Re: [hlds_linux] TriggerBot/Prediction hack(Crit hack/No spread) detection plugin

2012-09-10 Thread Thomas K 

In what folder the screenshots are uploaded to the server?

-Ursprüngliche Nachricht- 
From: Ejziponken -

Sent: Monday, September 10, 2012 7:35 PM
To: hlds_linux@list.valvesoftware.com
Subject: Re: [hlds_linux] TriggerBot/Prediction hack(Crit hack/No spread) 
detection plugin



lol need this for CS 1.6 and CSGO.. :P


Date: Mon, 10 Sep 2012 13:19:42 -0400
From: epichat...@litewin.net
To: hlds_linux@list.valvesoftware.com
Subject: Re: [hlds_linux] TriggerBot/Prediction hack(Crit hack/No spread) 
detection plugin


Would be nice if valve added a legitimate way for server admins to grab
screenshots if they are going to patch this exploit. Considering the
screenshots only take an in-game image the only people to have reasons
against it are hackers themselves.

--EHG

On 9/10/2012 1:04 PM, Ryan Stecker wrote:
> There's clearly a lack of understanding in this thread.
>
> The plugin simply executes 'jpeg' or 'screenshot' on the client (which 
> is
> the exploit everyone is talking about), and uses the client's 
> INetChannel

> (an interface in the source engine) to have the server request the file
> from the client.
>
> It can't take a screenshot of your desktop, or steam chats, or anything
> else other than the game's screen. The jpeg command has only ever taken
> screenshots of your game.
>
> Really there's two sides of the coin on the issue of making clients 
> execute

> commands.
>
> On one side, malicious server operators could do bad things, and on the
> other, it made it possible for an anticheat to get client screenshots.
>
> I would have loved it if this plugin could have survived longer, but it
> seems like the command execution method is being fixed. I'd kill to get 
> a

> proper anticheat in source, and not the flawed disaster that is VAC.
>
> On Mon, Sep 10, 2012 at 11:58 AM, ics  wrote:
>
>> 
http://tftrue.redline-**utilities.net/anakinac.html
>>
>> -ics
>>
>> 10.9.2012 19:52, Cameron Munroe kirjoitti:
>>
>>   So really it just takes a screen shot of whats on their screen and 
>> then

>>> uploads it to the game server / FTP? and then at a later time you look
>>> through them and see if someone had a wall hack on. Is there anything 
>>> else
>>> that it can detect as really a screen shot isn't useful in most other 
>>> hacks.

>>>
>>> On 9/10/2012 9:49 AM, ics wrote:
>>>
 You need to check the screenshots yourself that it picks. Makes one 
 once

 in an hour.

 PS: cl_allowupload 0 doesn't block uploading the shot. This plugin is
 simply awesome tool for every server owner that wants to catch 
 wallhackers

 and such.

 -ics

 10.9.2012 19:46, Cameron Munroe kirjoitti:

> Asher? Can you give us an example, or some info on the subject.
>
> On 9/10/2012 9:31 AM, Drogen Viech wrote:
>
>> I assume you have to go through all of them on your server, the no
>> spread and trigger bot detection is fully automatic, other 
>> heuristic

>> detections are printed to your console
>>
>> 2012/9/10 Cameron Munroe :
>>
>>> No, I mean how would you use this to detect if someone is 
>>> cheating?

>>>
>>>
>>> On 9/10/2012 9:23 AM, Drogen Viech wrote:
>>>
 It takes a screenshot randomly, only anakin knows when (he said 
 every

 10 or so minutes)
 He's using some really fucked up kind of exploit - not even the
 following config will prevent it from taking screenshots:

 
http://pastebin.com/raw.php?i=**Xr39hrys

 2012/9/10 Cameron Munroe :

> So how does this work?
>
> It takes a snapshot every X minutes and then you have to go 
> through

> them?
>
> It takes a snapshot when someone is cheating?
>
> It slows down the cheaters computer by making them take
> 10** snapshots a sec?
>
>
>
> __**_
> To unsubscribe, edit your list preferences, or view the list
> archives,
> please visit:
> https://list.valvesoftware.**com/cgi-bin/mailman/listinfo/**
> 
hlds_linux
>
 __**_
 To unsubscribe, edit your list preferences, or view the list
 archives,
 please visit:
 https://list.valvesoftware.**com/cgi-bin/mailman/listinfo/**
 
hlds_linux

>>>
>>> __**_
>>> To unsubscribe, edit your list preferences, or view the list 
>>> archives,

>>> please visit:
>>> https://list.valvesoftware.**com/cgi-bin/mailman/

Re: [hlds_linux] CSGO Random Server Crashes

2012-08-04 Thread Thomas K 

Yes!!! Our CSGO Server Crashes random like!

-Ursprüngliche Nachricht- 
From: RTL-Servers | Lee

Sent: Saturday, August 04, 2012 11:48 AM
To: hlds_linux@list.valvesoftware.com
Subject: [hlds_linux] CSGO Random Server Crashes

Morning / Afternoon / Evening,

I'm seeing random server crashes with CSGO on 64bit CentOS, I'm not
seeing these crashes under x86 however.

No output / log is provided and the server will crash after about 10-20
minutes of playing, just trying to get to the bottom of this, any
feedback would be appreciated.

Server Spec: 2x 6core Xeons, 32Gb Ram, 1tb RAID10, I'm seeing similar
crashes with Dell R210s again using 64bit.

Anyone seeing similar problems ?

Best Regards
Lee Gardiner



___
To unsubscribe, edit your list preferences, or view the list archives, 
please visit:
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux 



___
To unsubscribe, edit your list preferences, or view the list archives, please 
visit:
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux

Re: [hlds_linux] New 1.6 Exploit very dangerous!

2012-08-04 Thread Thomas K 

Try this:

iptables -A INPUT -p tcp --syn -m limit --limit 1/s --limit-burst 10 -j 
REJECT --reject-with tcp-reset


-Ursprüngliche Nachricht- 
From: bRAINKILLA

Sent: Saturday, August 04, 2012 11:44 AM
To: LocalStrike | Live your game! ; Half-Life dedicated Linux server mailing 
list

Subject: Re: [hlds_linux] New 1.6 Exploit very dangerous!

I think i am experiencing the same thing atm - since yesterday evening
my server gets hits.

I used tcpdump and in my case they'Re flooding the 27015 with :

11:31:13.305474 IP 66-7-210-223.gamezservers.org.9355 >
my.server.hostename.27015: UDP, length 5
11:31:13.305476 IP 66-7-210-223.gamezservers.org.9355 >
my.server.hostename.27015: UDP, length 5
11:31:13.305479 IP 66-7-210-223.gamezservers.org.9355 >
my.server.hostename.27015: UDP, length 5
11:31:13.305481 IP 66-7-210-223.gamezservers.org.9355 >
my.server.hostename.27015: UDP, length 5
11:31:13.305484 IP 66-7-210-223.gamezservers.org.9355 >
my.server.hostename.27015: UDP, length 5
11:31:13.305525 IP 66-7-210-223.gamezservers.org.9355 >
my.server.hostename.27015: UDP, length 5
11:31:13.305528 IP 66-7-210-223.gamezservers.org.9355 >
my.server.hostename.27015: UDP, length 5
11:31:13.305530 IP 66-7-210-223.gamezservers.org.9355 >
my.server.hostename.27015: UDP, length 5
11:31:13.305532 IP 66-7-210-223.gamezservers.org.9355 >
my.server.hostename.27015: UDP, length 5
11:31:13.305534 IP 66-7-210-223.gamezservers.org.9355 >
my.server.hostename.27015: UDP, length 5
11:31:13.305537 IP 66-7-210-223.gamezservers.org.9355 >
my.server.hostename.27015: UDP, length 5
11:31:13.305539 IP 66-7-210-223.gamezservers.org.9355 >
my.server.hostename.27015: UDP, length 5
11:31:13.305541 IP 66-7-210-223.gamezservers.org.9355 >
my.server.hostename.27015: UDP, length 5
11:31:13.305568 IP 66-7-210-223.gamezservers.org.9355 >
my.server.hostename.27015: UDP, length 5
11:31:13.305571 IP 66-7-210-223.gamezservers.org.9355 >
my.server.hostename.27015: UDP, length 5
11:31:13.305573 IP 66-7-210-223.gamezservers.org.9355 >
my.server.hostename.27015: UDP, length 5
11:31:13.305575 IP 66-7-210-223.gamezservers.org.9355 >
my.server.hostename.27015: UDP, length 5
11:31:13.305578 IP 66-7-210-223.gamezservers.org.9355 >
my.server.hostename.27015: UDP, length 5
11:31:13.305580 IP 66-7-210-223.gamezservers.org.9355 >
my.server.hostename.27015: UDP, length 5
11:31:13.305582 IP 66-7-210-223.gamezservers.org.9355 >
my.server.hostename.27015: UDP, length 5
11:31:13.305584 IP 66-7-210-223.gamezservers.org.9355 >
my.server.hostename.27015: UDP, length 5
11:31:13.305626 IP 66-7-210-223.gamezservers.org.9355 >
my.server.hostename.27015: UDP, length 5
11:31:13.305629 IP 66-7-210-223.gamezservers.org.9355 >
my.server.hostename.27015: UDP, length 5
11:31:13.305631 IP 66-7-210-223.gamezservers.org.9355 >
my.server.hostename.27015: UDP, length 5
11:31:13.305633 IP 66-7-210-223.gamezservers.org.9355 >
my.server.hostename.27015: UDP, length 5
11:31:13.305635 IP 66-7-210-223.gamezservers.org.9355 >
my.server.hostename.27015: UDP, length 5
11:31:13.305637 IP 66-7-210-223.gamezservers.org.9355 >
my.server.hostename.27015: UDP, length 5

11:31:20.798319 IP 223.25.244.205.10101 > my.server.hostename.27015:
UDP, length 5
11:31:20.798351 IP 223.25.244.205.10101 > my.server.hostename.27015:
UDP, length 5
11:31:20.798354 IP 223.25.244.205.10101 > my.server.hostename.27015:
UDP, length 5
11:31:20.798356 IP 223.25.244.205.10101 > my.server.hostename.27015:
UDP, length 5
11:31:20.798358 IP 223.25.244.205.10101 > my.server.hostename.27015:
UDP, length 5
11:31:20.798360 IP 223.25.244.205.10101 > my.server.hostename.27015:
UDP, length 5
11:31:20.798362 IP 223.25.244.205.10101 > my.server.hostename.27015:
UDP, length 5
11:31:20.798364 IP 223.25.244.205.10101 > my.server.hostename.27015:
UDP, length 5
11:31:20.798367 IP 223.25.244.205.10101 > my.server.hostename.27015:
UDP, length 5
11:31:20.798401 IP 223.25.244.205.10101 > my.server.hostename.27015:
UDP, length 5
11:31:20.798404 IP 223.25.244.205.10101 > my.server.hostename.27015:
UDP, length 5
11:31:20.798410 IP 223.25.244.205.10101 > my.server.hostename.27015:
UDP, length 5
11:31:20.798413 IP 223.25.244.205.10101 > my.server.hostename.27015:
UDP, length 5
11:31:20.798415 IP 223.25.244.205.10101 > my.server.hostename.27015:
UDP, length 5
11:31:20.798417 IP 223.25.244.205.10101 > my.server.hostename.27015:
UDP, length 5
11:31:20.798420 IP 223.25.244.205.10101 > my.server.hostename.27015:
UDP, length 5
11:31:20.798422 IP 223.25.244.205.10101 > my.server.hostename.27015:
UDP, length 5
11:31:20.798424 IP 223.25.244.205.10101 > my.server.hostename.27015:
UDP, length 5
11:31:20.798427 IP 223.25.244.205.10101 > my.server.hostename.27015:
UDP, length 5
11:31:20.798504 IP 223.25.244.205.10101 > my.server.hostename.27015:
UDP, length 5
11:31:20.798507 IP 223.25.244.205.10101 > my.server.hostename.27015:
UDP, length 5
11:31:20.798509 IP 223.25.244.205.10101 > my.server.hostename.27015:
UDP, length 5
11:31:20.798511 IP 223.25.244.205.10101

Re: [hlds_linux] TriggerBot/Prediction hack(Crit hack/No spread) detection plugin

2012-04-12 Thread Thomas K 
Can you make compatible with sourcebans from sourcemod?!

Am 12.04.2012 um 10:13 schrieb "AnAkIn ." :

> What kind of issues? There might be 1-2 small bugs that will be fixed
> in the next update AFAIK, but the main detections work fine.
> 
> Le 12 avril 2012 04:22, daniel jokiaho  a écrit :
>> Any issues with dblocker?
>> On 11 Apr 2012 19:49, "AnAkIn ."  wrote:
>> 
>>> No, I don't think it will, I have not tested though.
>>> 
>>> Le 11 avril 2012 19:46, Andrew DeMerse  a écrit :
 I'll check it out, and let you know if I see anything weird.
 
 I assume this shouldn't conflict with SMAC?
 
 On Wed, Apr 11, 2012 at 1:37 PM, AnAkIn .  wrote:
 
> No, I just posted that on a competitive forum so far.
> 
> Le 11 avril 2012 19:36, Oskar Levin  a écrit :
>> Ah, I see! Seems like a good plugin though :)
>> 
>> Best regards
>> Oskar Levin
>> os...@dataviruset.com
>> 
>> -Ursprungligt meddelande-
>> Från: hlds_linux-boun...@list.valvesoftware.com
>> [mailto:hlds_linux-boun...@list.valvesoftware.com] För AnAkIn .
>> Skickat: den 11 april 2012 19:34
>> Till: Half-Life dedicated Linux server mailing list
>> Ämne: Re: [hlds_linux] TriggerBot/Prediction hack(Crit hack/No spread)
>> detection plugin
>> 
>> It doesn't send a mail, it's sent through HTTP.
>> 
>> Le 11 avril 2012 19:31, Oskar Levin  a écrit :
>>> It would be nice if one could decide if it should be sent to somebody
>>> else or at all ;) By the way, how does it send mail? Connecting
>>> through port 25 seems a bit lazy as ISPs block that nowadays...
>>> 
>>> Best regards
>>> Oskar Levin
>>> os...@dataviruset.com
>>> 
>>> -Ursprungligt meddelande-
>>> Från: hlds_linux-boun...@list.valvesoftware.com
>>> [mailto:hlds_linux-boun...@list.valvesoftware.com] För AnAkIn .
>>> Skickat: den 11 april 2012 19:30
>>> Till: Half-Life dedicated Linux server mailing list
>>> Ämne: Re: [hlds_linux] TriggerBot/Prediction hack(Crit hack/No
>>> spread)
>>> detection plugin
>>> 
>>> Yes, it was originally made for league purposes. I could add a cvar
>>> to
>>> disable that though.
>>> 
>>> Le 11 avril 2012 19:28, Oskar Levin  a écrit
>>> :
 Wait what? Is the log file sent to you automatically?
 
 Best regards
 Oskar Levin
 os...@dataviruset.com
 
 -Ursprungligt meddelande-
 Från: hlds_linux-boun...@list.valvesoftware.com
 [mailto:hlds_linux-boun...@list.valvesoftware.com] För AnAkIn .
 Skickat: den 11 april 2012 19:23
 Till: Half-Life dedicated Win32 server mailing list; Half-Life
 dedicated Linux server mailing list
 Ämne: [hlds_linux] TriggerBot/Prediction hack(Crit hack/No spread)
 detection plugin
 
 Hi,
 
 As Valve is too lazy to do anything about hacks, I started working
 back in January on a plugin that can detect:
 - POTENTIAL triggerbotters
 - Prediction hacks (crit hacks/no spread hacks)
 - An anti-speedhack bypass exploit
 
 Triggerbots:
 To make it clear as some people I gave it to didn’t understand, the
 detection is kind of “heuristic” (I won’t explain in detail, if I do
 then the cheat coders will bypass it in no time), so it’s not
>>> because
 someone got detected that he is surely cheating. It’s just a tool to
 help you find people that can potentially cheat and you can just
 check the STV demos then to confirm that they cheat or not.
 
 The most detections for a single person in the less timespan you
>>> will
 find in the log, the more likely he is using a triggerbot.
 
 Prediction hacks:
 I guess this is what will interest most people on this list, it
 detects the crit hacks that does 100% crits all the time which is an
 engine exploit which has been added into many hacks lately. It's
>>> also
 used for various no spread/low spread hacks.
 
 The detections get printed to a log called TriggerBotDetections.log
 in tf/ (and are also sent to me) on EVERY MAP change or when all
 players have disconnected from the server. It’s important to note
 this otherwise you could loose all the detections (especially if
>>> your
 server automatically restarts every night). There is a simple reason
 for this: writing in a file while you play can cause lags,
>>> especially
 if someone is getting detected a lot.
 
 Download:
>>> http://tftrue.redline-utilities.net/TriggerBotDetector.zip
 
 --
 Best regards,
 AnAkIn
 
 ___
 To unsubscribe, edit your list preferences, or view the list
 ar