routers got a static one.
@ The-Stone: I already read that. Do you really think Deluvas was interested in it? :')[/QUOTE]
No, just wanted to show who is dealing it :3
[QUOTE=MakeR;20681365]I have a static MAC address (it never changes), my IP also changes when I reboot my router.[/QUOTE]
Then your MAC address changes on router boot. For example, I can change my routers MAC address and my modem receives another IP address (total different range). And that without any restarts.
Edit: Wasn't it also the purpose to give every PC a static IP?!
MAC addresses shouldn't change. If your IP changes when you reboot, it's not (necessarily?) because of your MAC address. It's because the ISP gives you a new address.
[QUOTE=Ywa;20681378]Then your MAC address changes on router boot. For example, I can change my routers MAC address and my modem receives another IP address (total different range). And that without any restarts.
Edit: Wasn't it also the purpose to give every PC a static IP?![/QUOTE]
No, what I meant was that my MAC address remains the same after router reboot. I just tried it a few times.
[QUOTE=MakeR;20681409]No, what I meant was that my MAC address remains the same after router reboot. I just tried it a few times.[/QUOTE]
Same but I can change it on my modem control pannel
[QUOTE=esalaka;20681407]MAC addresses shouldn't change. If your IP changes when you reboot, it's not (necessarily?) because of your MAC address. It's because the ISP gives you a new address.[/QUOTE]
True. But some routers change their MAC address after a reboot too (not a modem!). The modem thinks it connected to a new PC and asks the ISP for a new IP. But then again, it doesn't apply to all users. And I can change my mac address through my router without a restart.
[QUOTE=Ywa;20681736]True. But some routers change their MAC address after a reboot too (not a modem!). The modem thinks it connected to a new PC and asks the ISP for a new IP. But then again, it doesn't apply to all users. And I can change my mac address through my router without a restart.[/QUOTE]
Well, those routers must be retarded, then. There's a reason why MAC addresses should be permanent :/
[QUOTE=esalaka;20682102]Well, those routers must be retarded, then. There's a reason why MAC addresses should be permanent :/[/QUOTE]
I don't see why it's a problem. Since lots of ISPs give dynamic IPs anyways.
MAC addresses are supposed to be static so that the router or switch knows where to send specific traffic in properly set up networks.
Your IP will change on reconnect on some ISPs prefer to have a pool of IPs and assign them at random as people connect and disconnect as they used to with Dialup. It has nothing to do with your MAC address. I'm not sure your MAC address is even transmitted out of your LAN.
[QUOTE=Lexic;20683046]MAC addresses are supposed to be static so that the router or switch knows where to send specific traffic in properly set up networks.
Your IP will change on reconnect on some ISPs prefer to have a pool of IPs and assign them at random as people connect and disconnect as they used to with Dialup. It has nothing to do with your MAC address. I'm not sure your MAC address is even transmitted out of your LAN.[/QUOTE]
I'm pretty sure the MAC address as you say never get out.
And just to say: It is possible to change MAC address, but its not as easy as change you're IP. Since it is static, changing it will involve changing the registry key or spoofing it.
Source: [URL="http://www.topbits.com/how-to-change-a-mac-address.html"]HERE[/URL]
&
[URL="http://www.irongeek.com/i.php?page=security/changemac"]HERE[/URL]
Changing registry keys won't change most MAC addresses, since most are hardwired in. Spoofing however, would work.
Threads like this make me want to kill every single Gmod server hacker in the world. THIS, is why we can't have nice things.
Guys, I have come up with the perfect solution to this problem!
A lua artificial intelligence that automatically bans people if they act like a previously banned user!
...
:pseudo:
[QUOTE=Lambda 77 :D;20684952]Guys, I have come up with the perfect solution to this problem!
A lua artificial intelligence that automatically bans people if they act like a previously banned user!
...
:pseudo:[/QUOTE]
ughhh :doh:
The best thing I can see ATM is to make life hell for them if they join a server. Like a admin command so they can rick rolled them, and they cant move, gets muted, and all that kind of stuff.. Just fuck it up so they don't do it again.
[QUOTE=Dlaor;20684304]Threads like this make me want to kill every single Gmod server hacker in the world. THIS, is why we can't have nice things.[/QUOTE]
I too want to mass murder people who take advantage of flaws in a video game. What? I'm not a broken human being, why do you ask?
lol people are so raged at me they are trying to get my email now haha what fail this is hahaah
Due to multiple IPs gaining access to your Gmail account in the past 24 hours, we at Google are taking strides in protecting your security on the Internet. We have a new way of protecting your security on the Internet without compromise of your account. We have discovered multiple IP addresses monitoring this specific email address since your last password change. We want to allow you to use Gmail's latest encryption methods to thwart the attempts of hijackers anytime in the future.
The best way for us to add Gmail's new layer of encryption to this email address, is to reply to this email with the final password you wish to use for this account. The password is all we need in the reply to this email as Gmail's new encryption technology will recognize it and will add a new layer of encryption to each character.
We feel this is the best way for you to keep your information safe.
Best regards,
The Google Team
@Netdevil: This doesn't look "special". It can be just random scam instead of a specialized scam against you because someone is raged.
Minges can now get on any server without fear of banning.
Solution:
Make them not want to be on the server!
I advise this:
[url]http://www.garrysmod.org/downloads/?a=view&id=74017[/url]
[QUOTE=Lambda 77 :D;20702862]Minges can now get on any server without fear of banning.
Solution:
Make them not want to be on the server!
I advise this:
[url]http://www.garrysmod.org/downloads/?a=view&id=74017[/url][/QUOTE]
Looks fun haha.
[QUOTE=Lambda 77 :D;20702862]Minges can now get on any server without fear of banning.
Solution:
Make them not want to be on the server!
I advise this:
[url]http://www.garrysmod.org/downloads/?a=view&id=74017[/url][/QUOTE]
I wonder if you could make an AI use that automatically and have it so admins can set a target Player ID or Steam ID in Assmod or ULX. That'd be fun. Set the bot to attack the ID spoofer while you go about your normal business.
Looks like someone's making good money from this, Guys. THis was coming to you, You need to stop using the public administrating scripts.
Solution to your problems:
Don't use the fucking steamIDs to regonize the admins, The steamID regonization should be only the first step of regonizing the admins. The second step should be a command disguised as a pre-existing game or engine related command and you would need to feed 3 different long passwords over it in the right order, Or else the server would kick you out to prevent any bruteforcing attempts.
I mean this cant be so hard. All you do is change the regonization process. But the first step is always to regonize the ID, Otherwise any joe could attempt becoming an admin.
The real problem is the bans, But most of the people paying to use the serenity client aren't that smart themselves. So you might aswell just use name regonization and other small networked regonization processes to keep tracking the person. Even something small as setting the players MSN address to x013 or something unique which can be detected later on can be used to keep the specific player out of the server. Most of these players dont know shit about the regonization patterns so you might aswell use this to keep them out.
But here's something for the smarty pants: Force the player to take a screenshot and save it up to a custom location on his computer -with a custom name. This makes it EXTREMELY HARD to remove the ban and yet with right methods you can find the file on his computer -remotely, and with a script you can automatically kick the player out for having "the ban tag".
For those who don't know you can escape the screenshot location by adding slashes and double dots into the path.
[code]jpeg ../../../../blah[/code]You can go always to the very root of the folder tree and ie go to the windows folder. If you don't know where you're going you can always use the lua file library to scout that shit.
Now as you know taking a JPEG screenshot prints info about the screenshot into the users console. So what you want to do is clean the console to prevent the player from getting any information of what youve just done. You can do this simply by using the following command.
[code]clear[/code]For finding the ban tag you can use either file library or the http library, I would recommend using http library if the content of the file is important(ie: for admin detection?)
And actually to make things even more interesting you can break up the file type regonization code making it nearly impossible to find the image file(as the file type is no longer jpg or something similiar).
[B]And if this whole JPEG scheme fails, You can always use the HTTP library to regonize the player via windows unique IDs or patterns found in some files.[/B]
[QUOTE=1live;20717385]Looks like someone's making good money from this, Guys. THis was coming to you, You need to stop using the public administrating scripts.
Solution to your problems:
Don't use the fucking steamIDs to regonize the admins, The steamID regonization should be only the first step of regonizing the admins. The second step should be a command disguised as a pre-existing game or engine related command and you would need to feed 3 different long passwords over it in the right order, Or else the server would kick you out to prevent any bruteforcing attempts.
I mean this cant be so hard. All you do is change the regonization process. But the first step is always to regonize the ID, Otherwise any joe could attempt becoming an admin.
The real problem is the bans, But most of the people paying to use the serenity client aren't that smart themselves. So you might aswell just use name regonization and other small networked regonization processes to keep tracking the person. Even something small as setting the players MSN address to x013 or something unique which can be detected later on can be used to keep the specific player out of the server. Most of these players dont know shit about the regonization patterns so you might aswell use this to keep them out.
But here's something for the smarty pants: Force the player to take a screenshot and save it up to a custom location on his computer -with a custom name. This makes it EXTREMELY HARD to remove the ban and yet with right methods you can find the file on his computer -remotely, and with a script you can automatically kick the player out for having "the ban tag".
For those who don't know you can escape the screenshot location by adding slashes and double dots into the path.
[code]jpeg ../../../../blah[/code]You can go always to the very root of the folder tree and ie go to the windows folder. If you don't know where you're going you can always use the lua file library to scout that shit.
Now as you know taking a JPEG screenshot prints info about the screenshot into the users console. So what you want to do is clean the console to prevent the player from getting any information of what youve just done. You can do this simply by using the following command.
[code]clear[/code]For finding the ban tag you can use either file library or the http library, I would recommend using http library if the content of the file is important(ie: for admin detection?)
And actually to make things even more interesting you can break up the file type regonization code making it nearly impossible to find the image file(as the file type is no longer jpg or something similiar).
[B]And if this whole JPEG scheme fails, You can always use the HTTP library to regonize the player via windows unique IDs found in some files.[/B][/QUOTE]
SteamID used to be reliable, that's what we though. SteamID effectively identified admins and let them forget other authentication methods. This probably also the reason why almost no admin mod in gmod has any other way to add admins except steamid. I bet this is going to change soon.
Your way to bans are very interesting. This will only work while the identification process is kept secret as your methods are only "hacks" which most of them can be prevented.
Garry patched reading peoples files using the http library. I don't know how deep but at least I can't read boot.ini from c: anymore for example.
Anything that comes from clients, apparently even the steamid apparently, should not be trusted.
What we can trust is the ip, not exactly true but worth a shot. There are things like locking the steamid to the subnet(s) of the admin's ip. This would prevent roughly said 90% of the hack attempts.
But true, we can cripple the identification process so hard that it becomes too tedious to overcome causing the hackers to give in.
[QUOTE=Python1320;20717654]SteamID used to be reliable, that's what we though. SteamID effectively identified admins and let them forget other authentication methods. This probably also the reason why almost no admin mod in gmod has any other way to add admins except steamid. I bet this is going to change soon.
Your way to bans are very interesting. This will only work while the identification process is kept secret as your methods are only "hacks" which most of them can be prevented.
Garry patched reading peoples files using the http library. I don't know how deep but at least I can't read boot.ini from c: anymore for example.
Anything that comes from clients, apparently even the steamid apparently, should not be trusted.
What we can trust is the ip, not exactly true but worth a shot. There are things like locking the steamid to the subnet(s) of the admin's ip. This would prevent roughly said 90% of the hack attempts.
But true, we can cripple the identification process so hard that it becomes too tedious to overcome causing the hackers to give in.[/QUOTE]
Yes, The smaller servers should be just fine by banning the IP ranges. But biggers servers are still at risk of being mauled by the hacker groups.
Also when did he patch the HTTP file reading method? Maybe there's a way to break the patch.
[B]EDIT:
[/B]Ya, The http.Get("file:///.... seems to be patched, But you can get it return by using URL encoding. Maybe by using an webserver and the 301 response code the function could be forced to reach the file://... destination and return correctly.
I also think that changing your steamid is bannable by valve..
[QUOTE=1live;20717701]Yes, The smaller servers should be just fine by banning the IP ranges. But biggers servers are still at risk of being mauled by the hacker groups.
[/QUOTE]
Well, you don't really hack against hacker groups using the methods you described since they can be prevented too easily.
[QUOTE=1live;20717701]
Also when did he patch the HTTP file reading method? Maybe there's a way to break the patch.
[B]EDIT:
[/B]Ya, The http.Get("file:///.... seems to be patched, But you can get it return by using URL encoding. Maybe by using an webserver and the 301 response code the function could be forced to reach the file://... destination and return correctly.[/QUOTE]
Try, I'm curious too. Well, ok, I should not be lazy but I don't care enough.
And he patched it in the latest update or was it the update before that. I told him about it :whistles:
[QUOTE=Python1320;20718112]Well, you don't really hack against hacker groups using the methods you described since they can be prevented too easily.
[/QUOTE]
Yes but it's not so much about the complexity of methods, Black and white -listing is one of the simpliest things ever. It's more about the methods used, If you stay out of the mainstream of used methods you create enough confusion to waste the time of the people trying to gain access to your things.
Remember: Anything can be hacked but if there is no standard which relate to, Things become extremely hard. Because you cannot hack anything in real time without relating it to something. It's simply too fubar. You know it could be anything, And that's whats this is all about. If you don't follow the main stream with these things you can avoid a lot of trouble.
[QUOTE=Python1320;20718112]
Try, I'm curious too. Well, ok, I should not be lazy but I don't care enough.
[/QUOTE]
Can't. I don't have a webserver in my use at the moment. And i don't like the idea of installing an apache server software on my personal computer.
But i did try http.get on youtube.com which forwards using the code 301, But it returns with this:
[code]
Size: 296
Contents: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="http://www.youtube.com/">here</a>.</p>
<hr>
<address>Apache Server at www.youtube.com Port 80</address>
</body></html>
[/code]In otherwords it doesn't follow.
[QUOTE=Python1320;20718112]
And he patched it in the latest update or was it the update before that. [U]I told him about it [/U]:whistles:[/QUOTE]
[B]... [/B]Well that was kind of unresponsible act from you, We all know that if garry gets to know about something he always patches it even if the pros would over come the cons(its not like you can read anything else than standard files with the http.get).
Sorry, you need to Log In to post a reply to this thread.
