How to stop this CHEAT - HACKED DEDI SERVER

only way is locked passworded servers guys. keeps the halfwits out.

puplic unpassworded servers expect morons lurking in..

I think that no key "password" can be very difficult to find, by the master keys:music_whistling:

and therefore ... well you know there are many examples above,I think.

only way is locked passworded servers guys. keeps the halfwits out.

 

puplic unpassworded servers expect morons lurking in..

Password protected is not the solution, it just limits community gaming. :)

Password protected is not the solution, it just limits community gaming. :)

Right.

like i said, pay to play for 1, 3 or 6 months, you can select how long you will be interesting for MP cos i know that i am not whole year in MP. It would be okay for me to pay for next month or more if i feel ok to play MP, it`s so easy. Then those hackers would think about it, does they wanna be in that kind of situation or not. :thumbup:

I'm sure if you guys contact Polecat at the 104th he'll be able to help.

No too many know the sim as well as he does.

Contact him for what? Lots of people know the sim very well, apparently the hackers know it better then anyone. I know a few russian server admins know it very well also. Remember back in FC1 when they had the illegal eject payload script.

About the passworded servers, if this guy knows the IP, he can probably get in.

 

• Code injection via an unchecked LUA file
  

First thing that crossed my mind when I read this thread!

With this method you could also make some very good missions instead of a hack I think. If you've got the time to look into it that is.

Passworded servers and playing with people you know could be an easy fix for now, but it's true that you get to make new friends on open servers.

Personally, I've "met" many nice guys like the ones from VVS-504 and DFA, on unpassworded servers.

On the other hand, deciding to dedicate a few hours of your limited free time to the game and have someone spoil it like that, can make you regret not having taken some rest instead.

One of the reasons I only play on passworded when I have the time.

First thing that crossed my mind when I read this thread!

With this method you could also make some very good missions instead of a hack I think. If you've got the time to look into it that is.

 

Passworded servers and playing with people you know could be an easy fix for now, but it's true that you get to make new friends on open servers.

Personally, I've "met" many nice guys like the ones from VVS-504 and DFA, on unpassworded servers.

 

On the other hand, deciding to dedicate a few hours of your limited free time to the game and have someone spoil it like that, can make you regret not having taken some rest instead.

One of the reasons I only play on passworded when I have the time.

This is the reason i am not online for a while, now when i have comeback i have saw this monkey"s" doing this and that. That`s why for me is the best way to buy online time on ED servers with real admins who will work 24/7 and then you will have real support and they will be enough paid for that i believe. All i wanna is to play my game and not thinking about problems that surrounding me, that`s all, but there are suckers who will ruin ur plans cos of there sick genetics. S!

" How to stop this CHEAT - HACKED DEDI SERVER"

This reminds me ...

Think in Russian!

:doh:

Cali, we are add many squads. 3sqn, <51st>, 104th...and many more. You can join without problems i think.

Please add =WRAG= squad as well.

I can give you name list, if nececery.

For the three instances on the 51st server where I have been able to identify the IP of the cheater the IP traces to the same ISP. Now assuming that there is just one cheater and he always uses this ISP, I have checked the logs of the 51st server to see which IPs trace to this ISP. They narrow down to 17 distinct IP ranges (xxx.yyy). If anyone wants to try to pre-emptively ban them as opposed to passwording their server, send me a PM.

Thread cleaned up. Kindly keep it on topic and in accordance with forum rules lest it be closed.

Ta

Pay to Play!

Online playing is not free!

1, 3 and 6 months payment.

After this, everybody will be nice, nobody will be insulted, and things will be just like in the old days ;)

How to stop this CHEAT - HACKED DEDI SERVER?...

a_The best way to avoid any kind of "intrusions" in the code during the simulation, it is always updated to keep it clear I think (FC3-FC4 FC2. ..- .. DCS, etc.) in order is a very complex as well be a treaty.

Glad this is getting some attention from ED mods, on the Russian side of the forum things seem to be ignored - unfortunately.

 

From what has been discussed so far on the Russian side:

 

• Code injection via an unchecked LUA file
  
• Mission file is edited/exploited on the client side thus the spawning over airbases and so on
  

 

We have seen it before, on numerous occaisions when client aircraft spawns in the air while the mission specifically states to spawn on the ground. This is due to some sort of corruption when the client joins the server and retrieves the mission file. Well this guy took it further and is basically able to edit the mission to his liking, and the server has no tools to protect against it.

 

So, it is my belief that introducing an ability to integrity check the mission file on client's end will resolve a lot of the issues presented. At this time it is impossible as the mission file is stamped with the local (client's) time.

 

A-10C and BS2 network code and by extension FC3 will not completely resolve the problem. The only thing I believe FC3 will help with will be UCID spoofing which is rampant right now.

Clientside integrity check can still be avoided in some way. The correct way to resolve the issue is to program the server aspect of the game so that the server is the ultimate authority and does not accept anything the client sends that is wrong. When a server tells a client to spawn it should not let the client say ok i am now at x,y,z at angles p,y,r. The server should say you ARE at x,y,z at angles p,y,r and if the client tries to send commands that dispute this then they are simply ignored and the client effectively is sitting there doing nothing. Just the same that the server should not accept anything the client tells it that would allow an AI plane to be spawned. The server should only accept what the server wants to happen.

There is a saying in the programming world, no matter if its the web, an application, or any other user interface...NEVER TRUST THE CLIENT!

Great first post gmt2001! :)

Completely agree.

I realize that Viper might not have been clear with the 'no more personal attacks message' so I'll repeat it here.

I don't care who or why, do not do it here, be it thinly or heavily veiled.

Clientside integrity check can still be avoided in some way. The correct way to resolve the issue is to program the server aspect of the game so that the server is the ultimate authority and does not accept anything the client sends that is wrong. When a server tells a client to spawn it should not let the client say ok i am now at x,y,z at angles p,y,r. The server should say you ARE at x,y,z at angles p,y,r and if the client tries to send commands that dispute this then they are simply ignored and the client effectively is sitting there doing nothing. Just the same that the server should not accept anything the client tells it that would allow an AI plane to be spawned. The server should only accept what the server wants to happen.

 

There is a saying in the programming world, no matter if its the web, an application, or any other user interface...NEVER TRUST THE CLIENT!

I think you are a little "off the track". Multiplayer mode of LO/DCS (and actually most of online/network-games) is a little different from common client-server software model. In this case, "intermediary-client" model is probably more suitable name.

Server does not take input from clients (key/joy/mouse) to run simulation for them. Clients run application locally, and send to server only "results" of their user-inputs (i.e. motion-vector of player controlled aircraft). Server then feed those "results" to other clients. I suppose server does not check in detail how a client calculated that motion-vector. And it is quite obvious why: you'd need 20x more powerfull server if it had to check/recalculate results of 20 clients being sent to it. The same for respawning: it is determined by locally running application (on client-side), not by server. That is why server can not be "ultimate authority". Server can only check some critical client-files (i.e. request checksum) and compare them with its own. But this can (of course) be deceived...

The Russian side of the forums are very busy discussing this also. What happens if this makes it into DCS servers?

Don't give them hackers more ideas cali!!! ;)

I think we must talk about all options and stop every crazy ideas. Our multiplayer is threatened. This is a problem all of us.

We need joint solution and we must help progamers with reports. These things are not to ignore. I am not progamer, and do not know where to began with the elimination of such problems. People like as Case, Moa, Panzertard... and many more ED programers can make our life better. So it should not be hesitation talk about anything.

The Russians have launched a serious analysis and discussion ... and we also have. Any suggestion is welcome.

Part of the problem here is how open much of the game code is; many variables and some basic functionality is initialized/coded open source- in Lua. In a consumer base that is dominated by mature adults, this becomes more of a benefit than a hindrance, as it allows vastly more modding potential. Unfortunately, there are bad apples in every group, and anyone who knows Lua and something of how the TFCSE works will, with time, figure out various ways to hack it, even if that’s not their goal.

I think that part of the problem here is probably how the integrity check works; rather than simply checking the contents of files on the hard drive, a future version of the integrity checker probably should also check the values of variables in memory- and not memory that can be modified by Lua. So you would need a source code modification to hack the game, not just a simple Lua mod. That would certainly help to end things like “nuclear” bomb hacks.

Actually, I think the biggest shame here is that it appears that at least some of these hacks are perpetrated by someone with fairly advanced knowledge of the game’s Lua and/or source code. Think of what kind of mods and benefits this person could bring to our community if they turned their efforts into something productive instead.

Maybe I might be able to combat some of these hacks with my DCS mod, Slmod, if FC3 doesn't fix the issue. Slmod has access to a tremendous amount of game data, including the position of all 3D objects, the current mission data base, and the initial mission table. I needed this all for creating new types of detectable logic conditions, but it could also be utilized to detect cheating. First, I would need detailed information on some of the specific behaviors that characterize the cheating, but once I had those behaviors characterized, for most of them, I could probably explode or remove any offending units from the game world. For example, I couldn't stop him from modifying the mission file, but maybe I could do things like automatically destroy/remove any aircraft that spawn in the air and were supposed to spawn on the ground. Maybe log the "offenders" UCID as well (though one wouldn't want to be too Nazi about this, as already noted, this is or at least was an occasional bug). I can't make any guarantees, I might even be able to find the time for this battle, but I think I could help.

But if he/they are any good, and especially if he/they are using source edits, then it's quite likely they/he would be able to outsmart or out-hack me.

Hi Speed, thanks for showing an interest in this thread!

For example, I couldn't stop him from modifying the mission file, but maybe I could do things like automatically destroy/remove any aircraft that spawn in the air and were supposed to spawn on the ground.

If your script can detect planes spawning in the air, both AI and human controlled, then that might be a good way of stopping this cheat. I would've done the same using the mission triggers, but both the human controlled and AI planes are obviously not listed in the server side mission file.

Let me know if I can be of help porting your code to FC2.

Actually, I think the biggest shame here is that it appears that at least some of these hacks are perpetrated by someone with fairly advanced knowledge of the game’s Lua and/or source code.

Nope ... not at all.

Maybe I might be able to combat some of these hacks with my DCS mod, Slmod, if FC3 doesn't fix the issue.

Don't even try. The best policy for a software tool is to have it do one job. Just one. If you try to make it branch out, you increase complexity to the point where it gets seriously insane - stick with what you started for the purpose of slmod, it will be better for everyone this way. Let the devs handle the hacking issues. :)

Nope ... not at all.

Well, perhaps you have a more detailed knowledge of what this guy is doing. Making your aircraft be air start instead of ground start is fairly simple, I know how to do that I think, but it looks like he was using a "nuke" hack. Normally, the default IC on Config/Weapons should cover this, but I can think of way that should bypass that, and that way it requires some cleverness and a bit of Lua knowledge. Or perhaps there is a very easy way to bypass it that I am overlooking. But if this guy is stupid, then it won't be hard to defeat him :)

Don't even try. The best policy for a software tool is to have it do one job. Just one. If you try to make it branch out, you increase complexity to the point where it gets seriously insane - stick with what you started for the purpose of slmod, it will be better for everyone this way. Let the devs handle the hacking issues. :)

I would only consider trying if, after FC3 came out, the problem continued to persist. You definitely have a point though- I could make a separate mod that just utilizes the relevant code already created in Slmod to do cheat monitoring. Just copy and paste in what I need. If it can make it, why not? The community would have a temporary solution till the devs came out with a permanent one.

Yep, you're overlooking stuff, and I'm not talking. I'll leave it at that :)

Well, perhaps you have a more detailed knowledge of what this guy is doing. Making your aircraft be air start instead of ground start is fairly simple, I know how to do that I think, but it looks like he was using a "nuke" hack. Normally, the default IC on Config/Weapons should cover this, but I can think of way that should bypass that, and that way it requires some cleverness and a bit of Lua knowledge. Or perhaps there is a very easy way to bypass it that I am overlooking. But if this guy is stupid, then it won't be hard to defeat him :)

Because of the way this hack is accomplished, you wouldn't be able to prevent it from happening. That's why - on the other hand, the devs should be able to stop this cold. Not that software security is easy, and it isn't always perfect, but this one should be fixable.

I would only consider trying if, after FC3 came out, the problem continued to persist. You definitely have a point though- I could make a separate mod that just utilizes the relevant code already created in Slmod to do cheat monitoring. Just copy and paste in what I need. If it can make it, why not? The community would have a temporary solution till the devs came out with a permanent one.