ZERO
07-13-2012, 02:36 PM
The time has come to gear up for SMAC on our servers below is a more detailed description of what parts I plan to install and what settings. This thread is to discuss these changes before they go into effect:
SourceMod Anti-Cheat Modules and settings:
Client Protection
This module will protect your server from general client exploits that exist such as connection spam, name change spam, and invalid name/text characters.
smac_antispam_connect 0
AutoTrigger Detector
Detects cheats that automatically press buttons for players.
We are referring to these types of cheats:
BunnyHop - Player holds down +jump and continues to jump repeatedly.
Auto-Fire - Player holds down +attack and fires semi-auto weapons as if they were full-auto.
Many cheats come with these features enabled by default which could make them quite common to catch. The detections should be immune to natural human behaviour, but may be triggered by players using advanced scripts and aliases. A player binding their mousewheel to buttons should not trigger a detection.
Command Monitor
This module manages, monitors, and/or checks for Commands being used by players on the server. It manages commands that can be used to lag, crash, or freeze the server and manages them accordingly by either blocking them, kicking the player, banning the player, etc.
ConVar Checker
This module allows you to check if clients are trying to force there own cvars. This module will check if any client has a predefined cvar that differs from the server. Server admins can add there own cvars they would like to enforce or use the ones SMAC has predefined.
THIS DOES WHAT KAC already does on our server KAC will be removed when this is in place.
Each cvar wil be in this format - Cvarname "value it must be" (If not what will happen.)
These are commands clients should have at all.
0penscript (Ban)
bat_version (Kick)
beetlesmod_version (Kick)
est_version (Kick)
eventscripts_ver (Kick)
fm_attackmode (Ban)
lua_open (Ban)
Lua-Engine (Ban)
mani_admin_plugin_version (Kick)
ManiAdminHacker (Ban)
ManiAdminTakeOver (Ban)
metamod_version (Kick)
openscript (Ban)
openscript_version
(Ban) runnscript (Ban)
SmAdminTakeover (Ban)
sourcemod_version (Kick)
tb_enabled (Ban)
zb_version (Kick)
These are the rest of the cvars that SMAC looks for
sv_cheats "0" (Ban)
sv_consistency "1" (Ban)
r_drawothermodels "1" (Ban)
cl_clock_correction "1" (Ban)
cl_leveloverview "0" (Ban)
cl_overdraw_test "0" (Ban)
cl_particles_show_bbox "0" (Ban)
cl_phys_timescale "1" (Ban)
cl_showevents "0" (Ban)
fog_enable "1" (Ban)
host_timescale "1" (Ban)
mat_dxlevel "80.0 or Higher" (Kick)
mat_fillrate "0" (Ban)
mat_measurefillrate "0" (Ban)
mat_proxy "0" (Ban)
mat_showlowresimage "0" (Ban)
mat_wireframe "0" (Ban)
mem_force_flush "0" (Ban)
snd_show "0" (Ban)
snd_visualize "0" (Ban)
r_aspectratio "0" (Ban)
r_colorstaticprops "0" (Ban)
r_DispWalkable "0" (Ban)
r_DrawBeams "1" (Ban)
r_drawbrushmodels "1" (Ban)
r_drawclipbrushes "0" (Ban)
r_drawdecals "1" (Ban)
r_drawentities "1" (Ban)
r_drawmodelstatsoverlay "0" (Ban)
r_drawopaqueworld "1" (Ban)
r_drawparticles "1" (Ban)
r_drawrenderboxes "0" (Ban)
r_drawskybox "1" (Ban)
r_drawtranslucentworld "1" (Ban)
r_shadowwireframe "0" (Ban)
r_skybox "1" (Ban)
r_visocclusion "0" (Ban)
vcollide_wireframe "0" (Ban)
Rcon Locker
This module will protect your server from general rcon exploits and crashes. It will lock your rcon password after your server has started to prevent it from being changed unintentionally.
Will replace existing Rcon Locker plugin
Anti-Speedhack
This module checks for abnormal speeds on clients and attempts to block them. It runs passively in the background to prevent speedhacks from working.
This will not prevent players with extra speed in custom servers from going the same speed. It actually prevents them from going faster than the server is currently allowing that player to go.
[PUB ONLY] Anti-Wallhack
This module prevents most wallhacks from functioning correctly. The plugin manages and renders out entities so they appear when they should and not render out unless needed. This module checks certain Cvars from the clients and servers to make sure predictions are correct for players. If this module is installed on a L4D(2) server then it will only work with the survivors.
[NOT WCS] CS:S Anti-Flash
This module manages and takes care of players using anti-flash cheats on the server it's installed on. It will manually blind/flash players when they are blinded in a way clients cannot prevent.
CS:S Anti-Smoke
This module handles and manages smoke in-game for players. It will render out and set the players camera if he/she stands inside the smoke and blinds them accordingly.
Global Banlists
EasyAntiCheat
EasyAntiCheat is a server-client anti-cheat solution designed for closer knit communities such as gaming leagues. Bans are either made automatically based on client detection, or manually via client data sent to their admin team, which is then reviewed by a higher ranking admin. All ban reasons and expiration dates will be listed in the log file as banned players enter your server.
E-Sports Entertainment
ESEA is a semi-private gaming community that maintains their own internal list of cheaters. Bans are either made using their anti-cheat client, or manually on a case-by-case basis. While their website states that bans for cheating last 180 days, many bans are made permanent.
Kigen's Anti-Cheat
This list contains bans made by the old version of SMAC called "Kigens Anti-Cheat" or KAC for short. All bans on this list are permanent. It is unknown at this time if new bans are still being added to this list.
This is what we currently use and will replace this program with SMAC
Only the ConVar Checker will actually issue bans to players. All other parts either kick players or report detections to any admins that are in game. Remember that detections alone are not proof of hacking but they do suggest that a player should be evaluated and examined closly.
Please place comments below: the plan is to load this up on the vip server and verify everything works there and roll out to the other servers.
SourceMod Anti-Cheat Modules and settings:
Client Protection
This module will protect your server from general client exploits that exist such as connection spam, name change spam, and invalid name/text characters.
smac_antispam_connect 0
AutoTrigger Detector
Detects cheats that automatically press buttons for players.
We are referring to these types of cheats:
BunnyHop - Player holds down +jump and continues to jump repeatedly.
Auto-Fire - Player holds down +attack and fires semi-auto weapons as if they were full-auto.
Many cheats come with these features enabled by default which could make them quite common to catch. The detections should be immune to natural human behaviour, but may be triggered by players using advanced scripts and aliases. A player binding their mousewheel to buttons should not trigger a detection.
Command Monitor
This module manages, monitors, and/or checks for Commands being used by players on the server. It manages commands that can be used to lag, crash, or freeze the server and manages them accordingly by either blocking them, kicking the player, banning the player, etc.
ConVar Checker
This module allows you to check if clients are trying to force there own cvars. This module will check if any client has a predefined cvar that differs from the server. Server admins can add there own cvars they would like to enforce or use the ones SMAC has predefined.
THIS DOES WHAT KAC already does on our server KAC will be removed when this is in place.
Each cvar wil be in this format - Cvarname "value it must be" (If not what will happen.)
These are commands clients should have at all.
0penscript (Ban)
bat_version (Kick)
beetlesmod_version (Kick)
est_version (Kick)
eventscripts_ver (Kick)
fm_attackmode (Ban)
lua_open (Ban)
Lua-Engine (Ban)
mani_admin_plugin_version (Kick)
ManiAdminHacker (Ban)
ManiAdminTakeOver (Ban)
metamod_version (Kick)
openscript (Ban)
openscript_version
(Ban) runnscript (Ban)
SmAdminTakeover (Ban)
sourcemod_version (Kick)
tb_enabled (Ban)
zb_version (Kick)
These are the rest of the cvars that SMAC looks for
sv_cheats "0" (Ban)
sv_consistency "1" (Ban)
r_drawothermodels "1" (Ban)
cl_clock_correction "1" (Ban)
cl_leveloverview "0" (Ban)
cl_overdraw_test "0" (Ban)
cl_particles_show_bbox "0" (Ban)
cl_phys_timescale "1" (Ban)
cl_showevents "0" (Ban)
fog_enable "1" (Ban)
host_timescale "1" (Ban)
mat_dxlevel "80.0 or Higher" (Kick)
mat_fillrate "0" (Ban)
mat_measurefillrate "0" (Ban)
mat_proxy "0" (Ban)
mat_showlowresimage "0" (Ban)
mat_wireframe "0" (Ban)
mem_force_flush "0" (Ban)
snd_show "0" (Ban)
snd_visualize "0" (Ban)
r_aspectratio "0" (Ban)
r_colorstaticprops "0" (Ban)
r_DispWalkable "0" (Ban)
r_DrawBeams "1" (Ban)
r_drawbrushmodels "1" (Ban)
r_drawclipbrushes "0" (Ban)
r_drawdecals "1" (Ban)
r_drawentities "1" (Ban)
r_drawmodelstatsoverlay "0" (Ban)
r_drawopaqueworld "1" (Ban)
r_drawparticles "1" (Ban)
r_drawrenderboxes "0" (Ban)
r_drawskybox "1" (Ban)
r_drawtranslucentworld "1" (Ban)
r_shadowwireframe "0" (Ban)
r_skybox "1" (Ban)
r_visocclusion "0" (Ban)
vcollide_wireframe "0" (Ban)
Rcon Locker
This module will protect your server from general rcon exploits and crashes. It will lock your rcon password after your server has started to prevent it from being changed unintentionally.
Will replace existing Rcon Locker plugin
Anti-Speedhack
This module checks for abnormal speeds on clients and attempts to block them. It runs passively in the background to prevent speedhacks from working.
This will not prevent players with extra speed in custom servers from going the same speed. It actually prevents them from going faster than the server is currently allowing that player to go.
[PUB ONLY] Anti-Wallhack
This module prevents most wallhacks from functioning correctly. The plugin manages and renders out entities so they appear when they should and not render out unless needed. This module checks certain Cvars from the clients and servers to make sure predictions are correct for players. If this module is installed on a L4D(2) server then it will only work with the survivors.
[NOT WCS] CS:S Anti-Flash
This module manages and takes care of players using anti-flash cheats on the server it's installed on. It will manually blind/flash players when they are blinded in a way clients cannot prevent.
CS:S Anti-Smoke
This module handles and manages smoke in-game for players. It will render out and set the players camera if he/she stands inside the smoke and blinds them accordingly.
Global Banlists
EasyAntiCheat
EasyAntiCheat is a server-client anti-cheat solution designed for closer knit communities such as gaming leagues. Bans are either made automatically based on client detection, or manually via client data sent to their admin team, which is then reviewed by a higher ranking admin. All ban reasons and expiration dates will be listed in the log file as banned players enter your server.
E-Sports Entertainment
ESEA is a semi-private gaming community that maintains their own internal list of cheaters. Bans are either made using their anti-cheat client, or manually on a case-by-case basis. While their website states that bans for cheating last 180 days, many bans are made permanent.
Kigen's Anti-Cheat
This list contains bans made by the old version of SMAC called "Kigens Anti-Cheat" or KAC for short. All bans on this list are permanent. It is unknown at this time if new bans are still being added to this list.
This is what we currently use and will replace this program with SMAC
Only the ConVar Checker will actually issue bans to players. All other parts either kick players or report detections to any admins that are in game. Remember that detections alone are not proof of hacking but they do suggest that a player should be evaluated and examined closly.
Please place comments below: the plan is to load this up on the vip server and verify everything works there and roll out to the other servers.