about identity theft

This is the place where you can find everything related to the dedicated server, control scripts and community tools.

Moderators: Pit Crew, TM-Patrol

Post Reply
xbx
Developer
Developer
Posts: 452
Joined: 12 Aug 2005 14:42
Contact:

about identity theft

Post by xbx » 05 Aug 2009 14:06

humm.. now that I think of it, I think I never mentioned this: :oops:

Some players are able to fake their login when they connect to a server, for instance using the login of a server admin.

This issue has been addressed,
but to get the full extent of the fix, it's a bit tedious:
You need to use the latest client fix v2008-11-26, and a recent dedicated server.
As we didn't want to force players to upgrade, the client version check isn't forced on the dedicated server. But the server plug-ins could explicitly add a check for the admins and kick the player if he's not up to date and wants admin rights.

The client version is provided in GetDetailedPlayerInfo().


(of course that would mean that players needing to administrate a server need to use the fix.
viewtopic.php?f=28&t=19288 )

User avatar
xai
happy cruiser
happy cruiser
Posts: 162
Joined: 13 Nov 2008 15:46
Owned TM-games: TMU(F),TMN(F)
Manialink(s): xai

Re: about identity theft

Post by xai » 05 Aug 2009 17:18

Most server controllers have ip checks nowadays, but if this would be fixed in dedicated server already it would be very nice :)
Weeeeeeeeeeee

Assembler Maniac
Pit Crew
Pit Crew
Posts: 1493
Joined: 03 Jun 2006 13:24
Owned TM-games: TMU
Contact:

Re: about identity theft

Post by Assembler Maniac » 05 Aug 2009 17:28

xai wrote:Most server controllers have ip checks nowadays, but if this would be fixed in dedicated server already it would be very nice :)
I think you're missing the point. It can't be "fixed" only in the dedicated server. The client has to work with the server to make it secure, and that's already been done, but the client update is not mandatory, so the hackers just use an older client.

With the client version being in the player data, you can kick anyone from your server that's using an older client, but that's not a perfect solution either. I think there were some problems with the latest client and some video drivers. They'd be stuck needing new client and getting screwed by bad vid drivers.

No matter how hard you try to stop them, there are just some people that will always manage to cause trouble somehow.

nocturne
solid chaser
solid chaser
Posts: 1390
Joined: 08 Jun 2007 18:48
Owned TM-games: all
Contact:

Re: about identity theft

Post by nocturne » 05 Aug 2009 20:19

xbx's idea to only check the version upon attempting to authenticate as an admin is a good one.. It won't affect the racers, and it's not unacceptable to require all your admins to update.

In Aseco's case, could use it to bypass having to use the unlock password. You already have the detailed player info available in the player class -- just add a loop to set $player->unlocked to true if the version is newer than xxxxxx.

Kjell T. Ring
sunday driver
sunday driver
Posts: 71
Joined: 03 Aug 2007 09:31
Owned TM-games: TMN, TMS
Location: Norway

Re: about identity theft

Post by Kjell T. Ring » 28 Sep 2009 15:42

The recent release of XAseco 1.10 where more and more server admins are enforcing a minimum TMF client version, should be a good enough reason to make Nadeo enable that Update button. After all, 2.11.19 has been out for a year and still most players are unaware of it because the Update button shows "your version is currently up to date".

We don't want any cheaters on our servers, but we're gonna miss those honest players who can't join.

User avatar
w1lla
TM-Patrol
TM-Patrol
Posts: 1466
Joined: 23 May 2007 07:20
Owned TM-games: TMU, TMN, TMF
Manialink(s): intr
Location: Venray

Re: about identity theft

Post by w1lla » 28 Sep 2009 17:56

that update is a "off-the-record" update. It was based on server -> client not the other way around.

Code: Select all

tmnforever is nations and united makes it special. tmnforever has united. I need united!

User avatar
lille79
Pit Crew
Pit Crew
Posts: 881
Joined: 09 Dec 2007 15:04
Owned TM-games: TMN, TMNF, TMUF
Location: Norway
Contact:

Re: about identity theft

Post by lille79 » 28 Sep 2009 19:07

Well it certainly is difficult to explain players that they suddenly have to update a game when they get a message saying "your game is up to date". I've actually been asked if the update on this forum is safe from a few people.
/lille79
Old man of the Norwegian Trackmania team Super Sheep Racing
To visit my homepage/blog, and download the usbTMFserver, this is the place to go.

User avatar
hal|Sascha
Pit Crew
Pit Crew
Posts: 671
Joined: 12 Aug 2005 16:22
Owned TM-games: TMU, TMN, TMS, TMO
Location: Germany Munich
Contact:

Re: about identity theft

Post by hal|Sascha » 29 Sep 2009 07:51

Kjell T. Ring wrote:The recent release of XAseco 1.10 where more and more server admins are enforcing a minimum TMF client version, should be a good enough reason to make Nadeo enable that Update button. After all, 2.11.19 has been out for a year and still most players are unaware of it because the Update button shows "your version is currently up to date".

We don't want any cheaters on our servers, but we're gonna miss those honest players who can't join.
Even if nadeo enables the update button for this update, people will still not download it ;) as long as the masterserver allows connections with the older client-versions.
But what does Xaseco 1.10 with players that use a older client version, kick with infotext & update link?
CPU: Intel Core 2 Duo E6600
Mainboard: Asus P5W DH Deluxe
RAM: 2 GB
Graphics: ATI Radeon X1950XTX
Audio: Soundblaster Audigy 4
Internet: ADSL 6Mbit
OS: Windows Vista Bussiness

Pesky
smooth traffic navigator
smooth traffic navigator
Posts: 262
Joined: 19 Mar 2008 16:25
Owned TM-games: TMN, TMUF
Manialink(s): rrmania
Contact:

Re: about identity theft

Post by Pesky » 29 Sep 2009 08:18

yup. If you set a minimum client Version in config the player gets kicked with a notification windows saying that he has an obsolete Version and a Link to the download.

But out of 100 Players maybe 10 klick it...and maybe 5 install it. The rest comes back over and over again trying to join and give up eventually...

Post Reply