Would love to try out my anti-cheat/hack/injection service on the game - Question.

I know this is in Alpha so I would like to pose this question.

Would it be possible to help you guys test host a server so I can use my anti-cheat/hack/injection service on a server to see its decrease in hackers? If it poses useful, it could be possible to use this to blacklist the IP’s connecting to the host’s server that are injecting their scripts into the machines to gain elevated permissions. Please let me know whenever possible, I think it would be a great help to the community, and to the production and growth of the game. I currently use the service on my Minecraft server that I own and host myself and it works flawlessly for that purpose, so that’s where I got curious. If this gets looked at, I would be more than happy to help explain how it works and how the defense could assist in the grown and stability of the Rust servers out there.

Thanks for viewing this if you got a chance to, I really appreciate all the time and effort you guys have put into the game so far, I think this will go far in the future of survival games that exist at the moment, and keeps my uttermost attention.

Cheers!
:eng101:

IP blacklisting does not work effectively which is why VAC doesn’t do that. Its due to most ISPs using Dynamic Allocation. So pretty much thats why its no longer a standard practice among anti-cheat programs. Besides its only highly effective against static IP users.

Actually, I can combat that by adding that its automatic adding of any IP connecting that’s using a particular DLL, and running it in the process memory on the host machine. It adds any IP before the user even has a chance to connect to the host’s server. The attacker can change their IP as many times as they want, that IP will be blocked instantaneously, and so will any other IP that is linked to the injected script that is caught.

This isn’t the normal blacklisting of an IP address, it’s something a little different, and it’s not on the market, its all custom.

[editline]28th January 2014[/editline]

That is why I wanted to test it out on a server of my own, or a server that will allow me to test it on. It could be of great use if its setup properly. I’d like to mess around with the setting a little bit once I have it all setup on the machine, then it’s just the waiting game to see how many people we can get to try to hack our server. It ain’t gonna happen…

What happens with other anti-cheat programs is they put all these “chains” on the process/host machine. Then when an attacker tries his luck, he either gets caught or gets around it. But the “chains” that are put up by the program actually disallow it from doing exactly what you’d like it to…

What I have to offer is something that drops all the chains on the host machine, and puts all the walls down so it allows the attacker to try his luck on ours, but oh wait, hes using “example.dll” to inject his script, so we then take action by blocking the rule against that DLL usage. Then next time he tries to connect with a new IP, he gets denied instantly and turned right back around and won’t be able to connect, he just gets denied.

That is the main difference with what I use, and what other people use. They have chained down programs, and mine drops everything giving you full control of what your blocking and protecting against. This can also pose a threat to your machine if you are inexperienced and don’t know what your doing, that is why you run a test server (since it’s in Alpha stage right now) and work out all the correct main DLL’s that people are using to get in, then block em out. Then after that its simple monitoring through the alarm console, and rebanning of new DLL’s that attackers are using to get in. It’s all about the rules you use, and I use very powerful rules to keep people out (for my Minecraft server) and I have yet to be hacked or injected on.

Chances are this wont get looked at by a Mod or someone who has power to do anything about it since there are so many other people throwing similar requests out there and get more views than me. But I think it would be neat if I got a shot at it

Cheers!
:eng101:

All I get is that you use a lot of technobabble.

Sorry if i missed that point but how do you determine which dlls someone is using?

Well then, this is definitely a curious thing. Good luck to you.

Interesting. (bump)

So you’re using an injector to spy on host machines in order to determine if their IP changed, amongst other things? You couldn’t use this on a test server because you don’t download information from a server, only from Steam. They would have to implement your idea into their codebase and package it with the game.

Rusty, that is not exactly true though, is it? If that was the case then how do modded servers work if the additional content is not downloaded from the server?

Nice idea though OP, wouldn’t mind seeing it in action. Would this not be circumvented by using a dll file name that is considered trusted?

All mods are server side and modifying the Rust Server game files or plugging into an existing API. You are incorrect.

I do not use a injector to “spy” on the machines trying to connect in. I guess I didn’t explain myself enough.

The service that runs on the box that’s running the server simply monitors DLL’s being used to write a process to memory on the host machine. When it detects a DLL being used and sees a process ID that is attached to it, it gets rid of it, just dumps it and then blacklist’s the IP associated with that PID.

No spying here sir.
Just a great defense.

[editline]28th January 2014[/editline]

Technically, the attacker can only use the DLL’s associated with injector programs, only certain DLL’s are used when a function is being called on the server. Those DLL’s are the ones that are being monitored, all the other ones I have no need to monitor because injectors don’t use them. :slight_smile:

And as of now, I incredibly doubt that Rust would be using the injector DLL’s to run their game on the host machine…That would be incredibly amateur of any company to pull, because it would basically doom their game for life until it is changed.

So it going to monitor the server application, something aimbots and the like inject nothing into.

[editline]28th January 2014[/editline]

So that brings you to a 0% catch rate.

I sorta added in the answer to your question in one of my previous posts, check it out if you’d like an answer to your question.

Cheers!

:eng101:

[editline]28th January 2014[/editline]

They wouldn’t because whichever machine the server files are running on has to have some sort of OS.

It doesn’t use any sort of code that needs to be implemented into the servers files.

All that needs to happen is to install the service on the OS that the Rust server is installed to, and it starts monitoring in real time.

Technically you can install what I use to ANY server box out there for ANY type of game, and it will protect your server and its players from being infiltrated.

I just was curious how it would work for Rust, and if it could improve its quality of game play any more by getting rid of those nuisances (hackers).

dat coffeh tiem drool

Actually I have had a 100% catch rate so far via Minecraft and World of Warcraft, and ARMA3.
Whats the excuse to “not” try this out for Rust?
I wanna see this community grow, and game development grow as well.
I think we can all agree that hacking is the #1 thing in the entire world that people all feel the same about.

We wanna get rid of hackers, and this could be a solution that would cost nothing, because I believe in open source projects. And if it does work, I would be very interested in talking with the developers about how it works and how we can implement this world wide for everyone to use to deter people injecting.

[editline]28th January 2014[/editline]

If there are any questions, comments, or concerns about making this happen, please post! I am going to be answering questions all day long about this and I will get to every person’s question eventually and have a reply for you.

Cheers!
:eng101:

Am I dreaming? Everything you are saying is complete nonsense.
You’re gonna detect hackers injecting into processes on their PC’s by monitoring the server which has nothing to do with it?

this is gold.

  1. Read on how VAC works - it’s similar to what the OP wants to do. Though, even VAC requires a client side monitor.
  2. VAC already does this, so why bother with it?

EDIT…
The only thing VAC doesn’t do - nor would your program be able to do - is detect if a graphics file (such as textures for player models) has been modified. I don’t know if RUST has a download update system like GMOD - but if it does, you should focus your efforts on a mod that works similar to SV_PURE in source games like Counter Strike.

VAC does not work serverside.
It scans your memory which it obviously does on your PC, not magically from the server.
If you think it works differently then I am happy to listen.

If you look up on how script injection works, you would see that when the attacker creates the injection in the first place, as SOON as he hits that little simple “inject” button, it sends a process written into virtual memory, which opens as an EXE. on the Rust server. That in turn is what gives the elevated privileges to the player account. Whenever your connected to a server, your computer is talking back and forth to the server to remain connected. What most people don’t understand is through that connection, a number of things can be happening. This is just one of them.

VAC does not work server side because it would be too much hassle and they don’t wanna be liable for losses on the server end of things. Then again, who would??