Preventing external cheats.

Any kind of cheat that loads lua into the real client state will be detectable by some means. All of the bigger cheats load in their hack into an emulated client state basically which you cannot touch through lua, even though it is all lua.

Can’t do much about that unless you’re writing your own binary module which you would have to get players to install. It’s really not worth it too. Focus on making you server secure instead of protecting it from people with ESP.

If you fix holes in your server like exploitable net messages then the WORST thing cheaters can do is aimbot and use ESP. It’s not like there are hacks out there that give people full access to your server (unless you have unsecured stuff).

If you’re really on the edge about external cheats, think of a really crazy way to screen grab without making the cheat recognize it as a screengrab so you can check whats on their screen. That requires a lot of work and manual banning though.

Just see if the client uses SetEyeAngles and what not to see if they’re cheating and report back based on that.

[editline]31st October 2017[/editline]

This is an example of what I do, there is more you can do to catch out other methods this is just one

No, it can detect other things than lua.

External cheats don’t hook CreateMove.

This is honestly the worst suggestion I’ve heard.

The only real way to detect all external cheats is if VAC was tuned in Garry’s Mod to detect specific ones. You aren’t going to detect nearly anything external with just lua.

Could create some sort of glitches player entity outside the map so none can see it. But esp will and if it had no name and you could get the name func to error, then you could capture that error when it hits server side console. But creating a player ent without crashing the server I would not know how to do.

By the way OP is speaking I don’t really think he knows the difference between external and internal cheats so I was just assuming he meant non-Lua cheats.

Non-lua cheats don’t hook into lua events, they tend to detour engine functions.

This might sound incredibly stupid and I know it wouldn’t work since Awesomium doesn’t allow/support java to be run.

But if it did, I am pretty sure you could implement it into the Loading screen of the server to see for any tasks running like citizenhack.exe?

Just an idea I had.

You’re on the right track. Just find a vulnerability that lets you execute arbitrary code and load your anti-cheat with it.

I know the differnce i am talking about Non Lua cheats aka External, Internal cheats cannot be non lua unless injected i am purely talking External application cheats created in C++ the only thing most of these cheats can do is ESP tho.

[editline]31st October 2017[/editline]

So, i dont know how exactly the loading screen works but if the user connects to the webserver I could probably do that in PHP or Javascript to check what applications they have open and if they have a common cheat, send a message to the server saying that x is cheating.

[editline]31st October 2017[/editline]

Do you think that putting a pieace of Javascript or PHP code in the loading screen that checks a users Applications that are open, would work? or no.

Php wouldn’t work because its server side and is doesn’t have any native support for process listing in a browser iirc

Python might be able to tho, so i dunno ill have to figure this out but so far i know that the loading screen is the best way to to do it, given that it is more than likely easily stopped by just blocking the website before joining the server but still.

Someone already made a good point, work on making your server secure instead of trying to prevent people from using stuff like wallhacks, its impossible to create an unbypassable anti-cheat, at least client side.

Lmao you can’t run python in a loading screen and JavaScript can’t even detect what programs are open. You litterally can’t detect c++ cheats, just get better admins

Not to mention even if you do manage to start detecting C++ cheats, the creators will always find a way to bypass your detections, that’s one of the many reasons you get staff members for servers…

I thought CAC used to make use of a memory leak or something in GMod to detect running processes or something similar.

Why not my loading screen uses DJango already lol.

[editline]31st October 2017[/editline]

Our admins are fine but, we dont just ban off accusations if someone is suspected of hacking we have to spend time trying to find prove it which isnt easy if the hackers are good at hiding it.

just spam “sv_allowcslua 0” every frame and u should be good to go
thank me later

that only fixes internal cheats and wouldnt even work.

neither would your loading screen method

No, the loading screen in the client is not using DJango or even Python. DJango is the backend framework that produces the client-side presentation.