|
|
|
Member 55 posts
Registered: Mar 2006
Member 1011 posts
Registered: Feb 2006
Does the average Quakeworld player know which lines to remove from FTE? actually yes because most cheat protection in fte source is handily labelled with comment e.g. r_draworder.value = 0; // don't let cheaters look behind walls ... //now some cheat protection etc. grep -rnH --include=*.c cheat . hetman: they shouldn't have 8080 blocked as it is alternative http:// port - just e-mail sysadmin to request it to open it - they can't have any objection...
Member 1011 posts
Registered: Feb 2006
p.s. a client without security dll is more likely to lead to a coder writing a hacked client and releasing it to qw.nu for public consumption
Member 55 posts
Registered: Mar 2006
bigfoot is right hetman is wrong s8n=l0rd
Member 811 posts
Registered: Jan 1970
Does the average Quakeworld player know which lines to remove from FTE? actually yes because most cheat protection in fte source is handily labelled with comment e.g. r_draworder.value = 0; // don't let cheaters look behind walls ... //now some cheat protection etc. grep -rnH --include=*.c cheat . Already there you've lost most users. Windows doesn't have grep. Even if someone would manage to edit the sources, they'd even have to be able to compile it. I don't know many QW players who can compile their own client
Member 1011 posts
Registered: Feb 2006
Well if we've 'lost most users' at the 'find in files' stage - how do you expect them to crack the security.dll without any instructions? lets approach this a different way if i compile and host an fte binary with several cheats included that would you still be happy for fte to be allowed in leagues? probably not, admins definately wouldn't until a cracked ezquake is available i can't see any reason to prevent it from being permitted in leagues until a version of fte with similar levels of 'security' is available i don't see any reason to permit it in leagues until the security is circumvented by several people, having it is better than nothing
News Writer 493 posts
Registered: Jan 2006
First off I'd like to congratulate oldman who came into this topic with an obvious bias against me and FTE. If you read my posts, I tried VERY HARD to stop any hate between FTE and ezQuake. Thanks oldman for skipping that part (both times).
Hetman: bigfoot is offering you a public display. LIVE. What is wrong with this? He doesn't want to distribute binary because people who don't know how to hack ezquake and still pass the security dll will get a better understanding. Do you want this? I don't understand why a public showing of 90%lg with a "clean" ezquake client is not proof. Please explain.
Can we fucking end this FTE vs ezQuake deal?
I started this damn discussion for two reasons:
1) People didn't (and still dont) understand that the security.dll COULD BE HACKED. Believe what you want - it will not change the reality of the situation.
2) Because of #1, other clients are being discriminated against, when in reality they don't offer much less security.
I did NOT start this for other people to come and start flame wars or start rivalries. Let's remember we are all on the same team. Everyone in this discussion has put in personal time to better an aspect of Quake. Whether it's engine developing, patching, or eyecandy, WE ALL HAVE THE SAME GOAL. So stop treating each other like shit and start making progress.
Member 811 posts
Registered: Jan 1970
lets approach this a different way
if i compile and host an fte binary with several cheats included that would you still be happy for fte to be allowed in leagues? probably not, admins definately wouldn't I wouldn't mind. What about Ezquake, would you allow it then? I'd think it'd be a bit hard for you to disallow it now, even if someone released a binary. until a cracked ezquake is available i can't see any reason to prevent it from being permitted in leagues And even when it happens, it will still be allowed. The people who have switched to Ezquake probably don't want to go back. And even if they do, Fuhquake is equally vulnerable. That leaves you with 0 allowed clients. What then? until a version of fte with similar levels of 'security' is available i don't see any reason to permit it in leagues Either that or till someone realises the obvious. Or just figures out that cheating isn't such a big problem around here. until the security is circumvented by several people, having it is better than nothing How many is _several_?
Member 1011 posts
Registered: Feb 2006
']First off I'd like to congratulate oldman who came into this topic with an obvious bias against me and FTE. If you read my posts, I tried VERY HARD to stop any hate between FTE and ezQuake. Thanks oldman for skipping that part (both times). I have no bias against FTE. I would consider myself on good terms with Spike and regularly spoke with him on MSN/IRC in the beginning when he first started the project. I don't believe I used any anti-FTE terminology apart from (perhaps unfairly) grouping the people on this topic as FTE developers, EZQuake developers and league admins Hetman: bigfoot is offering you a public display. LIVE. What is wrong with this? He doesn't want to distribute binary because people who don't know how to hack ezquake and still pass the security dll will get a better understanding. Do you want this? I don't understand why a public showing of 90%lg with a "clean" ezquake client is not proof. Please explain. not directed at me, but ill reply anyway. What is wrong with distributing the binary to current ezquake developers? Its their work. Why should they not be allowed the opportunity to prevent the hack? Why must you limit yourselves to 'showing it off'? 1) People didn't (and still dont) understand that the security.dll COULD BE HACKED. Believe what you want - it will not change the reality of the situation. maybe, maybe not 2) Because of #1, other clients are being discriminated against, when in reality they don't offer much less security. define much less security. I already pointed out some easy hacks you can do to fte
News Writer 493 posts
Registered: Jan 2006
Agreed. When it comes down to it, here are the facts: 1) No security is perfect. 2) ezQuake's security is as close as we can get, ___HOWEVER KEEP IN MIND IT CAN BE HACKED!___ 3) FTE crew has NOTHING against ezQuake. 4) ezQuake crew has NOTHING against FTE. 5) FTE and ezQuake are just two different clients. No one is making a profit from this. 6) We are all in this because of the respect and love we have for the game. Edit: all posts under this will be deleted. I'm locking this thread (with permission of Bigfoot and Hetman). something is just wrong with locking threads right now, it gives me an error
Member 104 posts
Registered: Mar 2006
some kind of identification would be very handy, since (at least i think) fakenicking is a common thing, even in official games (sd vs la). This should include somekind of IP list, etc. QW scene is rather small, everybody knows each other but there pop ups old players using different alias once in a while. Ilf is probably playing right now in some other team. With a proper identification and such we could ban Ilf & Co for good.
But that's just my 5 cents.
Administrator 2058 posts
Registered: Jan 2006
people change ip, people use proxies
Member 104 posts
Registered: Mar 2006
yes, pekis is very aware of these vile means
but what if the identification would be connected to the Q-bot/other and there would be some database of players.. and of course one should do some authentifications to get an account to that database.. so that retic & riker couldnt have 100 different fake nicks, or at least it would be troublesome.
at the beginning of a 4on4 (especially on mixed) people could do some f_whoareyou and see who's who.
Member 693 posts
Registered: Jan 2006
yes, pekis is very aware of these vile means
but what if the identification would be connected to the Q-bot/other and there would be some database of players.. and of course one should do some authentifications to get an account to that database.. so that retic & riker couldnt have 100 different fake nicks, or at least it would be troublesome.
at the beginning of a 4on4 (especially on mixed) people could do some f_whoareyou and see who's who. But then what would stop people making more than one account? The only way to even remotely do that is to 'do a valve' and charge people for an account, which is of course out of the question.
Member 1011 posts
Registered: Feb 2006
well the only way this could be implemented would be to get people to register as dynamic or static ip if you register as static, it is expected that your ip will not change during the course of the season if you register as dynamic, it is expected that your ip will be different for every week - you should never be playing from the same ip qizmo routes would have to be fully resolved to the original source still a number of different people could register as a single dynamic player - but it would prevent somethings essentially though this is all a bit unworkable you need monthly fee accounts like WoW to ensure non-faking
Member 811 posts
Registered: Jan 1970
Other ppl reading this: get a life! ahhhhfgasd!!
Member 805 posts
Registered: Mar 2006
Other ppl reading this: get a life! ahhhhfgasd!! :rolleyes: https://tinyurl.com/qwbrasil - QuakeFiles
Member 805 posts
Registered: Mar 2006
Ok so why not develop a authentication method between clients and servers? https://tinyurl.com/qwbrasil - QuakeFiles
Member 1011 posts
Registered: Feb 2006
but user/pass isn't any prevention against fakenicking?
you can just give your user/pass to the person you need to fake as you
Member 1011 posts
Registered: Feb 2006
Member 104 posts
Registered: Mar 2006
I've to admit that I'm no coder or have any experience of this kind of shit what so ever.
But, think about this: A database where one could have login/pw connected to one single IP and there couldnt be two similar IPs, So you would have to use some proxy etc. to create another account. Game servers would check your IP and login/pw.. Of course people would bypass this somehow, but the point is this: If the account wouldn't activate instantly, but after a while, let's say a week after one have created it, and there would be active admins banning/removing false accounts ( neverheard guys owning at mixed games, etc). The best part is that the admins wouldnt have to be server admins, as we all know serveradmins live in some distant country and are a bit lazy, but admins who've acces to player database. What do you think about this?
And.. That hetmans idea of some kind of rankings could be handy at mixed games where nowdays we've to do 5 rpickups in a row to get proper teams.. There could be somekind of rakingpickup...
Anyways.. I don't know if these ideas are doable, just my buffalo nickels
Member 693 posts
Registered: Jan 2006
My IP changes every time my connection drops (at the moment that's at least once a day)...
Member 1011 posts
Registered: Feb 2006
you won't be allowed out to play football then
Member 271 posts
Registered: Feb 2006
IPs are dynamic, routable, and even spoofable. They will not work.
Member 104 posts
Registered: Mar 2006
IPs are dynamic, routable, and even spoofable. They will not work. So... Is there any way to create somekind of a identification system?
Member 104 posts
Registered: Mar 2006
There cannot be direct connection between IP and login/pass, as there is no such connection in many *successful* on-line ranking games e.g. http://www.kurnik.org/
I can imagine that if it is a league final or something we can look at past IPs of a user and evaluate if there is something suspicious about his/her identity. But this cannot be done for each and every game!
You cannot bind players to some IPs, that is crazy. This authorization system requires some humans to take care of it (for instance, a Danish player would authorize .dk players registrations etc.).
Do not reinvent the wheel! The authorization for online games (and the on-line ranking) has been done years before, we can just port this idea to QW. Yeah, that's was a bad idea. So, it would be just a account/pw type of system? And admins would take care that there wouldnt be double accounts and such? Could this be tested in near future?
|
|
|
|