Request: onPlayerResourceStop

[Xenius97]

Is your feature request related to a problem? Please describe.

Currently, the client can stop any resource without any consequences (on client side). Modders abuse as well. It must be hardcoded and un-removeable.

Describe the solution you'd like

onPlayerResourceStop event, similar to onPlayerResourceStart, which triggers when clientside resource got stopped ->

addEventHandler("onPlayerResourceStop", root, function(stoppedResource)
    if getResourceState(stoppedResource) == "running" then
        banPlayer(source, true, false, true, root, "Unallowed resource stop")
    end
end)

Security Policy

• [X] I have read and understood the Security Policy and this issue is not security related.

[Lpsd]

The idea of a onPlayerResourceStop is fine, but I don't think this is useful to detect/prevent cheating (ie players who stop client-side resources). If I was a cheater in this case, I would just prevent the onPlayerResourceStop event from sending.

If by stopping a client-side resource, a player is able to cause problems, then I think you need to re-consider how the resource works. Are you able to give us more information about the specific scenario; what exact issues are being caused by a player stopping a client-side resource?

[Xenius97]

Are you able to give us more information about the specific scenario; what exact issues are being caused by a player stopping a client-side resource?

In most cases, I’ve noticed that scripts which detect cheating are the ones being stopped. For example, you write a script that periodically checks what the player is doing and uses it to detect if they are flying or teleporting. If these scripts are stopped, they simply won’t work. The same applies if you are trying to detect a loadstring (or any unsafe function) with a debughook, you can’t, because the resource only runs on the server side.

Exploiting this bug provides numerous options for cheaters to harm servers. I don't want to share specific links here, but I’ve sent two cheats that can do this to botder.

I think this should either be prevented somehow or detected in some way.

[MegadreamsBE]

You'd rely on the client to inform the server that the resource is stopped. Cheaters don't truly stop the resource, rather they prevent some of the scripts from running. This won't help with this problem at all.

FYI, you can always add a unique code to each script that sends some form of identifier (ideally from a math equation it needs to solve) to the server when it initially loads. They can still spoof this, but at least it requires extra work and gives you a way to detect whether all your scripts have loaded. You can take this way further, but I won't go into too much detail.

[Lpsd]

The fact the client prevents scripts from running is a method of detection in of itself. Imagine you had a pulse event from that resource every X seconds, if you don't receive it then you know the resource isn't running.

Of course, this can also be faked by that client, and thus it fits perfectly into the cat and mouse game.

[Proxy-99]

just pushing player element to onResourceStop arguments no need to add new event but refactoring that would be a bit hard since Stop functions used by a lot of others functions that does not need player element

class function that calling the event

bool CResource::Stop(bool bManualStop)

[CrosRoad95]

. Modders abuse as well.

Modders can remove this event too, it will give people false the conviction that they are protected,

[Fernando-A-Rocha]

I vote against this. Modders/cheaters/hackers can modify the client to not notify the server that a client resource has been stopped by them. Useless feature sadly

[CrosRoad95]

You can also implement some kind of "ping" functionality. Send trigger to client resource with random payload, and expect client to respond in ~0.5second, if client did not respond -> cheater