FOSS gamedev and creative worlds

by **BrandonReese** » Sun Aug 11, 2013 18:59

I have two hackers that regularly visit my server (maybe the same person under different names). They are apparently able to give themselves any block they want, they build diamond block castles, drop full stacks of diamond blocks around the map. They fly through walls and pretty much do just about whatever they please.

To stop the issues I have blocked the entire 84.172.0.0/16 address range at the firewall (iptables -A INPUT -s 84.172.0.0/16 -j DROP for linux users). Unfortunately since I switched server I didn't have this setup and I got hit again last night, by ano_ubeccu

Is there anything that can be done about the main issue, being able to have an inventory full of any block they want?

It seems the ban has to match the ip address and username. Before I blocked with my firewall they could log back in after a few days with the same username and a different IP address. Can that be changed to block the ip address or username?

Would it be possible to trick the server to allow one client to act as another? It seems the hacker that hit my server yesterday placed blocks in protected areas, and the protection all happens server side obviously, it verifies the user placing the block matches the username of the landowner on file. It would seem to me that the only way to do that would be to make the server think you were a different player.

So I'm just throwing all that out, seeing if anybody else has had similar problems, and seeing if the devs have any ideas that could help keep this from happening.

List of my mods · by **PilzAdam** » Sun Aug 11, 2013 19:08

AFAIK its not possible to cheat like this. The inventory and protection is handled server side, and there is no way to get arround that.

by **BrandonReese** » Sun Aug 11, 2013 19:52

PilzAdam wrote:AFAIK its not possible to cheat like this. The inventory and protection is handled server side, and there is no way to get arround that.

Any idea how this guy was able to get over 2600 diamonds, craft them into diamond blocks and make a castle with them overnight?

Hybrid Dog wrote:Maybe it helps if you set disable_anticheat to false.

Isn't anti cheat mainly about how fast they move and how far away they are when they try to mine something?

by **Calinou** » Sun Aug 11, 2013 19:54

BrandonReese wrote:Any idea how this guy was able to get over 2600 diamonds, craft them into diamond blocks and make a castle with them overnight?

Flying through stone, breaking any nearby diamond ores (possibly with an X-Ray).

by **mauvebic** » Sun Aug 11, 2013 20:29

BrandonReese wrote:Any idea how this guy was able to get over 2600 diamonds, craft them into diamond blocks and make a castle with them overnight?

They're either using one of the mods legitimately or found an exploit in one.

by **Cooper97** » Mon Aug 12, 2013 06:32

BrandonReese wrote:It seems the ban has to match the ip address and username. Before I blocked with my firewall they could log back in after a few days with the same username and a different IP address. Can that be changed to block the ip address or username?

Sure? AFAIK it is so that Minetest 0.4.7 bans name and IP.

Edit: An ability to make IP range bans in Minetest would be nice for new Minetest versions like Minetest 0.4.8 or 0.4.9

by **mauvebic** » Mon Aug 12, 2013 14:30

Cooper97 wrote:Edit: An ability to make IP range bans in Minetest would be nice

+1

by **Inocudom** » Mon Aug 12, 2013 15:08

Below is a video and an article about serious problems in the Minecraft community:
http://www.youtube.com/watch?v=bawdxMClMiQ
http://whatculture.com/gaming/7-worst-online-gaming-communities.php/2
An efficient way to keep hackers and hacked clients in check is the only way to prevent the same thing from happening to the Minetest community.

by **mauvebic** » Mon Aug 12, 2013 16:05

Problem is, anticheat still gives too many false positives. Whether you autoban right away, or gradually raise a violation level until they are banned.

I dont know if something like PunkBuster might help, or perhaps unique client IDs that we can ban, since IPs and names can be changed.

List of my mods · by **PilzAdam** » Mon Aug 12, 2013 16:06

mauvebic wrote:Problem is, anticheat still gives too many false positives.

Even the new fixed one?

by **mauvebic** » Mon Aug 12, 2013 16:07

PilzAdam wrote:Even the new fixed one?

Yeah, a number of legitimate players were banned and had to be un-banned, so all i could use it for is posting messages to the log.

List of my mods · by **PilzAdam** » Mon Aug 12, 2013 16:08

mauvebic wrote:
PilzAdam wrote:Even the new fixed one?

Yeah, a number of legitimate players were banned and had to be un-banned, so all i could use it for is posting messages to the log.

What did Minetest say they were doing wrong? Moving too fast?

by **mauvebic** » Mon Aug 12, 2013 16:15

moving too fast, and digging unbreakable nodes, which to my knowledge, i dont have :/

by **Evergreen** » Mon Aug 12, 2013 17:47

mauvebic wrote:moving too fast, and digging unbreakable nodes, which to my knowledge, i dont have :/

If you were falling from a high place would it count you as moving too fast?

List of my mods · by **PilzAdam** » Mon Aug 12, 2013 17:52

Evergreen wrote:
mauvebic wrote:moving too fast, and digging unbreakable nodes, which to my knowledge, i dont have :/
If you were falling from a high place would it count you as moving too fast?

No, downwards movement is ignored.

by **mauvebic** » Mon Aug 12, 2013 17:58

is cloud the only unbreakable node, if not, what makes nodes unbreakable?

List of my mods · by **PilzAdam** » Mon Aug 12, 2013 17:58

mauvebic wrote:is cloud the only unbreakable node, if not, what makes nodes unbreakable?

You cant break stone with your hand.

by **hoodedice** » Mon Aug 12, 2013 23:17

PilzAdam wrote:
mauvebic wrote:
PilzAdam wrote:Even the new fixed one?

Yeah, a number of legitimate players were banned and had to be un-banned, so all i could use it for is posting messages to the log.

What did Minetest say they were doing wrong? Moving too fast?

I was one of the false-positive thingy influenced guy. I used to dig nodes at one place, then move about 50-100 blocks away, and interact with those blocks while the server updated. I guess that flagged the 'interacted_too_far'

by **Dan Duncombe** » Tue Aug 13, 2013 09:39

Hybrid Dog wrote:
PilzAdam wrote:
mauvebic wrote:is cloud the only unbreakable node, if not, what makes nodes unbreakable?

You cant break stone with your hand.
No, you only need to dig very long.

You can't break stone with your hand at all, it has a different level making it unbreakable by hand. Someone correct me if I am wrong in any way.

List of my mods · by **PilzAdam** » Tue Aug 13, 2013 11:00

Hybrid Dog wrote:
Dan Duncombe wrote:
Hybrid Dog wrote:No, you only need to dig very long.

You can't break stone with your hand at all, it has a different level making it unbreakable by hand. Someone correct me if I am wrong in any way.
https://github.com/minetest/minetest/blob/master/src/game.cpp#L2620
Do you believe me now?

https://github.com/minetest/minetest/blob/master/src/game.cpp#L2709
The dig time stays at 0 if the node is not diggable. My point stands.

FOSS gamedev and creative worlds

How to Stop Hackers

How to Stop Hackers

Who is online