[QUOTE=Hentie;34348337]-removed due to threats-[/QUOTE]
I managed to catch 10 people with it, which also resulted in 3 devnull attacks. :v:
[QUOTE=Drakehawke;34452723]-snip-[/QUOTE]
And what is your opinion on posting pastebins of a list of sethhackers for server owners to add to their ban list?
[QUOTE=ralle105;34451714]Some like [url=http://mcbans.com/]mcbans[/url], but for gmod would be nice.[/QUOTE]
The only reason why this isn't done yet is because it will get ddosed out of existence in the gmod envrioment.
[QUOTE=OldFusion;34461611]The only reason why this isn't done yet is because it will get ddosed out of existence in the gmod envrioment.[/QUOTE]
More DDoS = More Complaints = A little more chance of something happening.
I wish this was an ideal world so that people wouldn't bring up the same points over and over again.
I still don't understand DrakeHawke's argument. He acts as if it'd be some dictatorship if we let ourselves trust someone. Nobody's getting forced to use a global ban list, servers choose to use it. Some kid getting banned from his own Minecraft server and not knowing how to remove the banning plugin? Well that's a stupid kid. If you don't like it, don't use it.
If you want to add a person on the list, well then too bad because you don't own the list but you can still ban them on your own server.
If you think that the list is full of false-positives, well then too bad and remove the list.
You go on about this bullshit on how it's not an ideal world, yes it's not an ideal world but a banlist is not a fucking dictatorship, it's a democracy, you the people get to decide whether or not you want to use the banlist.
Now lets trend back to how kids will grow up and they'll learn their lesson and how it's all a phase. But you guys don't take into account the existence of really immature adults with money. Both these 'adults' and kids take the risk of hacking knowing very well that it's frowned upon, and when they get banned it's just a lesson learned. They took the risk and now they're going to create another steam account and buy the game again.
Now what if somebody DDoSes the main server? Well if you have a system that checks for updates on the big ban list every 2 or 3 minutes and then downloads the updates, then you have your own offline list of people who are banned. Or you can go with my ghetto way of using a facepunch thread.
Here's a way of doing it.
You have a global ban list, and lots of servers or communities register to it. When an admin of the community bans someone, this is sent to the global ban list.
Now, each server that uses the global ban list gets a list of all communities who signed up to the global ban list. They can choose which communities they trust (and hence which ones to use the ban list for) and which they don't.
Suppose CommunityA signs up and starts banning people left and right - CommunityB get wind that CommunityA are banning legit players, so CommunityB simply uncheck CommunityA from their ban lists and bam, all of CommunityA's bans are no longer in effect for CommunityA's server.
That way, if you don't trust someone, simply uncheck them from the list.
^ It's going to be hard pruning through all the shit communities, but after the first few weeks it could work.
[QUOTE=Hentie;34463046]^ It's going to be hard pruning through all the shit communities, but after the first few weeks it could work.[/QUOTE]
Simple, have it default as non-shared. That way you choose who you trust for banning, which in my case is my own admins and not other communities.
You could also have each admin on the server register with the system, so when you ban someone it will send a hash of the admin's username, password and steamid, then check it to see if said admin is even allowed to ban people.
Signing up for an API Key would be smart, like a small activation which would force you to rename your server to something for a second, or something along them lines. How does that sound so, people exploting just don't spam requests at the server with false bans?
I rather liked the idea someone posted a few pages back of silently crashing the hackers instead of banning them to avoid DDoS attacks.
[QUOTE=ralle105;34463670]I rather liked the idea someone posted a few pages back of silently crashing the hackers instead of banning them to avoid DDoS attacks.[/QUOTE]
Is the amount of memory that Lua can take capped?
[QUOTE=ralle105;34463670]I rather liked the idea someone posted a few pages back of silently crashing the hackers instead of banning them to avoid DDoS attacks.[/QUOTE]
Whenever I catch a seth hacker, I iptable ban them. Makes them think the server crashed.
[lua]local exitCode = cmd.exec( string.format( "iptables -I INPUT -s %s -j DROP", ply:GetIP() ) ) >> 8[/lua]
:v:
[QUOTE=Hentie;34463941]Is the amount of memory that Lua can take capped?[/QUOTE]
If you want to crash them just do
[lua]LocalPlayer():ConCommand( "mat_dxlevel 20" )[/lua]
Or just cam.End3D()
I still change their name to sethhacker, seems to scare the shit out of them and make them leave.
[QUOTE=marvincmarvin;34463357]You could also have each admin on the server register with the system, so when you ban someone it will send a hash of the admin's username, password and steamid, then check it to see if said admin is even allowed to ban people.[/QUOTE]
That doesn't seem relevant to the system. It's not there to help you manage your admins. If a rogue admin goes on a banning spree, it's the server/community owner's responsibility and the penalty is that many people will uncheck you from their banning lists making your bans weigh less.
There could also be stats against each community in the listings, such as amount of bans, bans per day averages and how many other communities are using their list.
Hmm, I might have a go at creating this system if nobody else wants to.
[QUOTE=BlackAwps;34463974]Whenever I catch a seth hacker, I iptable ban them. Makes them think the server crashed.
[lua]local exitCode = cmd.exec( string.format( "iptables -I INPUT -s %s -j DROP", ply:GetIP() ) ) >> 8[/lua]
:v:
If you want to crash them just do
[lua]LocalPlayer():ConCommand( "mat_dxlevel 20" )[/lua][/QUOTE]
Works, great!
Also
[thumb]http://dl.dropbox.com/u/10790421/img/sethhack.png[/thumb]
The above image is a thumb, but its actually a lot larger go to the image url to view it in full size.
[QUOTE=Aide;34464488]Works, great!
Also
The above image is a thumb, but its actually a lot larger go to the image url to view it in full size.[/QUOTE]
It's gotta suck when one runs a business centred around cheating, yet one doesn't have the mind to make sure to filter their front-page purchase reviews.
[editline]30th January 2012[/editline]
[QUOTE=thomasfn;34464286]Hmm, I might have a go at creating this system if nobody else wants to.[/QUOTE]
It's sort of a funny situation, because despite not wanting this sort of system in place, I still want to code it. I just keep thinking about how it would be fun as fuck to design the security of the web server back-end and all the little features that could be put into it.
Post-thought: Not suggesting that I'm actually going to code this and release it, I can't really afford the hosting right now even with my job, but this would be a fun project.
[QUOTE=Aide;34464488]Works, great!
Also
[thumb]http://dl.dropbox.com/u/10790421/img/sethhack.png[/thumb]
The above image is a thumb, but its actually a lot larger go to the image url to view it in full size.[/QUOTE]
Inb4 Testimonial dude gets DDoSed.
The idea of a "non-shared" bans list where you can choose what communities you'd trust etc could work.
[QUOTE=Phoenixf129;34466457]The idea of a "non-shared" bans list where you can choose what communities you'd trust etc could work.[/QUOTE]
It is being developed by ColdFusion and Flapadar.
Or you could just have global list of hackers/cheaters. Which alerts you if someone has joined the server and has multiple reports of cheating/hacking. That why you can decide if they are a threat or not and give them a chance to play.
[QUOTE=Bawbag;34466605]It is being developed by ColdFusion and Flapadar.[/QUOTE]
[QUOTE=Llamalord;34466768]Or you could just have global list of hackers/cheaters. Which alerts you if someone has joined the server and has multiple reports of cheating/hacking. That why you can decide if they are a threat or not and give them a chance to play.[/QUOTE]
As long as they're making some sort of API to allow us to code our own system into our servers, this is how I would go about implementing it.
[QUOTE=Llamalord;34466768]Or you could just have global list of hackers/cheaters. Which alerts you if someone has joined the server and has multiple reports of cheating/hacking. That why you can decide if they are a threat or not and give them a chance to play.[/QUOTE]
I wouldn't say that's reliable. Having servers you trust notifying you of their bans, and then you can do what you will with them. By default the action will be to ban them.
It will also contain hashed IP addresses so as you can implement IP bans (I.E. alt catcher).
[QUOTE=Bawbag;34466849]I wouldn't say that's reliable. [B]Having servers you trust notifying you of their bans, and then you can do what you will with them.[/B] By default the action will be to ban them.[/QUOTE]
That's exactly what he said he wanted?
[QUOTE=Bawbag;34466849]It will also contain hashed IP addresses so as you can implement IP bans (I.E. alt catcher).[/QUOTE]
IP detection is going to be pretty inconsistent.
Like I said, hopefully they make it an API that will allow us to handle the global ban list our-self, rather than being forced to use methods, like the IP banning, we disagree with. I am, however, looking forward to seeing what they come up with.
[QUOTE=BlackAwps;34466981]Like I said, hopefully they make it an API that will allow us to handle the global ban list our-self, rather than being forced to use methods, like the IP banning, we disagree with. I am, however, looking forward to seeing what they come up with.[/QUOTE]
Will easily have the functionality for you to do what you want. The addon will provide the data; and the example code will do banning and alt trapping (Which I might add; is very successful on stonedpotatoes - with 127 banned alt accounts and 703 cheating bans)
How does this sound.
The API system works when a player joins "your server" which has the addon installed, it will contact the website and provide the SteamID and the IPAddress of the player to the server to check/save records of them connecting with a different SteamID with the same IP or vise versa. Then you will get a response back saying that this player is also an ALT / Shared Home Connection with a different SteamID which has already connected to that same server. This can help tracking players which are using the same IPAddress with another SteamID.
This can all be done with Lua alone, however with it being API and connecting to website, other servers can take the advantage of preventing players with alts joining their server and minging / cheating / exploiting.
Tell me what you think.
Bad idea Gfoose. The design has been planned out and will work. The data will be downloaded on map load; and there will be callbacks for it (The supplied sample code will be for banning). There will probably also be a few callbacks when players join.
The data included will be:
Public key of the server the data came from,
Name of the server,
SteamID,
Reason they were banned,
How long they were banned for,
Hashed IP,
The default code will also have flags for what to ban for (If the reason was cheating, RDM, ... )
well if this API would be a bunch of http.Get requests then that poses a problem, last I knew it still leaked memory on Linux (and maybe windows too, can't remember)
[QUOTE=Banana Lord.;34467414]well if this API would be a bunch of http.Get requests then that poses a problem, last I knew it still leaked memory on Linux (and maybe windows too, can't remember)[/QUOTE]
One request per server you are using the bans for. One per person you ban. Shouldn't be an issue.
Just throwing in: avoid IP banning. It's easy to bypass with a VPN. This can also hurt innocent users if the banned person has a dynamic IP. As is well known, we're running out of IPv4 addresses, so the chance that an innocent player will get a recycled IP address that was banned due to a hacker is increasing.
Sorry, you need to Log In to post a reply to this thread.
