Sourcemod exploit ?

Fightspit · **Author**

Hello, I just discovered in a forum named Facepunch that a guy is VAC banned by a Valve employee by using "speedhack" with just only sourcemod.
More info here:
http://www.facepunch.com/showthread.php?t=935780

Quote:

Originally Posted by Jag

I was using the speedhacking exploit with sourcemod on a random TF2 server. This guy http://steamcommunity.com/id/professorfarnsworth/ was there, and someone said "Al, don't you work for valve? can't you ban this guy?" and he said "yeah, hold on" and I figured they were just trying to scare me into leaving, and he went in spectate. Then about 5 mins later he came back and said "There, I got him banned, just wait a few mins" and I said "Vac bans take weeks." and someone else said "I thought they take months?" and then I suddenly was kicked from the server with the VAC popup thing saying that this is a secure server and i've been previously banned for acheating infraction.

Quote:

Originally Posted by Jag

I was using no external programs to modify my gameplay. I started a listen server using sourcemod and metamod, and used sm_cvar sv_cheats 1 to make my game think that cheats was on, then sm_cvar host_timescale # to change my speed.

AKA, Console commands ONLY (with a plugin)

bl4nk · 05-09-2010 , 20:10 Re: Sourcemod exploit ?

Either KAC or rcon_locker (or both?) prevents this.

Fightspit · 05-09-2010 , 20:12 Re: Sourcemod exploit ?

Thanks for a quick reply

Yeah, i already heard about these two plugins but is there a way to definitively fix it ?

Afronanny · 05-09-2010 , 20:41 Re: Sourcemod exploit ?

Quote:

Originally Posted by Fightspit

Thanks for a quick reply

Yeah, i already heard about these two plugins but is there a way to definitively fix it ?

No.

Also bl4nk, if someone knows what they are doing, it can still be done rather easily, even with KAC and rcon locker.

BAILOPAN · 05-09-2010 , 22:33 Re: Sourcemod exploit ?

This isn't a "SourceMod exploit" - it's someone abusing an architectural flaw in Valve's plugin system.

Unfortunately there's no definitive way to prevent it. Valve doesn't seem interested in fixing it.

recon0 · 05-09-2010 , 22:44 Re: Sourcemod exploit ?

It'd be so hard for Valve prevent plugins from loading on the client...

bl4nk · 05-09-2010 , 23:04 Re: Sourcemod exploit ?

Quote:

Originally Posted by Afronanny

Also bl4nk, if someone knows what they are doing, it can still be done rather easily, even with KAC and rcon locker.

This is true, but most people that use this exploit don't know how to get around that.

BAILOPAN · 05-09-2010 , 23:24 Re: Sourcemod exploit ?

recon0: It's easy. If there's an issue, it has to be non-technical.

voogru · 05-10-2010 , 01:05 Re: Sourcemod exploit ?

I think adding a IsDedicatedServer check would help.

pandamonium · 05-10-2010 , 02:41 Re: Sourcemod exploit ?

actually there is a way, sine l4d2 runs off the kinda the same engine css does. lol its time for you guy come together with the eventscript team. i recently had to added this to our css pub. so i did researched on google and came across a hacking forums talking about hack and crashing other ppls server and what the server owners have on the server for it to actually work. and right the link below is the only one that stops them for doing it with rcon locker installed also. they have a esdead beta when l4d2 got released but there hasn't been any update to it so i'm going to give it a try and see if it will work.

http://addons.eventscripts.com/addons/view/servsecurity

yea no go eventscripts wouldn't load on the server.

dam!!!!!!!!!