ways to stop cheaters.

Make suggestions for improving one of the best games on the net!
User avatar
Winny
Grouchy
Grouchy
Posts: 2381
Joined: Wed Aug 24, 2005 12:27 am
Location: Ottawa eh?
Contact:

ways to stop cheaters.

Post by Winny » Thu Dec 29, 2005 3:09 am

1) no one will like this but, make the game closed source.

2) set up scoring so it is done at the server through coordinents, and points of intersection.



I am trying to think of ways to do this.

any comments?

-Win Xp

User avatar
H0ley
Private First Class
Private First Class
Posts: 266
Joined: Sun May 01, 2005 7:29 pm
Location: Planet MoFo
Contact:

Post by H0ley » Thu Dec 29, 2005 3:23 am

1) No. And no. How many cheats are available for non-open games? I'm guessing... nearly all.

2) Too much bandwidth and stress on the server.

Simple /ban, and bam you're done.
Image
/loves meteorite's mom

User avatar
^nightmare^
Private First Class
Private First Class
Posts: 1264
Joined: Sun Feb 20, 2005 7:14 pm
Location: Alabama
Contact:

Post by ^nightmare^ » Thu Dec 29, 2005 3:31 am

ok, i know im not the only one thinking this...
Whats the point of being admin if you cant ban cheaters :lol-old: anyways, i agree with h0ley...
Need bzflag help? Try looking here: http://www.freewebs.com/bznightmare/map ... aghelp.htm

User avatar
Tropican8
Private First Class
Private First Class
Posts: 312
Joined: Fri Mar 18, 2005 11:51 pm
Location: As close to the grove as you can get

Post by Tropican8 » Thu Dec 29, 2005 4:24 am

I know I said this somewhere else, but only someone named 'WinXP' would want BZFlag to be closed source.

Not trying to start anything, just seems ironic.

User avatar
JeffM
Staff Sergeant
Staff Sergeant
Posts: 5173
Joined: Fri Dec 13, 2002 4:11 am
Location: https://discord.gg/NN9uAvx
Contact:

Post by JeffM » Thu Dec 29, 2005 5:18 am

H0ley
it dosn't take any more CPU then the client does when it's not drawing, aka nothing.

You people that say the server can't do hit detection have no clue what your talking about. Nearly every net game in the world other then bzflag has an athortive server state. No it won't add lag, no it won't bog down the server, no it won't do any of the thing you fear. If it's done right. Just go read up on the subject before you all make these statements.

Some people are looking at doing better hit detection in a post 2.0.5 patch. 2.1.x is being reworked to have more things on the server ( like hit detection ).

Win Xp
the server does score right now it just dosn't do hits.
Closing the source will NEVER happen. The game can't be closed source due to it's license. And even if it was closed, it's a simple mater to have a packet sniffer in line to modify the data sent out.

You can never trust a client. ever.

You all are freaked out because there are new cheat clients going around. It happens. It's happend in the past, it will happen in the future. Get over it. Just admin your server and ban the cheaters. We know what we have to do to make it harder to cheat, somone just has to do it. It's not hard, just tedious.

All your posts do is give them what they want. attention. It's better to spend your time working on real fixes for the problem ( making the server authortive ). If you can't code, or don't want to.. then sorry.. there isn't much you can do other then convince a coder to work on it.

User avatar
Hannibal
Private First Class
Private First Class
Posts: 1073
Joined: Mon May 02, 2005 10:27 pm
Contact:

Post by Hannibal » Thu Dec 29, 2005 6:20 am

*applauds* Well said Jeff.
Games don't make people violent, lag does.
ImageImage

User avatar
H0ley
Private First Class
Private First Class
Posts: 266
Joined: Sun May 01, 2005 7:29 pm
Location: Planet MoFo
Contact:

Post by H0ley » Thu Dec 29, 2005 7:16 am

Only what I've heard from other players. Blah, I'll shut up now. I'll make sure to use facts and stuff before I open my trap again.
Image
/loves meteorite's mom

User avatar
Winny
Grouchy
Grouchy
Posts: 2381
Joined: Wed Aug 24, 2005 12:27 am
Location: Ottawa eh?
Contact:

Post by Winny » Thu Dec 29, 2005 1:21 pm

H0ley wrote:Only what I've heard from other players. Blah, I'll shut up now. I'll make sure to use facts and stuff before I open my trap again.
ill shut up now too.....

User avatar
ducatiwannabe
Private First Class
Private First Class
Posts: 3249
Joined: Tue Aug 10, 2004 3:55 pm
Location: Planet Earth
Contact:

Post by ducatiwannabe » Thu Dec 29, 2005 2:52 pm

You all are freaked out because there are new cheat clients going around. It happens. It's happend in the past, it will happen in the future. Get over it. Just admin your server and ban the cheaters. We know what we have to do to make it harder to cheat, somone just has to do it. It's not hard, just tedious.

All your posts do is give them what they want. attention. It's better to spend your time working on real fixes for the problem ( making the server authortive ). If you can't code, or don't want to.. then sorry.. there isn't much you can do other then convince a coder to work on it.
Just relax, play where admins are at if you don't want to meet a cheater, and enjoy BZ like you used to :)

User avatar
TD-Linux
Sergeant
Sergeant
Posts: 724
Joined: Wed Apr 27, 2005 8:26 pm
Location: Mountain View, CA

Post by TD-Linux » Thu Dec 29, 2005 7:45 pm

As for Win Xp's #2 suggestion, that is already in 2.1.x.

Cheating is almost disgustingly easy still, even in the latest CVS. It is very easy to fly around with WG, have a button to toggle OO on and off, and drive/turn super fast.
Many of these cheats are fairly easy to detect and so I estimate that at the relase date of 2.1 most of the cheaters will have vanished.

The best way to combat cheating is get a bunch (preferably hidden) admins that know what cheating is and recognize what is cheating and what isn't.

Another approach might be to lurk around with a different callsign.

User avatar
A Meteorite
Private First Class
Private First Class
Posts: 1786
Joined: Thu Apr 28, 2005 12:56 am
Location: California, U.S.
Contact:

Post by A Meteorite » Thu Dec 29, 2005 7:54 pm

And the other best way to stop them: Don't give them what they want. Don't talk about them. Don't do nothing. Just ban them. :)

(and, yes, I've had a problem with this... must... resist... urge... ;) )
Image
Owner @ BZFX
Core Admin @ CAN

Email me: bzmet…@gmail.com

User avatar
Workaphobia
Master Sergeant
Master Sergeant
Posts: 252
Joined: Wed May 26, 2004 7:29 pm

Post by Workaphobia » Fri Dec 30, 2005 5:48 am

JeffM2501 wrote:H0ley
it dosn't take any more CPU then the client does when it's not drawing, aka nothing.

You people that say the server can't do hit detection have no clue what your talking about. Nearly every net game in the world other then bzflag has an athortive server state. No it won't add lag, no it won't bog down the server, no it won't do any of the thing you fear. If it's done right. Just go read up on the subject before you all make these statements.
Heh, part of the problem is that we read inaccurate information.
From BZFlag's wiki
I came across that ages ago and the claim seemed odd to me back then too. Unless the wiki is universally considered inactive and outdated, someone might want to fix that.

I'm looking forward to the day when all the painfully obvious cheats are eliminated, and we're just left with the subtle ones - at least they won't give the cheater any trolling-related satisfaction.
"Nifty News Fifty: When news breaks, we give you the pieces."

User avatar
H0ley
Private First Class
Private First Class
Posts: 266
Joined: Sun May 01, 2005 7:29 pm
Location: Planet MoFo
Contact:

Post by H0ley » Fri Dec 30, 2005 7:01 am

Strangly enough I read that a few days ago because I was wondering about all the existing cheats. Yea, all of those say 'The only way to prevent this is to have the server arbirate collisions and deaths, which would put a big strain on the server.' God, I was thinking that I was going crazy or something.
Image
/loves meteorite's mom

Dylan Sunderberg
Private First Class
Private First Class
Posts: 14
Joined: Tue Dec 20, 2005 7:02 pm

"Trusted client" concept

Post by Dylan Sunderberg » Sat Dec 31, 2005 6:20 am

I have a "trusted client" idea I wish to share. How about releasing a closed source module that computes an MD5 checksum on the BZFlag client binary and sends it to the server? For this closed-source client module, compiler optimizations should be disabled and the code should be obfuscated, so that a hacker cannot easily disassemble the authentication binary and modify it so that it sends the server what it wants to hear.

Comments?
Last edited by Dylan Sunderberg on Sun Sep 23, 2012 12:10 am, edited 8 times in total.

User avatar
JeffM
Staff Sergeant
Staff Sergeant
Posts: 5173
Joined: Fri Dec 13, 2002 4:11 am
Location: https://discord.gg/NN9uAvx
Contact:

Post by JeffM » Sat Dec 31, 2005 6:58 pm

Ok here we go again....

1) a closed source module would pull us from many( allmost all ) of the linux distros
2) every distro, and every build on linux is different, since they use different versions of libraries ( static and dynamic ). So you'd not be able to predict the binary signature of anyone who built there own version on linux ( probably about 20% ). These people are not cheaters, they are just using the open source nature of the project to build there own client. Often because the binary builds do not work on there systems.
3) ever developer, tester, and person who used CVS would have a new MD5 for every build they make. Many people use CVS.
4) they could just hack out the Md5 responce and provide a "good" one when the client was bad, all they would have to do is watch the line of a good client, get what it does, and hack it out. It's VERY simple. It's been tried before, it allways fails. There are many articles on the subject.

Basicly the idea dosn't realy solve anything, provides more trouble then it's worth, and gives you a false sense of security. You can not do a checksum in any system that uses a source distrobution. It just dosn't feasably work out.

You can NEVER EVER trust any data from a client. The only way to use it is to first verify it. The server can know what valid inputs are and just disallow ones that are outside of what is possible in the game. Then the server also keeps a gamestate and makes sure that the rest of the clients do what it expets to happen. It is a babysitter mentality. Due to the nature of network packaets you can't be sure where packets are coming form ( on an application level ) so there is no way to ever trust one unless you verify it's data. If the contents of the packet are valid, then you don't care where it came from, since it fits the rules of the game.

Dylan Sunderberg
Private First Class
Private First Class
Posts: 14
Joined: Tue Dec 20, 2005 7:02 pm

Post by Dylan Sunderberg » Sat Dec 31, 2005 9:00 pm

Ok here we go again....

1) a closed source module would pull us from many( allmost all ) of the linux distros
2) every distro, and every build on linux is different, since they use different versions of libraries ( static and dynamic ). So you'd not be able to predict the binary signature of anyone who built there own version on linux ( probably about 20% ). These people are not cheaters, they are just using the open source nature of the project to build there own client. Often because the binary builds do not work on there systems.
3) ever developer, tester, and person who used CVS would have a new MD5 for every build they make. Many people use CVS.
4) they could just hack out the Md5 responce and provide a "good" one when the client was bad, all they would have to do is watch the line of a good client, get what it does, and hack it out. It's VERY simple. It's been tried before, it allways fails. There are many articles on the subject.

Basicly the idea dosn't realy solve anything, provides more trouble then it's worth, and gives you a false sense of security. You can not do a checksum in any system that uses a source distrobution. It just dosn't feasably work out.

You can NEVER EVER trust any data from a client. The only way to use it is to first verify it. The server can know what valid inputs are and just disallow ones that are outside of what is possible in the game. Then the server also keeps a gamestate and makes sure that the rest of the clients do what it expets to happen. It is a babysitter mentality. Due to the nature of network packaets you can't be sure where packets are coming form ( on an application level ) so there is no way to ever trust one unless you verify it's data. If the contents of the packet are valid, then you don't care where it came from, since it fits the rules of the game.
2. Surely a checksum could be computed on the unvarying part of the code.
3. Surely a scheme could be devised to compute a checksum for every new client release automatically.
Last edited by Dylan Sunderberg on Sat Sep 22, 2012 11:48 pm, edited 2 times in total.

User avatar
Tropican8
Private First Class
Private First Class
Posts: 312
Joined: Fri Mar 18, 2005 11:51 pm
Location: As close to the grove as you can get

Post by Tropican8 » Sat Dec 31, 2005 9:19 pm

CuddlyFuzz wrote:Have you heard of a technique called encryption
I'm no expert, but algorithms like blowfish, twofish, serpent, 3DES, AES, etc. are way too slow. Even if there is no speed hit, processor usage will soar to decrypt/encrypt the information.

Dylan Sunderberg
Private First Class
Private First Class
Posts: 14
Joined: Tue Dec 20, 2005 7:02 pm

Post by Dylan Sunderberg » Sat Dec 31, 2005 9:38 pm

Perhaps multi-threading could be employed somehow to reduce the impact of the cryptographic routines on the game's performance.
Last edited by Dylan Sunderberg on Sun Sep 23, 2012 12:11 am, edited 3 times in total.

User avatar
TD-Linux
Sergeant
Sergeant
Posts: 724
Joined: Wed Apr 27, 2005 8:26 pm
Location: Mountain View, CA

Post by TD-Linux » Sat Dec 31, 2005 11:29 pm

The bzflag and bzfs programs are still gonna be open source, it's just that they'll "attach" to small, closed-source modules to do client authentication.
It only takes one small bit of closed-source to make an entire project closed-source.
BZFlag will not be open source because, although the code is freely available, you can't modify it.
It violates the current license agreement.
It will be pulled from many distros becuase it is closed-source.
Now, with the closed-source module (I will call it the Trusted Client Module, or TCM) who will own it?
Will they have the right to sell BZFlag?

Cheating is obvious and can be banned very easily. If you have a hard time deciding if someone is cheating, look for other /reports of the player cheating.

Your admins should be trained to /report the IP and callsign of any cheater they see.

Oh yeah, if you have a single core, all the threads in the world won't help you because they still take turns.

User avatar
^nightmare^
Private First Class
Private First Class
Posts: 1264
Joined: Sun Feb 20, 2005 7:14 pm
Location: Alabama
Contact:

Post by ^nightmare^ » Sat Dec 31, 2005 11:45 pm

Has anyone ever thought of trying to hook up with punkbuster? They do pretty good at stoping cheaters...
Need bzflag help? Try looking here: http://www.freewebs.com/bznightmare/map ... aghelp.htm

User avatar
RPG
Lieutenant, Junior Grade
Lieutenant, Junior Grade
Posts: 2015
Joined: Fri Sep 17, 2004 2:37 am
Location: Chicago, Illinois
Contact:

Post by RPG » Sun Jan 01, 2006 12:59 am

It's a freaking cheater people! It always happens. They come. It's almost as part of the game as the tanks are. You just ban them and move on. Ban, move on. Ban, move on. BZFlag will never be cheater free, no matter what you do. Punkbuster costs the developers money, and it is slow. All this is silly for a simple open source game.

/rant

User avatar
Tropican8
Private First Class
Private First Class
Posts: 312
Joined: Fri Mar 18, 2005 11:51 pm
Location: As close to the grove as you can get

Post by Tropican8 » Sun Jan 01, 2006 1:13 am

TD-Linux wrote:
CuddlyFuzz wrote:
Tropican8 wrote: I'm no expert, but algorithms like blowfish, twofish, serpent, 3DES, AES, etc. are way too slow. Even if there is no speed hit, processor usage will soar to decrypt/encrypt the information.
But it only has to be done whenever a client connects. If you're worried about the impact on the performance of the game in-progress, use threads.
Oh yeah, if you have a single core, all the threads in the world won't help you because they still take turns.
Thank You

Dylan Sunderberg
Private First Class
Private First Class
Posts: 14
Joined: Tue Dec 20, 2005 7:02 pm

Post by Dylan Sunderberg » Sun Jan 01, 2006 1:14 am

Playing against cheaters is tiresome, as is banning them. Surely, with some ingenuity, the problem of cheating in games such as this can be all but eliminated! For one, I heartily welcome a solution to cheating in BZFlag, and I will look forward to all the responses given.
Last edited by Dylan Sunderberg on Sun Sep 23, 2012 12:04 am, edited 7 times in total.

User avatar
TD-Linux
Sergeant
Sergeant
Posts: 724
Joined: Wed Apr 27, 2005 8:26 pm
Location: Mountain View, CA

Post by TD-Linux » Sun Jan 01, 2006 1:31 am

What are you talking about? You can modify it, submit a patch, and get it accepted, just like always. Having a central repository of MD5s will not prevent people from contributing code.
Who will search the patches and accept them?
That's a lot of work - far more than hiring admins for free that want to to it really bad for free.
What if I want to modify my client (like I do) and don't want it to be in BZFlag?
This isn't Open Source.
All Open Source licenses allow free modification - even cheats.
Grasp this concept: Cheats aren't bad, what's bad is using them at a server that dosen't allow cheats.
Yeah, but it's tedious. Trusted clients prevent all of that hassle. Being a server admin should be fun. Having to constantly be on the lookout for cheaters is not fun.
Find me a cop that hates his/her job.
You don't need to be on the lookout for cheating - it is usually blatantly obvious anyway.
All of that can be worked out. We're not talking about showstoppers here.
This is never going to happen... I dare you to find ONE bzflag developer willing to do that.
Threads will help, surely?
Not unless you have dual cores, or dual processors.
So, is it becuase you are lazy?
Trusted clients prevent both.
You can't prevent cheaters - becuase BZFlag protocol is open, they can hack it super easy.
98% of bans I can guarantee you are for TKing or langauge.
PunkBuster costs ID Software money because a third-party developer licenses it.
Isn't that just hiring other people to ban for you?

Have you ever seen anyone cheat? How often? If you think cheaters are that major a problem, you obviously don't play BZFlag enough.

Let this thread die, please.

EDIT: I kind of regret making this post, I'm just feeding the fire, and it will never happen anyway. Oh well, might as well leave it here because I spent all that effort typing it :wink:

Dylan Sunderberg
Private First Class
Private First Class
Posts: 14
Joined: Tue Dec 20, 2005 7:02 pm

Post by Dylan Sunderberg » Sun Jan 01, 2006 2:47 am

Surely modified clients should be prohibited from connecting to public servers, regardless of whether the game is open-source.

I am open to all the community has to say on this subject.
Last edited by Dylan Sunderberg on Sun Sep 23, 2012 12:12 am, edited 5 times in total.

Post Reply

Who is online

Users browsing this forum: No registered users and 2 guests