Author Topic: Community-Shared Security Ideas  (Read 894 times)

SugarD

  • Argonath RPG Dev/Manager
  • Tester
  • Sr. Member
  • ****
  • Posts: 817
  • Karma: +37/-74
  • STOP IN THE NAME OF THE COLESLAW!
    • View Profile
    • Clan Xperience
Community-Shared Security Ideas
« on: February 17, 2015, 03:48:03 pm »
This is a call to all members of our community, both able to script and otherwise!

Do you have an idea or script concept that could better the security of the community's servers, (or even your own)? Share them here!

All ideas to stop things such as ban evading and hacking, detecting trainers and malicious game modifications, unwanted CLEO script detection, and the like are welcome. Ideas to improve the usage of scripts to harden ban systems are also welcome. Got an idea for an administrative system that is easy to use and works well? Share it! How about a way to integrate many of LU's functions in an efficient manner that helps combat bad players? Tell us!

The point of this topic is to help the community as a whole stop those it does not want ruining its servers. Even if you only have an idea that you are not sure is possible, post it! This can serve as a database of past, present, and future thoughts and scripts to help our community survive and thrive. Post below! Friendly discussions of ideas are also welcome!

Vortrex

  • Full Member
  • ***
  • Posts: 264
  • Karma: +53/-69
    • View Profile
Re: Community-Shared Security Ideas
« Reply #1 on: February 18, 2015, 11:07:07 am »
I have a couple of theories on how to combat functionality provided by trainers or other cheat methods. I have not put these into practice, but I think it might be worth discussing:

First, why not run checks to validate actions based on what is allowed instead of what isn't?
This would eliminate a lot more loopholes being found and exploited.
Like, I saw a recent post about invalid characters in names ... Maybe you should only have a set of allowed characters instead, that way some forgotten character from another character set or even a custom character can't be used.

My second theory is a little more complex. The game applies properties to players based on what happens when playing. Unfortunately we can't change the fact that hacks will trick this procedure, but we can use a different method. Make the server mandate your own effects to different gameplay actions and you will have more control.
This would require that the server apply different results manually and use separate sets of values instead of relying on default game properties stored in LU classes (players, vehicles, etc.)

Let me give an example:
Player 1 shoots Player 2 with a pistol, but Player 2 has god mode on. Obviously he won't take damage by default, right? Well, why not have the server decrement his health manually, and set an array value to the new health amount. If the server figures out that his health doesn't match the value that was set in the array, then you could warn the player that they need to turn off the hacks. If this checks keeps coming back wrong, automatically take action (kick or something).

This could be applied to a lot of other things, too. Just remember that the server doesn't distinguish the fact that a certain event just fired before another, so you need to explicitly create the check yourself via scripts.

 

© Liberty Unleashed Team.