Preventing external cheats.

dence47-legacy · October 30, 2017, 9:17pm

Any kind of cheat that loads lua into the real client state will be detectable by some means. All of the bigger cheats load in their hack into an emulated client state basically which you cannot touch through lua, even though it is all lua.

Can’t do much about that unless you’re writing your own binary module which you would have to get players to install. It’s really not worth it too. Focus on making you server secure instead of protecting it from people with ESP.

If you fix holes in your server like exploitable net messages then the WORST thing cheaters can do is aimbot and use ESP. It’s not like there are hacks out there that give people full access to your server (unless you have unsecured stuff).

If you’re really on the edge about external cheats, think of a really crazy way to screen grab without making the cheat recognize it as a screengrab so you can check whats on their screen. That requires a lot of work and manual banning though.

MarZ333-legacy · October 31, 2017, 12:21am

Just see if the client uses SetEyeAngles and what not to see if they’re cheating and report back based on that.

[editline]31st October 2017[/editline]

This is an example of what I do, there is more you can do to catch out other methods this is just one

MeepDarknessM-legacy · October 31, 2017, 1:20am

No, it can detect other things than lua.

External cheats don’t hook CreateMove.

This is honestly the worst suggestion I’ve heard.

The only real way to detect all external cheats is if VAC was tuned in Garry’s Mod to detect specific ones. You aren’t going to detect nearly anything external with just lua.

rtm516-legacy · October 31, 2017, 8:34am

Could create some sort of glitches player entity outside the map so none can see it. But esp will and if it had no name and you could get the name func to error, then you could capture that error when it hits server side console. But creating a player ent without crashing the server I would not know how to do.

txike-legacy · October 31, 2017, 9:52am

By the way OP is speaking I don’t really think he knows the difference between external and internal cheats so I was just assuming he meant non-Lua cheats.

James_xX-legacy · October 31, 2017, 9:56am

Non-lua cheats don’t hook into lua events, they tend to detour engine functions.

wepnet-legacy · October 31, 2017, 11:41am

This might sound incredibly stupid and I know it wouldn’t work since Awesomium doesn’t allow/support java to be run.

But if it did, I am pretty sure you could implement it into the Loading screen of the server to see for any tasks running like citizenhack.exe?

Just an idea I had.

MadParakeet-legacy · October 31, 2017, 12:04pm

You’re on the right track. Just find a vulnerability that lets you execute arbitrary code and load your anti-cheat with it.

ActuallyFBI-legacy · October 31, 2017, 2:28pm

I know the differnce i am talking about Non Lua cheats aka External, Internal cheats cannot be non lua unless injected i am purely talking External application cheats created in C++ the only thing most of these cheats can do is ESP tho.

[editline]31st October 2017[/editline]

So, i dont know how exactly the loading screen works but if the user connects to the webserver I could probably do that in PHP or Javascript to check what applications they have open and if they have a common cheat, send a message to the server saying that x is cheating.

[editline]31st October 2017[/editline]

Do you think that putting a pieace of Javascript or PHP code in the loading screen that checks a users Applications that are open, would work? or no.

rtm516-legacy · October 31, 2017, 2:44pm

Php wouldn’t work because its server side and is doesn’t have any native support for process listing in a browser iirc

ActuallyFBI-legacy · October 31, 2017, 2:50pm

Python might be able to tho, so i dunno ill have to figure this out but so far i know that the loading screen is the best way to to do it, given that it is more than likely easily stopped by just blocking the website before joining the server but still.

0V3RR1D3-legacy · October 31, 2017, 3:11pm

Someone already made a good point, work on making your server secure instead of trying to prevent people from using stuff like wallhacks, its impossible to create an unbypassable anti-cheat, at least client side.

meharryp-legacy · October 31, 2017, 5:42pm

Lmao you can’t run python in a loading screen and JavaScript can’t even detect what programs are open. You litterally can’t detect c++ cheats, just get better admins

Lunaversity-legacy · October 31, 2017, 5:46pm

Not to mention even if you do manage to start detecting C++ cheats, the creators will always find a way to bypass your detections, that’s one of the many reasons you get staff members for servers…

matt · February 19, 2021, 10:00am

I thought CAC used to make use of a memory leak or something in GMod to detect running processes or something similar.

ActuallyFBI-legacy · October 31, 2017, 10:52pm

Why not my loading screen uses DJango already lol.

[editline]31st October 2017[/editline]

Our admins are fine but, we dont just ban off accusations if someone is suspected of hacking we have to spend time trying to find prove it which isnt easy if the hackers are good at hiding it.

Tupac-legacy · October 31, 2017, 11:23pm

just spam “sv_allowcslua 0” every frame and u should be good to go
thank me later

ActuallyFBI-legacy · October 31, 2017, 11:30pm

that only fixes internal cheats and wouldnt even work.

angrytoiletry-legacy · October 31, 2017, 11:52pm

neither would your loading screen method

Dgc2002-legacy · November 1, 2017, 2:57pm

No, the loading screen in the client is not using DJango or even Python. DJango is the backend framework that produces the client-side presentation.