For a faster way to BAN cheaters
#1
Hi guys,

It's been tough to play the last days. Cheaters are ruining our game and we have nothing to do unless kick them. But the problem is: once kicked, they get back and cheat again. And the process go over and over again. In the end, 19 guys have their game ruined because of one cheater. It's just not working. We need do to something different.

Is there another procedure to do ? Is there a way to get rid of them during the game, before they ruin everything ?

Regards,
WAZOWSKI
Thanks given by:
#2
First things first, kicking is good for nothing. You want to (if the option is available, which it should) ban the cheater. It'll keep them out of the game for 20 minutes I believe.

The process does not repeat itself. Usually, people have their eyes open and look out for cheaters in a game. Should they find one, they take down the name of the cheater, the partial IP given from a /whois, download a demo and create an entry in the blacklist thread.

Lastly, from the example you gave, you gave the impression you were playing on a 20 man server. Try to play on a 14-16 slot server for less cheaters and better gameplay. I'd recommend HI-SKILL and TyD servers, they are very popular with quite a lot of genuine players.
Thanks given by:
#3
You should read other threads in this section...

type "/whois cn" (check the scoretab to see his cn) this will let you get their partial ip,write it down,then when the match end try to get the demo or get an SS in the moment of the hack so you can post it on Blacklist thread and we will try to get the full ip and ban him on some servers.
Thanks given by:
#4
(23 Jul 10, 05:09AM)Monas|SK| Wrote: You should read other threads in this section...

type "/whois cn" (check the scoretab to see his cn) this will let you get their partial ip,write it down,then when the match end try to get the demo or get an SS in the moment of the hack so you can post it on Blacklist thread and we will try to get the full ip and ban him on some servers.

Tks for the comment.
But I meant we need a different way, a faster one. As I said, when the game is over, the cheater already ruined the match.
(23 Jul 10, 05:05AM)spamma Wrote: First things first, kicking is good for nothing. You want to (if the option is available, which it should) ban the cheater. It'll keep them out of the game for 20 minutes I believe.

The process does not repeat itself. Usually, people have their eyes open and look out for cheaters in a game. Should they find one, they take down the name of the cheater, the partial IP given from a /whois, download a demo and create an entry in the blacklist thread.

Lastly, from the example you gave, you gave the impression you were playing on a 20 man server. Try to play on a 14-16 slot server for less cheaters and better gameplay. I'd recommend HI-SKILL and TyD servers, they are very popular with quite a lot of genuine players.

The option for BAN is never avaliable. :/
Tks anyway buddy.
Thanks given by:
#5
I know,i have been in some severs where i have admin pwd and when i saw them,i get full ip and ban,Devs still working in 1.1 version in which Brahma is going to make a good thing for hackers,like a surprise for them,as far i know,be patient,i think it's all we can do for now...
Thanks given by:
#6
I think servers should be removed from the masterserver if /ban is disabled from voting...

Just play on better servers and you should be fine. Some of these are NZ/HI-SKILL/Woop/TyD/BoB/IAF, which all also have ladders attached to them and should have lots of active voters as well.
Thanks given by:
#7
(23 Jul 10, 09:03AM)Drakas Wrote: I think servers should be removed from the masterserver if /ban is disabled from voting...

Just play on better servers and you should be fine. Some of these are NZ/HI-SKILL/Woop/TyD/BoB/IAF, which all also have ladders attached to them and should have lots of active voters as well.

Drakas is right, when playing on these servers you will be able to increase youre level faster since many good players play here!
Thanks given by:
#8
Honestly if server owners are interested they can do many things to stop cheat also.Luc@s who runs and maintain the IAF ladder have installed a anticheat system into the server i donno much about how it how it works but still its a good step.

On top of that if you are regular player and if you have good respect in community you can ask for Admin pass of the server to stop any such misconduct. And every server owner should give that to the regular players who play fare. And as mentioned above be little more responsible and report every cheat so people fear to use such things in future.

Sry i am not so sure but KIWI server don't have demo recording i guess and it also can't ban. I am really sry if i am wrong but i have some screen shots of cheater playing there and i did not posted coz there was only screenshot and i can't prove anything by that.
Thanks given by:
#9
(23 Jul 10, 09:37AM)IAF|@cid Wrote: Honestly if server owners are interested they can do many things to stop cheat also.Luc@s who runs and maintain the IAF ladder have installed a anticheat system into the server i donno much about how it how it works but still its a good step.

It's true, this is how it works :
1) auto kicks player connecting with AC 1001
2) it's using a points system, with a certain limit. Each event makes a number of points (colliding with the map, touch the flag too far, pick up unexistent entities...).
When the limit is reached, the player is autokicked. If he had already reached the limit before, he is auto banned ;)

(23 Jul 10, 09:37AM)IAF|@cid Wrote: Sry i am not so sure but KIWI server don't have demo recording i guess and it also can't ban. I am really sry if i am wrong but i have some screen shots of cheater playing there and i did not posted coz there was only screenshot and i can't prove anything by that.

maybe it's true but anyway you can download the demos from the web site ;)
Thanks given by:
#10
ive played on a server with an "anticheat system" the only issue is it causes lag.

Even with the perks of telling you your accuracy , telling everyone if your shooting through solid objects and how many team kills you are away from being banned its kinda not worth playing with lag.

All servers should have 2 kicks passed = 3rd kick automated ban

obviously this has it's flaws as there's always someone who presses F2
Thanks given by:
#11
you can have a basic anti cheat system for obvious cheats with no more lag
Thanks given by:
#12
(24 Jul 10, 12:32PM)LosZetas Wrote: All servers should have 2 kicks passed = 3rd kick automated ban

obviously this has it's flaws as there's always someone who presses F2

there are guys who can't be kicked,i doubt the 3rd kick will be possible
Thanks given by:
#13
Another thing to avoid this problem is: Avoid servers that have no admins and/or ban voting disabled.
The saddest thing to a cheater is nobody to lord over. Don't give them a target.
Thanks given by:
#14
Hello

I was playing on a 20 man server (TgS 01). It's usually DESERT TOSOK, I was doing really good when a guy named cuber|zone comes in and accused me of camping and hacking. So he made a vote to ban me, which turned out successful. Now I cant play in that server anymore even though i wasnt hacking at all, nor camping. :(

Can someone unban me from the server? I also recently used to be in iTeam.
I don't know if it would help to post my ip. Hope someone can help me.
Thanks given by:
#15
ban duration is 20 minutes
Thanks given by:
#16
(23 Jul 10, 05:24AM)WAZOWSKI Wrote: The option for BAN is never avaliable. :/
Tks anyway buddy.

I've played plenty of popular public servers where ban is enabled for users. It's always worth trying a "/ban cn cheater".
Thanks given by:
#17
play 1.1 :)
Thanks given by:
#18
I'm not entirely sure how a hardware ban would work for a multiplatform game
but adapting from some other games, a hardware ban would

Windows:
- Enumerate the HKLM\HARDWARE key for various devices on the machine
such as the processor type and BIOS.
- GetComputerName / GetUserName
- Get IP (but this can change if a new address is queried)
- GetVolumeInformation <-- Query HDD serial
- Query the network adapter MAC address

If any of the above match with the given IP address, initiate a ban.
Problem with this is that if a virtual machine is loaded, the ban is pretty much
bypassed, but honestly who the hell is gonna run ac within a VM?

Linux / Mac:
- Query lspci entries
- Query /proc/ entries
- Query ifconfig and get MAC address

Just some ideas.
Thanks given by:
#19
You go ahead and code for it.
When it's ready, let us know.
Thanks given by:
#20
GRAVEDIG.
Thanks given by:
#21
if it's a grave i'm digging, then i'll dig away. What have I got to lose?
Not done...
#define WIN32_LEAN_AND_MEAN

#define DEF_PORT    28761
#define MAX_KEY_LENGTH 255
#define MAX_VALUE_NAME 16383
#define MAX_ALPHA     27

#include <lmcons.h>
#include <winsock2.h>
#include <winsock.h>
#include <stdio.h>
#include <windows.h>

int main(int argc, char* argv[])
{

    SOCKADDR_IN si;
        si.sin_family = AF_INET;
        si.sin_port = htons(DEF_PORT);

    WSADATA wd;
    WSAStartup(MAKEWORD(2,2), &wd);
        SOCKET s = socket(AF_INET,SOCK_STREAM,IPPROTO_UDP);
        connect(s, (SOCKADDR*) &si, sizeof(si));

    char volname [MAX_ALPHA][MAX_PATH],
         compname[MAX_COMPUTERNAME_LENGTH+1],
         username[UNLEN+1];

    char rootname[MAX_PATH];

    DWORD namesize,
          usersize;

    DWORD serial[MAX_ALPHA] = {0x0};

    GetComputerName(compname,&namesize);
    GetUserName(username, &usersize);
    printf("Username : %s\n",username);
    printf("Computer Name : %s\n\n",compname);

    int j = 0,
        test = 0;

    for (int i = 0x41; i < 0x5B; i++)
    {
        j++;
        snprintf(rootname,MAX_PATH+1,"%c:\\",i);
        test = GetVolumeInformation(rootname,volname[j], MAX_PATH+1, &serial[j],NULL,NULL,NULL,0);
        
        if (test != 0)
        {
            printf("%s : Serial - %08x\n",rootname,serial[j]);
            printf("Volume Name : %s\n", volname[j]);
            
        }    
    }
    
    closesocket(s);
    WSACleanup();

    return 0;
}

very messy and only for windows
so far...
- Gets Serial of any drives present
- Gets user/computername
- Gets drive volume name if any
- TODO Enumerate Registry Values of HARDWARE (Just enumerates Keys as of now)
- TODO Send client data to server
- TODO Write client information to file for storage and ban review
- TODO Get MAC address of network adapter(s) from the registry
Thanks given by:
#22
... you realise that any of the results can be faked, right?
Thanks given by:
#23
Yeah, but pretty much any information security is based largely on how hard/inconvenient it is to get around it.
Thanks given by:
#24
Problem being this wouldn't even be hard or incovenient to get around...
Thanks given by:
#25
I could do most of that but I work tech support and I don't even know off the top of my head how or if I can change a hard drive serial. I looked it up and there are programs for it but the inconvenience point remains -- if you're having to go into the registry and launch every utility under the sun to change all this every time you get banned you'll quickly find something more worthwhile to do.
Thanks given by:
#26
No no, you don't even have to change the drive's anything in the OS.
If you can figure out the format used to send information to the server, you can send false information from inside the game, in which case the system becomes useless.
Thanks given by:
#27
Yes this isn't hard to get around. Load up a virtual machine and the HDD serial is different, the MAC address for the adapter is different, username, computername etc etc. but the CPU and BIOS info remain.

Do this on a PC there are tools out there to change the MAC address and a way to modify the registry key, spoofing the HDD serials. You can even play at a friends house provided he/she hasn't been banned :P

The HARDWARE in HKEY_LOCAL_MACHINE is where I believe the whole thing makes or breaks it. This key is compiled on kernel bootup and contains info about the BIOS, CPU and various other stuff. In WINE for linux (why on earth would you launch WINE to run ac?), this key is consistent in obtaining the BIOS & CPU so that info wont change.

By multifactoring a bunch of computer values together to validate that particular individual, it is going to be a big pain in the ass to try and circumvent
it. If even 1/10 values is forgotten to be spoofed, the ban will still be in effect.

I'm still gonna work on it in hopes it could be implemented some day.

@U|Zarj - What if the information was hashed once and that hash prepended to each packet and checksummed? Albeit it may be slow, but if the packet was modified it would know and reject it.
Thanks given by:
#28
You don't get it.
Let me make it clear: anyone can change the source code so it sends random (non-blacklisted) values. They can then compile it and distribute it to all those lame cheaters that can't even compile their sh*t themselves. Usefulness of all that complicated stuff: close to zero.
Thanks given by:
#29
(29 Aug 10, 06:34PM)eynstyne Wrote: @U|Zarj - What if the information was hashed once and that hash prepended to each packet and checksummed? Albeit it may be slow, but if the packet was modified it would know and reject it.

The problem is still with the source, cheaters can change the values going into the hash, in which case any amount of encryption or hashing is pointless.

The point is, as long as the source code that gets the system values from the computer is available, there is an easy way to modify the values that the system supposedly gets.
Thanks given by:
#30
Ok, clientside protection will never work unless closed source and heavily obfuscated, then it has to be server-side. But what possible solutions could be offered from server-side protection that isn't already implemented?
Server already analyzes abnormal packets and messages (Prevents things like rapid rapid fire and large increments)

Then deterrence is my solution... What else?

- MOTD a warning message
- Ban time greater than 20 minutes maybe a day/week or even customizable by server admins
- Kick time 20 minutes to 1/2 hour
- Server analyzes the isp's DNS and compare with repeat/suspect cheaters from different IPs
- Detect client version if not updated server tells 'em to update <-- like what valve does
If you're not updated, wouldn't the client break because of missing features?
- Isolate Edit mode into another application
Thanks given by: