AlliedModders - (not a Sourcebans issue) All players reported as having the same IP address

AlliedModders (https://forums.alliedmods.net/index.php)

- SourceBans / SourceBans++ (https://forums.alliedmods.net/forumdisplay.php?f=152)

- - (not a Sourcebans issue) All players reported as having the same IP address (https://forums.alliedmods.net/showthread.php?t=345502)

(not a Sourcebans issue) All players reported as having the same IP address

Subject was: Everyone gets flagged as "[SourceSleuth] Duplicate account" after aimbot ban

After an aimbot user was banned everyone joining my server, including myself, is being banned/flagged "[SourceSleuth] Duplicate account" saying they have the same IP address. Is this a known issue? Any fix?

Software:
SourceBans++ 1.8.0 | Git: 1294
Little Anti-Cheat 1.7.4

Events:
Aimbot user banned by Little Anti-Cheat while I was on the server. This is the first cheat ban logged, previous bans have been manual steamID only bans.

Spoiler

Next person to join the server gets banned with SourceSleuth Duplicate account

Spoiler

Checked SourceBans++ log and both players have the same IP address. I presume they had an alt-account.

Restarted map to set the SourceBans++ language to English (server default) and I got kicked for [SourceSleuth] Duplicate account as well

Spoiler

Changed Sleuth Ban Type to notify only and now anyone joining the server,including myself getflaged as having an active ban

Spoiler

Tried restarting map and server. No better.

Re: Everyone gets flagged as "[SourceSleuth] Duplicate account" after aimbot ban

Have just discovered that the IP address listed above, 88.198.27.9, is one of the gameME stats servers.

Re: (not a Sourcebans issue) All players reported as having the IP address

Have installed a couple of other plugins that use GetClientIP and they all return the same IP address, which has been confirmed as one of the GameME servers. All very strange....but not a SourceBan issue.

PHP Code:


		
			
19:56:00 - <DNA.styx> <STEAM_0:1:xxxx> <88.198.27.9> CONNECTED from <Germany>

20:03:42 - <DNA.styx> <STEAM_0:1:xxxx> <88.198.27.9> DISCONNECTED after 27 minutes. <Disconnect by user.>

20:03:46 - <DNA.styx> <STEAM_0:1:xxxx> <88.198.27.9> CONNECTED from <Germany>

20:06:46 - <DNA.styx> <STEAM_0:1:xxxx> <88.198.27.9> DISCONNECTED after 4 minutes. <Disconnect by user.>

20:56:03 - <QUACKATTACK_3_1> <STEAM_0:1:xxxx> <88.198.27.9> DISCONNECTED after 10 minutes. <Disconnect by user.>

21:03:43 - <Oly> <STEAM_0:0:xxxx> <88.198.27.9> DISCONNECTED after 26 minutes. <Disconnect by user.>

21:04:21 - <KARIS CZ> <STEAM_0:1:xxxx> <88.198.27.9> DISCONNECTED after 27 minutes. <Disconnect by user.>

Re: (not a Sourcebans issue) All players reported as having the IP address

Plugin_print
Meta list
Sm exts list
Sm plugins list

Status

Re: (not a Sourcebans issue) All players reported as having the IP address

Plugin_print

PHP Code:


		
			
Loaded plugins:
---------------------
0:    "Metamod:Source 1.12.0-dev+1157"
---------------------

Meta list

PHP Code:


		
			
Listing 5 plugins:
  [01] RCBot2 (1.51 (apg-nosoop-caxanga334)-3a3a3a41) by Cheeseh, RoboCop, nosoop, caxanga334
  [02] SourceMod (1.11.0.6947) by AlliedModders LLC
  [03] SDK Tools (1.11.0.6947) by AlliedModders LLC
  [04] SDK Hooks (1.11.0.6947) by AlliedModders LLC
  [05] SteamWorks Extension (1.2.3) by Kyle Sanderson

Sm exts list

PHP Code:


		
			
[SM] Displaying 17 extensions:
[01] Automatic Updater (1.11.0.6947): Updates SourceMod gamedata files
[02] Webternet (1.11.0.6947): Extension for interacting with URLs
[03] RCBot2 (1.51 (apg-nosoop-caxanga334)-3a3a3a41): Bot for HL2DM, TF2 and DOD:S
[04] SDK Tools (1.11.0.6947): Source SDK Tools
[05] BinTools (1.11.0.6947): Low-level C/C++ Calling API
[06] Top Menus (1.11.0.6947): Creates sorted nested menus
[07] Client Preferences (1.11.0.6947): Saves client preference settings
[08] SQLite (1.11.0.6947): SQLite Driver
[09] System2 (3.3.2): HTTP/FTP Request and System API for Sourcemod
[10] Regex (1.11.0.6947): Provides regex natives for plugins
[11] REST in Pawn (1.3.1): Provides HTTP and JSON natives for plugins
[12] SDK Hooks (1.11.0.6947): Source SDK Hooks
[13] SMJansson (2.6.0/1): JSON parser/writer
[14] SteamWorks Extension (1.2.3): Exposes SteamWorks functions to Developers
[15] GeoIP (1.11.0.6947): Geographical IP information
[16] <OPTIONAL> file "socket.ext.dll": The specified module could not be found.
[17] MySQL-DBI (1.11.0.6947): MySQL driver implementation for DBI

Sm plugins list

PHP Code:


		
			
[SM] Listing 48 plugins:
  01 "[DoD TMS] Addon - AFK Manager" (1.22) by FeuerSturm, modif Micmacx
  02 "[DoD TMS] Addon - Anti-VoiceCmdSpam" (1.22) by FeuerSturm, modif Micmacx
  03 "[DoD TMS] Addon - AutoTeamBalance" (1.22) by FeuerSturm, modif Micmacx
  04 "[DoD TMS] Addon - ClanTag Protection" (1.22) by FeuerSturm, modif Micmacx
  05 "[DoD TMS] Addon - High Ping Kicker" (1.22) by FeuerSturm, modif Micmacx
  06 "[DoD TMS] Addon - Secret Spectate" (1.22) by FeuerSturm, modif Micmacx
  07 "[DoD TMS] Addon - Class Restrictions" (1.22) by FeuerSturm, modif Micmacx
  08 "Admin File Reader" (1.11.0.6947) by AlliedModders LLC
  09 "Admin Help" (1.11.0.6947) by AlliedModders LLC
  10 "Admin Menu" (1.11.0.6947) by AlliedModders LLC
  11 "Advertisements" (2.1.1) by Tsunami
  12 "Anti-Flood" (1.11.0.6947) by AlliedModders LLC
  13 "Basic Chat" (1.11.0.6947) by AlliedModders LLC
  14 "Basic Comm Control" (1.11.0.6947) by AlliedModders LLC
  15 "Basic Commands" (1.11.0.6947) by AlliedModders LLC
  16 "Basic Info Triggers" (1.11.0.6947) by AlliedModders LLC
  17 "Basic Votes" (1.11.0.6947) by AlliedModders LLC
  18 "Client Preferences" (1.11.0.6947) by AlliedModders LLC
  19 "Cronjobs" (2.0) by dordnung
  20 "Discord Relay" (0.7.8) by log-ical
  21 "Discord API" (0.1.107) by Deathknife
  22 "Discord Logger!" (v2) by MbK
  23 "DOD:S Ammo Settings" (1.0) by Silent_Water
  24 "DoD BasicGore" (1.1) by FeuerSturm
  25 "DoD:S DetoNades" (1.0) by Root
  26 "DOD:S Fireworks" (1.3) by Silent_Water, playboycyberclub
  27 "Dod Grenade Trails" (1.1) by Andi67, Modif Micmacx
  28 "DoD Medic" (1.1.1) by Tsunami,DNA.styx
  29 "[DoD TMS] Base  - DoD TeamManager Source" (1.22) by FeuerSturm, modif Micmacx
  30 "Dog's Prop Bonus Round" (1.13.1) by <eVa>Dog (edited by: retsam, DNA.styx)
  31 "Dynamic MotD Replacer" (3.0.0) by psychonic
  32 "First bot" (1.0) by Micmacx
  33 "Fun Commands" (1.11.0.6947) by AlliedModders LLC
  34 "Fun Votes" (1.11.0.6947) by AlliedModders LLC
  35 "gameME Plugin" (4.8.1) by TTS Oetzel & Goerz GmbH
  36 "DoD:S Instant Respawn" (1.5) by Andersso
  37 "[Lilac] Little Anti-Cheat" (1.7.4) by J_Tanzanite
  38 "Log Connections" (1.4) by Xander, IT-KiLLER, Dosergen
  39 "Player Commands" (1.11.0.6947) by AlliedModders LLC
  40 "Reserved Slots" (1.11.0.6947) by AlliedModders LLC
  41 "SourceBans++: Admin Config Loader" (1.8.0) by AlliedModders LLC, SourceBans++ Dev Team
  42 "SourceBans++: Bans Checker" (1.8.0) by psychonic, Ca$h Munny, SourceBans++ Dev Team
  43 "SourceBans++: SourceComms" (1.8.0) by Alex, SourceBans++ Dev Team
  44 "SourceBans++: Main Plugin" (1.8.0) by SourceBans Development Team, SourceBans++ Dev Team
  45 "SourceBans++ Report Plugin" (1.8.0) by RumbleFrog, SourceBans++ Dev Team
  46 "SourceBans++: SourceSleuth" (1.8.0) by ecca, SourceBans++ Dev Team
  47 "SpeedUp" (1.0.1) by Mosalar, Bacardi
  48 "Tidy Chat" (0.5) by linux_lover

Status

PHP Code:


		
			
hostname: DNAGames | 24/7 Ava | +Grens | QuickSpawn | SneakyBots
version : 6630498/24 6630498 secure
udp/ip  : 185.216.145.132:27015  (public ip: 185.216.145.132)
steamid : [A:1:209xxxxxxx:25199] (9018022xxxxxxxxxx)
map     : dod_avalanche at: 0 x, 0 y, 0 z
tags    : Bots,alltalk,quickspawn,gameME
players : 1 humans, 9 bots (12 max)
edicts  : -66149 used of 2048 max
# userid name                uniqueid            connected ping loss state  adr
#    508 "[RCB]WooHoo"       BOT                                     active
#    482 "[RCB]Goose"        BOT                                     active
#    509 "[RCB]Leeroy"       BOT                                     active
#    507 "[RCB]Mouse"        BOT                                     active
#    497 "[RCB]Ratatat"      BOT                                     active
#    493 "[RCB]Goddard"      BOT                                     active
#    505 "[RCB]Rambo"        BOT                                     active
#    511 "[RCB]Peake"        BOT                                     active
#    506 "[RCB]SirRobin"     BOT                                     active
#    510 "DNA.styx"          [U:1:40203]         03:55       40    0 active 82.69.xx.xxx:27005

Connection log

PHP Code:


		
			
09:09:36 - <DNA.styx> <STEAM_0:1:20101> <88.198.27.9> CONNECTED from <Germany>

edit: I was AFK the whole day yesterday and the connection logger recorded the below. 82.69.xxx.xxx = my IP. It flipped between the GameME and my IP address. Note there is an automated server restart at ~0600.

PHP Code:


		
			
02:46:23 - <fmauro64> <STEAM_0:0:103703320> <82.69.xxx.xxx> DISCONNECTED after 13 minutes. <Disconnect by user.>
13:25:22 - <DonneTaCarabine> <STEAM_0:0:9512374> <88.198.27.9> DISCONNECTED after 9 minutes. <Disconnect by user.>
16:58:15 - <DARK> <STEAM_0:0:77628340> <88.198.27.9> DISCONNECTED after 7 minutes. <Disconnect by user.>
17:31:14 - <bodyelectrich> <STEAM_0:1:45452862> <88.198.27.9> DISCONNECTED after 8 minutes. <Disconnect by user.>
19:52:32 - <ManOs> <STEAM_0:0:5904043> <82.69.xxx.xxx> DISCONNECTED after 7 minutes. <Disconnect by user.>
20:15:35 - <boba {VoD}> <STEAM_0:1:9310115> <82.69.xxx.xxx> DISCONNECTED after 9 minutes. <Disconnect by user.>
20:21:32 - <ManOs> <STEAM_0:0:5904043> <82.69.xxx.xxx> DISCONNECTED after 29 minutes. <Disconnect by user.>
20:21:38 - <Kannixx> <STEAM_0:0:165973253> <82.69.xxx.xxx> DISCONNECTED after 35 minutes. <Disconnect by user.>
20:21:38 - <der.lexan> <STEAM_0:0:15852015> <82.69.xxx.xxx> DISCONNECTED after 28 minutes. <Disconnect by user.>
20:23:18 - <G â&#732;…man> <STEAM_0:0:540124302> <82.69.xxx.xxx> DISCONNECTED after 8 minutes. <Disconnect by user.>
20:23:31 - <TORPE> <STEAM_0:0:7741798> <82.69.xxx.xxx> DISCONNECTED after 12 minutes. <Disconnect by user.>
20:28:13 - <bjwilliams010> <STEAM_0:1:797692874> <82.69.xxx.xxx> DISCONNECTED after 1 minutes. <Disconnect by user.>
20:49:12 - <BlackSkyline> <STEAM_0:0:514068672> <82.69.xxx.xxx> DISCONNECTED after 54 minutes. <Disconnect by user.>
22:48:54 - <gael the metropolice> <STEAM_0:1:484483357> <82.69.xxx.xxx> DISCONNECTED after 3 minutes. <Disconnect by user.>
09:09:36 - <DNA.styx> <STEAM_0:1:20101> <88.198.27.9> CONNECTED from <Germany>
09:26:46 - <DNA.styx> <STEAM_0:1:20101> <88.198.27.9> DISCONNECTED after 18 minutes. <Disconnect by user.>
09:26:50 - <DNA.styx> <STEAM_0:1:20101> <88.198.27.9> CONNECTED from <Germany>

Re: (not a Sourcebans issue) All players reported as having the same IP address

It's beginning to feel like it's something to do with remote rcon/logaddress.

I've got an app on my phone that allows me to perform console actions on the server: status/plugin_print/meta list etc.

It appears that anytime I use that that app from home all players get my home IP (82.69.xxx.xxx).

M server's autoexec.cfg has a logaddress_delall & logaddress_add (as per gameme instructions), so that could be why I've noticed that restarting the server results in 88.198.27.9 appearing as everyone's IP address again.

PHP Code:


		
			
L 02/03/2024 - 20:39:50: -------- Mapchange to dod_avalanche --------
L 02/03/2024 - 20:39:50: DNA.styx<90><[U:1:40203]><><88.198.27.9> connected.
L 02/03/2024 - 20:41:40: DNA.styx<90><[U:1:40203]><><88.198.27.9> disconnected.
L 02/03/2024 - 20:49:22: DNA.styx<123><[U:1:40203]><><88.198.27.9> connected.
L 02/03/2024 - 21:01:33: DNA.styx<123><[U:1:40203]><><88.198.27.9> disconnected.
L 02/03/2024 - 21:03:25: adrian shephard<137><[U:1:1516896097]><><82.69.xxx.xxx> connected.
L 02/03/2024 - 21:03:42: adrian shephard<137><[U:1:1516896097]><><82.69.xxx.xxx> disconnected.
L 02/03/2024 - 21:03:43: DNA.styx<139><[U:1:40203]><><82.69.xxx.xxx> connected.
L 02/03/2024 - 21:09:24: DNA.styx<139><[U:1:40203]><><82.69.xxx.xxx> disconnected.
L 02/03/2024 - 21:10:51: DNA.styx<160><[U:1:40203]><><82.69.xxx.xxx> connected.
L 02/03/2024 - 21:12:44: DNA.styx<160><[U:1:40203]><><82.69.xxx.xxx> disconnected.
L 02/03/2024 - 21:12:48: DNA.styx<163><[U:1:40203]><><82.69.xxx.xxx> connected.
L 02/03/2024 - 21:13:46: DNA.styx<163><[U:1:40203]><><82.69.xxx.xxx> disconnected.
L 02/03/2024 - 21:14:21: DNA.styx<181><[U:1:40203]><><82.69.xxx.xxx> connected.
L 02/03/2024 - 21:18:06: 24007kb/s<183><[U:1:37019763]><><82.69.xxx.xxx> connected.
L 02/03/2024 - 21:18:06: 24007kb/s<183><[U:1:37019763]><><82.69.xxx.xxx> disconnected.
L 02/03/2024 - 21:18:07: 24007kb/s<184><[U:1:37019763]><><82.69.xxx.xxx> disconnected.
L 02/03/2024 - 21:18:08: 24007kb/s<185><[U:1:37019763]><><82.69.xxx.xxx> disconnected.
L 02/03/2024 - 21:18:08: 24007kb/s<186><STEAM_ID_PENDING><><82.69.xxx.xxx> disconnected.
L 02/03/2024 - 21:18:09: 24007kb/s<187><STEAM_ID_PENDING><><82.69.xxx.xxx> disconnected.
L 02/03/2024 - 21:18:09: 24007kb/s<188><[U:1:37019763]><><82.69.xxx.xxx> connected.
L 02/03/2024 - 21:26:12: 24007kb/s<188><[U:1:37019763]><><82.69.xxx.xxx> disconnected.
L 02/03/2024 - 21:33:50: lchristopherl<193><[U:1:175137150]><><82.69.xxx.xxx> connected.
L 02/03/2024 - 21:47:21: lchristopherl<193><[U:1:175137150]><><82.69.xxx.xxx> disconnected.
L 02/03/2024 - 21:52:13: seano<201><[U:1:1036576658]><><82.69.xxx.xxx> connected.
L 02/03/2024 - 21:52:31: seano<201><[U:1:1036576658]><><82.69.xxx.xxx> disconnected.

I'm using this plugin to generate the above log.

Re: (not a Sourcebans issue) All players reported as having the same IP address

...interested.
I'm wondering does this happen only SourceMod GetClientIP.

You could look status command more often, do players have same IP.

One thing what could cause this is, plugin is trying to get client IP too soon when connecting to server.
It maybe fail to get IP, there is no check for that.

...I could write different plugin, when I have time.

Re: (not a Sourcebans issue) All players reported as having the same IP address

Yes, very strange one. Thanks for checking.

Here's some console logs. There is a point were they all switch from returning their real IP address to one of the others (my IP or GameME).

Will grab some status command outputs as well.

Spoiler

L 02/04/2024 - 19:17:30: "Mr. (FA.R.T) Drunkenstein<718><[U:1:48396568]><>" connected, address "185.74.xxx.xxx:38952"
Client "Mr. (FA.R.T) Drunkenstein" connected (185.74.xxx.xxx:38952).
Server waking up from hibernation
L 02/04/2024 - 19:17:30: [RCBOT2] Hook_ClientConnect(11, "Mr. (FA.R.T) Drunkenstein", "185.74.xxx.xxx:38952")
L 02/04/2024 - 19:17:30: "Mr. (FA.R.T) Drunkenstein<718><[U:1:48396568]><>" STEAM USERID validated
L 02/04/2024 - 19:17:31: Mr. (FA.R.T) Drunkenstein<718><[U:1:48396568]><><82.69.xxx.xxx> connected.
L 02/04/2024 - 19:17:31: "[RCB]Rambo<716><BOT><Allies>" attacked "[RCB]WooHoo<717><BOT><Axis>" with "bar" (damage "37") (health "32") (hitgroup "right arm")
L 02/04/2024 - 19:17:32: "[RCB]Rambo<716><BOT><Allies>" attacked "[RCB]WooHoo<717><BOT><Axis>" with "bar" (damage "50") (health "0") (hitgroup "chest")
L 02/04/2024 - 19:17:32: "[RCB]Rambo<716><BOT><>" located on "kill" (position "-38 -961 -14") against "[RCB]WooHoo<717><BOT><>" (victim_position "149 331 -30")
L 02/04/2024 - 19:17:32: "[RCB]Rambo<716><BOT><Allies>" killed "[RCB]WooHoo<717><BOT><Axis>" with "bar"
L 02/04/2024 - 19:17:32: "[RCB]WooHoo<717><BOT><>" triggered "weaponstats" (weapon "mp44") (shots "20") (hits "2") (kills "1") (headshots "0") (tks "0") (damage "29") (deaths "0")
L 02/04/2024 - 19:17:32: "[RCB]WooHoo<717><BOT><>" triggered "weaponstats2" (weapon "mp44") (head "0") (chest "0") (stomach "0") (leftarm "0") (rightarm "0") (leftleg "0") (rightleg "2")
L 02/04/2024 - 19:17:43: "[RCB]Rambo<716><BOT><Allies>" attacked "[RCB]Goddard<698><BOT><Axis>" with "bar" (damage "50") (health "50") (hitgroup "chest")
L 02/04/2024 - 19:17:44: "[RCB]Rambo<716><BOT><Allies>" attacked "[RCB]Goddard<698><BOT><Axis>" with "bar" (damage "50") (health "0") (hitgroup "chest")
L 02/04/2024 - 19:17:44: "[RCB]Rambo<716><BOT><>" located on "kill" (position "-181 -787 -232") against "[RCB]Goddard<698><BOT><>" (victim_position "-232 623 -70")
L 02/04/2024 - 19:17:44: "[RCB]Rambo<716><BOT><Allies>" killed "[RCB]Goddard<698><BOT><Axis>" with "bar"
L 02/04/2024 - 19:17:51: [RCBOT2] Hook_ClientActive(11, 0)
L 02/04/2024 - 19:17:51: "Mr. (FA.R.T) Drunkenstein<718><[U:1:48396568]><>" entered the game

Spoiler

Edit: When I disable gameme's logaddress_add from the server autoexec.cfg all players IP addresses are reported correctly. Seems that what ever I set logaddress_add to gets returns as the players GetClientIP (example below where I set logaddress_add to 8.8.8.8. :)

Spoiler