headers
Ryan Stecker | 1 Sep 2011 01:59
Picon
Gravatar

Re: Dealing with F2P ban evasion and status hack?

The most common type of hack I see on my servers are speedhacks,
although i haven't modified the sv_max_usercmd_future_ticks cvar. One
would assume the default should be enough to prevent speedhacking.

The other issue I'm aware of is that the $ignorez prevention sometimes
doesn't work. I don't have any specific repro steps, but sometimes
after map changes, playermodel textures that should be ignoring
$ignorez don't work correctly, and the textures appear through walls.

On top of that, there are some particle effects (such as medic
overheal, and a few others) which I believe should also respect the
$ignorez fixes in the future.

On Wed, Aug 31, 2011 at 4:39 PM, Jon Lippincott <jonl <at> valvesoftware.com> wrote:
> I'd like to compile a list of the most common hacks/cheats you all are seeing and see what measures we can
take on game servers to help.  No guarantees about when this will happen, but it would be great to get your
feedback so we can chip away at it at least.
>
> -Jon
>
> -----Original Message-----
> From: hlds_linux-bounces <at> list.valvesoftware.com
[mailto:hlds_linux-bounces <at> list.valvesoftware.com] On Behalf Of AnAkIn .
> Sent: Friday, August 26, 2011 4:55 AM
> To: Half-Life dedicated Linux server mailing list
> Subject: Re: [hlds_linux] Dealing with F2P ban evasion and status hack?
>
> This is already done with DBlocker and multithreaded:
>
> http://dblocker.didrole.com/
(Continue reading)

Permalink | Reply | 0 comments |
headers
John Schoenick | 1 Sep 2011 02:07

Re: Dealing with F2P ban evasion and status hack?

Aimbotters and speedhackers are by far the most common, in that order. 
Aimbotters are rarely trying to hide what they're doing - they're often 
getting headshots as fast as they can fire while taunting people in chat.

Speedhackers are very common too - a lot of these get detected by our 
anti-hack script, which has been averaging a ban per day since the F2P 
update.

Wallhacks are hard, because there's no obvious giveaways if the player 
isn't being obvious, and most people who want to be obvious go the 
aimbot route. We get a few auto-detections of these per month from our 
anti-hack script, but the script is far from perfect, and I suspect 
there's a lot more of them than anyone realizes.

I should also note that most of our hacker bans in the last months have 
been free accounts with no friends, seemingly created just to go troll 
people. It would be rather sweet justice if some sort of hardware 
fingerprinting were to find and VAC their real accounts. That would be 
one hell of a deterrent.

- Neph

On 08/31/2011 02:39 PM, Jon Lippincott wrote:
> I'd like to compile a list of the most common hacks/cheats you all are seeing and see what measures we can
take on game servers to help.  No guarantees about when this will happen, but it would be great to get your
feedback so we can chip away at it at least.
>
> -Jon
>
(Continue reading)

Permalink | Reply | 9 comments |
headers
Ryan Stecker | 1 Sep 2011 02:10
Picon
Gravatar

Re: Dealing with F2P ban evasion and status hack?

> I should also note that most of our hacker bans in the last months have
been
> free accounts with no friends, seemingly created just to go troll people.
It
> would be rather sweet justice if some sort of hardware fingerprinting were
> to find and VAC their real accounts. That would be one hell of a
deterrent.

Steam already performs a little bit of hardware fingerprinting. The question
I have is if it's being used at all, but I don't have any solid numbers on
how many brand new accounts are joining my servers.

I assume *someone, somewhere* is keeping track of these kinds of players and
is dealing with them.

On Wed, Aug 31, 2011 at 7:07 PM, John Schoenick <Nephyrin <at> doublezen.net>
wrote:
> Aimbotters and speedhackers are by far the most common, in that order.
> Aimbotters are rarely trying to hide what they're doing - they're often
> getting headshots as fast as they can fire while taunting people in chat.
>
> Speedhackers are very common too - a lot of these get detected by our
> anti-hack script, which has been averaging a ban per day since the F2P
> update.
>
> Wallhacks are hard, because there's no obvious giveaways if the player
isn't
> being obvious, and most people who want to be obvious go the aimbot route.
> We get a few auto-detections of these per month from our anti-hack script,
> but the script is far from perfect, and I suspect there's a lot more of
(Continue reading)

Permalink | Reply | 0 comments |
headers
AJ Palkovic | 1 Sep 2011 02:10
Picon

Re: Dealing with F2P ban evasion and status hack?

Another common problem is hackers who are repeatedly changing their name,
making it quite difficult to determine their steamid.  It would be nice to
rate limit name changes if possible.  For instance if someone changes their
name more than 4 times in 1 minute, they are blocked from changing their
name again for 10 minutes?

On Wed, Aug 31, 2011 at 5:07 PM, John Schoenick <Nephyrin <at> doublezen.net>wrote:

> Aimbotters and speedhackers are by far the most common, in that order.
> Aimbotters are rarely trying to hide what they're doing - they're often
> getting headshots as fast as they can fire while taunting people in chat.
>
> Speedhackers are very common too - a lot of these get detected by our
> anti-hack script, which has been averaging a ban per day since the F2P
> update.
>
> Wallhacks are hard, because there's no obvious giveaways if the player
> isn't being obvious, and most people who want to be obvious go the aimbot
> route. We get a few auto-detections of these per month from our anti-hack
> script, but the script is far from perfect, and I suspect there's a lot more
> of them than anyone realizes.
>
> I should also note that most of our hacker bans in the last months have
> been free accounts with no friends, seemingly created just to go troll
> people. It would be rather sweet justice if some sort of hardware
> fingerprinting were to find and VAC their real accounts. That would be one
> hell of a deterrent.
>
> - Neph
>
(Continue reading)

Permalink | Reply | 7 comments |
headers
David Schmieder | 1 Sep 2011 02:24
Picon
Favicon

Re: Dealing with F2P ban evasion and status hack?

Definitely speedhackers are the most frequent with a mix of aimbotters and 
wallhackers thrown in
for good measure.  The name changers are especially annoying.

-----Original Message----- 
From: AJ Palkovic
Sent: Wednesday, August 31, 2011 5:10 PM
To: Half-Life dedicated Linux server mailing list
Subject: Re: [hlds_linux] Dealing with F2P ban evasion and status hack?

Another common problem is hackers who are repeatedly changing their name,
making it quite difficult to determine their steamid.  It would be nice to
rate limit name changes if possible.  For instance if someone changes their
name more than 4 times in 1 minute, they are blocked from changing their
name again for 10 minutes?

On Wed, Aug 31, 2011 at 5:07 PM, John Schoenick 
<Nephyrin <at> doublezen.net>wrote:

> Aimbotters and speedhackers are by far the most common, in that order.
> Aimbotters are rarely trying to hide what they're doing - they're often
> getting headshots as fast as they can fire while taunting people in chat.
>
> Speedhackers are very common too - a lot of these get detected by our
> anti-hack script, which has been averaging a ban per day since the F2P
> update.
>
> Wallhacks are hard, because there's no obvious giveaways if the player
> isn't being obvious, and most people who want to be obvious go the aimbot
> route. We get a few auto-detections of these per month from our anti-hack
(Continue reading)

Permalink | Reply | 4 comments |
headers
Harry Strongburg | 1 Sep 2011 04:17
Picon
Favicon

Re: Dealing with F2P ban evasion and status hack?

On Wed, Aug 31, 2011 at 05:10:59PM -0700, AJ Palkovic wrote:
> Another common problem is hackers who are repeatedly changing their name,
> making it quite difficult to determine their steamid.  It would be nice to
> rate limit name changes if possible.  For instance if someone changes their
> name more than 4 times in 1 minute, they are blocked from changing their
> name again for 10 minutes?

No thanks. There are already plugins that you can use to block them, and 
that will just cause issues for normal users.

sv_pure being 2 by default would stop a lot of mathackers, but Valve 
will never do that ("waah why can't I see my golden deagle skin?"), 
including the fact that sv_pure is pretty annoying with the 
"autoexec.cfg changed" and such errors.
Permalink | Reply | 0 comments |
headers
Mart-Jan Reeuwijk | 1 Sep 2011 04:27
Picon
Favicon

Re: Dealing with F2P ban evasion and status hack?

+1 on Neph

I wonder if a such hardware hashed ID could be send along with a steam ID, so servers could ban on those. Too
much evasions lately with F2P via proxies, imo any form of blocking proxy/vpn usage would recieve my
cheers. I understand that that might hinder ppl that run steam on their work etc.

Another thing that might be an idea, is to limit empty accounts in a way (ie: no games bought on them). That
they only can start playing the game after x time of creation, or at least have some game bought/regged on it
(above a certain price, not for a 1 digit dollar/euro game). A vac ban on those accounts would hinder them
more, cos they have something that is bought on it. Or let them do some time consuming requirements (ever
rotating, otherwise they automate that) before they can play on regular servers.

One other thing, why not having a automatic ban feedback from the 
servers to Valve, esp with F2P accounts that would be interesting I 
guess, for valve then having a monitoring tool for F2P accounts that are
 being banned over and over, and they have ultimate resources to see 
whom those are and who are linked to it. 

If they have also a requirement on steamguard enabled would be a nice one to combine bans + steamguard linked
emails / the ID's they bind accounts to for steamguard etc. With the right query they can make a nice linkage
of alt F2P accounts. Add a requirement of entering once every day (2?) the code on a F2P empty (no bought
games) account will prevent them using trow-away email addresses. And F2P game being active after X time
(2 days?) of creation of the account (+ being online over 4 hours or w/e, one needs to download the game,
right?).. hmmz, that would help in the previous prevention of throw away mail addresses.

Simply: make them work for it. They are already too lazy to aim themselves... work sound like a very good
thing to get 'm at bay.

As for namechangers, a simple SM plugin should be able to deal with those, just autoban for more then x name
changes per x time.  Say 3 changes per 5 minutes and a 30 min ban added. I rarely encounter anybody (legit)
(Continue reading)

Permalink | Reply | 3 comments |
headers
Ross Bemrose | 1 Sep 2011 06:02
Favicon

TF2: tf_forced_holiday 2 and cp_manor_event crash

So, I recently changed my server to use the tf_forced_holiday 2 cvar in 
cfg/cp_manor_event.cfg to enable the Halloween holiday for Manor Event 
instead of using a SourceMod plugin.  I've completely removed that plugin.

Unfortunately, now my server crashes after a random amount of time  on 
cp_manor_event.  At a guess, it crashes when it tries to spawn the 
Horsemann.

Anyone else experiencing this issue?
Permalink | Reply | 9 comments |
headers
Arthur Lin | 1 Sep 2011 06:32
Picon

Re: L4D2 Linux Crash - Illegal Instruction

Awesome news, Chris. I look forward to a possible fix coming in the next
update this Friday (Sept. 2, 2011).

On Fri, Aug 26, 2011 at 3:19 PM, Chris Russell <chris.russell <at> gatech.edu>wrote:

> I have been in communication with someone from valve for about two weeks
> regarding this issue.
> They are supposed to only go up to SSE2 according to the gentleman I spoke
> to.
> They have been working on the issue.
>
> -Chris
>
> On Wed, Aug 24, 2011 at 2:18 PM, Arthur Lin <thaigrocer <at> gmail.com> wrote:
>
> > Also, did Valve ever announce their move to SSE3? I wasn't on the mailing
> > list until recently. If there's any date when they did say so, it would
> > make
> > it much easier to go through the archives.
> >
> > On Wed, Aug 24, 2011 at 1:10 PM, Arthur Lin <thaigrocer <at> gmail.com>
> wrote:
> >
> > > Thanks for informing me about that! This change was fairly recent, too,
> > > because I was running fine before then since release of the game. It
> > saddens
> > > me if this is true, but I guess I have to go find an alternative.
> > >
> > > The only strange thing is that I had 'illegal instruction' errors
> before
(Continue reading)

Permalink | Reply | 0 comments |
headers
ics | 1 Sep 2011 07:06

Re: Dealing with F2P ban evasion and status hack?

For TF2:

Always crits + aimbot (less than 10). Couple of speedhackers too. 
Cheating isn't that major issue in it in my part of the world

CS Source:
Aimbot+wallhack (About 1-3 per week), speedhack occasionally.

I've even taken the liberty of using that steamcommunity report tool for 
each cheater we encounter, say the game name and which cheat he used. 
Ask Mike Blaszczak or J Burton about the reports more if you are 
unfamiliar. I still don't know if it makes any difference or do they go 
just for statistical purposes on how many of those cheaters are being 
caught by VAC or are they monitoring the reported players more closely 
somehow through Steam.

-ics

1.9.2011 0:39, Jon Lippincott kirjoitti:
> I'd like to compile a list of the most common hacks/cheats you all are seeing and see what measures we can
take on game servers to help.  No guarantees about when this will happen, but it would be great to get your
feedback so we can chip away at it at least.
>
> -Jon
>
> -----Original Message-----
> From: hlds_linux-bounces <at> list.valvesoftware.com
[mailto:hlds_linux-bounces <at> list.valvesoftware.com] On Behalf Of AnAkIn .
> Sent: Friday, August 26, 2011 4:55 AM
> To: Half-Life dedicated Linux server mailing list
(Continue reading)

Permalink | Reply | 1 comment |

Gmane