1. Post #1721

    October 2013
    860 Posts
    So, in regards to my analogy, someone that claims developers of games (a type of software) should be able to predict all avenues of exploit and fix them before they happen is also claiming that developers of other types of software should be able to do the same thing.
    And ... here's where your argument falls to pieces.

    One, I didn't claim "developers of games (a type of software) should be able to predict all avenues of exploit and fix them before they happen". And if I had, it doesn't logically follow that "developers of other types of software should be able to do the same thing". Besides being a logical fallacy, and despite your assertion (which I will accept for the sake of argument though I think it's a gross oversimplification and an abuse of the term) that the development cycles are the same, that doesn't mean they are the same exact thing with identical functionality and context. One example: viruses run locally and a multiplayer game has a server and client. The rules are (or at least can be if you design them to be) different.

    With authoritative server, you don't have to 'predict all avenues of exploit'. There is only one avenue -- the information given to you by the client. You can trust it implicitly (bad, even Rust doesn't do that) or almost not at all (not realistic due to resource constraints) or somewhere in between (more authoritative for some things, less for others). It doesn't matter what the client is doing on its side (or whatever avenue it is choosing, to use your wording) to tell the server that the player is flying, if the server is designed to heuristically analyze movement and disallow it, the client can't do anything about it.

  2. Post #1722

    February 2014
    15 Posts
    And ... here's where your argument falls to pieces.

    One, I didn't claim "developers of games (a type of software) should be able to predict all avenues of exploit and fix them before they happen". And if I had, it doesn't logically follow that "developers of other types of software should be able to do the same thing". Besides being a logical fallacy, and despite your assertion (which I will accept for the sake of argument though I think it's a gross oversimplification and an abuse of the term) that the development cycles are the same, that doesn't mean they are the same exact thing with identical functionality and context. One example: viruses run locally and a multiplayer game has a server and client. The rules are (or at least can be if you design them to be) different.

    With authoritative server, you don't have to 'predict all avenues of exploit'. There is only one avenue -- the information given to you by the client. You can trust it implicitly (bad, even Rust doesn't do that) or almost not at all (not realistic due to resource constraints) or somewhere in between (more authoritative for some things, less for others). It doesn't matter what the client is doing on its side (or whatever avenue it is choosing, to use your wording) to tell the server that the player is flying, if the server is designed to heuristically analyze movement and disallow it, the client can't do anything about it.
    You're still ultimately wrong because as long as there is communication between the server and the client then there is a way to mess with the server using the client. There is no way to make a hackproof server. None. Ever. It doesn't matter how isolated or controlled you think the conditions are, someone somewhere will manage to find a hole. Asking Garry to anticipate all these holes in advance, especially when this is Alpha, not Beta, not Release, is ridiculous.

    You pretty much can't do what you're saying to do, and no matter the countermeasures there will be hacks. Maybe not tomorrow, maybe not next week, but there will be, and the hacks will happen in less time than it takes you to design the system.

  3. Post #1723

    October 2013
    860 Posts
    You're still ultimately wrong because as long as there is communication between the server and the client then there is a way to mess with the server using the client.
    I get the feeling you don't understand client-server architecture and the concept of an authoritative server. I get the feeling you think I am pulling this stuff out of my arse. I am not.

    "there is a way to mess with the server using the client"

    Whoa, whoa, whoa, stop getting all jargon-y on me, I can't follow the fancy technical explanation you are using to make your point.

    "There is no way to make a hackproof server. None. Ever"

    True, so it's a good thing that that isn't at all what I am suggesting.
    Reply With Quote Edit / Delete Reply United States Show Events Zing Zing x 1 (list)

  4. Post #1724

    January 2014
    6 Posts
    You're still ultimately wrong because as long as there is communication between the server and the client then there is a way to mess with the server using the client. There is no way to make a hackproof server. None. Ever. It doesn't matter how isolated or controlled you think the conditions are, someone somewhere will manage to find a hole. Asking Garry to anticipate all these holes in advance, especially when this is Alpha, not Beta, not Release, is ridiculous.

    You pretty much can't do what you're saying to do, and no matter the countermeasures there will be hacks. Maybe not tomorrow, maybe not next week, but there will be, and the hacks will happen in less time than it takes you to design the system.
    Mostly wrong. There is always going to be some sort of exploits, but many of the hacks we're seeing are the result of a server that is far too trusting of the information the client is sending it. A client sends the server "hey I'm chilling in the sky, zero velocity" and the server says "thanks I'll pass that on". Exploits like server wide fall damage are the result of this design. The server is actually relaying messages that should probably only originate with the server.

    It's called sanity checking the data. I can understand an an alpha server not doing this, but at some point the server is going to need to validate data. It won't prevent all exploits but it can prevent certain types of exploits from occurring. The fact that it can't prevent all exploits is not a reason to not implement sanity checking.
    Reply With Quote Edit / Delete Reply United States Show Events Winner Winner x 4 (list)

  5. Post #1725
    Ah5atan's Avatar
    February 2014
    4 Posts
    Over the next couple of days you might find yourself not being able to join the official servers. You might be getting a message saying you're banned.

    It would help us a lot if you would confirm that you have been cheating, have been banned anc cheatpunch if working properly. that way we'll be able to roll it out to all the other servers faster.

    If you find yourself banned and are positive that you haven't been cheating then please post your full 64bit steamid in the thread and we will look into it.

    We won't tell you exactly how cheatpunch works because we want to catch as many cheats as possible. It's been running for 4 days. Right now we have 4,573 bans in the database.

    I'll admit up! Was light hacking so I could see at night. Promise I wasn't doing it to raid or become a bandit or whatever.
    My boyfriend showed me the hacks (he's also banned and I've never used hacks in my life so it was extremely new to me)
    But cheaters never win as stated! Now I can't play as much as I want and it really sucks because I really like the game!
    I got what a deserved I suppose.
    Keep it up Garry! Cheatpunch is definitely working!
    Reply With Quote Edit / Delete Reply Windows 7 United States Show Events Friendly Friendly x 4Winner Winner x 4 (list)

  6. Post #1726
    FREE RUST KEYS
    Dennab
    December 2012
    3,544 Posts
    This thread is golden.
    Reply With Quote Edit / Delete Reply Windows 7 United States Show Events Agree Agree x 2 (list)

  7. Post #1727
    V10lator's Avatar
    June 2013
    102 Posts
    You can stop flying 100%, regardless of how they hack the client, if you implement on the server side an algorithm that detects movement over time that couldn't physically be possible. Doesn't matter how they hack the client, this would stop flying.
    And it would give a ton of false positives. Just think about the following situation:
    Player A stands on a mountain, the next cliff to jump off is 30 seconds away. Server lag occurs. Player runs to the cliff and jumps off. Server lag goes away.
    Now the server thinks the player has gone from the mountain into mid-air in a time physically not possible (next cliff was 30 seconds away, thanks to the lag the server thinks the player made this in 10 seconds). Result: Ban cause of speed and fly hack.

    You see, such server-side sanity checks are good for one time actions (Facepunch_Kick_Violation) but not for permanent actions (VAC/cheatpunch ban).

  8. Post #1728

    February 2014
    360 Posts
    And it would give a ton of false positives. Just think about the following situation:
    Player A stands on a mountain, the next cliff to jump off is 30 seconds away. Server lag occurs. Player runs to the cliff and jumps off. Server lag goes away.
    Now the server thinks the player has gone from the mountain into mid-air in a time physically not possible (next cliff was 30 seconds away, thanks to the lag the server thinks the player made this in 10 seconds). Result: Ban cause of speed and fly hack.

    You see, such server-side sanity checks are good for one time actions (Facepunch_Kick_Violation) but not for permanent actions (VAC/cheatpunch ban).
    That works fine.

    Hacker can't fly because they keep getting kicked off the server is almost as good as hacker can't fly because banned.

  9. Post #1729
    V10lator's Avatar
    June 2013
    102 Posts
    That works fine.

    Hacker can't fly because they keep getting kicked off the server is almost as good as hacker can't fly because banned.
    Not from a financial PoV cause now the cheaters won't get banned anymore, so they can just search for tools that work till they find one. If they get banned they have to purchase the game again. Also the tool writers (the real hackers) will earn more money cause they don't need thousands of accounts for testing anymore. So the real result of this would be to give the tool writers more money so they can spend more time in finding weak points and cheaters being more happy cause they don't have to fear a ban anymore.

  10. Post #1730

    I'll admit up! Was light hacking so I could see at night. Promise I wasn't doing it to raid or become a bandit or whatever.
    My boyfriend showed me the hacks (he's also banned and I've never used hacks in my life so it was extremely new to me)
    But cheaters never win as stated! Now I can't play as much as I want and it really sucks because I really like the game!
    I got what a deserved I suppose.
    Keep it up Garry! Cheatpunch is definitely working!
    world needs more honest people like you around.
    Reply With Quote Edit / Delete Reply United States Show Events Funny Funny x 1 (list)

  11. Post #1731
    Resident Beat Eater.
    wauterboi's Avatar
    August 2009
    4,881 Posts
    And it would give a ton of false positives. Just think about the following situation:
    Player A stands on a mountain, the next cliff to jump off is 30 seconds away. Server lag occurs. Player runs to the cliff and jumps off. Server lag goes away.
    Now the server thinks the player has gone from the mountain into mid-air in a time physically not possible (next cliff was 30 seconds away, thanks to the lag the server thinks the player made this in 10 seconds). Result: Ban cause of speed and fly hack.

    You see, such server-side sanity checks are good for one time actions (Facepunch_Kick_Violation) but not for permanent actions (VAC/cheatpunch ban).
    Uh, I can jump off of any cliff in any Source game and be completely fine, and I'm also not able to fly.

    I am able to speedhack in the Source engine, but what I'm trying to say is no one should be kicked for the simple action of legitimate physics-based lagfest cliff dives. There's a way to do sanity checking that doesn't cause ridiculous banning/kicking.

  12. Post #1732

    February 2014
    360 Posts
    Not from a financial PoV cause now the cheaters won't get banned anymore, so they can just search for tools that work till they find one. If they get banned they have to purchase the game again. Also the tool writers (the real hackers) will earn more money cause they don't need thousands of accounts for testing anymore. So the real result of this would be to give the tool writers more money so they can spend more time in finding weak points and cheaters being more happy cause they don't have to fear a ban anymore.
    Simply one less avenue to exploit. Should be done serverside anyway, will prevent any kind of flying or speedhack. Same for damage done to objects/people.

    And if someone is repeatedly getting kicked for impossible movement then that can be flagged as a reason to have a closer look for hacking.

  13. Post #1733

    February 2014
    27 Posts
    Fair Fight Server Side Anti Cheat

    Thats what you guys are looking for.

    A anti cheat system not checking for injected data on the client but a heuristic system that runs on the server.

    BF4 uses it. I did not follow it long enough but it works quiet nice what i heard.

  14. Post #1734
    Dennab
    May 2007
    397 Posts
    BF4 uses it. I did not follow it long enough but it works quiet nice what i heard.

    Hmm FF didn't ban me yet.
    Sure, add it to Rust :)

  15. Post #1735

    February 2014
    1 Posts
    Check if you (or "your friend", "your cat") are banned: https://playrust.eu/bancheck.php
    Hi. I recently bught a game and played max 2 hours. Few days later I received a VAC ban. I never cheated, not with so many games on my steam account.
    My profile on cheatpunch is clear, I dont find it there. My ID: STEAM_0:1:5051785 .
    I want to get FULL REFUND of the game
    Reply With Quote Edit / Delete Reply Windows 7 Poland Show Events Funny Funny x 9 (list)

  16. Post #1736

    February 2014
    4 Posts
    http://steamcommunity.com/id/desireeee/
    Good Afternoon,
    I had a very peculiar incident with my Rust account. I've encountered a recent bug - tried to enter the door (it looked open), when in fact it was closed, got Red screen. Then after I reconnected, received this worrying message - "facepunch_Kick_Ban".
    Now the weird part, I didn't receive a VAC-ban, here is proof - http://oi58.tinypic.com/oa5iec.jpg , but I do have ban in RUST account.
    Best Regards,
    Desire
    Reply With Quote Edit / Delete Reply Windows 7 Russian Federation Show Events Funny Funny x 4 (list)

  17. Post #1737

    February 2014
    34 Posts
    Hi. I recently bught a game and played max 2 hours. Few days later I received a VAC ban. I never cheated, not with so many games on my steam account.
    My profile on cheatpunch is clear, I dont find it there. My ID: STEAM_0:1:5051785 .
    I want to get FULL REFUND of the game
    Take it up with Steam. Not Facepunch's fault you got VAC banned. VAC is steam. Your post here isn't going to get shit done.
    Reply With Quote Edit / Delete Reply Windows 7 United States Show Events Agree Agree x 1 (list)

  18. Post #1738
    FREE RUST KEYS
    Dennab
    December 2012
    3,544 Posts
    http://steamcommunity.com/id/desireeee/
    Good Afternoon,
    I had a very peculiar incident with my Rust account. I've encountered a recent bug - tried to enter the door (it looked open), when in fact it was closed, got Red screen. Then after I reconnected, received this worrying message - "facepunch_Kick_Ban".
    Now the weird part, I didn't receive a VAC-ban, here is proof - http://oi58.tinypic.com/oa5iec.jpg , but I do have ban in RUST account.
    Best Regards,
    Desire
    Okay sure you didn't cheat. *wink*
    Reply With Quote Edit / Delete Reply Windows 7 United States Show Events Funny Funny x 1Dumb Dumb x 1 (list)

  19. Post #1739

    February 2014
    34 Posts
    http://steamcommunity.com/id/desireeee/
    Good Afternoon,
    I had a very peculiar incident with my Rust account. I've encountered a recent bug - tried to enter the door (it looked open), when in fact it was closed, got Red screen. Then after I reconnected, received this worrying message - "facepunch_Kick_Ban".
    Now the weird part, I didn't receive a VAC-ban, here is proof - http://oi58.tinypic.com/oa5iec.jpg , but I do have ban in RUST account.
    Best Regards,
    Desire
    The account profile in the pic and the one that comes up when I attempt to look up your steam ID by the link you gave does not match.

    You need to look for the actual ID and not your custom URL.

    http://steamcommunity.com/profiles/76561198002827224 This is what comes up when I search your custom URL and it does not match the profile in the pic. Either you are lying, or every steam ID finder on the planet pulls up someone else's steam ID when I try to find you.

  20. Post #1740

    February 2014
    0 Posts
    http://image-upload.de/image/0I3Ne4/adb36e4085.jpg
    Respawned at UK1 and 2 got hits without noise. Everyone should know about this hack.
    I am wondering why you can't prevent the player to do something like that.
    Please do something about this. Aimbot/onehit destroys the game..

  21. Post #1741
    Dennab
    February 2014
    23 Posts
    http://steamcommunity.com/profiles/76561198122090387

    I didn't even know I was banned untill I checked the bancheck while reading a thread here.
    Says I was banned almost 2 weeks ago, but I don't have any problems joining a server?
    Also what the hell is ESP?
    Electronic stability program? I haven't even driven a car in rust...

    Look into it if you like, it's not really a problem to me because I don't experience difficulties joining servers.
    Reply With Quote Edit / Delete Reply Windows 7 Belgium Show Events Dumb Dumb x 3 (list)

  22. Post #1742

    January 2014
    218 Posts
    And it would give a ton of false positives. Just think about the following situation:
    Player A stands on a mountain, the next cliff to jump off is 30 seconds away. Server lag occurs. Player runs to the cliff and jumps off. Server lag goes away.
    Now the server thinks the player has gone from the mountain into mid-air in a time physically not possible (next cliff was 30 seconds away, thanks to the lag the server thinks the player made this in 10 seconds). Result: Ban cause of speed and fly hack.

    You see, such server-side sanity checks are good for one time actions (Facepunch_Kick_Violation) but not for permanent actions (VAC/cheatpunch ban).
    Kick, not ban. Kicking any anomalies like this would render speed, fly, and jump hacks obsolete. The time wasted to reconnect would not be worth it.

    Edited:

    Not from a financial PoV cause now the cheaters won't get banned anymore, so they can just search for tools that work till they find one. If they get banned they have to purchase the game again. Also the tool writers (the real hackers) will earn more money cause they don't need thousands of accounts for testing anymore. So the real result of this would be to give the tool writers more money so they can spend more time in finding weak points and cheaters being more happy cause they don't have to fear a ban anymore.
    Agreed, but it's a simple stopgap measure, agreed?

  23. Post #1743

    February 2014
    4 Posts
    The account profile in the pic and the one that comes up when I attempt to look up your steam ID by the link you gave does not match.

    You need to look for the actual ID and not your custom URL.

    http://steamcommunity.com/profiles/76561198002827224 This is what comes up when I search your custom URL and it does not match the profile in the pic. Either you are lying, or every steam ID finder on the planet pulls up someone else's steam ID when I try to find you.
    try again http://steamcommunity.com/id/77772436123545

  24. Post #1744

    February 2014
    34 Posts
    That pulls up the same profile that I found and it STILL does not match the image you linked to. Explain to me how the hell the profile I'm finding, does not match the profile in the image in any way, shape, or form.

  25. Post #1745
    SteakStyles's Avatar
    March 2010
    3,693 Posts
    Could you change the profile to not be private? Only as a measure so people know you didn't just throw a fresh account together that would come up clean.
    Reply With Quote Edit / Delete Reply Windows 7 United States Show Events Dumb Dumb x 1 (list)

  26. Post #1746

    February 2014
    34 Posts
    Could you change the profile to not be private? Only as a measure so people know you didn't just throw a fresh account together that would come up clean.
    Since none of the aliases listed are in Russian, I'm going to guess that the profile in the image and the profile we're finding are not the same profile. There are no names in common.

  27. Post #1747
    Cabbalistic's Avatar
    September 2009
    1,863 Posts
    The picture that he gave shows dwar715 as a username. Entering this into steam takes me to this profile http://steamcommunity.com/id/77772436123545. Right clicking to view source, and doing Ctrl + F to find the id starting with 76 gives me 76561198002827224. Putting this into cheatpunch gives a ban from today for Aimbot/ESP/LightHack.
    Reply With Quote Edit / Delete Reply Windows 7 United Kingdom Show Events Informative Informative x 1 (list)

  28. Post #1748

    October 2013
    860 Posts
    And it would give a ton of false positives. Just think about the following situation:
    Player A stands on a mountain, the next cliff to jump off is 30 seconds away. Server lag occurs. Player runs to the cliff and jumps off. Server lag goes away.
    Now the server thinks the player has gone from the mountain into mid-air in a time physically not possible (next cliff was 30 seconds away, thanks to the lag the server thinks the player made this in 10 seconds). Result: Ban cause of speed and fly hack.

    You see, such server-side sanity checks are good for one time actions (Facepunch_Kick_Violation) but not for permanent actions (VAC/cheatpunch ban).
    Or you could design an algorithm that accounts for false positives (like lag might cause) like TexRob mentioned.

    Edited:


    I'll admit up! Was light hacking so I could see at night. Promise I wasn't doing it to raid or become a bandit or whatever.
    My boyfriend showed me the hacks (he's also banned and I've never used hacks in my life so it was extremely new to me)
    But cheaters never win as stated! Now I can't play as much as I want and it really sucks because I really like the game!
    I got what a deserved I suppose.
    Keep it up Garry! Cheatpunch is definitely working!
    Let me get this straight. You (a girl I assume, although the sentiment is the same regardless) like playing video games like Rust with your boyfriend. Why is your boyfriend cheating? He is already winning.
    Reply With Quote Edit / Delete Reply United States Show Events Dumb Dumb x 2 (list)

  29. Post #1749
    Dennab
    February 2014
    23 Posts
    Let me get this straight. You (a girl I assume, although the sentiment is the same regardless) like playing video games like Rust with your boyfriend. Why is your boyfriend cheating? He is already winning.
    Is actually a 30 year old basement dwelling guy.
    Plays girl card for sympathy.

    Welcome to the internet.
    Reply With Quote Edit / Delete Reply Windows 7 Belgium Show Events Dumb Dumb x 4Agree Agree x 2 (list)

  30. Post #1750
    lolo's Avatar
    February 2010
    2,051 Posts
    Is actually a 30 year old basement dwelling guy.
    Plays girl card for sympathy.

    Welcome to the internet.
    Gender doesn't even matter, I treat every person the same either way, because you or I will never truly understand everyone on the internet.

  31. Post #1751

    February 2014
    16 Posts
    Hi, I'm a fresh Admin of a brand new server of rust and pleased to be!

    I've a couple of "suspect" guys on my server that is running with VAC protection and CheatPunch protection.

    How can I "force" CheatPunch to take screenshot of these guys? Or to have more control on them? Is that any way to do?

    Thanks in advice

  32. Post #1752
    Gold Member
    lintz's Avatar
    May 2006
    7,560 Posts
    no. all automated.

  33. Post #1753
    Ah5atan's Avatar
    February 2014
    4 Posts
    Is actually a 30 year old basement dwelling guy.
    Plays girl card for sympathy.

    Welcome to the internet.
    I'm actually a 20 year old woman, with a child, and play video games in my spare time.
    Nice try though (:
    Reply With Quote Edit / Delete Reply Windows 7 United States Show Events Disagree Disagree x 2 (list)

  34. Post #1754

    December 2013
    241 Posts
    I'm actually a 20 year old woman, with a child, and play video games in my spare time.
    Nice try though (:
    that's exactly what a 30 year old basment dwelling guy who plays the girl card for sympathy would say!
    Reply With Quote Edit / Delete Reply Windows XP United States Show Events Funny Funny x 3Dumb Dumb x 2Useful Useful x 1 (list)

  35. Post #1755
    Gold Member
    Sievers808's Avatar
    December 2013
    2,322 Posts
    that's exactly what a 30 year old basment dwelling guy who plays the girl card for sympathy would say!
    I have a hard time taking someone using IE seriously.
    Reply With Quote Edit / Delete Reply Windows 7 United States Show Events Funny Funny x 3Dumb Dumb x 1Friendly Friendly x 1Agree Agree x 1 (list)

  36. Post #1756
    Ah5atan's Avatar
    February 2014
    4 Posts
    that's exactly what a 30 year old basment dwelling guy who plays the girl card for sympathy would say!
    You guys can believe what you want to believe. It doesn't hurt my feelings any.
    But if you really need proof that I am in fact a female my twitter page is on my profile for
    anyone with doubts.
    <3
    And thank you to everyone else that has been very nice! :]
    Reply With Quote Edit / Delete Reply Windows 7 United States Show Events Dumb Dumb x 1 (list)

  37. Post #1757
    Hey, iamcpc, stop with talking shit about what's in someone's pants, it's really none of your business and frankly it's a detail that's kind of creepy to be so insistent about. Actually shut up about that, please. I'm not a mod but this is shitposting and you don't have to be a mod to know that shitposting's not encouraged, to put it lightly.

    As I am not a mod, I am not going to predict what consequences this may have, if any. But you should still really consider stopping.
    Reply With Quote Edit / Delete Reply Show Events Friendly Friendly x 2Dumb Dumb x 1 (list)

  38. Post #1758
    Dennab
    February 2014
    23 Posts
    But if you really need proof that I am in fact a female my twitter page is on my profile for
    anyone with doubts.
    <3
    So do I.
    I'm 23/m though...
    Reply With Quote Edit / Delete Reply Windows 7 Belgium Show Events Dumb Dumb x 2 (list)

  39. Post #1759
    http://steamcommunity.com/profiles/76561198122090387

    I didn't even know I was banned untill I checked the bancheck while reading a thread here.
    Says I was banned almost 2 weeks ago, but I don't have any problems joining a server?
    Also what the hell is ESP?
    Electronic stability program? I haven't even driven a car in rust...


    Look into it if you like, it's not really a problem to me because I don't experience difficulties joining servers.
    could you lie more blatantly than this? lmao
    Reply With Quote Edit / Delete Reply United States Show Events Agree Agree x 1 (list)

  40. Post #1760
    Ah5atan's Avatar
    February 2014
    4 Posts
    So do I.
    I'm 23/m though...
    Question, why is it such a big deal that I am a female that you have to try to go to great lengths to try and prove me wrong when I am clearly right.
    Yeah some people may pose to be someone else, but if I was that dishonest of a person, then why would I come to this forum and state that I have been cheating honestly so the actual creator of the game could see?
    I think I've proven myself honest enough, and I don't understand why my sex is a problem here in the first place? that you have to go to these lengths just to try and prove me wrong.
    And could you please sir, remove my username from your profile. Because that's getting beyond creepy.