AlliedModders

AlliedModders (https://forums.alliedmods.net/index.php)
-   General (https://forums.alliedmods.net/forumdisplay.php?f=58)
-   -   [CSS] is there any security risks with having sv_cheats on? (https://forums.alliedmods.net/showthread.php?t=261494)

D.Moder 04-14-2015 02:33

[CSS] is there any security risks with having sv_cheats on?
 
I've come across few posts saying that,
and the mod I recently uploaded requires sv_cheats to be on.
And I don't know if I should remove some features of the plugin or what!
is it very uncommon everywhere? like no body has it on?

Robin955 04-14-2015 02:45

Re: [CSS] is there any security risks with having sv_cheats on?
 
yes its bad, people can control other people and change their option settings on the keyboard by writing commands into the clients autoexec

like barely touching you're mouse and you spin like 10 360's in 1 second for example. setting yaw speeds etc.
ent_fire is powerfull. just write ent_fire player ignite
and all players in the server would burn.
and you can also put wall hacks on during this.

you can add sourcemod anti cheat doe, SMAC* it will block most most cheats but it wont block for example the wallhack.

so yeah its worst idea you could think off unless you want idiots who would join ur server only to mess it up.

necavi 04-14-2015 03:41

Re: [CSS] is there any security risks with having sv_cheats on?
 
What plugin is requiring SV_Cheats to be set?

Robin955 04-14-2015 04:38

Re: [CSS] is there any security risks with having sv_cheats on?
 
Quote:

Originally Posted by necavi (Post 2286003)
What plugin is requiring SV_Cheats to be set?

look at hes signature. and i do know of some but they turn them on then off exacly in the moment its required.

Mitchell 04-14-2015 09:25

Re: [CSS] is there any security risks with having sv_cheats on?
 
Quote:

Originally Posted by Robin955 (Post 2285982)
yes its bad, people can control other people and change their option settings on the keyboard by writing commands into the clients autoexec

like barely touching you're mouse and you spin like 10 360's in 1 second for example. setting yaw speeds etc.
ent_fire is powerfull. just write ent_fire player ignite
and all players in the server would burn.
and you can also put wall hacks on during this.

you can add sourcemod anti cheat doe, SMAC* it will block most most cheats but it wont block for example the wallhack.

so yeah its worst idea you could think off unless you want idiots who would join ur server only to mess it up.

Most of which was patched so the server cant even do that to players.

necavi 04-14-2015 11:12

Re: [CSS] is there any security risks with having sv_cheats on?
 
You can strip the cheat flag from commands temporarily in order to run them with sv_cheats 0 if need be.

Powerlord 04-14-2015 11:35

Re: [CSS] is there any security risks with having sv_cheats on?
 
Quote:

Originally Posted by necavi (Post 2286141)
You can strip the cheat flag from commands temporarily in order to run them with sv_cheats 0 if need be.

Yes, and this is a pretty common thing to do.

I know Freak Fortress 2 does it with a few cvars.

Just make sure to change it back as soon as you've changed the cvar. This is regardless of when you're going to change the cvar value again. Otherwise, you may end up with a race condition between multiple plugins.

necavi 04-14-2015 14:15

Re: [CSS] is there any security risks with having sv_cheats on?
 
PHP Code:

int flags GetCommandFlags("give");
SetCommandFlags("give"flags & ~FCVAR_CHEATS);
ClientCommand(client"give weapon_knife");
SetCommandFlags("give"flags); 

Basically how to do it.

Robin955 04-15-2015 00:48

Re: [CSS] is there any security risks with having sv_cheats on?
 
Quote:

Originally Posted by Mitchell (Post 2286098)
Most of which was patched so the server cant even do that to players.

yeah but there is still things untouched

this is really old school for me but i know alot that still works. not that i really use this but tested it on my server without SMAC.

D.Moder 04-17-2015 03:20

Re: [CSS] is there any security risks with having sv_cheats on?
 
Updated my plugin, and removed need for sv_cheats


All times are GMT -4. The time now is 06:04.

Powered by vBulletin®
Copyright ©2000 - 2024, vBulletin Solutions, Inc.