ways to stop cheaters.
ways to stop cheaters.
1) no one will like this but, make the game closed source.
2) set up scoring so it is done at the server through coordinents, and points of intersection.
I am trying to think of ways to do this.
any comments?
-Win Xp
2) set up scoring so it is done at the server through coordinents, and points of intersection.
I am trying to think of ways to do this.
any comments?
-Win Xp
- ^nightmare^
- Private First Class
- Posts: 1264
- Joined: Sun Feb 20, 2005 7:14 pm
- Location: Alabama
- Contact:
ok, i know im not the only one thinking this...
Whats the point of being admin if you cant ban cheaters anyways, i agree with h0ley...
Whats the point of being admin if you cant ban cheaters anyways, i agree with h0ley...
Need bzflag help? Try looking here: http://www.freewebs.com/bznightmare/map ... aghelp.htm
H0ley
it dosn't take any more CPU then the client does when it's not drawing, aka nothing.
You people that say the server can't do hit detection have no clue what your talking about. Nearly every net game in the world other then bzflag has an athortive server state. No it won't add lag, no it won't bog down the server, no it won't do any of the thing you fear. If it's done right. Just go read up on the subject before you all make these statements.
Some people are looking at doing better hit detection in a post 2.0.5 patch. 2.1.x is being reworked to have more things on the server ( like hit detection ).
Win Xp
the server does score right now it just dosn't do hits.
Closing the source will NEVER happen. The game can't be closed source due to it's license. And even if it was closed, it's a simple mater to have a packet sniffer in line to modify the data sent out.
You can never trust a client. ever.
You all are freaked out because there are new cheat clients going around. It happens. It's happend in the past, it will happen in the future. Get over it. Just admin your server and ban the cheaters. We know what we have to do to make it harder to cheat, somone just has to do it. It's not hard, just tedious.
All your posts do is give them what they want. attention. It's better to spend your time working on real fixes for the problem ( making the server authortive ). If you can't code, or don't want to.. then sorry.. there isn't much you can do other then convince a coder to work on it.
it dosn't take any more CPU then the client does when it's not drawing, aka nothing.
You people that say the server can't do hit detection have no clue what your talking about. Nearly every net game in the world other then bzflag has an athortive server state. No it won't add lag, no it won't bog down the server, no it won't do any of the thing you fear. If it's done right. Just go read up on the subject before you all make these statements.
Some people are looking at doing better hit detection in a post 2.0.5 patch. 2.1.x is being reworked to have more things on the server ( like hit detection ).
Win Xp
the server does score right now it just dosn't do hits.
Closing the source will NEVER happen. The game can't be closed source due to it's license. And even if it was closed, it's a simple mater to have a packet sniffer in line to modify the data sent out.
You can never trust a client. ever.
You all are freaked out because there are new cheat clients going around. It happens. It's happend in the past, it will happen in the future. Get over it. Just admin your server and ban the cheaters. We know what we have to do to make it harder to cheat, somone just has to do it. It's not hard, just tedious.
All your posts do is give them what they want. attention. It's better to spend your time working on real fixes for the problem ( making the server authortive ). If you can't code, or don't want to.. then sorry.. there isn't much you can do other then convince a coder to work on it.
JeffM
- ducatiwannabe
- Private First Class
- Posts: 3258
- Joined: Tue Aug 10, 2004 3:55 pm
- Location: Planet Earth
- Contact:
Just relax, play where admins are at if you don't want to meet a cheater, and enjoy BZ like you used toYou all are freaked out because there are new cheat clients going around. It happens. It's happend in the past, it will happen in the future. Get over it. Just admin your server and ban the cheaters. We know what we have to do to make it harder to cheat, somone just has to do it. It's not hard, just tedious.
All your posts do is give them what they want. attention. It's better to spend your time working on real fixes for the problem ( making the server authortive ). If you can't code, or don't want to.. then sorry.. there isn't much you can do other then convince a coder to work on it.
As for Win Xp's #2 suggestion, that is already in 2.1.x.
Cheating is almost disgustingly easy still, even in the latest CVS. It is very easy to fly around with WG, have a button to toggle OO on and off, and drive/turn super fast.
Many of these cheats are fairly easy to detect and so I estimate that at the relase date of 2.1 most of the cheaters will have vanished.
The best way to combat cheating is get a bunch (preferably hidden) admins that know what cheating is and recognize what is cheating and what isn't.
Another approach might be to lurk around with a different callsign.
Cheating is almost disgustingly easy still, even in the latest CVS. It is very easy to fly around with WG, have a button to toggle OO on and off, and drive/turn super fast.
Many of these cheats are fairly easy to detect and so I estimate that at the relase date of 2.1 most of the cheaters will have vanished.
The best way to combat cheating is get a bunch (preferably hidden) admins that know what cheating is and recognize what is cheating and what isn't.
Another approach might be to lurk around with a different callsign.
- A Meteorite
- Private First Class
- Posts: 1786
- Joined: Thu Apr 28, 2005 12:56 am
- Location: California, U.S.
- Contact:
And the other best way to stop them: Don't give them what they want. Don't talk about them. Don't do nothing. Just ban them.
(and, yes, I've had a problem with this... must... resist... urge... )
(and, yes, I've had a problem with this... must... resist... urge... )
Owner @ BZFX
Core Admin @ CAN
Email me: bzmet…@gmail.com
- Workaphobia
- Master Sergeant
- Posts: 252
- Joined: Wed May 26, 2004 7:29 pm
Heh, part of the problem is that we read inaccurate information.JeffM2501 wrote:H0ley
it dosn't take any more CPU then the client does when it's not drawing, aka nothing.
You people that say the server can't do hit detection have no clue what your talking about. Nearly every net game in the world other then bzflag has an athortive server state. No it won't add lag, no it won't bog down the server, no it won't do any of the thing you fear. If it's done right. Just go read up on the subject before you all make these statements.
From BZFlag's wiki
I came across that ages ago and the claim seemed odd to me back then too. Unless the wiki is universally considered inactive and outdated, someone might want to fix that.
I'm looking forward to the day when all the painfully obvious cheats are eliminated, and we're just left with the subtle ones - at least they won't give the cheater any trolling-related satisfaction.
"Nifty News Fifty: When news breaks, we give you the pieces."
- H0ley
- Private First Class
- Posts: 266
- Joined: Sun May 01, 2005 7:29 pm
- Location: Planet MoFo
- Contact:
Strangly enough I read that a few days ago because I was wondering about all the existing cheats. Yea, all of those say 'The only way to prevent this is to have the server arbirate collisions and deaths, which would put a big strain on the server.' God, I was thinking that I was going crazy or something.
/loves meteorite's mom
-
- Private First Class
- Posts: 14
- Joined: Tue Dec 20, 2005 7:02 pm
"Trusted client" concept
I have a "trusted client" idea I wish to share. How about releasing a closed source module that computes an MD5 checksum on the BZFlag client binary and sends it to the server? For this closed-source client module, compiler optimizations should be disabled and the code should be obfuscated, so that a hacker cannot easily disassemble the authentication binary and modify it so that it sends the server what it wants to hear.
Comments?
Comments?
Last edited by Dylan Sunderberg on Sun Sep 23, 2012 12:10 am, edited 8 times in total.
Ok here we go again....
1) a closed source module would pull us from many( allmost all ) of the linux distros
2) every distro, and every build on linux is different, since they use different versions of libraries ( static and dynamic ). So you'd not be able to predict the binary signature of anyone who built there own version on linux ( probably about 20% ). These people are not cheaters, they are just using the open source nature of the project to build there own client. Often because the binary builds do not work on there systems.
3) ever developer, tester, and person who used CVS would have a new MD5 for every build they make. Many people use CVS.
4) they could just hack out the Md5 responce and provide a "good" one when the client was bad, all they would have to do is watch the line of a good client, get what it does, and hack it out. It's VERY simple. It's been tried before, it allways fails. There are many articles on the subject.
Basicly the idea dosn't realy solve anything, provides more trouble then it's worth, and gives you a false sense of security. You can not do a checksum in any system that uses a source distrobution. It just dosn't feasably work out.
You can NEVER EVER trust any data from a client. The only way to use it is to first verify it. The server can know what valid inputs are and just disallow ones that are outside of what is possible in the game. Then the server also keeps a gamestate and makes sure that the rest of the clients do what it expets to happen. It is a babysitter mentality. Due to the nature of network packaets you can't be sure where packets are coming form ( on an application level ) so there is no way to ever trust one unless you verify it's data. If the contents of the packet are valid, then you don't care where it came from, since it fits the rules of the game.
1) a closed source module would pull us from many( allmost all ) of the linux distros
2) every distro, and every build on linux is different, since they use different versions of libraries ( static and dynamic ). So you'd not be able to predict the binary signature of anyone who built there own version on linux ( probably about 20% ). These people are not cheaters, they are just using the open source nature of the project to build there own client. Often because the binary builds do not work on there systems.
3) ever developer, tester, and person who used CVS would have a new MD5 for every build they make. Many people use CVS.
4) they could just hack out the Md5 responce and provide a "good" one when the client was bad, all they would have to do is watch the line of a good client, get what it does, and hack it out. It's VERY simple. It's been tried before, it allways fails. There are many articles on the subject.
Basicly the idea dosn't realy solve anything, provides more trouble then it's worth, and gives you a false sense of security. You can not do a checksum in any system that uses a source distrobution. It just dosn't feasably work out.
You can NEVER EVER trust any data from a client. The only way to use it is to first verify it. The server can know what valid inputs are and just disallow ones that are outside of what is possible in the game. Then the server also keeps a gamestate and makes sure that the rest of the clients do what it expets to happen. It is a babysitter mentality. Due to the nature of network packaets you can't be sure where packets are coming form ( on an application level ) so there is no way to ever trust one unless you verify it's data. If the contents of the packet are valid, then you don't care where it came from, since it fits the rules of the game.
JeffM
-
- Private First Class
- Posts: 14
- Joined: Tue Dec 20, 2005 7:02 pm
2. Surely a checksum could be computed on the unvarying part of the code.Ok here we go again....
1) a closed source module would pull us from many( allmost all ) of the linux distros
2) every distro, and every build on linux is different, since they use different versions of libraries ( static and dynamic ). So you'd not be able to predict the binary signature of anyone who built there own version on linux ( probably about 20% ). These people are not cheaters, they are just using the open source nature of the project to build there own client. Often because the binary builds do not work on there systems.
3) ever developer, tester, and person who used CVS would have a new MD5 for every build they make. Many people use CVS.
4) they could just hack out the Md5 responce and provide a "good" one when the client was bad, all they would have to do is watch the line of a good client, get what it does, and hack it out. It's VERY simple. It's been tried before, it allways fails. There are many articles on the subject.
Basicly the idea dosn't realy solve anything, provides more trouble then it's worth, and gives you a false sense of security. You can not do a checksum in any system that uses a source distrobution. It just dosn't feasably work out.
You can NEVER EVER trust any data from a client. The only way to use it is to first verify it. The server can know what valid inputs are and just disallow ones that are outside of what is possible in the game. Then the server also keeps a gamestate and makes sure that the rest of the clients do what it expets to happen. It is a babysitter mentality. Due to the nature of network packaets you can't be sure where packets are coming form ( on an application level ) so there is no way to ever trust one unless you verify it's data. If the contents of the packet are valid, then you don't care where it came from, since it fits the rules of the game.
3. Surely a scheme could be devised to compute a checksum for every new client release automatically.
Last edited by Dylan Sunderberg on Sat Sep 22, 2012 11:48 pm, edited 2 times in total.
-
- Private First Class
- Posts: 14
- Joined: Tue Dec 20, 2005 7:02 pm
Perhaps multi-threading could be employed somehow to reduce the impact of the cryptographic routines on the game's performance.
Last edited by Dylan Sunderberg on Sun Sep 23, 2012 12:11 am, edited 3 times in total.
It only takes one small bit of closed-source to make an entire project closed-source.The bzflag and bzfs programs are still gonna be open source, it's just that they'll "attach" to small, closed-source modules to do client authentication.
BZFlag will not be open source because, although the code is freely available, you can't modify it.
It violates the current license agreement.
It will be pulled from many distros becuase it is closed-source.
Now, with the closed-source module (I will call it the Trusted Client Module, or TCM) who will own it?
Will they have the right to sell BZFlag?
Cheating is obvious and can be banned very easily. If you have a hard time deciding if someone is cheating, look for other /reports of the player cheating.
Your admins should be trained to /report the IP and callsign of any cheater they see.
Oh yeah, if you have a single core, all the threads in the world won't help you because they still take turns.
- ^nightmare^
- Private First Class
- Posts: 1264
- Joined: Sun Feb 20, 2005 7:14 pm
- Location: Alabama
- Contact:
Has anyone ever thought of trying to hook up with punkbuster? They do pretty good at stoping cheaters...
Need bzflag help? Try looking here: http://www.freewebs.com/bznightmare/map ... aghelp.htm
- RPG
- Lieutenant, Junior Grade
- Posts: 2015
- Joined: Fri Sep 17, 2004 2:37 am
- Location: Chicago, Illinois
- Contact:
It's a freaking cheater people! It always happens. They come. It's almost as part of the game as the tanks are. You just ban them and move on. Ban, move on. Ban, move on. BZFlag will never be cheater free, no matter what you do. Punkbuster costs the developers money, and it is slow. All this is silly for a simple open source game.
/rant
/rant
- Tropican8
- Private First Class
- Posts: 312
- Joined: Fri Mar 18, 2005 11:51 pm
- Location: As close to the grove as you can get
Thank YouTD-Linux wrote:Oh yeah, if you have a single core, all the threads in the world won't help you because they still take turns.CuddlyFuzz wrote:But it only has to be done whenever a client connects. If you're worried about the impact on the performance of the game in-progress, use threads.Tropican8 wrote: I'm no expert, but algorithms like blowfish, twofish, serpent, 3DES, AES, etc. are way too slow. Even if there is no speed hit, processor usage will soar to decrypt/encrypt the information.
-
- Private First Class
- Posts: 14
- Joined: Tue Dec 20, 2005 7:02 pm
Playing against cheaters is tiresome, as is banning them. Surely, with some ingenuity, the problem of cheating in games such as this can be all but eliminated! For one, I heartily welcome a solution to cheating in BZFlag, and I will look forward to all the responses given.
Last edited by Dylan Sunderberg on Sun Sep 23, 2012 12:04 am, edited 7 times in total.
Who will search the patches and accept them?What are you talking about? You can modify it, submit a patch, and get it accepted, just like always. Having a central repository of MD5s will not prevent people from contributing code.
That's a lot of work - far more than hiring admins for free that want to to it really bad for free.
What if I want to modify my client (like I do) and don't want it to be in BZFlag?
This isn't Open Source.
All Open Source licenses allow free modification - even cheats.
Grasp this concept: Cheats aren't bad, what's bad is using them at a server that dosen't allow cheats.
Find me a cop that hates his/her job.Yeah, but it's tedious. Trusted clients prevent all of that hassle. Being a server admin should be fun. Having to constantly be on the lookout for cheaters is not fun.
You don't need to be on the lookout for cheating - it is usually blatantly obvious anyway.
This is never going to happen... I dare you to find ONE bzflag developer willing to do that.All of that can be worked out. We're not talking about showstoppers here.
Not unless you have dual cores, or dual processors.Threads will help, surely?
So, is it becuase you are lazy?
You can't prevent cheaters - becuase BZFlag protocol is open, they can hack it super easy.Trusted clients prevent both.
98% of bans I can guarantee you are for TKing or langauge.
Isn't that just hiring other people to ban for you?PunkBuster costs ID Software money because a third-party developer licenses it.
Have you ever seen anyone cheat? How often? If you think cheaters are that major a problem, you obviously don't play BZFlag enough.
Let this thread die, please.
EDIT: I kind of regret making this post, I'm just feeding the fire, and it will never happen anyway. Oh well, might as well leave it here because I spent all that effort typing it
-
- Private First Class
- Posts: 14
- Joined: Tue Dec 20, 2005 7:02 pm
Surely modified clients should be prohibited from connecting to public servers, regardless of whether the game is open-source.
I am open to all the community has to say on this subject.
I am open to all the community has to say on this subject.
Last edited by Dylan Sunderberg on Sun Sep 23, 2012 12:12 am, edited 5 times in total.