lua_openscript_cl bypass

Hello.
Anyone can help with blocking lua_openscript_cl? I would like to ban player when its used. I think many of you will post things like "Learn Lua, heres the link…".

You can set sv_allowcslua convar to 0 on server but it’s still bypassable. There’s nothing much you can do to fully secure it.

I know it, some people bypasses it on my DarkRP server.

GetConVarNumber on sv_allowcslua client-side, and send a net message to the server to kick them? Also, DarkRP defaults sv_allowcslua to 1 as far as I know, so you might want to change that.

Honestly very few people actually force sv_allowcslua to cheat anymore, so you may as well just invest in making a full anti-cheat.

What about Quack-AC? Its free, but when i add it, advanced duplicator 2 doesnt pastes things.

don’t use QAC, use LeyAC or CAC

If they are doing things with lua, the best idea is not to just check/enforce sv_allowcslua, it’s better to just anti-cheat. I know LeyAC and QAC are both public and are a decent choice for protection, or you could make your own with a few methods.

Few examples of methods:
_G count
Garbage count
Hook whitelisting
Convar state checking

It’s not too hard to get around these but bear in mind 90% of cheaters are just skids.

EDIT:

An example of why only checking sv_allowcslua is bad

http://puu.sh/gH3em/cb3a6f0b18.png

Ha, przyszła koza do woza.
Niestety to jest moje królestwo :>

There isn’t just one solution, any anticheat can be bypassed and so can be sv_allowcslua.

[editline]19th March 2015[/editline]

Both LeyAC and CAC get rekt with C written lua hacks.

Garbage count and _G count are only effective for pre-ac runs. However, garbage count has been proven very effective,
because even the slightest change before the AC runs triggers it. Just alone trying to overwrite it, will result in a difference garbage count.
_G is very effective too because of all the noobs creating globals, and _R is also really good.
They generally are the most effective methods for pre-ac run checking.

wrong.
funny enough there hasn’t been a single c written lua hack that did.
There has however been a C++ DLL though, which can bypass pretty much any anticheat, but it has been made by me, and is only in my possession.

How can you be so sure? Do you spend your whole evening browsing skid-forums?
The fact is - if there is any anticheat, there will sooner or later be a bypass.

Actually, you can’t really say that.
No serverside anticheat methods can be bypassed.
It’s only possible to avoid some ( but not even that is always possible, best example=Speedhacking ).
For all good anticheats up to now, there hasnt been a working spread ( not even privately ) , or no bypass yet ,
the only thing you generally hear about is people just using C++ cheats, but that’s not bypassing the AC but rather avoiding the checks,
since everything that would normally detect you still does ( e.g. LocalPlayer():SetEyeAngles(ang) ).
I’m mostly involved with the anti-cheating and cheating scene.
The current problem is that the amount of people with good knowledge has dropped, aka the amount of skids increased a lot.

MPGH and other shitty forums really aren’t a good source of what the cheating scene is doing in gmod

I feel like you didn’t read my post and just posted some random message, because I never said that all my resources are forums ( especially MPGH, considering the amount of paste and spam there ).

setting viewangles with the engine pointer (NOT user cmd’s) in c++ doesn’t get you smacked by anticheats

Used to think the same a long time ago, sadly it’s not true.
If you use CEngine::SetViewAngles, the only change will be that it’ll set it the next tick ( which you can see here http://pastebin.com/gz6EDC4Q ).
However, it works against CAC, but doesn’t help against the fact that pretty much all other stuff still isn’t changeable without detection.

Simply make your cheat more subtle. Me and a friend had a co-op going where we would make things like an auditory ESP (geiger counter that measured danger in TTT), a smooth aim-assist, etc. Client has supreme load order even without C. Really the best way to prevent cheating is having an active and mature admin team.

meh, that’s where the problem lies.
in the case of CAC he has a really some really sneaky methods.
ESP and such stuff would be possible, but pretty much anything involving usercmd modification ( e.g. for an aim assist or bhop ) results in an instant ban.
However, you’re kinda right about the thing with a subtle cheat. The more subtle a cheat is, the less “cheaty” stuff it does, the harder is detecting it.
I feel like we should return to the OP though, since this is slowly turning into a discussion about cheating.

I personally would recommend CAC, since I’ve stopped developing LeyAC and am only keeping it from breaking.
All bugs that currently may be reported to me are probably not going to be fixed.
QAC is a good free choice, it’s simple, has a good method ( file source checking ) and get’s rid of a huge chunk of cheaters.
CAC however, is in development, updated often, owned by a nice guy, and also is even better in detecting cheaters than CAC. So if you got some money, get CAC; else QAC.

If you deliberately turn off the basic anti script protection can you really ban people for running scripts?