ID:153889
 Nov 10 2002, 4:47 pm
|
|
is there anything we can put into a game to prevent hackers because a hacker got into my friends game and blocked him out for almost all day so we just rehosted it. anyone know if theres a way?
| |
Yeah. It involves a shotgun, some buckshot shells, and a tracking device planted on his computer....
| |
well there are good hackers and bad hackers this guy was obviously a bad hacker and i think he should be banned from byond because he struck once hes likely to do it again
| |
Judgement wrote:
well there are good hackers and bad hackers this guy was obviously a bad hacker and i think he should be banned from byond because he struck once hes likely to do it again Based on what BigMac said--or rather, didn't say at all--there's no evidence that this person "hacked" anyone or anything. What did he do, and what was tried to deal with him? Lummox JR | |
Yeah, let's just ban him from BYOND. He's a baddie.
Lummox, why even bother with people like this? There was probably a dumb game error or firewall problem. | |
Lord of Water wrote:
Yeah, let's just ban him from BYOND. He's a baddie. Getting more info about it could improve any chance of helping with an actual problem--whether it's improving the game's ban system, or fixing whatever else might have gone wrong. Lummox JR | |
Has there actually been a confirmed case of someone "commandeering" someones game through "hacking"?
Every few weeks it seems another one of these reports pops up but they either don't respond after their first post or just keep saying, "Just ban him!" (and of course don't even mention who it was). I know very little about hacking and what people can actually do with it (other than break into government computers :op). I can understand them hacking into someones computer and stealing the game files (which is still very unlikely) but could they actually commandeer his game and then have him still host another copy of the game? That doesn't make any sense to me from what little I know. | |
English wrote:
Has there actually been a confirmed case of someone "commandeering" someones game through "hacking"? That's the thing. BigMac is reporting a problem he doesn't understand. Obviously the problem is something simpler, and it's probably something he can deal with himself. To help him deal with it himself, though, we'll have to know more about this troublemaker he describes than the very vague statement that he "hacked" the game. As experienced (and some inexperienced) game authors know, there are many things that could be done to mess with a game that might be called "hacking", that need to be anticipated. If they're not, a rogue player can run the host ragged. Lummox JR | |
English wrote:
but could they actually commandeer his game and then have him still host another copy of the game? Its one of the dangers of not using your own code and relying completely on libaries. If you could 'hack into' a savefile, you could probably make yourself a Admin in quite a few games. All it takes is for the libary to save the list of Administrators (Made that way so you can add and remove Admins easily). Although the other danger with libaries is that if you dont pay attention, you could be handing over 100% control to someone else. They could have a dummy global.var telling you to put your key there, and later down the code have the real global.var that tells the system who is in charge. -DogMan | |
You'd figure out pretty quick from singleplayer testing that this was the case, though. Generally, libraries can be trusted (at least all of the ones I've come across).
| |
Dog Man wrote:
English wrote: That's an excellent point, and one that probably deserves mentioning in more detail. A while back Air Mapster did a good BYONDscape article on cheats, including savefile hacks, but this is a very important one. In Incursion I use 2 vars for expediency: ishost and isadmin. The host is set at runtime and the admin flag is set up from a list. But as Incursion doesn't save players (no need to), this isn't a problem. Yet in any other game that used those vars but did save characters, it's a big problem. Looking someone up in the admin list every time they try to use an admin command isn't very helpful; besides, the verbs list doesn't get saved anyway. The best solution is something like this: mob/Read(savefile/S) BYONDscape is always looking for good articles. If you can think of more situations like this one where savefiles can be misused, I bet you could contribute something really excellent to complement Air Mapster's article. Lummox JR | |
Heh, maybe Spuzzum went and added a secret "Make me admin" feature to his S_Admin lib and is going around terrorizing people under different key names :o)
| |
Here's a very good article (it's long, so you might want to download the PDF instead) about Steve Gibson's trials with the "hacking" community: http://grc.com/dos/grcdos.htm
In actuality, "hackers" are people who modify programs to make them do things that are different (eg. hacking your copy of Counter-Strike to give yourself unlimited health) -- the people who try to do malicious things to other computers are more accurately referred to as crackers, as they crack or simply brute-force the security of other systems. I would accurately describe Mr. Gibson (no, not me; that guy) as a cracker, since he knew how to break through security measures that so-called hackers have erected. There are a couple facts that are important to note: one, anyone who claims they're a hacker probably doesn't know the first thing about cracking computers' security. Two, there's probably only one good cracker for every million or so internet users on the planet. | |
However, there's still the matter of getting that savefile off of the server, decoding it, modifying the necessary data, then putting it back onto the server.
The only way you could do that is via a trojan, and hopefully people who run servers are smart enough not to open files from people they've never met. (I also have a custom mail filter that I use -- I highlight any message over 25KB in size in red. Some (very few) viruses/trojans/worms are intelligent enough to fool Outlook into not displaying the attachment symbol, but no one can fool the file size. Most trojans/viruses/worms are over 50KB in size, so if you receive a message from someone you don't know (or don't know very well) and it has a large file size, then just axe it on the spot. Another thing I recommend is disabling your preview window in Outlook. That can be done by selecting View|Layout... from the menu, then clicking on the checkbox next to Show Preview Pane. That way, messages won't load until you double-click them.) | |
AHA! lol
I really need to start thinking of security now that your little tool is available to the cheating masses...lol I'm not too worried about people making themselves GMs, because that only affects their server, and I plan on reworking a lot of S_Admin... I may even remove all ability to have other GMs...since I don't intend to give the power out to anybody... And since it can be so easily taken now, the only sure-fire way to take care of it is to just take the ability away entirely...lol I'll just have it give all of the GM verbs to me and not worry about anyone else... And as for the regular DBTC savefiles, I REALLY need to get an encryption system going... Hey, I just thought of something... For your savefile editor, is there any way you could put in some sort of check for a certain variable in the savefile, and if it is set to 1, don't allow it to be edited? That way, game creators who don't want your editor to be used against them can just add in that variable set to one and keep their savefile safe(r)... | |
Until someone else works out how to do it and writes their own version which ignores that restriction. :-)
Perhaps more useful than that would be a variable, set to a key name, which would lock everyone out of editing the savefile except that key. Then again, "locking" savefiles this way doesn't really achieve much (potential hackers can fairly easily write their own version), and it would pretty much negate the usefulness of the editor anyway. | |
I really have no idea how you're using the term "hacker" here. People who claim to be hackers don't automatically gain omnipotent power to do anything they want. What was this guy doing, and how did your efforts to deal with him fail?
Lummox JR