[Psyk0tik]

Hey, I'm wondering if it is possible to catch these recent pesky hackers on TF2 who seem to bypass steam authorization by spoofing their steam IDs. When I check the console for their steam ID, they have this as their steam ID: STEAM_ID_STOP_IGNORING_RETVALS

I tried using this method but I feel that it is either unreliable or inefficient.

PHP Code:

public void OnPluginStart()
{
    RegAdminCmd("sm_bancheck", cmdBanCheck, ADMFLAG_KICK, "Automatically checks the server for any hackers with a spoofed Steam ID and bans them.");
}

public void OnClientPostAdminCheck(int client)
{
    iBanCheck(client);
}

public Action cmdBanCheck(int client, int args)
{
    if (args > 0)
    {
        ReplyToCommand(client, "Usage: sm_bancheck");
    }

    for (int iPlayer = 1; iPlayer <= MaxClients; iPlayer++)
    {
        iBanCheck(iPlayer);
    }
}

int iBanCheck(int client)
{
    char steamid[64];
    GetClientAuthId(client, AuthId_Steam2, steamid, sizeof(steamid));
    if (StrContains(steamid, "STEAM_ID_STOP_IGNORING_RETVALS", false) || StrContains(steamid, "STEAM_ID", false) || StrContains(steamid, "STEAM_ID_STOP_IGNORING", false) || StrContains(steamid, "STOP_IGNORING", false))
    {
        ServerCommand("sm_ban %s 0 \"Banned for hacking.\"", steamid);
    }
} 


Any help is appreciated. Thanks!

[Mitchell]

IP ban them? also you have to consider the fact that some players can connect without cheats and get a steamid error.

[Psyk0tik]

Quote:

Originally Posted by Mitchell IP ban them? also you have to consider the fact that some players can connect without cheats and get a steamid error.

Yeah I was worried about that part. Unfortunately, these hackers also seem to bypass the IP bans. SB can't even seem to detect the IP nor Steam ID of the hacker on any of the servers owned by the community I am a part of.

[Psyk0tik]

Also, wouldn't OnClientPostAdminCheck() be called when the player has already been authorized? That means the plugin would only ban players who still don't have a valid steam ID after being authorized, right?

[DarkDeviL]

Quote:

Originally Posted by Crasher_3637 Hey, I'm wondering if it is possible to catch these recent pesky hackers on TF2 who seem to bypass steam authorization by spoofing their steam IDs. When I check the console for their steam ID, they have this as their steam ID: STEAM_ID_STOP_IGNORING_RETVALS

Quote:

Originally Posted by Crasher_3637 PHP Code: int iBanCheck(int client) {     char steamid[64];     GetClientAuthId(client, AuthId_Steam2, steamid, sizeof(steamid));     if (StrContains(steamid, "STEAM_ID_STOP_IGNORING_RETVALS", false) || StrContains(steamid, "STEAM_ID", false) || StrContains(steamid, "STEAM_ID_STOP_IGNORING", false) || StrContains(steamid, "STOP_IGNORING", false))     {         ServerCommand("sm_ban %s 0 \"Banned for hacking.\"", steamid);     } }

See THIS POST, as well as THIS POST.

Quote:

Originally Posted by Crasher_3637 Also, wouldn't OnClientPostAdminCheck() be called when the player has already been authorized? That means the plugin would only ban players who still don't have a valid steam ID after being authorized, right?

OnClientPostAdminCheck is called when the user has passed his/her check for admin privileges, if there are no valid Steam ID, it cannot be checked, and it won't ever be called.


If you expect any further assistance, please share your full plugin and extensions list:

Code:

meta list
sm exts list
sm plugins list

As you can read in the linked posts, you most likely have some poorly coded plugins that "fool" you somehow...

[Psyk0tik]

Those posts taught me more about GetClientAuthId, and I found a plugin on that thread that does exactly what I was looking for.

https://forums.alliedmods.net/showpo...2&postcount=25

Thanks!

[Fyren]

Any code that attempts to compare the string from GetClientAuthId to STEAM_ID_STOP_IGNORING_RETVALS is fundamentally misunderstanding what the function does on some level. At the very least, there's no reason to check the string for that value because you could have checked the return value instead.

[Mainstaff]

Best what works against such spoofer is using the function IsClientAuthorized when they enter the server (OnClientPutInServer).
If they are not authorised you just restrict them, e.g.:
SetClientListeningFlags => VOICE_MUTED
Event player_changename => Prevent notication
Commands jointeam, say, say_team etc.. => Stop them
Timer to kick them after 30 seconds
etc...

However, also the authorisation for legit users might be delayed for various reasons. Therefore, I recommend you using OnClientAuthorized to check if a player already entered the server and remove the restrictions applied above.

You also might want to consider the rare case that Steam servers are down and that no player receives the authorsation. Therefore, you probably want to build in something that the restrictions are only applied if e.g. at least 60% of the players on the server already received an authorisation.

[Visual77]

Then the question remains. How do you retrieve a steamID on a player that is both connected and in game, but reports STEAM_ID_STOP_IGNORING_RETVALS because the steam connection was somehow temporarily lost?

Solution: steamauthstringvalidation no.

[DarkDeviL]

Quote:

Originally Posted by Visual77 Then the question remains. How do you retrieve a steamID on a player that is both connected and in game, but reports STEAM_ID_STOP_IGNORING_RETVALS because the steam connection was somehow temporarily lost? Solution: steamauthstringvalidation no.

As I have said multiple times across this forum, and as Fyren said above...

If you're seeing that phrase, you got one or more plugins that ARE NOT DOING THEIR JOB PROPERLY.

The game itself does NOT report that Steam ID ever...

If you don't want to have "SteamAuthstringValidation" set to yes, then no one can help you at all.