search

gunslinger23 / maniadminplugin

Automatically exported from code.google.com/p/maniadminplugin
1 stars 1 forks source link

Check for LUA Scripts being loaded / optional disallow client sided plug-ins alltogether #110

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
Link to LUA Scripts HP: http://www.3rdera.com/

LUA Scripts are often used to crash / exploit OB based games. Since it is a
plug-in that has to be loaded client-sided, we could easily scan for it
being loaded, and if LUA has been found, we could allow the server operator
to kick or optionally ban by x minutes with a custom message.

Since even officially supported LUA scripts are sometimes exploit related
or used to gather an unfair advantage, i sugggest it is fine if we provide
an option via Mani to disallow this client - sided plugin.

Since there are also 2 other exploits based on runnging plug-ins
client-sided, we also could think about making this thingy flexible to
disallow client-sided loaded plug-ins altogether

Original issue reported on code.google.com by farnhammer_manuel@web.de on 29 Apr 2010 at 6:36

GoogleCodeExporter commented 9 years ago 
You cannot detect client side plugins.  I don't know how we would go about doing
this.  I do know VALVe is in the middle of correcting this.  But I don't think 
we can
do it via Mani.

Original comment by keeper....@gmail.com on 30 Apr 2010 at 2:14

GoogleCodeExporter commented 9 years ago 
I think it should be possible by forcing to run plugin_print on the client and 
maybe
hook the output then?

Either way, if i'm not wrong, Kigen's Anti Cheat Plugin V.1.1.9
(http://forums.alliedmods.net/showthread.php?t=72354) implements an option to 
scan
for client-sided plugins.

And i know i've been autokicked from TF2 server, because i got M-A-P running 
(testing
on listenservers, forgot to remove the .vdf -.-) so, it has to be possible

Original comment by farnhammer_manuel@web.de on 30 Apr 2010 at 10:35

GoogleCodeExporter commented 9 years ago 
I did remake of KAC for my server and detecting plugins is done by scanning 
client
console variables. When plugin detects ma_version then kicks client (most stupid
thing for me). It kicked regular players on my server and I removed it. So, 
this is
no protection and could be easily cheated.

Original comment by lordmar...@gmail.com on 30 Apr 2010 at 1:07

GoogleCodeExporter commented 9 years ago 
I think as a server side plugin, we can't deal with everything.  Maybe 
somewhere in
the future we can look at this, but as soon as we do ... they'll patch their
software.  Best for VALVe to figure this out and stop it.I think as a server 
side
plugin, we can't deal with everything.  Maybe somewhere in
the future we can look at this, but as soon as we do ... they'll patch their
software.  Best for VALVe to figure this out and stop it.

Original comment by keeper....@gmail.com on 10 May 2010 at 12:36