[psychonic]

Settle down.

[asherkin]

Unsurprisingly, when you're using a service developed and provided by another party for free - they can do pretty much whatever they want and impose pretty much whatever restrictions they want on you using it.

[Raritylicious]

Quote:

Originally Posted by asherkin Unsurprisingly, when you're using a service developed and provided by another party for free - they can do pretty much whatever they want and impose pretty much whatever restrictions they want on you using it.

I understand that but what I was MOST hoping for isn't whether he gives you the right to edit or not.
I was hoping that all those RCON and stuff would be changed.
Then maybe, I'll use it again.
Yes,maybe they can put restriction on what they released for free but at least they should not include something like that which allows Tommy to do whatever he want on someone else's server.
I'm not saying he will actually do that or he already did.
I'm just saying that the fact that it self about RCON and stuffs sitting there doesn't seems to be right and also could be dangerous.
I now awared he released "new" sourcecode and replaced with new plugin but so far RCON is sitting there because of this "House Keeper" theory he mentioned.(unless they quickly changed it)

If I got my information correctly, you warned him about RCON before and he said he would change that.
If not, I'm TRULY sorry about that.
But if it's correct, why didn't he change RCON yet?
Why did he lied?

I'm pretty sure it would be simple for them to flip the switch and add something like
"Agreement No.Something, We no longer provide backdoor access to Allied Ban admins and will no longer take action or responsible for what might cause to your server and your players. Following, If database was down and hackers/scammers/etc joined the server or perhaps attacked your server, Allied Ban will not take reponsible for any kind of result" to their Terms of Use agreement.
Is really the efficency and emergency backdoor just in case what they're looking for?
or... is it power?

[friagram]

Just don't use it, you know what it does anyways.
Based on the long history of this plugin, you know how it will be.

It is unfortunate however, that the author decides to keep the ban list private. Back when the plugin used sql and I decompiled it, It was easy to get a list of all banned users. Now that it is socket, that is not so easy.

But really, there is no cheat detection in there like the smac community bans module. It's just an .. olegarchy? So even if the list was public, and you used it... You would have to deal with a lot of individuals who were banned that you would not have banned.

[rthompson]

I see the OP is soooooooooooooooooo full of hatred against me so that he can't see things clearly.

Quote:

Bringing steamrep into this(which has nothing to do with this issue) He has his own steamrep-like page! lol(which i got permission from Diego) Remove his steamrep admin access!!(which i'm not) Please blacklist his domain!!

His rage is blocking him from making clear judgments.

He even got the reason of blacklist wrong.
It's not about RCON, it's about outdated sourcecode.
At least get accurate data.

If he really wants to take me down, at least he should have checked our forum by himself
INSTEAD of hearing what "HIS FRIENDS" say.


Since he is so lazy to check what i said about this issue on our forum by himself
here it is.

Quote:

오후 9:58 - asherkin: your best bet is probably to release an updated version along with the source code this time 오후 9:58 - asherkin: embedding a full rcon access backdoor without making it clean when downloading the plugin (I'm also sure we already discussed this) is pretty fucking questionable no matter how you look at it 오후 10:01 - 「✚」 TommY: So 오후 10:01 - 「✚」 TommY: the current sourcecode is online 오후 10:01 - asherkin: the blacklisted binary is specific to that build 오후 10:02 - 「✚」 TommY: and i'll keep updating it from now on 오후 10:02 - 「✚」 TommY: and if i clarify in the readme file that 오후 10:02 - 「✚」 TommY: "the plugin contains backdoor and if you know what you are doing, install at your own risk" 오후 10:02 - 「✚」 TommY: it will be fine? 오후 10:02 - 「✚」 TommY: that comment is already in the terms of use but add in the readme file too? 오후 10:03 - 「✚」 TommY: and also when visiting download plugin page popup warning for it? 오후 10:03 - 「✚」 TommY: is it gonna be okay? 오후 10:05 - asherkin: as long as the source code is available I'm happy 오후 10:05 - asherkin: the backdoor isn't a license issue - just bad 오후 10:05 - 「✚」 TommY: so if properly warned 오후 10:05 - 「✚」 TommY: backdoor is not a issue? 오후 10:06 - 「✚」 TommY: and what about "DO NOT MODIFY PLUGIN", that's not a problem too, is it? 오후 10:07 - asherkin: you can't legally stop them modifying the plugin 오후 10:07 - asherkin: what you do on your service if people do modify the plugin is up to you

Long story short

오후 10:05 - asherkin: as long as the source code is available I'm happy
오후 10:07 - asherkin: what you do on your service if people do modify the plugin is up to you

[Raritylicious]

Quote:

Originally Posted by rthompson I see the OP is soooooooooooooooooo full of hatred against me so that he can't see things clearly. His rage is blocking him from making clear judgments. He even got the reason of blacklist wrong. It's not about RCON, it's about outdated sourcecode. At least get accurate data. If he really wants to take me down, at least he should have checked our forum by himself INSTEAD of hearing what "HIS FRIENDS" say. Since he is so lazy to check what i said about this issue on our forum by himself here it is. Long story short 오후 10:05 - asherkin: as long as the source code is available I'm happy 오후 10:07 - asherkin: what you do on your service if people do modify the plugin is up to you

>full of hatred
I never said I hated you.
Just because someone disagrees with you does not mean he hates you.

>He even got the reason of blacklist wrong
because Asherkin did not specify the reason clearly on here

>If he really wants to take me down, at least he should have checked our forum by himself
INSTEAD of hearing what "HIS FRIENDS" say.
I never said I wanted to take you down.
I clearly said what I hoped most is the RCON and other stuffs to be changed
Do not relate your own forum here, it has nothing to do with THIS forum.
I apologized and clearly said I would get informations correctly next time.
And also, I don't see the reason why I should trust what your forum says.


Yet again, Nice logic.

[friagram]

Good that that is all handled. i'd still suggest against having a backdoor. Not only is it a security hole.. As I mentioned earlier, it would not be hard to gain access if you were determined... It does not seem necessary. The function states it is in place to ban users who were not banned automatically. Ok, how about writing better code that validates bans, or a simple enumeration that does the ban, kicks the player, etc. Delegation of control is fine, we do it all the time. However, control and access is restricted to the functions required to perform the task by the guest administrators.

There are lots of ways to ban/remove a player via console, each requiring different access levels:
- near root access to the machine, where you can restart it, add firewall rules, etc.
- rcon to the gameserver where you can restart it, ban players, kick players, etc.
- access to a sm native like banclient, where you can only ban a player.
- access to a function in your plugin that works with your database which then verifies what is already there to call a sm native like ban client (this is what you should be using)

[Otter]

The idea of a public and global banlist is great in theory. But there are so many security holes in it that it is just not worth the trouble. Just use Sourcebans and SteamRep. That's all you need. Sourcebans allows you to share your banlist with the public via exporting banned_user.cfg and banned_ip.cfg, and SteamRep is trusted and doesn't have security holes.

Only thing I can think of that would work well as a global banlist system is if Sourcebans allowed people to "subscribe" to other Sourcebans lists. Like a script or progran that downloads their banned_user and banned_ip cfg files and imports them automatically or something. No RCON access required, and have a capability to ignore certain Steam IDs and IPs that you don't want to ban.

Ignore me. That was just a wild idea.

[Sreaper]

Quote:

Originally Posted by Otter The idea of a public and global banlist is great in theory. But there are so many security holes in it that it is just not worth the trouble. Just use Sourcebans and SteamRep. That's all you need...SteamRep is trusted and doesn't have security holes.

Why do you think that site is trusted?

Quote:

Originally Posted by Steamrep FAQ "Why am I marked as BANNED for my reputation? SteamRep and/or other communities decided to ban you for scamming or fraud."

I know from personal experience that there's at least one very untrustworthy individual on there that's marked as an admin. If I'm understanding the above quote correctly, that person can simply ban whoever disagrees with them. Unless you are very close friends with the people issuing the bans, you shouldn't trust in their judgement.

[Otter]

I do believe the SteamRep plugin can be configured to ignore bans from different trading communities. If one of the Steamrep admins is an asshole, you can have it ignore the Steamrep banlist and just use those from other trading communities.