ways to stop cheaters.

[Winny]

1) no one will like this but, make the game closed source.

2) set up scoring so it is done at the server through coordinents, and points of intersection.



I am trying to think of ways to do this.

any comments?

-Win Xp

[H0ley]

1) No. And no. How many cheats are available for non-open games? I'm guessing... nearly all.

2) Too much bandwidth and stress on the server.

Simple /ban, and bam you're done.

[^nightmare^]

ok, i know im not the only one thinking this...
Whats the point of being admin if you cant ban cheaters anyways, i agree with h0ley...

[Tropican8]

I know I said this somewhere else, but only someone named 'WinXP' would want BZFlag to be closed source.

Not trying to start anything, just seems ironic.

[JeffM]

H0ley
it dosn't take any more CPU then the client does when it's not drawing, aka nothing.

You people that say the server can't do hit detection have no clue what your talking about. Nearly every net game in the world other then bzflag has an athortive server state. No it won't add lag, no it won't bog down the server, no it won't do any of the thing you fear. If it's done right. Just go read up on the subject before you all make these statements.

Some people are looking at doing better hit detection in a post 2.0.5 patch. 2.1.x is being reworked to have more things on the server ( like hit detection ).

Win Xp
the server does score right now it just dosn't do hits.
Closing the source will NEVER happen. The game can't be closed source due to it's license. And even if it was closed, it's a simple mater to have a packet sniffer in line to modify the data sent out.

You can never trust a client. ever.

You all are freaked out because there are new cheat clients going around. It happens. It's happend in the past, it will happen in the future. Get over it. Just admin your server and ban the cheaters. We know what we have to do to make it harder to cheat, somone just has to do it. It's not hard, just tedious.

All your posts do is give them what they want. attention. It's better to spend your time working on real fixes for the problem ( making the server authortive ). If you can't code, or don't want to.. then sorry.. there isn't much you can do other then convince a coder to work on it.

[Hannibal]

*applauds* Well said Jeff.

[H0ley]

Only what I've heard from other players. Blah, I'll shut up now. I'll make sure to use facts and stuff before I open my trap again.

[Winny]

Only what I've heard from other players. Blah, I'll shut up now. I'll make sure to use facts and stuff before I open my trap again.

ill shut up now too.....

[ducatiwannabe]

You all are freaked out because there are new cheat clients going around. It happens. It's happend in the past, it will happen in the future. Get over it. Just admin your server and ban the cheaters. We know what we have to do to make it harder to cheat, somone just has to do it. It's not hard, just tedious.

All your posts do is give them what they want. attention. It's better to spend your time working on real fixes for the problem ( making the server authortive ). If you can't code, or don't want to.. then sorry.. there isn't much you can do other then convince a coder to work on it.

Just relax, play where admins are at if you don't want to meet a cheater, and enjoy BZ like you used to

[TD-Linux]

As for Win Xp's #2 suggestion, that is already in 2.1.x.

Cheating is almost disgustingly easy still, even in the latest CVS. It is very easy to fly around with WG, have a button to toggle OO on and off, and drive/turn super fast.
Many of these cheats are fairly easy to detect and so I estimate that at the relase date of 2.1 most of the cheaters will have vanished.

The best way to combat cheating is get a bunch (preferably hidden) admins that know what cheating is and recognize what is cheating and what isn't.

Another approach might be to lurk around with a different callsign.

[A Meteorite]

And the other best way to stop them: Don't give them what they want. Don't talk about them. Don't do nothing. Just ban them.

(and, yes, I've had a problem with this... must... resist... urge... )

[Workaphobia]

H0ley
it dosn't take any more CPU then the client does when it's not drawing, aka nothing.

You people that say the server can't do hit detection have no clue what your talking about. Nearly every net game in the world other then bzflag has an athortive server state. No it won't add lag, no it won't bog down the server, no it won't do any of the thing you fear. If it's done right. Just go read up on the subject before you all make these statements.

Heh, part of the problem is that we read inaccurate information.
From BZFlag's wiki
I came across that ages ago and the claim seemed odd to me back then too. Unless the wiki is universally considered inactive and outdated, someone might want to fix that.

I'm looking forward to the day when all the painfully obvious cheats are eliminated, and we're just left with the subtle ones - at least they won't give the cheater any trolling-related satisfaction.

[H0ley]

Strangly enough I read that a few days ago because I was wondering about all the existing cheats. Yea, all of those say 'The only way to prevent this is to have the server arbirate collisions and deaths, which would put a big strain on the server.' God, I was thinking that I was going crazy or something.

[Dylan Sunderberg]

I have a "trusted client" idea I wish to share. How about releasing a closed source module that computes an MD5 checksum on the BZFlag client binary and sends it to the server? For this closed-source client module, compiler optimizations should be disabled and the code should be obfuscated, so that a hacker cannot easily disassemble the authentication binary and modify it so that it sends the server what it wants to hear.

Comments?

[JeffM]

Ok here we go again....

1) a closed source module would pull us from many( allmost all ) of the linux distros
2) every distro, and every build on linux is different, since they use different versions of libraries ( static and dynamic ). So you'd not be able to predict the binary signature of anyone who built there own version on linux ( probably about 20% ). These people are not cheaters, they are just using the open source nature of the project to build there own client. Often because the binary builds do not work on there systems.
3) ever developer, tester, and person who used CVS would have a new MD5 for every build they make. Many people use CVS.
4) they could just hack out the Md5 responce and provide a "good" one when the client was bad, all they would have to do is watch the line of a good client, get what it does, and hack it out. It's VERY simple. It's been tried before, it allways fails. There are many articles on the subject.

Basicly the idea dosn't realy solve anything, provides more trouble then it's worth, and gives you a false sense of security. You can not do a checksum in any system that uses a source distrobution. It just dosn't feasably work out.

You can NEVER EVER trust any data from a client. The only way to use it is to first verify it. The server can know what valid inputs are and just disallow ones that are outside of what is possible in the game. Then the server also keeps a gamestate and makes sure that the rest of the clients do what it expets to happen. It is a babysitter mentality. Due to the nature of network packaets you can't be sure where packets are coming form ( on an application level ) so there is no way to ever trust one unless you verify it's data. If the contents of the packet are valid, then you don't care where it came from, since it fits the rules of the game.

[Dylan Sunderberg]

Ok here we go again....

1) a closed source module would pull us from many( allmost all ) of the linux distros
2) every distro, and every build on linux is different, since they use different versions of libraries ( static and dynamic ). So you'd not be able to predict the binary signature of anyone who built there own version on linux ( probably about 20% ). These people are not cheaters, they are just using the open source nature of the project to build there own client. Often because the binary builds do not work on there systems.
3) ever developer, tester, and person who used CVS would have a new MD5 for every build they make. Many people use CVS.
4) they could just hack out the Md5 responce and provide a "good" one when the client was bad, all they would have to do is watch the line of a good client, get what it does, and hack it out. It's VERY simple. It's been tried before, it allways fails. There are many articles on the subject.

Basicly the idea dosn't realy solve anything, provides more trouble then it's worth, and gives you a false sense of security. You can not do a checksum in any system that uses a source distrobution. It just dosn't feasably work out.

You can NEVER EVER trust any data from a client. The only way to use it is to first verify it. The server can know what valid inputs are and just disallow ones that are outside of what is possible in the game. Then the server also keeps a gamestate and makes sure that the rest of the clients do what it expets to happen. It is a babysitter mentality. Due to the nature of network packaets you can't be sure where packets are coming form ( on an application level ) so there is no way to ever trust one unless you verify it's data. If the contents of the packet are valid, then you don't care where it came from, since it fits the rules of the game.

2. Surely a checksum could be computed on the unvarying part of the code.
3. Surely a scheme could be devised to compute a checksum for every new client release automatically.

[Tropican8]

Have you heard of a technique called encryption

I'm no expert, but algorithms like blowfish, twofish, serpent, 3DES, AES, etc. are way too slow. Even if there is no speed hit, processor usage will soar to decrypt/encrypt the information.

[Dylan Sunderberg]

Perhaps multi-threading could be employed somehow to reduce the impact of the cryptographic routines on the game's performance.

[TD-Linux]

The bzflag and bzfs programs are still gonna be open source, it's just that they'll "attach" to small, closed-source modules to do client authentication.

It only takes one small bit of closed-source to make an entire project closed-source.
BZFlag will not be open source because, although the code is freely available, you can't modify it.
It violates the current license agreement.
It will be pulled from many distros becuase it is closed-source.
Now, with the closed-source module (I will call it the Trusted Client Module, or TCM) who will own it?
Will they have the right to sell BZFlag?

Cheating is obvious and can be banned very easily. If you have a hard time deciding if someone is cheating, look for other /reports of the player cheating.

Your admins should be trained to /report the IP and callsign of any cheater they see.

Oh yeah, if you have a single core, all the threads in the world won't help you because they still take turns.

[^nightmare^]

Has anyone ever thought of trying to hook up with punkbuster? They do pretty good at stoping cheaters...

[RPG]

It's a freaking cheater people! It always happens. They come. It's almost as part of the game as the tanks are. You just ban them and move on. Ban, move on. Ban, move on. BZFlag will never be cheater free, no matter what you do. Punkbuster costs the developers money, and it is slow. All this is silly for a simple open source game.

/rant

[Tropican8]

I'm no expert, but algorithms like blowfish, twofish, serpent, 3DES, AES, etc. are way too slow. Even if there is no speed hit, processor usage will soar to decrypt/encrypt the information.

But it only has to be done whenever a client connects. If you're worried about the impact on the performance of the game in-progress, use threads.

Oh yeah, if you have a single core, all the threads in the world won't help you because they still take turns.

Thank You

[Dylan Sunderberg]

Playing against cheaters is tiresome, as is banning them. Surely, with some ingenuity, the problem of cheating in games such as this can be all but eliminated! For one, I heartily welcome a solution to cheating in BZFlag, and I will look forward to all the responses given.

[TD-Linux]

What are you talking about? You can modify it, submit a patch, and get it accepted, just like always. Having a central repository of MD5s will not prevent people from contributing code.

Who will search the patches and accept them?
That's a lot of work - far more than hiring admins for free that want to to it really bad for free.
What if I want to modify my client (like I do) and don't want it to be in BZFlag?
This isn't Open Source.
All Open Source licenses allow free modification - even cheats.
Grasp this concept: Cheats aren't bad, what's bad is using them at a server that dosen't allow cheats.

Yeah, but it's tedious. Trusted clients prevent all of that hassle. Being a server admin should be fun. Having to constantly be on the lookout for cheaters is not fun.

Find me a cop that hates his/her job.
You don't need to be on the lookout for cheating - it is usually blatantly obvious anyway.

All of that can be worked out. We're not talking about showstoppers here.

This is never going to happen... I dare you to find ONE bzflag developer willing to do that.

Threads will help, surely?

Not unless you have dual cores, or dual processors.
So, is it becuase you are lazy?

Trusted clients prevent both.

You can't prevent cheaters - becuase BZFlag protocol is open, they can hack it super easy.
98% of bans I can guarantee you are for TKing or langauge.

PunkBuster costs ID Software money because a third-party developer licenses it.

Isn't that just hiring other people to ban for you?

Have you ever seen anyone cheat? How often? If you think cheaters are that major a problem, you obviously don't play BZFlag enough.

Let this thread die, please.

EDIT: I kind of regret making this post, I'm just feeding the fire, and it will never happen anyway. Oh well, might as well leave it here because I spent all that effort typing it

[Dylan Sunderberg]

Surely modified clients should be prohibited from connecting to public servers, regardless of whether the game is open-source.

I am open to all the community has to say on this subject.