pure server whitelist - Against wallhackers

einwad · **Author**

Hey, I have tried setting up sv_pure 1 before, but I think the pure_server_whitelist.txt that I had was too complex, it made the server lag like heeeeeeeeeeeeeell, and I didnt even have any "check_crc" in it...

When it got near 30 players (it's deathmatch so players connect/reconnect all the time), it's almost impossible to play... And without sv_pure, it goes all the way to 40 and it runs nice.

I'd like a pure_server_whitelist.txt with only anti-wallhack stuff and make sure nobody deletes footsteps sounds.... Something light that will check players for these on login and that's it.

I appreciate any help at all, I don't like having sv_pure 0 :/

Bacardi · 04-14-2011 , 14:03 Re: pure server whitelist - Against wallhackers

I apologize my bad english.

By default, server have sv_pure set to 0
If server administrator not change this, server will allow players use own customized/modified files from their own "disk".
They can change game outlook totally, even maps textures. (Invisible walls)

When change sv_pure setting on server, it requires map change to take effect.

Code:

--------------------------------------------------------
sv_pure set to 1.
Note: Changes to sv_pure take effect when the next map is loaded.
--------------------------------------------------------

Best timig change this cvar is add it in server ...cfg/autoexec.cfg (or launch parameters +sv_pure 1)
Why not from ...cfg/server.cfg ?
- When launch server, first map is already loaded before server.cfg have executed.
To clarify, your first map is in sv_pure 0 mode, after map change it goes 1 or 2.
This could crash players game to HL2.exe error. Not big deal.

---------------------------------------------------------------------

(Out of topic) Anyway (what I recommend) you should add all server (not plugins)
console variables (cvar, convar) what you want change from default once to given value in autoexec.cfg.
Few examples:

Code:

hostname "My SRCDS name" // Host name
mp_flashlight "1" // Enable flashligths
sv_alltalk "1" // Server all talk
exec banned_user // Execute permanent steamid bans ...cfg/banned_user.cfg
exec banned_ip // Execute permanent IP bans ...cfg/banned_ip.cfg
sv_pure "1"

- When server launched
1. it execute configuration file autoexec.cfg first

2. then load first map

3. after map is loaded it execute second configuration file server.cfg

4. even after this, server execute map configuration file (if exist) ...maps/cfg/map_name.cfg

These cvars what have added in autoexec.cfg stay in that value as long as something is change it (another config file, rcon command, plugin ?).
Now if admin change sv_alltalk to 0, it stay after map changes as long as it something change back to 1.

To want cvars stay specific value automatically, use server.cfg
This config file will execute every map change and reset cvars back.
*Tip, add in this file bottom of list to save server current permament bans
writeid
writeip

Different cvar settings by map, use ...maps/cfg/map_name.cfg
Whe map appears called "map_name.bsp" it change cvar setting for that what found in map config.

Again, it's your choice do you want start use this way,
or add all in server.cfg and execute all cvars everytime when map change...

-----------------------------------------------------------

(Back to topic)
Players can check server current sv_pure mode typing sv_pure in their console when joined.
They get also server whitelist.

Code:

--------------------------------------------------------
sv_pure:

If set to 1, the server will force all client files except the whitelisted ones (in pure_server_whitelist.txt) to match the server's files. 

If set to 2, the server will force all client files to come from Steam (and it will not load pure_server_whitelist.txt).


The server is using sv_pure = 1.
materials\...                                 from_steam
models\...                                    from_steam
sound\...                                     from_steam
models\player\...                             allow_from_disk
materials\models\player\...                   allow_from_disk
materials\temp\...                            allow_from_disk
materials\vgui\logos\...                      allow_from_disk
materials\vgui\logos\ui\...                   allow_from_disk
materials\vgui\replay\thumbnails\...          allow_from_disk
--------------------------------------------------------

They can now use files from they disk on those path.
...steamapps/account/game-name/mod/models/player/
...steamapps/account/game-name/mod/materials/models/player/
...steamapps/account/game-name/mod/materials/temp/
*...steamapps/account/game-name/mod/materials/vgui/logos/
*...steamapps/account/game-name/mod/materials/vgui/logos/ui/
...steamapps/account/game-name/mod/materials/vgui/replay/thumbnails/
* Don't know why there have added extra by default = materials\vgui\logos\ui\... allow_from_disk
when this will do same thing = materials\vgui\logos\... allow_from_disk

Configure pure_server_whitelist.txt
- You find this file from your server, one folder up from mod (...orangebox/hl2/)
This file work from that path
(or either you can copy that file and add in your mod direction (...orangebox/cstrike/)
Now it will use that file what found from 'cstrike' instead 'hl2'
Not need done this, I just mention)

http://developer.valvesoftware.com/wiki/Pure_Servers

Code:

whitelist
{
   // You can add comments behid double slash
   // All your setting have to add inside in one whitelist { parentheses }


   // Server force players use all files from "steam"
   // These are BIG *.gcf files before player account folder ...steamapps/
   materials\...   from_steam
   models\...      from_steam
   sound\...       from_steam

   // Don't make multiple copies of same path
   // like sound\... if it already exist (above)

   // At this point, players can't use anything custom files
   // from their ...steamapps/account/game-name/mod/materials/...
   //                                             /models/...
   //                                             /sound/...

   // Let players use custom sounds by plugins, example quake sounds
   // maniadmin sounds
   sound\quake\...        allow_from_disk
   sound\admin_plugin\...   allow_from_disk

   // Some reason there sound files in root ...sound/ folder ?
   sound\*.*   allow_from_disk

   // Allow player customize one radio sound file :P, go go go!
   sound\radio\go.wav   allow_from_disk

   // Allow players use spray pictures (, player avatars via replay ?)
   materials\temp\...           allow_from_disk
   materials\vgui\logos\...     allow_from_disk
   //materials\vgui\logos\ui\...  allow_from_disk  // Not need this because above line do same job
   materials\vgui\replay\thumbnails\...  allow_from_disk

   // Shitty map where map builder haven't compressed texture files in map.bsp !
   // de_rennes_v1 = http://www.gamebanana.com/maps/4405
   // I use only CRC check on *.vmt files, not *.vtf picture itself
   // From *.vmt file, player can add transparent to texture.vtf
   // So players *.vmt files have to match server *.vmt files
   materials\de_rennes_v1\...           allow_from_disk
   materials\metal\metalwall046a.vmt    allow_from_disk+check_crc
   materials\metal\metalwall046a.vtf    allow_from_disk
   materials\de_rennes_v1\asphault1.vmt            allow_from_disk+check_crc
   materials\de_rennes_v1\ccc_glass5.vmt        allow_from_disk+check_crc
   materials\de_rennes_v1\ccc_metstainl6.vmt    allow_from_disk+check_crc
   materials\de_rennes_v1\ccc_metstainl7.vmt    allow_from_disk+check_crc
   materials\de_rennes_v1\cement2.vmt            allow_from_disk+check_crc
   materials\de_rennes_v1\cement3.vmt            allow_from_disk+check_crc
   materials\de_rennes_v1\cugroundi.vmt         allow_from_disk+check_crc
   materials\de_rennes_v1\dev_cratewood01a.vmt  allow_from_disk+check_crc
   materials\de_rennes_v1\dirt.vmt              allow_from_disk+check_crc
   materials\de_rennes_v1\eastcratelgtp.vmt     allow_from_disk+check_crc
   materials\de_rennes_v1\escalator1.vmt        allow_from_disk+check_crc
   materials\de_rennes_v1\escalator2.vmt        allow_from_disk+check_crc
   materials\de_rennes_v1\floor_b_env.vmt       allow_from_disk+check_crc
   materials\de_rennes_v1\floor_w_env.vmt       allow_from_disk+check_crc
   materials\de_rennes_v1\hedge_1.vmt           allow_from_disk+check_crc
   materials\de_rennes_v1\l_andre.vmt           allow_from_disk+check_crc
   materials\de_rennes_v1\l_boul.vmt            allow_from_disk+check_crc
   materials\de_rennes_v1\l_brioche7.vmt        allow_from_disk+check_crc
   materials\de_rennes_v1\l_celio2.vmt          allow_from_disk+check_crc
   materials\de_rennes_v1\l_coffea.vmt          allow_from_disk+check_crc
   materials\de_rennes_v1\l_crazy.vmt           allow_from_disk+check_crc
   materials\de_rennes_v1\l_eram.vmt            allow_from_disk+check_crc
   materials\de_rennes_v1\l_espace.vmt          allow_from_disk+check_crc
   materials\de_rennes_v1\l_fnac.vmt            allow_from_disk+check_crc
   materials\de_rennes_v1\l_grandoptical.vmt    allow_from_disk+check_crc
   materials\de_rennes_v1\l_habitat.vmt         allow_from_disk+check_crc
   materials\de_rennes_v1\l_inno.vmt            allow_from_disk+check_crc
   materials\de_rennes_v1\l_inno2.vmt           allow_from_disk+check_crc
   materials\de_rennes_v1\l_mcdo.vmt            allow_from_disk+check_crc
   materials\de_rennes_v1\l_morgan.vmt          allow_from_disk+check_crc
   materials\de_rennes_v1\l_nafnaf.vmt          allow_from_disk+check_crc
   materials\de_rennes_v1\l_nature3.vmt         allow_from_disk+check_crc
   materials\de_rennes_v1\l_phox.vmt            allow_from_disk+check_crc
   materials\de_rennes_v1\l_sephora.vmt         allow_from_disk+check_crc
   materials\de_rennes_v1\l_sergent.vmt         allow_from_disk+check_crc
   materials\de_rennes_v1\l_SNCF.vmt            allow_from_disk+check_crc
   materials\de_rennes_v1\l_springfield.vmt     allow_from_disk+check_crc
   materials\de_rennes_v1\l_supersport.vmt      allow_from_disk+check_crc
   materials\de_rennes_v1\l_yr.vmt              allow_from_disk+check_crc
   materials\de_rennes_v1\metal_red.vmt         allow_from_disk+check_crc
   materials\de_rennes_v1\pillar01.vmt          allow_from_disk+check_crc
   materials\de_rennes_v1\pillar01_env.vmt      allow_from_disk+check_crc
   materials\de_rennes_v1\wall004.vmt           allow_from_disk+check_crc
}

Rest pure cvars

Code:

"sv_pure_trace" = "1" ( def. "0" )
 - If set to 1, the server will print a message whenever a client is verifying a CRC for a file.

And this work when sv_pure_kick_clients "0" (otherwise, leave this trace to 0. Useless)
This will print to player console when conncet to server (and current map de_rennes_v1)
Warning: Pure server: file [GAME]\materials\de_rennes_v1\wall004.vmt does not match the server's file.
And server console, but not log these.
[STEAM_0:1:00000] Pure server: file [GAME]\materials\de_rennes_v1\wall004.vmt does not match the server's file.

Code:

"sv_pure_kick_clients" = "1"
 - If set to 1, the server will kick clients with mismatching files. Otherwise, it will issue a warning to the client.

Kick players if files not match with server files what have CRC check.
Dropped Bacardi from server (Pure server: file [GAME]\materials\de_rennes_v1\wall004.vmt does not match the server's file.)
Player console
Disconnect: Pure server: file [GAME]\materials\de_rennes_v1\wall004.vmt does not match the server's file..
Disconnect: Pure server: file [GAME]\materials\de_rennes_v1\wall004.vmt does not match the server's file..

What else ?
When change sv_pure mode or make change in pure_server_whitelist.txt
players should re-launch their game or they get HL2.exe errors.

Another errors, found from player console

Code:

] play quake/headshot.mp3
Failed to load sound "quake\headshot.mp3", file probably missing from disk/repository

Even sv_pure 1 whitelist will block this (and sv_pure 2)
or you don't have this file on your computer.

So @einwa, you can start check what you want players use on server.
Custom skin and weapons ?
Ofcource plugins sound files and other texture.
It's not difficult when you learn this.

*edit
Don't edit files called whitelist.cfg
I haven't touch those and I have get still work those custom files via pure_server_whitelist.txt

MjrNuT · 04-15-2011 , 11:56 Re: pure server whitelist - Against wallhackers

This thread needs to be STICKIED FOR LIFE!!

Excellent reply Bacardi.

einwad · 04-15-2011 , 14:21 Re: pure server whitelist - Against wallhackers

First of all, thank you for the huge post. It's so complete! I think I got how it works

But before I try to make a pure_server_whitelist, let's make sure I really understood.

With sv_pure 1:
Players will be forced to have all the files matching the server (except the ones I will list on pure_server_whitelist.txt)

On pure_server_whitelist.txt:
from_steam > can be different from server but has to match steam default
allow_from_disk > Let users modify or use their own files in the specified folder
check_crc > keep checking the players (while they are in game) if they still have the folder as it's supposed to be

Is that right?

nightrider · 04-15-2011 , 20:28 Re: pure server whitelist - Against wallhackers

Sticky vote +2
Bacardi always posts very useful and detailed information in his replies.
You also have my thanks Bacardi.

Bacardi · *Last edited by Bacardi; 04-16-2011 at 03:03.*

Quote:

Originally Posted by einwad

...let's make sure I really understood.

With sv_pure 1:
Players will be forced to have all the files matching the server (except the ones I will list on pure_server_whitelist.txt)

- Not exactly, I try explain. Now think you are player who have installed source game on own computer.
Steam download huge *.gcf files in to ...Steam\steamapps\
Inside these, there are all files what need run source-game. (Sounds, materials, models, maps, scripts etc. etc.)

Anyone can peek inside these with Nem's GCFScape tool and extract files out there, but not add in there.
Especially when need to know which path you need add that same file in your steam-account folder.

Example that radio sound gogogo!
- Using tool, look inside ...Steam\steamapps\counter-strike source shared.gcf (we could look this sound file path from game console soundlist also...)
We can browse folders and files inside that counter-strike source shared.gcf,
and we found radio sound file from
...Steam\steamapps\counter-strike source shared.gcf\root\cstrike\sound\radio\go.wav

Ok, now player need mimic this path in his steam-account folder and add sound file in there.
...Steam\steamapps\MyAccountName\counter-strike source\cstrike\sound\radio\go.wav

Tadaa! This way player have modified his game, replace game original gogogo sound to another else.
This way players install all

from gamebanana (weapons, player skins) to his steam-account folder.
In this steam-account folder, player download server files (maps, quake sounds)

When enable sv_pure 1
Server start read file pure_server_whitelist.txt where inside there are in the beginning

Code:

materials\...  from_steam
models\...     from_steam
sound\...      from_steam

Tells players use all files under that direction from ...Steam\steamapps\*.gcf
Server not (at this point) check player files will they match with server files.

Allow players use own modified radio sound gogogo on server.
Add in pure_server_whitelist.txt

Code:

sound\radio\go.wav   allow_from_disk

Server still not check player files will they match server files. It have just allow them use that one file from
...Steam\steamapps\MyAccountName\counter-strike source\cstrike\sound\radio\go.wav

Allow player use file on server but need match with server file.

Code:

materials\de_rennes_v1\wall004.vmt           allow_from_disk+check_crc

Now server start check files when player connected, will they match.
You need CRC check only important files. Try using less this.
*what I have mention before, check only *.vmt files. This way they not get texture file (*.vtf) to work transparent.

You can try this what I have use.

This allow players use:
player models+skins+radio sounds
hostage models+skins+sounds
weapons models+skins+sounds
bullet shell models+skins
weapon buy menu VGUI+sound item
weapon muzzleflash texture
map radar overview

admin plugins sounds
quake sounds
bombtimer (plugin)
knifefight
fleshnscream
sound folder root

player spray (and avatar on replay ?)

Yes, you maybe need add more your settings what files you use on server adn what you want players use.

Hope you did understand what are "steam" files, player modified files instead is in their account-folder.

*edit
I'm trollolololler

einwad · 04-16-2011 , 03:15 Re: pure server whitelist - Against wallhackers

That's all I got to say, can't think of a better way, that's all I got to say: I love you, is that ok?

*singing*

einwad · *Last edited by einwad; 04-18-2011 at 09:38.*

Ok, I made a pure_server_whitelist.txt....

Code:

whitelist
{
    materials\...    from_steam
    models\...    from_steam
    sound\...    from_steam

    models\player\...            from_steam
    materials\models\player\...        from_steam


    models\weapons\...            allow_from_disk
    materials\models\weapons\...        allow_from_disk


    // SourceMod
    sound\admin_plugin\...            allow_from_disk
    sound\quake\...                allow_from_disk
    sound\*.*                allow_from_disk
    sound\2u\...                allow_from_disk

    materials\vgui\replay\thumbnails\...    allow_from_disk
}

I think it will block material hacks

We don't allow custom sprays (we wanted to block all sprays but couldn't find how) and we use only 1 map (de_dust2_unlimited). So I don't think we need anything more than what's in there.... I think. How can I enforce all players to download the content inside "sound\2u\..." ?

Bacardi · *Last edited by Bacardi; 04-18-2011 at 10:47.*

Quote:

Originally Posted by einwad

We don't allow custom sprays (we wanted to block all sprays but couldn't find how)

Code:

"sv_allowupload" = "0" ( def. "1" )
 - Allow clients to upload customizations files

*edit
- server save these sprays in ...orangebox/mod/downloads/ *.dat
- Every player who have downloaded others sprays have in own PC
...mod/downloads/*.dat
...mod/materials/temp/*.vtf

Quote:

Originally Posted by einwad

How can I enforce all players to download the content inside "sound\2u\..." ?

You can't ?
The player decides whether he wants to download files from server

Code:

"cl_allowdownload" = "0" ( def. "1" )
 archive
 - Client downloads customization files


"cl_downloadfilter" = "nosounds" ( def. "all" )
 archive
 - Determines which files can be downloaded from the server (all, none, nosounds)

- But... with annoying plugin what check player current "cl_downloadfilter" and "cl_allowdownload", kick player from server when he connect if false settings.
Custom Files Filter Checker

- And CRC check all that folder

Code:

sound\2u\...   allow_from_disk+check_crc

I don't like this idea.

einwad · 04-19-2011 , 10:38 Re: pure server whitelist - Against wallhackers

As I said in my previous post, we already block custom sprays. We have sv_allowupload 0 for a while. I wanted to block any spray whatsoever but it doesn't matter anymore. Players said today that sprays are not working after I put sv_pure 1. Not even the default ones apparently (haven't checked it myself because I always play with r_decals 0 and mp_decals 0)

About the "\2u" sound folder, I obviously wanted to enforce download only to those with cl_downloadfilter all. We have the "Swap team after X rounds" plugin and somehow nobody downloads the mp3 from the server folder, always say "Failed to load sound "2u\teamswitch.mp3", file probably missing from disk/repository". I have cl_downloadfilter all and I don't download it. I get quake sounds but not that teamswitch sound. And it is on the server.

I'll post this in the "Swap team after X rounds" plugin page instead.

Thank you, this topic can be closed.