O.K., It's time I update everybody on what is happening in the security area.
First, Troublesome is back and working on a fix for UTDC 2.0c to make it more stable. Hopefully soon we will be able to run it on our main server. Right now it is not running because a few bugs would cause our server(s) to crash very often because of it. I am keeping an eye out and will test the new fixes as soon as he posts them. He has not said when the fixes will be available however. It's a case of wait and see I suppose. Hopefully very soon.
Next, something probably all of you didn't know. UTDC generates a separate log file every time it wants to say something. Every time you see "**** has been logged," a separate log file was made and stored on the server in the Logs directory. This means that on an average week, I get around 1000 log files. When you see a person come in with a name containing all those funky characters, I have problems. Those characters are non-ascii, non-7 bit, known in computerize as "gremlins." The problem with those characters is that they choke text editors causing them to stop searching once they encounter one of those characters. This means I have to manually open and read every single file to look for positive hits. I might get 1 hit in 1000 files. Last week I got 8, some weeks I get none. Now, really wrap your head around that number, 1000. You can see why I have been having so many problems. As of last night I was behind several weeks in reading the files. If all of my time is spent reading the files, then there is no time to act on the positive hits.
Well, last night that changed. A friend of mine and friend to DOU (__J), wrote a script that is running on the server that will combine all of the files into one, in the proper order, and strip out all of the bad characters while doing so. Then I download this 1 single file, open it in a special text editor (a text editor is *NOT* the same thing as a word processor) and search for the words that would be contained in a positive hit. There are only a couple. Because of this I was able to accurately process about 4000 logs in about half an hour. Now I will be able to spend time acting on the problem children as opposed to just identifying them.
Now that this is done, I can spend some time creating a new special server that I want to use to catch the cheaters that UTDC 1.8x doesn't catch. Using ASC Lite (which will be installed on the Sniper server), I can "stuff" people to the other server from the sniper server without forewarning. This means they will instantly disconnect from the Sniper server and connect to the other server. This will happen very quickly and hopefully before they have time to react. Why would I do this? Simple. While UTDC 2.0c isn't stable enough to run on the Sniper server, it will be fine to run on the test server where we won't care if it crashes or not. So long as it scans the player we will be good. Obviously, UTDC 2.0c will catch cheaters that UTDC 1.8x wouldn't. Due to the enormous potiental for abuse in "stuffing" players, I will not be giving anybody else the ability to do this, and it will only be done when there is overwhelming circumstantial evidence that someone is cheating.
I will also be adding a mod menu checker to the Sniper server as soon as I learn how to use it (a few days). This will check to see if a person has some cheats installed, even if they weren't using them at the time of being checked by the other cheat protection utilities. This is called "AntiShockHo," a name left over from when the utility used to just stop one specific thing from happening.
So, right now we have UTDC 1.8x and AnthChecker running on the server. Soon (this week) it will also be running AntiShockHo and ASC Lite. Here is a better run-down of what each of these does:
UTDC: This checks your computers memory for processes that identify known illegal processes like UTXBot, Helios, and ElfBot. This is our main line of defense.
AnthChecker: Most cheats run by using a modified version of a stock system file, such as UTMenu.u or such. Anthchecker does a quick checksum of these files on your computer when you connect and then if the checksum doesn't match up, reports it to a log file. The utility has both blacklists and whitelists for the checksums it generates. So sometimes the crc might not match up, but is a known legal modification (whitelisted), and the player is allowed to continue. Other times, the crc matches that of a known cheat. When that happens, the player is kicked and logged. Still other times the crc is different but not on the white or black lists. In that case the player is allowed to continue but logged. Most of these are false hits anyway but I do look at them to make sure this is so.
AntiShockHo: This will check to see what is in the players Mod Menu looking for UTScript hacks. If it finds for example "UTXBOT Radar" in the menu it will report it back to me even if the person wasn't using it. We will discuss how to handle that soon, but I am thinking that if they have cheats installed, fuck 'em, ban 'em, if you have cheats installed you plan to use them. Also, it will check the players key binds. So for example if someone has the letter g bound to toggle radar on and off, we will see this.
ASC Lite: This is a stripped down version of ASC. We neither want nor need all of the features of the full version of ASC, and server memory saved is server memory saved. This will allow me to "stuff" people to another server in the hopes of further busting them. Also, with this tool I can ban people by MAC address as opposed to just their IP address. Every computer has a unique MAC address, and this cannot normally be changed. So once a person is banned this way, changing their IP will not help them get back on ur server.
So, there is your run-down on what's going on, people. Give me time as I get everything going. I still need to get through the logs of the confirmed cheaters and post all of that information. I plan to lift all of the IP bans too, in the hopes that these people will come back and I can then MAC ban them. Wow, MAC really is better. π
Discuss.
T
Can you say all that again, but this time do it in English please 
Sounds like it should really clean up many problem people. Looking forward to it.
sounds good tommy
Big job but good job T !!!! π‘
Sounds good to me. I like the other server "stuffing". I wonder how fast it will be? The only issue that I can see is that the cheater will have to download UTDC 2.0. It could give them enough time to hit the f10 key.
{DOU}The Jargonaut wrote: Sounds good to me. I like the other server "stuffing". I wonder how fast it will be? The only issue that I can see is that the cheater will have to download UTDC 2.0. It could give them enough time to hit the f10 key.
Well, even super-geniuses like me need to take a moment to think. π
What I am hoping is that first they think I just changed the map. Also, I am willing to bet that most cheaters have the new UTDC 2.0c installed since they test it with their cheats all the time trying to find one that will bypass it. Also, with the files on redirect, even if they don't, it should be very fast (thus the taking time to think / realize what is going on).
If they are that quick on the disconnect then that is just more for us to add to the suspicion list. At some point even with just circumstantial evidence we may just decide to make a ruling and punt the fok.
Once UTDC 2.0c is fixed and running full time on the sniper server, it will be interesting to see who stops coming around and who has a major decrease in skill-level.
T
Man do you ever sleep?!?!
Latest Post: IRC How-To Our newest member: Wrotkaw Recent Posts Unread Posts
