Crashing users' games

On a server called arnold’s darkrp theres a command that gives people an engine error saying “Hacker”

Is this allowed and how do they do it?

It’s unethical coding, all that has to be done is for the following code to be run on the client(run it serverside to utterly fuck it, I had to restart my dedicated server for it to start back up):

How do you know it says hacker if your game crashed? But I have a command that pops up a screaming face then crashes their game.

A Windows modal dialog box will popup saying “Hacker” after the game has crashed.


So does steam allow this? Or are there 0 rules regarding servers?

Allow what?

I’m really sure that he means to crashing people clients :v

There are a lot of different ways to crash the client using Lua… It’s definitely frowned upon, and depending on where you live it may be considered malicious if anything does get damaged ( file being written to when it happens = corrupt, etc… ).

If someone’s going to go out of their way to crash you then their server isn’t worth playing, so don’t worry.

Say there’s a menu that only a superadmin can access, and from that menu they can change server settings. If the server receives a net message from that menu telling it to change critical settings (nocheat, gravity, etc. ), but not sent by a superadmin, I can assume one of two things: Either the person was in the menu and lost their superadmin (I simply write code to account for that ) or that they send the net message in an attempt to malicously change server settings without permission. In that case, I like crashing their game as a little ‘fuck you’ to someone trying to hack my addons.

Is that still frowned upon? Obviously I could just ignore the invalid message but that’s not as fun.

edit: english is hard

Well, some of the people that dip their hands into that, dab in a bit of other stuff. It’s better to make the code secure instead of crashing them; I’ve seen people DDoS servers because an admin abused them ( admin was a total ass, and he was disciplined, but the guy still committed a felony and attacked the server; both of them did something wrong ).

Personally, I’d rather not have the drama. Make it secure from the start, and at most a message saying no-access ( but that could give them a hint that they’re looking in the right files / sending the right messages ). Log the attempt and move on… If they continue, talk to them nicely about what they’re doing and to stop because the warning logs are annoying.

There was something else I wanted to add, but I got side-tracked… Oh well. Oh, yes… Don’t even AddCSLuaFile any admin files… Send them over the network and RunString on the admin computer; it’s a decent way to prevent them from seeing the menu, and knowing the net system.

Well absolutely it’s secure, there’s no way that you can effect any changes to the server without the proper authorization. It’s just a question as to how to respond when someone attempts to hack your server. Crashing them makes it take a lot longer for them to try every path, because they have to restart their game after every try, so it does have it’s upsides. I guess you could kick them instead.

[editline]28th March 2014[/editline]

oh, interesting. When you say “send over the network?”, Do you mean use a net message to send a string(and then RunStringEx that string)? Is there a size limit to a net message’d string?

Also, wasn’t there that whole debacle about encoding CSLua a while ago where everyone just concluded that it was impossible to hide CS code from anyone who card enough to look at it.?

Yes, 64kb per message is the limit.

I was the one that made a system to send 2mb worth of client/shared code to the client using my net-system, message signing, etc. The issue is you’re limited to 20kb/sec and no other net-messages can go through ( at least for that user ) while it’s transferring. So it’s very limiting.

Alternatively, you could use http to grab the files ( grab it server-side, use .htaccess to block all access to those files except from server ip ), then sync it to admins that join via networking. – Or even use http for the client to grab it, but that opens you up to someone just grabbing it…

The issue with using RunString to execute the code is that if it’s not dynamically addressed, then no search is required for a module to grab it and detour it via dll… If that is the case, it doesn’t matter if you reroute it yourself and add all the security in the world to it, eventually it will need to call the original…

So, there’s that, then if you send it via net, people that monitor packets could grab code from there ( which is where obfuscation / encryption with a key would be handy ).

There are so many different ways to do it, and so many ways for someone to grab the code. The thing is, by not running it right away and networking it later on; you’re stopping around 90-99% of people that rely on cache extractors or whatever to grab the code. Then, it’s really just the people that “know” what they’re doing that can get the code ( talking about sending all client/shared code this way, if it’s just admin stuff then they wouldn’t be able to look at it even if it’s runstringed because it’d be on someone elses pc IE the ADMINs ).

So, chances are you have several files for admins, chances are they aren’t 64kb or larger, send each file in a single message and be done with it… Remove it from include / AddCSLuaFile except if it’s needed on the SERVER and you’ll be able to hide at least that part…

what the fuck

Don’t listen to him.
This is the kind of paranoid guy of the NSA.