Tremulous Forum
General => General Discussion => Topic started by: beerbitch on July 24, 2007, 05:26:45 pm
-
I posted this in another thread but thought it was worth mentioning in its own thread. What do you guys think is the percentage of linux vs windows tremulous clients that are playing regularly out there ?
Here is my radical solution. Ban windows clients. No DLL injection for you.
So we would have a lot fewer people able to connect to the servers and play, oh well.
If its not possible to do this in current code, it would not be so hard to figure out the running operating system connecting by its ip timestamp generation algorithm and plop that code into trem. nmap does this with its OS fingerprinting code and its opensource. We could steal that.
In addition to this, maybe implement a whitelist of GUID and username combination like admin.dat of allowed windows clients ?
http://insecure.org/nmap/osdetect/
-
Thats all fine and dandy if you want to kill off more than half the tremulous community. But I think that would be a bad idea.
Kill the community to get rid of aimbots hmmmmmm
-
No windows players??? :O
HELL NO!!! I wont buy linux, i love my windows xp, plz don't ban me!
-
OH BOY MORE LINUX ZEALOTRY THANKS FOR THAT.
-
Hey, it was just an idea. You guys have a better one ?
-
yes dont let unfunny anonymous cowards in
-
yes dont let unfunny anonymous cowards in
That works only when highly vigilant admins are on the server, plus now we have to deal with aimbot clients that can have a GUID.
-
I think its a great idea.
We could even make a live CD with linux and trem, just stick it in and watch it work.
Assuming we could get the drivers to works with out any user interaction, people might be surprised by how good there frame rate becomes.
-
RADICAL AIMBOT SOLUTION: BAN EVERY1
THAT WORKS RITE??
U GUYZ GOT ANYTING BETTR??!!!
-
the peasants are revolting!
pitchforks, cudgels and torches by the Transylvanian moonlight...
just don't ban Mac users, plz
-
the best idea i have ever heard
get rid of those game addicts that dnt even know what linux is
ow yea the most linux systems ARE FREE
-
RADICAL AIMBOT SOLUTION: BAN EVERY1
THAT WORKS RITE??
U GUYZ GOT ANYTING BETTR??!!!
Thank you for your constructive and mature criticism Apple.
-
Sorry, but it's no worse than your post.
-
I want to reiterate my second statement about having a whitelist. Maybe require windows users to signup on your server website to get into the whitelist.
-
the peasants are revolting!
pitchforks, cudgels and torches by the Transylvanian moonlight...
just don't ban Mac users, plz
I had no idea I would start a flame war. I just wanted to throw the idea out there.
-
j/k
as a PC switcher, I can now laugh at Windozers, since I am now t3h l33t Mac guy
any OS-based solution will inevitably cause screams of "unfair!"
but u did say it was a radical solution
:D
maybe it would be worth a try at t3h OPP server
but how many of ur clanmates are Windozers?
heck if Trem & Linux would be easily installable on this machine, I might even try it
just to be t3h ub3rl33t Linux dude :)
-
I have a poll on my private clan forum to see how many are windows....
Its not a fair solution, but I've been trying to think of something, anything to get rid of the cheaters..... I used to play counterstrike before it got overrun with hax, and I would just hate to see Trem suffer a similar fate.
-
what we need is for someone to make a spec bot that detects insane kill whoring and then autospecs the suspect looking for things like 180 degree snaps and other aimbot clues (including the rediculous gretch lookup lock lol) and auto kicks aimbotters.
-
what we need is for someone to make a spec bot that detects insane kill whoring and then autospecs the suspect looking for things like 180 degree snaps and other aimbot clues (including the rediculous gretch lookup lock lol) and auto kicks aimbotters.
Now thats a good idea.
-
ow yea the most linux systems ARE FREE
:roll: Wow.... free.....
-
I posted this in another thread but thought it was worth mentioning in its own thread. What do you guys think is the percentage of linux vs windows tremulous clients that are playing regularly out there ?
Here is my radical solution. Ban windows clients. No DLL injection for you.
So we would have a lot fewer people able to connect to the servers and play, oh well.
If its not possible to do this in current code, it would not be so hard to figure out the running operating system connecting by its ip timestamp generation algorithm and plop that code into trem. nmap does this with its OS fingerprinting code and its opensource. We could steal that.
In addition to this, maybe implement a whitelist of GUID and username combination like admin.dat of allowed windows clients ?
http://insecure.org/nmap/osdetect/
first of all, ogc will run just as happily on *nix as it will on windoze, second of all there is no way to prevent someone from lying about their OS.
-
In addition to this, maybe implement a whitelist of GUID and username combination like admin.dat of allowed windows clients ?
Already working on it, stay tuned.
-
The majority of trem players use windows. Here is the stats from SST's website Forum:
Operating Systems Hits Percent
Windows 376437 79.5 %
Linux 59227 12.5 %
Macintosh 34995 7.3 %
Sony PlayStation Portable 1483 0.3 %
Unknown 1172 0.2 %
Sun Solaris 21 0 %
Unknown Unix system 19 0 %
OS/2 17 0 %
WebTV 15 0 %
BSD 5 0 %
Others 5 0 %
-
you can play tremulous on PSP?
-
(http://upload.wikimedia.org/wikipedia/en/b/b9/Mr.hat.jpg)
You can go to hell! You can go to hell and you can die!
-
(http://upload.wikimedia.org/wikipedia/en/7/73/614_image_06.jpg)
You can go to hell! You can go to hell and you can die!
Right after I finish getting down with Mr. Slave !
O_o
-
The majority of trem players use windows. Here is the stats from SST's website Forum:
Operating Systems Hits Percent
Windows 376437 79.5 %
Linux 59227 12.5 %
Macintosh 34995 7.3 %
Sony PlayStation Portable 1483 0.3 %
Unknown 1172 0.2 %
Sun Solaris 21 0 %
Unknown Unix system 19 0 %
OS/2 17 0 %
WebTV 15 0 %
BSD 5 0 %
Others 5 0 %
wrong, the majority of sst players use windows. the statistics from this forum were posted a while ago. the plurality of players used linux (just barely leading windows iirc).
-
ban linux
linux am sux
-
Ban Vista users. :wink:
-
Ban Poland.
-
Ban Hammer.
Seriously though, this is a bad idea.. unless I change O/S, in which case it's a completely sensible solution.
-
@ the last four or five posters: Thanks, I really needed that. LOL!
When they banned Poland, I said nothing because I was not from Poland.
When they banned Windows, I said nothing, because I am not using Windows.
When they banned Linux, I still said nothing, because I am not using Linux.
And now there are only us Mac players left.
All 3 of us.
-
Make Unix/Linnux less bitchy about drivers and I'll listen.
-
addIP 1.*.*.*
addIP 2.*.*.*
addIP 3.*.*.*
addIP 4.*.*.*
addIP 5.*.*.*
addIP 6.*.*.*
addIP 7.*.*.*
addIP 8.*.*.*
addIP 9.*.*.*
addIP 10.*.*.*
addIP 11.*.*.*
addIP 12.*.*.*
addIP 13.*.*.*
addIP 14.*.*.*
addIP 15.*.*.*
addIP 16.*.*.*
addIP 17.*.*.*
addIP 18.*.*.*
addIP 19.*.*.*
addIP 20.*.*.*
addIP 21.*.*.*
addIP 22.*.*.*
addIP 23.*.*.*
addIP 24.*.*.*
addIP 25.*.*.*
addIP 26.*.*.*
addIP 27.*.*.*
addIP 28.*.*.*
addIP 29.*.*.*
addIP 30.*.*.*
addIP 31.*.*.*
addIP 32.*.*.*
addIP 33.*.*.*
addIP 34.*.*.*
addIP 35.*.*.*
addIP 36.*.*.*
addIP 37.*.*.*
addIP 38.*.*.*
addIP 39.*.*.*
addIP 40.*.*.*
addIP 41.*.*.*
addIP 42.*.*.*
addIP 43.*.*.*
addIP 44.*.*.*
addIP 45.*.*.*
addIP 46.*.*.*
addIP 47.*.*.*
addIP 48.*.*.*
addIP 49.*.*.*
addIP 50.*.*.*
addIP 51.*.*.*
addIP 52.*.*.*
addIP 53.*.*.*
addIP 54.*.*.*
addIP 55.*.*.*
addIP 56.*.*.*
addIP 57.*.*.*
addIP 58.*.*.*
addIP 59.*.*.*
addIP 60.*.*.*
addIP 61.*.*.*
addIP 62.*.*.*
addIP 63.*.*.*
addIP 64.*.*.*
addIP 65.*.*.*
addIP 66.*.*.*
addIP 67.*.*.*
addIP 68.*.*.*
addIP 69.*.*.*
addIP 70.*.*.*
addIP 71.*.*.*
addIP 72.*.*.*
addIP 73.*.*.*
addIP 74.*.*.*
addIP 75.*.*.*
addIP 76.*.*.*
addIP 77.*.*.*
addIP 78.*.*.*
addIP 79.*.*.*
addIP 80.*.*.*
addIP 81.*.*.*
addIP 82.*.*.*
addIP 83.*.*.*
addIP 84.*.*.*
addIP 85.*.*.*
addIP 86.*.*.*
addIP 87.*.*.*
addIP 88.*.*.*
addIP 89.*.*.*
addIP 90.*.*.*
addIP 91.*.*.*
addIP 92.*.*.*
addIP 93.*.*.*
addIP 94.*.*.*
addIP 95.*.*.*
addIP 96.*.*.*
addIP 97.*.*.*
addIP 98.*.*.*
addIP 99.*.*.*
addIP 101.*.*.*
addIP 102.*.*.*
addIP 103.*.*.*
addIP 104.*.*.*
addIP 105.*.*.*
addIP 105.*.*.*
addIP 106.*.*.*
addIP 107.*.*.*
addIP 108.*.*.*
addIP 109.*.*.*
addIP 110.*.*.*
addIP 111.*.*.*
addIP 112.*.*.*
addIP 113.*.*.*
addIP 114.*.*.*
addIP 115.*.*.*
addIP 116.*.*.*
addIP 117.*.*.*
addIP 118.*.*.*
addIP 119.*.*.*
addIP 120.*.*.*
addIP 121.*.*.*
addIP 122.*.*.*
addIP 123.*.*.*
addIP 124.*.*.*
addIP 125.*.*.*
addIP 126.*.*.*
addIP 127.*.*.*
addIP 128.*.*.*
addIP 129.*.*.*
addIP 130.*.*.*
addIP 131.*.*.*
addIP 132.*.*.*
addIP 133.*.*.*
addIP 134.*.*.*
addIP 135.*.*.*
addIP 136.*.*.*
addIP 137.*.*.*
addIP 138.*.*.*
addIP 139.*.*.*
addIP 140.*.*.*
addIP 141.*.*.*
addIP 142.*.*.*
addIP 143.*.*.*
addIP 144.*.*.*
addIP 145.*.*.*
addIP 146.*.*.*
addIP 147.*.*.*
addIP 148.*.*.*
addIP 149.*.*.*
addIP 150.*.*.*
addIP 151.*.*.*
addIP 152.*.*.*
addIP 153.*.*.*
addIP 154.*.*.*
addIP 155.*.*.*
addIP 156.*.*.*
addIP 157.*.*.*
addIP 158.*.*.*
addIP 159.*.*.*
addIP 160.*.*.*
addIP 161.*.*.*
addIP 162.*.*.*
addIP 163.*.*.*
addIP 164.*.*.*
addIP 165.*.*.*
addIP 166.*.*.*
addIP 167.*.*.*
addIP 168.*.*.*
addIP 169.*.*.*
addIP 170.*.*.*
addIP 171.*.*.*
addIP 172.*.*.*
addIP 173.*.*.*
addIP 174.*.*.*
addIP 175.*.*.*
addIP 176.*.*.*
addIP 177.*.*.*
addIP 178.*.*.*
addIP 179.*.*.*
addIP 180.*.*.*
addIP 181.*.*.*
addIP 182.*.*.*
addIP 183.*.*.*
addIP 184.*.*.*
addIP 185.*.*.*
addIP 186.*.*.*
addIP 187.*.*.*
addIP 188.*.*.*
addIP 189.*.*.*
addIP 190.*.*.*
addIP 191.*.*.*
addIP 192.*.*.*
addIP 193.*.*.*
addIP 194.*.*.*
addIP 195.*.*.*
addIP 196.*.*.*
addIP 197.*.*.*
addIP 198.*.*.*
addIP 199.*.*.*
addIP 200.*.*.*
addIP 201.*.*.*
addIP 202.*.*.*
addIP 203.*.*.*
addIP 204.*.*.*
addIP 205.*.*.*
addIP 206.*.*.*
addIP 207.*.*.*
addIP 208.*.*.*
addIP 209.*.*.*
addIP 210.*.*.*
addIP 211.*.*.*
addIP 212.*.*.*
addIP 213.*.*.*
addIP 214.*.*.*
addIP 215.*.*.*
addIP 216.*.*.*
addIP 217.*.*.*
addIP 218.*.*.*
addIP 219.*.*.*
addIP 220.*.*.*
addIP 221.*.*.*
addIP 222.*.*.*
addIP 223.*.*.*
addIP 224.*.*.*
addIP 225.*.*.*
addIP 226.*.*.*
addIP 227.*.*.*
addIP 228.*.*.*
addIP 229.*.*.*
addIP 230.*.*.*
addIP 231.*.*.*
addIP 232.*.*.*
addIP 233.*.*.*
addIP 234.*.*.*
addIP 235.*.*.*
addIP 236.*.*.*
addIP 237.*.*.*
addIP 238.*.*.*
addIP 239.*.*.*
addIP 240.*.*.*
addIP 241.*.*.*
addIP 242.*.*.*
addIP 243.*.*.*
addIP 244.*.*.*
addIP 245.*.*.*
addIP 246.*.*.*
addIP 247.*.*.*
addIP 248.*.*.*
addIP 249.*.*.*
addIP 250.*.*.*
addIP 251.*.*.*
addIP 252.*.*.*
addIP 253.*.*.*
addIP 254.*.*.*
No more aimbotters! It's like magic!
-
What about *.*.*.*?
-
[snip]No more aimbotters! It's like magic!
joke's on you! g_banips can't hold that many bans.
-
What about if we just fill every map with randomly moving *ghost* players, that no one can see. I really don't know if it would work, it's just an idea that I think would make using aimbot a lot harder, atleast with long range weapons, if it would snap into those ghost players.
-
Sounds like a great idea but that's just more load on the server.
-
You wouldn't need to fill the map with them. Just have one haunting each player. If you can only make your ghost an enemy to you, that would stop you from locking on to other peoples ghosts. If you can't do that, just make their ghosts move around alot more to make sure it isn't just like locking on to the person.
Is there some way of making a target that the aimbot would try to aim at, but could never do so? This might make them freeze-out or at least keep them spinning on the spot.
-
what we need is for someone to make a spec bot that detects insane kill whoring and then autospecs the suspect looking for things like 180 degree snaps and other aimbot clues (including the rediculous gretch lookup lock lol) and auto kicks aimbotters.
Good idea.
1. The specbot elaborate normal activity patterns utilizing normal players stats.
2. The specbot elaborate haxs activity patterns (fov_360, same hitbox location shots, fast aim with low sensitivity, perfect accuracy, etc).
3. The bot analize the stats of any player and compare them with normal activity patterns to detect possibles anomalies. If the diference is too big, or fits with the haxs patterns = autokick/ban.
Very complex, very effective.
Cons: False positive
-
When I thought about this, I imagined just how funny it would be to have my aiming 'detected' as aimbotting ^^ ..well, it would be funny the first time at least.
-
Ban Vista users. :wink:
Didn't the graphics card people already do that?
-
what we need is for someone to make a spec bot that detects insane kill whoring and then autospecs the suspect looking for things like 180 degree snaps and other aimbot clues (including the rediculous gretch lookup lock lol) and auto kicks aimbotters.
Good idea.
1. The specbot elaborate normal activity patterns utilizing normal players stats.
2. The specbot elaborate haxs activity patterns (fov_360, same hitbox location shots, fast aim with low sensitivity, perfect accuracy, etc).
3. The bot analize the stats of any player and compare them with normal activity patterns to detect possibles anomalies. If the diference is too big, or fits with the haxs patterns = autokick/ban.
Very complex, very effective.
Cons: False positive
Ok, thats easy to code, I'll get right on that.[/sarcasm]
Actually, what we need is a global BAN list maintained by server admins who sign up for it. When we do catch a real hacker we can put them on this list. The server would read the file from a remote server and use it AND its own ban list to ban these players. We could have it use a combination of subnet/ip guid and nickname.
-
Actually, what we need is a global BAN list maintained by server admins who sign up for it. When we do catch a real hacker we can put them on this list. The server would read the file from a remote server and use it AND its own ban list to ban these players. We could have it use a combination of subnet/ip guid and nickname.
This is possibly the best idea within the thread, both in terms of practicality and probably in development.
-
dual booting linux and windows ftw
-
Ban Solaris
-
Not a Very Good solution.
Maybe a global website for registering you GUID with your name etc..
Once 1 is spotted we can report to moderators of the site and they can check they ban the GUID. Yes aimbotter will get another GUID but thats life..
-
Actually, what we need is a global BAN list maintained by server admins who sign up for it. When we do catch a real hacker we can put them on this list. The server would read the file from a remote server and use it AND its own ban list to ban these players. We could have it use a combination of subnet/ip guid and nickname.
This is possibly the best idea within the thread, both in terms of practicality and probably in development.
I've thought about this before.
It should be quite doable with out needing to go near the tremulous source.
What you would need is a script on each server that every half an hour reads the admin.dat file, and sends all changes to the server, and then downloads new changes from the server. gpg could be easily used to prevent evildoers from sending in fake bans, and each server could be configured to use the data from the master as it wishes, only trusting bans that are on X many servers, while having a white list of server and admins to trust, and a black list of server and admins to ignore.
It should be quite doable if a few people with the skills and resources put there minds to it.
-
Not a Very Good solution.
Maybe a global website for registering you GUID with your name etc..
Once 1 is spotted we can report to moderators of the site and they can check they ban the GUID. Yes aimbotter will get another GUID but thats life..
You have a fucking awesome sugnature.
-
...CRUSADES AND REVOLUTIONS...
O YA!!!!!!!!!!!!!!!!!!!!
-
Not a Very Good solution.
Maybe a global website for registering you GUID with your name etc..
Once 1 is spotted we can report to moderators of the site and they can check they ban the GUID. Yes aimbotter will get another GUID but thats life..
Include ip or subnet in this list. Subnet can be shared with other players that aren't cheating so instead of auto-banning that subnet maybe the trem patch for the server would send a PM to the admins saying this player "might" be the guy on the master list.
-
my other solution included a biometric/force feedback qkey that electrocutes cheaters and anyone who is issued a perm ban...
-
my other solution included a biometric/force feedback qkey that electrocutes cheaters and anyone who is issued a perm ban...
IDEA STEALER! :(
-
And now there are only us Mac players left.
All 3 of us.
When did we get a third one?
-
This idea is fucking moronic.
How do we know that the client is windows? The client sends us that information. Oh wait, the client is open source. I guess they can just modify the client to say they're on linux.
Doing this would actually increase the percentage of aimbots among players by getting rid of legit ones and not the cheaters.
tl;dr version: you're fucking stupid
-
This idea is fucking moronic.
How do we know that the client is windows? The client sends us that information. Oh wait, the client is open source. I guess they can just modify the client to say they're on linux.
Doing this would actually increase the percentage of aimbots among players by getting rid of legit ones and not the cheaters.
tl;dr version: you're fucking stupid
Did you even read the 1st post ? Its the TCPIP stack that would determine which operating system you're running, not some code in the client. Just how do you code a trem client to spoof a whole network stack ?
Why did I even respond to you, its obvious you're just a dumb troll.
This idea is rather ridiculous, hence the word "Radical" in the title. I wanted a productive discussion of how we can fix the hacker problem.
I like the idea of a master hacker ban list, and David's suggestion of using scripts to pull it into an admin.dat file is good. I'm not sure I like being able to push data back to the list though. I think a forum where admin server members could go to decide bans (using demo as proof etc) would be a better idea.
-
I say you guys figure out something to have Linux only servers or something, then you won't be playing with aimbots. Don't ruin the game for all windows users though.
-
lets just ban the fucking linux users
-
lets just ban the fucking linux users
Oh hi NiTRoX
(http://www.gogessner.net/tracey/traceysspace/blog/blog_images/troll.jpg)
-
Hey, it was just an idea. You guys have a better one ?
Yes, Let the server people run an easy script kiddy app that will ban anyone that uses n_ commands. :/
-
Ok I'm going to try the master ban list idea.
1) Have a master ban list (master admin.dat with bans in it)
2) Have a script that can fetch the list and synchronize your admin.dat file to include these global bans.
3) Have a forum where registered server admins can go and add new bans to this list.
I'll host the forum in our clan server for now, url pending.
If I can make the script work so it won't bork the admin.dat file then I bet I can get some admins to test with me.
-
So how does this system determine who is global-ban worthy and who isn't?
Is it fair for one server-admins opinion to mean a ban from all servers?
If proof needs to be given to the other server admins that the guy was ban-worthy before a global-ban is made, surely the current system works just as well. The admins can only be sure that they are ban-worthy if they see it themselves.
-
So how does this system determine who is global-ban worthy and who isn't?
Is it fair for one server-admins opinion to mean a ban from all servers?
If proof needs to be given to the other server admins that the guy was ban-worthy before a global-ban is made, surely the current system works just as well. The admins can only be sure that they are ban-worthy if they see it themselves.
A discussion forum for this is not that new except now we have a list that we can all use. Now when a hacker is caught, he is less likely to be able to play on other servers.
I can implement a voting system for the admins to add a ban to the list or something, so it won't be just one admin. I can make a web app that can accept a ban request, then the admins would discuss it, then vote / approve it.
-
Ok I'm going to try the master ban list idea.
--snip--
3) Have a forum where registered server admins can go and add new bans to this list.
--snip--
Maybe add a separate public forum, where people who were banned can argue their case. Thats all I wanted to say :)
-
Ok I'm going to try the master ban list idea.
--snip--
3) Have a forum where registered server admins can go and add new bans to this list.
--snip--
Maybe add a separate public forum, where people who were banned can argue their case. Thats all I wanted to say :)
Thats a good idea.
Current feature list:
1) Global admin.dat ban list
2) Private forum for admins to vote on submitted bans (add/remove)
3) Public forum for ban rebuttal or public submission
-
Also I was thinking a warning system for admins. If someone enters the server and their subnet matchs a subnet of a ban on the local server bans or the globar bans. It could pm all the admins about it. That way you don't have to subnet ban but you still get a heads up when someone who might be ban dodging comes in and trys to play. You can watch him.
Also this system can work for deconners too.
This would be more of a tjw feature.
-
I'm all for the web of trust idea. when my server downloads your list, it can process it however I want. So say it takes 5 points to get someone banned, all bans are for 2 weeks, and ignore bans under 1 day. Then server that has banned someone earns them a point. I could then weight servers differently, so some I trust, and some that I think are trigger-happy.
Do you have a dev forum up yet? I am keen to contribute.
-
Something (http://tremulous.net/phpBB2/viewtopic.php?p=75933#75933)i posted a while ago.
The main idea was that this forums user database could be used as the master server. Authentification is easily done by adding some php scripts on this forums server and using simple http requests from either the tremulous client and tremulous servers.
Features:
- It proposes forum user group concepts to be used for player management on tremulous server
- Checking up on IP and management of players can be done at one place, on this site by this site's admins, or alternatively a special user group can be created here for that job
- The ideas go a bit further than just sharing ban lists, but it includes sharing ban lists.
- Names as registered on this forum are globally protected on servers that use this forum as their master server
- How the servers make use of the authentication system and banning system is highly flexible and can be easily customized
-
This should be a disableable feature. If a server does not want to participate in the global banlist, then allow them to disable it.
-
This should be a disableable feature. If a server does not want to participate in the global banlist, then allow them to disable it.
For now I'm going with the script approach so no trem patching would be needed. You can simply choose to run our script to get a list or not.
-
Here is my bias and suposabely simple solution to aimbotting. The first note on aimbots is their n_ commands like n_aim. I am wondering if a simple add to the server pure check coding could run that command on the users client. If it says unkown cmd. They are obviously not botting. If it says n_aim = 2 default = 2 or w/e it can tell them they are inpure. That would stop all of the current funlily aimbotters. I don't imagine this would be to hard to implament and I see that most server owners would gladly through the patch in their qvm. I don't see it requiring any mods to the client either. This is just a simple thought though.
I also wonder is there anyway to see the hud of the play from the server. When speccing someone even if they have a modified hud it shows in ur hud. Can the server see their hud settings. If so funlily says in its hud funlily:Backport GUID right below ammo ect.
I also saw from MW:ne0 something today that funlily makes a default bind and mod in its source that says the name of the aimbot and where to get it. ne0 accidently hit it in a public game and hammer was noted to the problem. Maybe the server could check if the client has a bind that outputs anything with funlily, then the client could be informed they are impure. I don't know how the bind works though because it doesn't pull up in bindlist. Nor could I figure out what key causes it to happen. On most servers it auto says it when u enter the game.
These are just some simple suggestions that would weed out the majority.
I don't know the plausability of them so please don't call me a stupid troll lol.
I still think the global ban list is a great idea but I also think this would help it greatly. Its sad that the aimbotters leave the responsibility of cleaning up after them to the server operators and devs. I hope we can get this cleaned up fast no thanks to that stupid asshole funlily.
-
Sadly none of that info is available to the server. If it were it would lag the server every time someone joined, and aimbots would just lie.
-
Sadly none of that info is available to the server. If it were it would lag the server every time someone joined, and aimbots would just lie.
I thought it could check for the commands, can't the server at least take notice if someone runs an n_ command so it can kick them immediately and warn the admins?
I don't see it lagging the whole server to check one command. I figure the HUD stuff is radical checking and that could cause lag, but I see no reason that the server can't just run a command to see the results or how that would cause lag. It shouldn't cause any more lag than the current pure server check does. From my understanding the server has a lot of power over the users client and the client is designed as a base to allow everything the server does. There is even a large glitch that can allow the server to run basicly whatever it wants from the clients machine if its windows that was carried over from Quake 3. I heard rumors that tjw's version fixes this but I'm not certain.
-
I meant sending the full cvar list would cause lag.
And when you make a bind or set a cvar the server doesn't get told, unless that cvar happens to be set as needing to be added to the clientInfo, and it can only be set as such client side.
But as said before, nothing the client sends can be trusted.
-
The server cannot manipulate the client's machine in such a way that I know of. It can do pretty much anything it wants to the trem client itself, and despite what boastful server ops will tell you, they cannot do anything (remotely execute/modify files) to your computer. I suppose it is possible to make the client download a .pk3 with an auto-extracting virus in it, but why would they want to do that?
Punkbuster (god forbid) takes a regular SS of exactly what the player is seeing on their screen, but punkbuster is a clientside mod as well as serverside... it also lags server like crazy. I'm not by any means saying we should use PB, but if there was a way that this particular feature could be implemented, it could be an rcon command to take a screenie of a client's screen.
As for adding a regular n_command check to the standard repertoire of sv_pure command checks... shouldn't be that hard.
Current funlily leechers won't be expecting this (if it's implemented) so of course while it won't be as effective in the long-term, we can at least slow cheating down for now.
-
But adding n_ cvars would require a new client. And not just a mod, but a new tremulous.x86.
A new client will need the aimbot to be recompiled anyway, and he will just change the cvars it uses.
Tremulous has many settings that do nothing witch could be reused. Or it could read the config from a file. Or hook the console so its cvars aren't 'real' cvars.
EDIT: Spelling
-
people who think that they can rely on the data sent by client, makes me LOL
-
Basically the best solution is for humans to handle this, which is why we need an organized forum where admins can share bans.
-
from what I see though, most people using the aimbot are ridiculously stupid. Even more stupid than I am. Go to their forums and read replies, how are this work. It would be up to funlily to change the commands ect. and reupload and he doesn't seemed encouraged to do so. This would at least slow him down and stop most of his current users.
-
ban aimbotters, not operating systems
-
This can be put on a feature list, but as an admin I'd really also like to be able to query (in real-time) the master ban list. If some guy joins my server and acts like a tard, I'd like to know if he's been banned on other servers that I recognize (or trust to be admin'ed well).
Or at the same time, when considering banning someone it'd be worth it to me to see if that player's been banned at other places. A guy who has been banned on no other servers might deserve a little more leniency.
Some sort of realtime query for players/guids/IPs connected to your server would be very useful.
For those of you who probably haven't played on our server (The Potato Patch), you're not aware that we have a "bot' that sits and watches the console and does a number of commands. Wonko, who coded this bot, says it'd be relatively simple to add this query (and other functionality of a master ban list) to the bot. If it helped, we could work to help distribute a copy of the bot designed to interact with the master ban list.
Edit: For anyone thats interested, please stop by The Potato Patch (after working hours) and talk to Wonko and I about it. If you're curious about the bot, you can check out some of the things he can do on our website (http://potatopatch.brianmoses.net). But the best thing to do is just stop by and we'll show you.
-
The server cannot manipulate the client's machine in such a way that I know of. It can do pretty much anything it wants to the trem client itself, and despite what boastful server ops will tell you, they cannot do anything (remotely execute/modify files) to your computer. I suppose it is possible to make the client download a .pk3 with an auto-extracting virus in it, but why would they want to do that?
Remind me not to play on any servers that you own or have ftp access to :)
people who think that they can rely on the data sent by client, makes me LOL
And why can we not rely on data being sent by a client? Is funlily going to go and make stuff "invisible or spoofed" I dont think so.
Humans are the best way to detect, but sometimes it is hard to detect aimbotters. Humans cannot detect wallhacks though which also give a huge advantage in game. Only way to catch a wallhacker is to spec with a wallhack. Im almost to the point of lets face it Tremulous is Ruined.
-
Im almost to the point of lets face it Tremulous is Ruined.
Most players do not cheat, the number of cheaters is very small, especially considering that different cheaters are often infact the same person. All is good. The player base is growing and this will lead to some growing pains. The right measurements will be taken in time to make management of players (query on IP/GUID, (global/local) authentication etc etc) easier when it keeps growing. As long as most server operators stay alert, recruit good admins, and developers keep developing nifty tools for operators to maintain their server with ease...the future looks bright, we gotta wear shades.
-
The server cannot manipulate the client's machine in such a way that I know of. It can do pretty much anything it wants to the trem client itself, and despite what boastful server ops will tell you, they cannot do anything (remotely execute/modify files) to your computer. I suppose it is possible to make the client download a .pk3 with an auto-extracting virus in it, but why would they want to do that?
The QVM runs in a VM so that cant be done.
people who think that they can rely on the data sent by client, makes me LOL
And why can we not rely on data being sent by a client? Is funlily going to go and make stuff "invisible or spoofed" I dont think so.
Real easy to do, so why wouldn't he?
-
And now there are only us Mac players left.
All 3 of us.
When did we get a third one?
:) *waves hand*
-
And now there are only us Mac players left.
All 3 of us.
When did we get a third one?
:) *waves hand*
>:\/ WAARK
-
And now there are only us Mac players left.
All 3 of us.
When did we get a third one?
:) *waves hand*
Does that make me #4? Or does benmachine's cryptic message above make him #4, and me #5?
-
hi im a lamer (a.k.a. mac user) so im going to post here on this thread because someone mentioned macs
-
from what i've looked at though I don't understand trem code or c very well the server does have quiet a lot of control over the client.
@ david, yes funlily could easily attempt to spoof the server, but he doesn't have the go getter attitude most think he does. Yes he made an aimbot, yes he made a tjw aimbot. But look at the gap it took him forever to get the GUID acceptable version out. He lacks diligince as most aimbotters do. Because the aimbot is not for himself. He probably doesn't even play trem. he makes it because hes an asshole and likes hurting others. He wont go so far to work on it to that extent I feel though. And almost all of his current users aren't smart enough to pick up anything in his place. Especially since he kept his source code to himself. A simple check for n_commands wouldn't be a hard patch to make for anyone with experience and it would slow him down at least 2 months while something better is worked on. And would discourage/stop most of his current users.
I am currently attempting to make this n_command check but I have no experience in c or in trem source itself so I am having difficulties. If trem was made in c++ this would be a lot easier for me. While c is similar the syntax difference and the overall complexitiy of trem is hard for me.
Here is my idea for a more advanced anti-aimbot.
The server can obviously see movements every client makes, or clients wouldn't be able to play with each other. funlily's aimbot aims at the same spot in the hitbox for each model. At first I thought anyone who hits that exact point 3 time in 1 second is obviosly using it. But you can use his cvars to change the predictions and xy locations of where it points. This would make it to much to check and deffinately lag the server. Now what if instead we checked if someone hit the same x,y point relative to a hitbox 3 times or more in 1 second. After moving of course. No human player no matter how good their mouse is can follow a point on a hitbox exactly. Does this make sense yet? Lets imagine a square. thats the hit box. If someone aims at 10 x and 14 y inside the hitbox. the hitbox moves the person follows and lands back exactly on 10x 14y again. These points will have to be relative to the hitbox of course because otherwise the points would read different as the hitbox moved. There is no way a human player could follow a hitbox further than 10 pixels and land back in the same x,y position. So if the server saw someone hit the same point relative to a hitbox 3 times in a row in a small period of time. When the hitbox has shifted 20+ x,y locations. Its obvious its code doing the aiming not a human hand. Checking for the hitbox shift also would prevent false positives of a person leaving their mouse unmoving. Also the short timing would prevent that someone accidently falls in place of the same relative hitbox point 3 times in a match. It would have to be in a small period of time.
I have this whole idea in my head and no way to put it into code yet. i'm learning fast though and I think I should be able to start testing my first anti-aimbot patch within a month. I would like help if it can be offered. I would also like criticism. Counter arguements are the best way to find out whats reasonable.
If I could get my hands on funlily's code it would be so much easier. Instead of doing what i'm trying to do I could just have the server check for his actuall patterns of movement. That would be the easiest but of course he could just change the bots patterns slightly and I would have to redo everything. So the above idea to me seems as the best idea for an overall aimbot anti-patch. It at least limits basic aimbots. Advanced aimbots could get around it but what cant advanced aimbots get around. Most people wont go to that much trouble to create something that will get around checks like this. If they do they generally don't feel like sharing also.
So just reply please and rip me apart or offer help or compliments whatever you feel is necessary.
-
I think your idea (while good) falls into the same trap as the other ideas: somehow, the coder of the aimbot can modify that aimbot to avoid these checks. For yours, all it would have to do is slightly randomize the hit target. But I imagine if we could somehow roll out a bunch of these fixes at once, it would make it that much harder for the coder. But first, we have to do some *real code*.
-
*real code*.
I know this is my concern lol. I am new to c. First time ever looking at it. I do have about a years experience in both java and c++ though so I can still find my way around :P
Like I said, this is not a long term solution. My ideas are short term based but they also aren't that complicated.
funlily can modify to avoid this, but he would need the code to do it effectively. Otherwise hes just guessing and checking. Also if they randomize their hitpoint they aim to they can only randomize it so much. There would have to still be a visible pattern. To get outside of that would take so much coding and guess and checking that if hes willing and capable of going that far its pointless to try to stop him at all. I doubt he will produce anything to get pass these checks in the near future. He will eventually but he wont right off the bat. It would just be way to much hassle.
Here is my question, If I start coding this and do what I can will some of you with more experience step up and help me. I know I have to have the base done before anyone will consider it. No point waisting your time in something that doesn't seem effecient or plausable. So I will start what I can and then ask for help and hopefully someone can help.
-
hi im a lamer (a.k.a. mac user) so im going to post here on this thread because someone mentioned macs
someones jealous :roll:
-
@ david, yes funlily could easily attempt to spoof the server, but he doesn't have the go getter attitude most think he does. Yes he made an aimbot, yes he made a tjw aimbot. But look at the gap it took him forever to get the GUID acceptable version out.
funlily released the original non-GUID bot open-source. Someone else took a look at it, changed a few things around and re-released it compatible with GUIDs. But you're right, it was a while before a GUID-compatible bot came out.
-
@ david, yes funlily could easily attempt to spoof the server, but he doesn't have the go getter attitude most think he does. Yes he made an aimbot, yes he made a tjw aimbot. But look at the gap it took him forever to get the GUID acceptable version out.
funlily released the original non-GUID bot open-source. Someone else took a look at it, changed a few things around and re-released it compatible with GUIDs. But you're right, it was a while before a GUID-compatible bot came out.
oh sorry didn't care to read to much into who or how they released it. All I know is the GUID compatible source was not released. I am thinking about getting a code extractor but its hard to find a good free one that doesn't come with viruses and spyware.
-
@ david, yes funlily could easily attempt to spoof the server, but he doesn't have the go getter attitude most think he does. Yes he made an aimbot, yes he made a tjw aimbot. But look at the gap it took him forever to get the GUID acceptable version out.
funlily released the original non-GUID bot open-source. Someone else took a look at it, changed a few things around and re-released it compatible with GUIDs. But you're right, it was a while before a GUID-compatible bot came out.
and both versions are violations of the gpl as far as i can tell (the one without the code is a blatant one, but the one with the code has conditions added to the license, which he can't do without express permission from the copyright holder)
-
@ david, yes funlily could easily attempt to spoof the server, but he doesn't have the go getter attitude most think he does. Yes he made an aimbot, yes he made a tjw aimbot. But look at the gap it took him forever to get the GUID acceptable version out.
funlily released the original non-GUID bot open-source. Someone else took a look at it, changed a few things around and re-released it compatible with GUIDs. But you're right, it was a while before a GUID-compatible bot came out.
and both versions are violations of the gpl as far as i can tell (the one without the code is a blatant one, but the one with the code has conditions added to the license, which he can't do without express permission from the copyright holder)
Lets sue them :D
-
now that is a radical aimbot solution
-
:evil: hhehehehe Actually we could demand the source is released or we could get them in trouble for violation of copyright or w/e it is. Then with his source I don't imagine a patch would be hard to make since we could just use his patterns.
-
precedent? (http://www.linuxinsider.com/story/46121.html)
litigation? (http://www.theregister.co.uk/2002/02/27/gpl_enforcement_goes_to_court/)
-
@ david, yes funlily could easily attempt to spoof the server, but he doesn't have the go getter attitude most think he does. Yes he made an aimbot, yes he made a tjw aimbot. But look at the gap it took him forever to get the GUID acceptable version out.
funlily released the original non-GUID bot open-source. Someone else took a look at it, changed a few things around and re-released it compatible with GUIDs. But you're right, it was a while before a GUID-compatible bot came out.
and both versions are violations of the gpl as far as i can tell (the one without the code is a blatant one, but the one with the code has conditions added to the license, which he can't do without express permission from the copyright holder)
I'm not entirely sure he cares
Lets sue them :D
Good luck with that xP
-
what we need is for someone to make a spec bot that detects insane kill whoring and then autospecs the suspect looking for things like 180 degree snaps and other aimbot clues (including the rediculous gretch lookup lock lol) and auto kicks aimbotters.
It's easy to make it so that the aimbot doesn't do 180deg turns, and turn at a limited speed.
What about if we just fill every map with randomly moving *ghost* players, that no one can see. I really don't know if it would work, it's just an idea that I think would make using aimbot a lot harder, atleast with long range weapons, if it would snap into those ghost players.
That's a stupid idea. Aimbots work internally parallel to the executable code so to say. What makes your executable draw a dretch somewhere on the map? Well, the server tells you, that there's a dretch there! Examples of information given: location(XYZ)+speed(XYZ), model(dretch), team(aliens). This would draw a transitioning dretch. If the server wanted to draw a ghost model, it would send a model of type "wtfUnknownModel?!". This would output an error on unpatched clients and nothing on patched ones. However aimbots are smart enough to do this: if team is target team, and model is alien type, and team is alien, aim at the location...
+If aimbots worked with image processing, then they would suck, but not notice the ghosts.
Actually, what we need is a global BAN list maintained by server admins who sign up for it. When we do catch a real hacker we can put them on this list. The server would read the file from a remote server and use it AND its own ban list to ban these players. We could have it use a combination of subnet/ip guid and nickname.
Not a Very Good solution.
Maybe a global website for registering you GUID with your name etc..
Once 1 is spotted we can report to moderators of the site and they can check they ban the GUID. Yes aimbotter will get another GUID but thats life..
I'll put some of you on the list for fun. Someone joining my server would get server-controlled, and will be doing aimbot and decon stuff. Whoops, you're banned!
Something (http://tremulous.net/phpBB2/viewtopic.php?p=75933#75933)i posted a while ago.
The main idea was that this forums user database could be used as the master server. Authentification is easily done by adding some php scripts on this forums server and using simple http requests from either the tremulous client and tremulous servers.
Features:
- It proposes forum user group concepts to be used for player management on tremulous server
- Checking up on IP and management of players can be done at one place, on this site by this site's admins, or alternatively a special user group can be created here for that job
- The ideas go a bit further than just sharing ban lists, but it includes sharing ban lists.
- Names as registered on this forum are globally protected on servers that use this forum as their master server
- How the servers make use of the authentication system and banning system is highly flexible and can be easily customized
One more time I tell you: this game is open source. If you (the server) ask me (my client executable) about my serials, I will just tell you a random value.
Punkbuster (god forbid) takes a regular SS of exactly what the player is seeing on their screen, but punkbuster is a clientside mod as well as serverside... it also lags server like crazy. I'm not by any means saying we should use PB, but if there was a way that this particular feature could be implemented, it could be an rcon command to take a screenie of a client's screen.
As for adding a regular n_command check to the standard repertoire of sv_pure command checks... shouldn't be that hard.
Current funlily leechers won't be expecting this (if it's implemented) so of course while it won't be as effective in the long-term, we can at least slow cheating down for now.
With a hacked GL driver, it's possible to render a WH-screenshot to the screen, and return a normal screenshot to the PB. Same thing with the executable. I have a pure server hack. I execute my own DLL.
For those of you who probably haven't played on our server (The Potato Patch), you're not aware that we have a "bot' that sits and watches the console and does a number of commands. Wonko, who coded this bot, says it'd be relatively simple to add this query (and other functionality of a master ban list) to the bot. If it helped, we could work to help distribute a copy of the bot designed to interact with the master ban list.
What does it DO?
I am currently attempting to make this n_command check but I have no experience in c or in trem source itself so I am having difficulties. If trem was made in c++ this would be a lot easier for me. While c is similar the syntax difference and the overall complexitiy of trem is hard for me.
The server can obviously see movements every client makes, or clients wouldn't be able to play with each other. funlily's aimbot aims at the same spot in the hitbox for each model. At first I thought anyone who hits that exact point 3 time in 1 second is obviosly using it. But you can use his cvars to change the predictions and xy locations of where it points. This would make it to much to check and deffinately lag the server. Now what if instead we checked if someone hit the same x,y point relative to a hitbox 3 times or more in 1 second. After moving of course. No human player no matter how good their mouse is can follow a point on a hitbox exactly. Does this make sense yet? Lets imagine a square. thats the hit box. If someone aims at 10 x and 14 y inside the hitbox. the hitbox moves the person follows and lands back exactly on 10x 14y again. These points will have to be relative to the hitbox of course because otherwise the points would read different as the hitbox moved. There is no way a human player could follow a hitbox further than 10 pixels and land back in the same x,y position. So if the server saw someone hit the same point relative to a hitbox 3 times in a row in a small period of time. When the hitbox has shifted 20+ x,y locations. Its obvious its code doing the aiming not a human hand. Checking for the hitbox shift also would prevent false positives of a person leaving their mouse unmoving. Also the short timing would prevent that someone accidently falls in place of the same relative hitbox point 3 times in a match. It would have to be in a small period of time.
Yes I see you don't have much Quake 3 or Tremulous source code experience. The server keeps sending the snapshots (data about wtf is going down on the server). Those arrive after some time (ping/2) at the client. Then the aimbot analyzes the snapshot and aims at a target. The movement is sent to the server. That arrives at the server after time (ping/2). During that total time of ping, the other client might have changed direction. The client only send movement, not that "hey i've hit him in this point!". This means that the more the ping, the less efective and less accurate the aimbot is. Even if a targes is moving with the same speed in one direction, the aimbot tends to hit locations around the exact target point, because of data truncation (i aim at 294.512/360.0 & 5.49546/360.0, uhm thats approx 53614/65536 & 1000/65536)
--------------------------------------
Administartion works just fine. For aimbots, It will take a short time to spectate and do !kick. For deconndes, !layout reverse 30sec (and !kick).
As for the DLL injection stuff, I was thinking of releasing my aimbot, so even GNU/Linux users can use it (even noobmac)! Tremulous would be SO FUCKED UP.
Ban Windows by UDP header style? What operating systems send the WHOLE packet to executables (so that they may analyze the style)?
Phew!
-
what we need is for someone to make a spec bot that detects insane kill whoring and then autospecs the suspect looking for things like 180 degree snaps and other aimbot clues (including the rediculous gretch lookup lock lol) and auto kicks aimbotters.
It's easy to make it so that the aimbot doesn't do 180deg turns, and turn at a limited speed.
You know, that would be pretty good. It would make aimbot not as effective, thus well not a as big as an advantage.
Like I always say, if people aren't using an aimbot to its potential, it defeats the purpose of the aimbot.
-
what we need is for someone to make a spec bot that detects insane kill whoring and then autospecs the suspect looking for things like 180 degree snaps and other aimbot clues (including the rediculous gretch lookup lock lol) and auto kicks aimbotters.
It's easy to make it so that the aimbot doesn't do 180deg turns, and turn at a limited speed.
You know, that would be pretty good. It would make aimbot not as effective, thus well not a as big as an advantage.
Like I always say, if people aren't using an aimbot to its potential, it defeats the purpose of the aimbot.
+1
-
Something (http://tremulous.net/phpBB2/viewtopic.php?p=75933#75933)i posted a while ago.
The main idea was that this forums user database could be used as the master server. Authentification is easily done by adding some php scripts on this forums server and using simple http requests from either the tremulous client and tremulous servers.
Features:
- It proposes forum user group concepts to be used for player management on tremulous server
- Checking up on IP and management of players can be done at one place, on this site by this site's admins, or alternatively a special user group can be created here for that job
- The ideas go a bit further than just sharing ban lists, but it includes sharing ban lists.
- Names as registered on this forum are globally protected on servers that use this forum as their master server
- How the servers make use of the authentication system and banning system is highly flexible and can be easily customized
One more time I tell you: this game is open source. If you (the server) ask me (my client executable) about my serials, I will just tell you a random value.
You didn't understand. The idea is that your clients needs to authenticate GUID/UserName/IP or a combination of these to be able to play. So your client shouldn't send random values, cause it wouldn't allow it to connect to the server. It should send the correct values so the authorization server (forums user database) allows it to connect. It is more like a global whitelist, random values won't help you there, you need to be recognized.
The drawbacks of the idea have been discussed and acknowledged. Still, its easy to setup, maintain and it does give access control. It doesn't prevent multiple account registration, but checking GUID, email and especially IP's with account registration at one location (this forums database) it becomes a lot harder to stay anonymous.
-
First of all, being the owner of AAA Proving Grounds, I take most calls of cheating with a large grain of salt, entirely because the general Tremulous community tends to jump to conclusions about cheating. Most are fine, but some prefer to bitch and complain.
Those of us that have been playing Quake for a much longer time than Tremulous realize that cheaters are an unfortunate but not unexpected phenomenon in these online games. Administrators are the ones tasked on non-punkbuster (and sometimes these even) to deal with cheaters timely and effectively.
So firstly, (RE: the idea of a transparent server-side catching of n_* cvars...)
There are major problems with this issue.
Firstly, as many have already said, THE CLIENT CAN LIE about it's information, aside from IP address (added to userinfo server-side after challenge response). Needless to say, this would not work.
Secondly, those cvars names and registers can be completely separate and distinctive. I know that a simple s/n_aim/blarg_bookabombs/ on Null's bot source would suffice. Anyone who knows C can figure that out.
Third, as shown in Quake III (and TeamArena), OGC (which is what Null's bot is based on) can defeat this very simply. When punkbuster began scanning cfg's in /baseq3/ noskill decided to implement a second console via F10 in which you could enable these cvars, completely separate from the host system. These cvars were stored in ~/.ogc/ (posix) or a special folder in windows. This was implemented by version OGC 1.92 and above for Q3 1.32c.
I have thoroughly investigated this idea. But it will not work aside from planting a keylogger inside the client. This wouldn't be a good idea for Tremulous. (Who in their right mind would voluntarily download a keylogger just to play a game?)
Now, secondly. A 'rapid view-angle change' detector.
A mouse is an analog device, sending signals to represent movement on a 2D plane. (the mouse x/y coords). These are incremental and predictable (generally). Most aimbots directly copy their angle information onto the entities view angle registers. In first thought this is a great way to catch aimbotters. Unfortunately, this also has flaws. In Q3 Bot AI, the bots run with weighted drifts, in order to make this a little easier for players. Developing an aimbot that would for instance, sqrt() the angle-to-point at the player and add a little extra, here and there, would prove quite lethal with an improved triggerbot (which decides shots based on lerpOrigins and unlagged predications), and would be very hard to catch.
Remove the triggerbot and let a human player fire, you couldn't catch them. Simple. But what you don't know can't hurt you. (At least in an online game. =) )
And finally, a global white list, although very effective, I could bypass quite easily, via a couple transmission-reflecting zombie machines. Or even Tor perhaps. My methods however will remain known to me only.
The biggest call-say I could make up over this is a legitimate false positives. How can you prove who someone is, via IP? You cant. GUID you say? Well it is very easy to spoof GUIDs. Google can show numerous ways of doing so. It gets quite bad in Q3 with some servers.
$cat ~/.q3a/baseq3/boomboxer.txt
ClientNum: 7
Name: "^1Boom^3boxer"
IP: xx.xxx.x.x
GUID: "ABCDEFGHIJKLMNOPQRSTUVWXYZ001337"
Hence my point. And more so, what happened to just dealing with them on your own servers as the come? Honestly, one botter does not CIH your server, so just accept the facts and ban the fucker. These "preemptive strikes" only dismay players, and make botters more successful in destroying the game.
*********************
In closing remarks, a global white list is great, but I will not support it. I firmly believe that banning as each problem surfaces is simple and effective for all concerned administrators. If you cannot police your own server, don't have one.
^^^
And on a side note, certain administrators DO ban the griefers, and the proceed to LEAVE THEIR OWN SERVER to kick/ban the player from the next server that player joins, even before the culprit has joined a team.
A note to you specific admins that follow that view. (You know who you are.) You keep you own anger in the confines of your own server. I don't want you righteous bullshit polluting what I attempt to have sanitized to the best of my ability. You do it...it's also what I include in the griefing definition. You would be disrupting my server for your own pseudo-elitist satisfaction, and only partaking in a witch hunt. You are the ones spreading the hysteria.
The difference between the aimbotters and you problematic Nasi administrators in effect is this.
Botters only get a temporary ban.
-
I laugh at how much thought you put into that post. Instead of telling us exactly how to bypass all proposed systems, maybe you could think about how to make them better.
-
@imperiumZero:
first of all, creating new accounts just to post in a thread after you got flamed out of an almost identical thread is usually frowned upon. second of all, you're right on almost every single point, but a whitelist is extremely effective at getting rid of people who should be banned, along with a huge portion of everyone else, i think you meant a blacklist.
-
A white list with a token, such as $10 registration fee, is hard to defeat. Unless you consider buying multiple tokens as 'beating' it.
-
See his comments on my idea are what I want though. I agree. My simple solution wouldn't be to hard to bypass but you would have to do one of two things to do so. Either make the aimbot less effective which defeats the purpose of having it or make the aimbot much much more advanced. Which would take so much time and effort that funlily would probably just move on. Even if he went on to make a better one, it would be rarer and less of a threat in my opinion.
-
$10 registration fee
whore
-
$10 registration fee
whore
+1
-
guys, I don't get this...
To defeat the aimbot you want to ban all windows clients????
But.... If somebody makes a mac or linux compatible aimbot, youll have the same problem all over again, so what's the point?
-
WTF no don't ban all window clients. You have issues people. That will kill off the community plus make it a mission for people to make bots on other operators.
-
Man people need to learn what a joke is.
-
Well some people didnt have time to go through the whole topic so i read the last post so i assumed it wasnt a joke.
People need get lives. (Not to u David :) )
-
I'll put some of you on the list for fun. Someone joining my server would get server-controlled, and will be doing aimbot and decon stuff. Whoops, you're banned!
See David's discussion here (http://tremulous.net/phpBB2/viewtopic.php?t=5648&postdays=0&postorder=asc&start=60) concerning a web of trust to find that there are ways around such abuse where a shared ban list idea is concerned. Also understand that with Davids idea, any particular server operator would not have to trust your servers ban list.
-
// nice o'vvN4G3 by imperiumZero
what we need is for someone to make a spec bot that detects insane kill whoring and then autospecs the suspect looking for things like 180 degree snaps and other aimbot clues (including the rediculous gretch lookup lock lol) and auto kicks aimbotters.
It's easy to make it so that the aimbot doesn't do 180deg turns, and turn at a limited speed.
You know, that would be pretty good. It would make aimbot not as effective, thus well not a as big as an advantage.
Like I always say, if people aren't using an aimbot to its potential, it defeats the purpose of the aimbot.
I mean tweaking the aimbot down to 99.99% JUST to avoid auto-kicks is more than acceptable. Basically you just disable the instant 180deg turn. 111deg botfov and 1-2 deg/msec turn speed is ok, and delivers near-excellent performance.
+As imperiumZero wrote, sqrt() movement could even fool spectators.
Something (http://tremulous.net/phpBB2/viewtopic.php?p=75933#75933)i posted a while ago.
The main idea was that this forums user database could be used as the master server. Authentification is easily done by adding some php scripts on this forums server and using simple http requests from either the tremulous client and tremulous servers.
Features:
- It proposes forum user group concepts to be used for player management on tremulous server
- Checking up on IP and management of players can be done at one place, on this site by this site's admins, or alternatively a special user group can be created here for that job
- The ideas go a bit further than just sharing ban lists, but it includes sharing ban lists.
- Names as registered on this forum are globally protected on servers that use this forum as their master server
- How the servers make use of the authentication system and banning system is highly flexible and can be easily customized
One more time I tell you: this game is open source. If you (the server) ask me (my client executable) about my serials, I will just tell you a random value.
You didn't understand. The idea is that your clients needs to authenticate GUID/UserName/IP or a combination of these to be able to play. So your client shouldn't send random values, cause it wouldn't allow it to connect to the server. It should send the correct values so the authorization server (forums user database) allows it to connect. It is more like a global whitelist, random values won't help you there, you need to be recognized.
The drawbacks of the idea have been discussed and acknowledged. Still, its easy to setup, maintain and it does give access control. It doesn't prevent multiple account registration, but checking GUID, email and especially IP's with account registration at one location (this forums database) it becomes a lot harder to stay anonymous.
Uhm I must have quoted wrong. My reply doesn't even relate to your post. Sry!
Someone posted something about hard coded values like hd/moboserial...
-
I mean tweaking the aimbot down to 99.99% JUST to avoid auto-kicks is more than acceptable. Basically you just disable the instant 180deg turn. 111deg botfov and 1-2 deg/msec turn speed is ok, and delivers near-excellent performance.
+As imperiumZero wrote, sqrt() movement could even fool spectators.
All that needs to be done is make aimbotting slightly less than effective or less automatic. If you are doing a lot of work with the aimbot, it doesn't become as attractive and allows for more human error.
In tremulous, slowing down an aimbot is good. Tremulous is fast paced and an aliens don't have head hitboxes. So, only the tracking aspect of an aimbot really benefits a person. And if they are tracking slower, an alien can still dodge and take them out.
-
whitelist is the only solution
if you think you can detect aimbot, client OS, or anything that the client have on his/her computer ... you are stupid. sorry
-
good enuff 4 me
when do we start?
-
whitelist is the only solution
if you think you can detect aimbot, client OS, or anything that the client have on his/her computer ... you are stupid. sorry
I am detecting lots of trem clients!
-
For those of you who probably haven't played on our server (The Potato Patch), you're not aware that we have a "bot' that sits and watches the console and does a number of commands. Wonko, who coded this bot, says it'd be relatively simple to add this query (and other functionality of a master ban list) to the bot. If it helped, we could work to help distribute a copy of the bot designed to interact with the master ban list.
What does it DO?
At a very high level, he basically tallies a score for all players. To enable us to do a variety of things; prevent players from below a certain score from joining, kicking players who feed and don't meet a certain score.
He can also be trained to answer keywords with specific phrases (ie: someone types ',ask share' in chat and gets the 'We earn our own Evos/Credits on the Potato Patch' response)
There's some other informational things he does; tracks kills and deaths per map, tracks how many credits/evos you earn and give up, tells you who has killed you the most, etc...
I hate to de-rail the topic, you can read more about him here (http://potatopatch.brianmoses.net/Wiki/Mr%2e_PotatoBot)
-
Hey, haven't been around for a while, it makes me sad to see what is happening to trem now.
My two cents on this, is that it really isn't worth trying to fight against aimbotters in an open source game. It becomes an arms race, if you fix one thing in code soon a slightly better aimbot is released.
To the guy who thought it a good idea to try and force someone to release source code, if you did that, next thing you know there will be several variants released, all improved versions based on that source.
OK, so you create a "final solution" in the human operated IP blacklist, all you have done now is spent a few weeks of work to get maybe one week of "peace" because now you've encouraged the same asshole to add a few lines of code to his aimbot that makes it utterly undetectable to a human spectator. This is a far worse situation to be in than a few idiots hopping their modified client around from server to server and getting banned if they're caught.
As the old saying goes; the only way to win is not to play.
-
Umm... the point is, they are trying to make an open source, into a "closed" which is an illusion that will never happen. Aimbotters will be here, the source is out, VD_Scrawni, yes i know him from Anarchy Network, where me and him, well i was mainly a tester, hacked Soldat. The community still exists, and VD knows VB, and some C++, im sure he learned more from the last time i saw him. And im sure its not hard to find memoffsets and shit like that. All you do is change them after all. Any script kiddy can do it. So w/e ur doing, you're wasting your time...
All these white lists and shit are going to chase players away, even the legit ones. Simply because you're trying to implement something that should not in any way be part of trem. Trem is free, trem is free to use that is. It is free to mod, code for, and change. What you are doing, is destroying trem by getting new players to download ur shitty coded, untested junk. Dont... It kinda explains where this is going just by the renaming system of Unnamed Players. They are new, give them a break. Go on, destroy trem. I'd like to see this happen, the forums are already full of useless shit and junk. Mods are doing their job, but not fully. Kevlar man decided to close my topic for what reason? I didnt violate any rules, i decided to post some of my opinions. Its a sad world we are coming to, and I hope trem burns with the forums. No offense, but im not doing anything to make it worse. Its people like YOU, the moronic, "solutants" or w/e u wanna call yourself, that think you can fix an aimbot problem. Well buddy, bottom line is: YOU CANT... keep trying, maybe in your dreams bud.
-
A black list wont cause problem for legit players unless the people who run it screw up. Which is why it needs a group of trusted people.
And OMG! he knows BASIC! I'm trembling is fear at his mighty power.
And your first paragraph once again proves you know nothing about programming.
The second just proves your a moron.
-
A black list wont cause problem for legit players unless the people who run it screw up. Which is why it needs a group of trusted people.
And OMG! he knows BASIC! I'm trembling is fear at his mighty power.
And your first paragraph once again proves you know nothing about programming.
The second just proves your a moron.
And this proves how you're such a narrow minded dick you are... ITs called an opinion douche bag... and i am entitled to my opinion. Fuck off, once again david... You're the idiot who doesnt know what I think, now stfu, and stop going so critical on me. ITS MY OPINION get that? stupid fuck
Edit - Also from my experience, when I had a name as Unnamed, when i first started, I kept the name, just with a color change... But sadly i had to change it because the fucking system renames my colored name... fucking gay
Edit2 - If you notice, i say "closed" because im hypothetically speaking, you cant add a punk buster or what not to an open source. Basically, an illusion like its closed. And no shit, i dont know coding. Where did I say anything about coding... you're such a disgrace, to mods. You're just an idiot. An idiot who silences people, who wants THEM to comply to YOU, like you own this place. How about no, i stand up for what i think is right, you go ahead go to your little FUCKING CORNER AND DIE... OK DAVID GO DIE!
-
And this proves how you're such a narrow minded dick you are... ITs called an opinion douche bag... and i am entitled to my opinion. Fuck off, once again david... You're the idiot who doesnt know what I think, now stfu, and stop going so critical on me. ITS MY OPINION get that? stupid fuck
Edit - Also from my experience, when I had a name as Unnamed, when i first started, I kept the name, just with a color change... But sadly i had to change it because the fucking system renames my colored name... fucking gay
Edit2 - If you notice, i say "closed" because im hypothetically speaking, you cant add a punk buster or what not to an open source. Basically, an illusion like its closed. And no shit, i dont know coding. Where did I say anything about coding... you're such a disgrace, to mods. You're just an idiot. An idiot who silences people, who wants THEM to comply to YOU, like you own this place. How about no, i stand up for what i think is right, you go ahead go to your little FUCKING CORNER AND DIE... OK DAVID GO DIE!
Summary: wah my pussy hurts.
-
And this proves how you're such a narrow minded dick you are... ITs called an opinion douche bag... and i am entitled to my opinion. Fuck off, once again david... You're the idiot who doesnt know what I think, now stfu, and stop going so critical on me. ITS MY OPINION get that? stupid fuck
Edit - Also from my experience, when I had a name as Unnamed, when i first started, I kept the name, just with a color change... But sadly i had to change it because the fucking system renames my colored name... fucking gay
Edit2 - If you notice, i say "closed" because im hypothetically speaking, you cant add a punk buster or what not to an open source. Basically, an illusion like its closed. And no shit, i dont know coding. Where did I say anything about coding... you're such a disgrace, to mods. You're just an idiot. An idiot who silences people, who wants THEM to comply to YOU, like you own this place. How about no, i stand up for what i think is right, you go ahead go to your little FUCKING CORNER AND DIE... OK DAVID GO DIE!
Summary: wah my pussy hurts.
Summary: you're a spamming crackhole faggot, go get a hobby to do. Im just tired of mods running this place, its annoying. This whole place is REEKING OF DAVID AND KEVLAR MAN, and people like, YOU who are fucking retards, who have nothing better to do than SPAM SPAM SPAM... Holy fuck, GROW UP!! How LONG does it take you?? Havent hit puberty? This whole community simply sucks... corrupted mods, corrupted people. Perfect... Tremulous: Taking spamming and flaming beyond the forums. Thats another perfect motto
-
Ok, will you cut all the free speech crap. Learn what the fuck you are on about or stop insulting the millions of people who have died to defend undeserved freedom of speech. You have the right to think and say what you want. You do NOT have the right to say it here, and you sure have no right to cause hassle and grief to other people.
-
Umm... the point is, they are trying to make an open source, into a "closed" which is an illusion that will never happen. Aimbotters will be here, the source is out, VD_Scrawni, yes i know him from Anarchy Network, where me and him, well i was mainly a tester, hacked Soldat. The community still exists, and VD knows VB, and some C++, im sure he learned more from the last time i saw him. And im sure its not hard to find memoffsets and shit like that. All you do is change them after all. Any script kiddy can do it. So w/e ur doing, you're wasting your time...
All these white lists and shit are going to chase players away, even the legit ones. Simply because you're trying to implement something that should not in any way be part of trem. Trem is free, trem is free to use that is. It is free to mod, code for, and change. What you are doing, is destroying trem by getting new players to download ur shitty coded, untested junk. Dont... It kinda explains where this is going just by the renaming system of Unnamed Players. They are new, give them a break. Go on, destroy trem. I'd like to see this happen, the forums are already full of useless shit and junk. Mods are doing their job, but not fully. Kevlar man decided to close my topic for what reason? I didnt violate any rules, i decided to post some of my opinions. Its a sad world we are coming to, and I hope trem burns with the forums. No offense, but im not doing anything to make it worse. Its people like YOU, the moronic, "solutants" or w/e u wanna call yourself, that think you can fix an aimbot problem. Well buddy, bottom line is: YOU CANT... keep trying, maybe in your dreams bud.
You're just upset because chances are high you'll end up on that list at some point. :P
-
Ok, will you cut all the free speech crap. Learn what the fuck you are on about or stop insulting the millions of people who have died to defend undeserved freedom of speech. You have the right to think and say what you want. You do NOT have the right to say it here, and you sure have no right to cause hassle and grief to other people.
You dont have a right to lock my posts for no reason... You do NOT have a right to abuse your mod power... you dont lock the topics that have flaming in them, only tuple sometime does it, and not even half way thru, he skips half of the topics. You dont have a right to command me, dont command me, go tell your mother to bring you a bib and a pacifier. Little baby has no excuse... no matter how much of a tard you are... This isnt free speech, this is this community fucking up, because you're not doing your job...
Oh and beer: No it wont happen, im done with trem 1.1, it sucks. Period. Just because of people like YOURSELF. and One more thing, when i move, my IP will change. So whatever you do, you wont know who i am.
-
You really forget the part about people paying for message board and game servers that are their property, which they allow you to use if you abide by their rules, however trivial those may be. You have the freedom to leave if you do not like the way that it is run. You seem to have forgotten the right to private property in your ranting about freedom of speech.
-
Summary: you're a spamming crackhole faggot, go get a hobby to do. Im just tired of mods running this place, its annoying. This whole place is REEKING OF DAVID AND KEVLAR MAN, and people like, YOU who are fucking retards, who have nothing better to do than SPAM SPAM SPAM... Holy fuck, GROW UP!! How LONG does it take you?? Havent hit puberty? This whole community simply sucks... corrupted mods, corrupted people. Perfect... Tremulous: Taking spamming and flaming beyond the forums. Thats another perfect motto
Need a tissue?
-
2 menny internet tuffguys in dis here thred
Hope this helps.
-
You dont have a right to lock my posts for no reason... You do NOT have a right to abuse your mod power... you dont lock the topics that have flaming in them, only tuple sometime does it, and not even half way thru, he skips half of the topics. You dont have a right to command me, dont command me, go tell your mother to bring you a bib and a pacifier. Little baby has no excuse... no matter how much of a tard you are... This isnt free speech, this is this community fucking up, because you're not doing your job...
Oh and beer: No it wont happen, im done with trem 1.1, it sucks. Period. Just because of people like YOURSELF. and One more thing, when i move, my IP will change. So whatever you do, you wont know who i am.
- David is not a moderator
- Noone has yet abused his mod powers
- He can't. Tuple isn't the only one. Flaming is semi-allowed and as such not all will be locked.
- I have a right to say you are acting like an asshole when you actually are acting like an asshole.
- Evle, you're acting like an asshole.
- Then leave and save us the trouble that comes with people being annoyed to your presence. Or shape up and try to be mildly likeable.
-
Not talking about DAVID... talking about kevlar >.< i hate that dude, he is such a nuisance!!!
-
Not talking about DAVID... talking about kevlar >.< i hate that dude, he is such a nuisance!!!
Unlike you who on various occasions was a pest. And referring directly with you to someone who hasn't even posted on this page of the topic is stupid.
If you can only complain about trem and give absolutely no worthwhile suggestions to fix any problems in your view you are only messing up the board.
You have started insulting people a lot again the past few days and are giving trouble. Shape up and beat people by reason and logic.
If you must get a new account and don't mention it's linked to you and start over without all the prejudice against you as to evade what is happening to plague bringer atm.
-
Fix? Look at my sig... you have a fix for it? i dont... get rid of the w/e is the cause. And it doesnt matter, even plague said kev can be a huge fag when he closes topics that should be open for discussion. Also how was a nuisance to you? What kind of a pest, what that I post random shit? oh well, everyone likes to do that once in a while... Soo?? this is the internet...
-
Soo?? this is the internet...
Quality argument right there.
Bye. Going to miss this place.
-
This is a tremulous forum. Random shit belongs in off-topic, which is in fact the only non-tremulous related designated subforum on here, but has in recent times spilled over to almost all forums and polluted discussion to the point of it being inconsequential.
Now I'll start on those point of yours
1. Before aimbots, tremulous was fun
--- Iirc you were one of the first to use it.
2. Before the devs abandoned trem, there was a hope of 1.2
--- It hasn't been abandoned. And since you're not paying they have no obligation to finish it fast. They're not obligated to anyone but themselves.
3. Before all the new players, trem was fun...
--- To me you are one of the new players, this is one of the weakest arguments.
4. Before all the arguments, trem was fun... again
--- People are argumentative, it's a shame so many of them are so bad at it.
5. Before all the conspiracy against each other, trem was even more fun
--- Hardly any conspiracy exists against people of integrity. But putting yourself open by even putting one step wrong ('testing' an aimbot so 'I can identify it') and you've lost any respect.
6. Before flux became a control freak, and before hack paranoia took over him, trem was fun
---So Flux's server is the only one in trem?
7. Before the forums were filled with spam, trem was fun, more
--- You said you posted random shit on occasion. A lot of people posting random shit means a lot of occasions which results in it being all the time. This at least is something people do not have to add to outside of off-topic. Yet they do. They brought in unto themselves.
8. Before the community went corrupt, with all the spam, server problems, and bullshit like this with flaming, trem was "actually" fun
--- You're stating things which by definition are not fun. I do not see you mentioning the causes of them. Which are people not following the set rules or not accepting that what they dish out they get in return.
9. Before the massive expansion of wannabe clans, trem was much fun
--- Clans have in my eyes always been a joke. But they do not need to affect you if you don't want to. Just don't get involved with them.
10. After the devs started promising stuff that never is going to happen, trem was boring, and still is
--- How do you know it's not going to happen. Because if you knew you could do something about it. See response to point 2
11. No one can take attention of "me" and false hacking.
--- You brought it onto yourself
Well when Null created the hack, and i tested it, it does NOT seem to work on a relic modded server.
http://tremulous.net/phpBB2/viewtopic.php?p=76112&highlight=tested+null#76112
12. The community isnt mature enough to understand hacking, and cheating. Cheating is obviously legal in every aspect, yet others are anti-cheating freaks, so they go blame me for years of stuff, that i never really did, who cares if sum1 used my name to post something about cheats for trem? Who cares?
--- Cheating is illegal in every aspect of server rules which forbid it. If there is a server which allows it then good for them. But practically all cheating happens on servers which have rules against them, and it spoils the fun of players trying to get better by practicing. And if anyone argues its for their relaxation they should realize they are spoiling the relaxation of a lot of other players.
13. No one believes anyone anymore, and no one cares...
--- What a bogus point. My refute of this one is unnecesary since I made this quote, and thus care, but I check my stuff most of the time. And all of the time when coming from a doubtful source. It is an empirical way which firmly sets your opinion on a solid base instead of a wisp of air.
-
Short list:
Evlesoa
Belier13
NoComputer
3
Dev\\Null (Or whatever his name is)
Evlesoas Brother
Just a short list I came up with in a minute.
-
Umm... the point is, they are trying to make an open source, into a "closed" which is an illusion that will never happen.
All these white lists and shit are going to chase players away, even the legit ones.
A white list will chase no one away, just like how GUIDS chase no one away.
There can be a lot done against aimbotters. The problem is that aimbotters want to paint as bleek of a future as possible to avoid having to work harder(if people get the initiative and skill to code around them).
I think an arms race would be good, in terms of programming. Anyone who can hack, would. But its not that easy. There is a breaking point or at least interest point in terms of what hackers are willing code. Frankly, the developers have reached their breaking point but a reversal would be interesting.
This generation of gaming is pretty insecure, just like the internet. But is a matter of time before people make software do what they intend.
-
Excuse me a moment while I state the obvious:
Evlesoa, you don't like us. Or at least, you don't like many of us. In fact, you virulently hate a great deal of us.
We, and I know I speak for a considerable portion of the community, probably the majority (we can run a poll if you like but I don't think that's necessary) don't like you. Sad but true.
Neither we nor you have anything to gain by your continued presence, unless I miss my mark.
So why do you keep coming back?
Think about that question, seriously. An important sign of maturity is the ability to reflect on your own actions and their consequences from an objective viewpoint. I will be genuinely surprised if you can point out even one good reason why you talk to an audience that is not listening.
edit: I hear on the grapevine Ev is banned. If this in the case, ignore the above, giving a crap has officially ended.
On topic: I am yet to be convinced that aimbots are a problem in tremulous. I have not yet seen one in game.
To combat griefing, in my opinion, what Tremulous really needs is a reliable client identification system, the only such system being asymmetric key encryption technology. When I have finished one or two other things, I will work on including some libraries into Tremulous to add public key authentication. Every client randomly generates a public/private keypair, and tells every server their public key. The server encrypts a random digit string with this key and sends it to connecting clients. If they can decrypt it, they must have the corresponding private key, which barring direct theft from the filesystem of the client involved will only be available to that client.
There exist quite a number of totally free implementations of this technology out there, all one needs to do is connect the business end to Tremulous (which is by no means a simple task but should not be beyond reach of an amateur programmer such as myself).
I'm pretty sure this is not the first time it has been suggested and may not even be the first time an implementation has been attempted. If a patch has already been written I would be grateful if someone could point me at it :P
-
I agree with Evlesoa, despite the flaming.
On topic: I am yet to be convinced that aimbots are a problem in tremulous. I have not yet seen one in game.
To combat griefing, in my opinion, what Tremulous really needs is a reliable client identification system, the only such system being asymmetric key encryption technology. When I have finished one or two other things, I will work on including some libraries into Tremulous to add public key authentication. Every client randomly generates a public/private keypair, and tells every server their public key. The server encrypts a random digit string with this key and sends it to connecting clients. If they can decrypt it, they must have the corresponding private key, which barring direct theft from the filesystem of the client involved will only be available to that client.
There exist quite a number of totally free implementations of this technology out there, all one needs to do is connect the business end to Tremulous (which is by no means a simple task but should not be beyond reach of an amateur programmer such as myself).
I'm pretty sure this is not the first time it has been suggested and may not even be the first time an implementation has been attempted. If a patch has already been written I would be grateful if someone could point me at it :P
This kind of security will definitely not scare anyone off, it may be implemented with no drawbacks to the community, whatsoever. The question is, what good it will do?
Basically it "allows" correct identification of clients. Imposters are cought. So others can't steal your name, and you will not be sued for others' actions. No more ID hacking.
What does it do against aimbotters? Nothing! The keys just tell you that you are a well known somebody, who didn't aimbot(yet). Everytime you're banned, you create a new key and you're done. Back to the IP banning...
If public keys are recorded and queried from the give server or the master server, and player names are permanent (like a username), it may start a name war, such as someone registering loads of names. It's easy too, autobots...
To combat aimbotters:
- get cash and recruit large team who is going to do all this
- buy and close the Q3 and Tremulous source code
- buy PunkBuster from Evenbalance, implement it
- buy some DRM stuff from Microsoft, implement it
- establish a trusted corporate ID server
- registrating is 4.99$, requires real name and ID, and is limited to once-per-lifetime
- write a very proprietary licence that has deep consequences to aimbotters
- :D
-
What about adding a little check for if someone's aim is following/leading their target by a seemingly strict amount? I seriously doubt that even the BEST player ever could manage to keep an exact amount of lead/follow time. If this noticed anything unusual, it could report it to a relatively high level admin, so they could spec the person.
I know it has been said that anything the client sends is suspect, but if people could be banned by processor serial number, it would circumvent the problems from subnet bans. If the check were in the cgame, a pure server's ban would only be avoidable by hacks similar to null's aimbot, as I see it.
-
What about adding a little check for if someone's aim is following/leading their target by a seemingly strict amount? I seriously doubt that even the BEST player ever could manage to keep an exact amount of lead/follow time. If this noticed anything unusual, it could report it to a relatively high level admin, so they could spec the person.
I like that approach more so than others suggested.
-
from here (http://tremulous.net/phpBB2/viewtopic.php?p=84768#84768)
The only solution I can think off is for the server to collect statistical information about each player, how they move, how they shoot, what is their killquota, how many shots do they miss. For example the instant aim (noncontinuous moves) can be detected (since the aimbot sets the aim on the alien, and doesn't move it there), how well does a shooter track an object etc etc. Only if after a certain observed time it shows that these values are somewhat off of normal (what ever normal mean needs to be defined) automatically a demo is recorded by the server or players with a certain lvl on the server are send a message that there is a suspicious player on to deal with the matter. From an automated kick/ban system i would discourage, a human would have to examine the data before any action is taken. And then what?
-
The server could run an aimbot for every person (Like it does for turrets) and see how much that deviates from their actual client input.
-
If ping isn't 0, deviation is high for entities that do not move with Newtonian physics. The shots are scattered around, so much that it misses a considerable amount. That's highly not aimbot-like, so it can be any player. As for lasgun VS dretches, it's 1 kill per second. Luck or aimbot.
The purpose of the aimbot is to improve your aim, not make it beyond human capabilities.
-
If ping isn't 0, deviation is high for entities that do not move with Newtonian physics. The shots are scattered around, so much that it misses a considerable amount. That's highly not aimbot-like, so it can be any player. As for lasgun VS dretches, it's 1 kill per second. Luck or aimbot.
The purpose of the aimbot is to improve your aim, not make it beyond human capabilities.
NO.
The aimbot does NOT just help your aim -- it literally FORCES you to aim at the exact center of the current target (I dont remeber/know how it chooses that target) +/- the prediction amount, which should only matter with:
1) Non-hitscan weapons, mainly prifle
2) Lagged servers, of which there are few due to how long ago Unlagged was added to svn
If you really need proof that aimbots do all the aiming, I could provide it, but I'd rather not, and I WONT explain it.
-
The purpose of the aimbot is to improve your aim, not make it beyond human capabilities.
NO.
LOL, there's a reason it's called a "bot". If you want to "improve" your aim, either take some hallucinogens (to mess up your perception), or freaking practice.
-
I think he means, aimbots are not perfect. So your accuracy is better than it is unaided, but still less then 100%. Different interpretations of the word "improve" here.
-
I think he means, aimbots are not perfect. So your accuracy is better than it is unaided, but still less then 100%. Different interpretations of the word "improve" here.
Well, they are supposed to be as perfect as possible. The only reason they are not perfect is due to lag. An aimbot on an Unlagged server with las, larmor, helm, and battpack would be unkillable to the smaller aliens and only as killable to larger aliens has they could deal with his dodging ability.
Anyway, I will work on an aim-analysis add-on to the qvm, but no promises.
-
Hey, it was just an idea. You guys have a better one ?
Ban all linux users..
-
Ban Vista users. :wink:
Maybe use Vista to calculate a really unique GUID from that TPM stuff thats built into alot of laptops now... That might work w/ vista stead of banning them :) Just a thought.
-
Hey, it was just an idea. You guys have a better one ?
yeah kick people who are aimbotting...
jesus banning people running windows? never gonna happen
-
Hey, it was just an idea. You guys have a better one ?
yeah kick people who are aimbotting...
jesus banning people running windows? never gonna happen
Well, at least some of you know what hyperbole is. :)