Raised This Month: $51 Target: $400
 12% 

[TUTORIAL] How to secure server/ catch hackers (read b4 requesting anti-hack plugins)


Post New Thread Reply   
AlliedModders Forum Index > Off-Topic & Trash > Trash
 
Thread Tools Display Modes
Author Message
CookieCrumbler
Senior Member
CookieCrumbler's Avatar
Join Date: Feb 2013
Location: Australia
Old 11-15-2013 , 13:03   [TUTORIAL] How to secure server/ catch hackers (read b4 requesting anti-hack plugins)
Reply With Quote #1
*************
TAKE NOTICE : That the Plugin Request / Suggestion section of Allied Modders and the rules for that section state that you are not to request Anti - Hack Plugins or Programs in that particular section . TAKE NOTICE : That you have been informed of this by reading this notice and by the obvious sub tag in the title of this thread that says (read b4 requesting anti-hack plugins) in which a duplicate of this post has been placed in that section also for reference not to ask in the Request / Suggestion forum and you should redirect your questions to the HL 1 HLDS section of the site which is where you are now if you are reading this
https://forums.alliedmods.net/forumdisplay.php?f=131


This tutorial should inform you of everything you need anyways so you should not need to ask.
*************

I see so many people posting threads requesting plugins in relation to security / anti-hacks or anti-wallhack / anti-aimbot so I have laid out all the tools and know how that you need to be an effective server administrator or admin in this tutorial.

Part 1 : How to secure your server / add admins / access ban system

The first thing you need to do is make sure your server is up to date. Outdated servers contain exploits that many hackers use to crash / or toy around with your server. Would you give a robber the keys to your house ? Then dont give hackers backdoors to your server and make sure you are always using the most up to date build of your GolSrc Engine game. Do not use things such as DProto to make your server non-steam as this can leave your server vulnerable to exploits.

Code:
Latest Public Build 6027
Latest BETA Build  6132

I will update this thread when newer builds are available but you can also check if there is updates
to HLDS using these links and running SteamUpdate on your server when a new build is released ;

http://steamcommunity.com/games/10  Counterstrike
http://steamcommunity.com/games/70  Halflife

Use this link to get the latest build or ask your host to update to SteamCMD
https://developer.valvesoftware.com/wiki/SteamCMD
Install the latest stable releases of AMXX and Metamod as listed below to ensure your plugins work properly.
Code:
http://www.amxmodx.org/downloads.php
Metamod 1.2.1am
AMXX 1.8.2
Make sure your sever is VAC Secure. VAC should be enabled by default but if it isn't you can enable it by adding -secure parameter to your servers command line or by opening liblist.gam file in your servers cstrike directory with notepad and making sure secure is set to 1 and then hit save. Then delete the old liblist.gam and reupload the new edited one back to your servers cstrike directory.

Your server is now as up to date and secure as its going to be by default.

-----------------------------

If you are not using AMXX and rely on RCON for your server, I hightly do not recommend this, but if you must use RCON never use simple words for rcon_password such as "mypassword" or "bobssecret" . Make sure your RCON is a very hard to decipher string of numbers, letters and symbols and use both capital letters and small letters.
eg : rcon_password !8mH#q7pZ$9P2wX4@

----------------------------

If you are using AMXX which is the more highly preferred and recommended method start by opening your server.cfg file and make sure rcon is disabled. Your rcon setting should be set to this : rcon_password ""

Now goto cstrike/addons/amxmodx/configs and open the file users.ini and the read the top half of that file on how to add yourself or admins to the user.ini file.

A more effective tool then using the stock standard admin feature that comes with AMXX is to download and install the latest AMX Bans version 6.0.4 which can be found here
http://forum.amxbans.net/viewtopic.php?f=6&t=20

Install the AMX Bans system to your webhosting / website and add the admins you want through the web interface where you installed AMX Bans then place the other files in the plugin folder that came with AMX Bans to there respective directory on your game servers @ cstrike/addons/amxmodx/

Open plugins.ini and disable the stock standard AMXX admin feature listed at the top of that file with a semi-colon like this
;admin.amxx

Now add the AMX Bans plugins to your plugins.ini. NOTE make sure that you add these 2 plugins at the very top of plugins.ini and in this order. Do not put semicolon in front of them
amxbans_core.amxx
amxbans_main.amxx

Restart your server

Tell your admins to type the following in there console :
bind p amxmodmenu

Now when ever they hit the "p" key they have access to an easy to use interface with everything they need to ban / kick / slay / slap players depending on the flags you grant them.

If you have any issues with AMX Bans or think you may of not installed it correctly use the support section of the official AMXX Bans site here
http://forum.amxbans.net/viewforum.php?f=5


You now have an up to date secure server with admins ready to go now lets learn how to catch them pesky Wallhackers and Aimbotters etc.



Part 2 : Plugin Tools to Catch WallHackers, Aimbotters and other cheats

Firstly I can tell you there is no magic plugin that catches hackers. There are tools to help assist you though and I will run through them with you here.

1) Admins, Admins, Admins. This is the most important thing you need to have in running a hacker free community is to have an admin base to watch out for hackers. When choosing admins select people that you know and trust and have known for some time and teach them how to detect hacks or find people with admin experience who are already pre-equipped to take up the task.

Never give the flags "a" (immunity) or "g" (cvar) or "l" (rcon) to any admins that you may consider to be junior admins or admins that you do not want toying around with cvars or rcon as these commands can allow admins to fool around and do stupid things with your server. Only give these flags to yourself or your most highly trusted admins or people that have FTP eg: server maintainence / administrators.

For a full list of admin flags check this link
https://wiki.alliedmods.net/Adding_A...28AMX_Mod_X%29


2) Download and Instal - Admin ESP plugin from here :
https://forums.alliedmods.net/showthread.php?p=203405

ESP is a plugin designed to help assist you or your admins to tell if somebody is wallhacking which is the most predominant hack used by hackers. It draws lines between the person you are spectating whilst in first person view and the other players in the server, even behind walls, when dead or in spectator mode. Tou can toggle the ESP on or off using the "w" and "s" keys. Read the tutorial in Part 3 to learn the best way to use this plugin.


3) Download and Install - Invisible Spectator Plugin from here :
https://forums.alliedmods.net/showthread.php?p=551999

This plugin allows you to appear completly invisble in your server when on spectator mode and following the instructions in that threads first post



Part 3 : What is VAC and what does it do

Before I teach you how to detect hacks i want to run you through understanding what VAC is.

You may of seen this term used but do not understand or know whjat VAC is or what it does.

VAC stands for Valve Anti-Cheat and is the internal hack detection system used only by valve and is not something you have access to other then being able to either turn it on or off on your server, although you can check players STEAM ID's in online VAC lists online that keep tabs on players that are banned.

How does it work ? Alot of people say that VAC is not that great, but I will tell you how Valve use VAC to catch hackers. Lets say some new hack comes out, well Valve have employees who constantly scour the internet finding these hacks and how they hook to the game engine. They have ways of detectting if you are using them and they then let hackers use these hacks for a certain time and then take everyone caught using them out every few months.

You might ask why they do this, well it is because if they blocked them str8 away hackers would immeadiatly alter them, thus Valve do this so they can catch a large pool of people out in one big sweep. So if your a hacker I recommend you to not use them and I also recommend you to not use them just to "see what they're all about".

I will give you some more reasons why you should not use hacks
1) You could get banned from servers you regularly play on and considering the games player base and amount of servers is dropping you may soon have no server to play on at all.

2) You could get VAC banned

3) Hackers are considered scumbags by the community at large and you don't want to gain that reputation in the eyes of everyone you play with as that scumbag hacker, never to feel loved by your gaming comrades ever again.


Now lets move on to the part about catching these Jabroni's

Part 4 : Catching Hackers

Catching hackers is pretty simple when you customize yourself to the process. The most important part to catching a hacker is first and foremost patience. The second is understanding what you are looking for, understanding patterns of a hackers gameplay behaviour and being used to knowing what you are looking for.

We will deal first with the most predominant hack. ( Wallhacking )

Wallhacking is when a cheater can see other players through walls. They are also referred to as Wallers or Walling.

Most hackers are silly and dont realize how easy it is to spot there dumb hacks. Most Wallhackers do something known as "Tracing" and this is where the Admin ESP comes in handy.

Tracing is where whilst spectating a suspect cheater in first person with the ESP they seem to follow people through walls with there crosshair and these are the most obvious wallers to catch.

Then there is more advanced hackers that like to do your head in and try play games with you like toggling there hacks on and off when they suspect they are being watched, especially when they see people in Spectate, and this is where the "Invisible Spectator" plugin comes in handy so you or your admins can sit in your server invisible.

These more advanced wallhackers often try to be sneaky as well by not "Tracing" like novice hackers to. They never follow players through walls and try to play dumb like as if they cannot see the players behind walls but they actually can, and then shoot them when they pop out from places. This does not mean though that they are invisible to the most seasoned admin or person who has played this game for many years. Often they can be caught out because you catch them time and time again pre-firing before a player pops out from behind a wall. But as i stated at the beggining of Part 4 the foremost rule to catching hackers is patience, watching them long enough to remove all doubt.


The next major hack is aimbot. This is where a cheaters crosshair locks onto its tarrget generally the head hitbox when they come into the sight of the hacker. This one is pretty easy to catch as you are mainly looking for a pattern of the hacker getting headshot after headshot, and there crosshair moving extremlly fast and what looks like a "locking on target" sort of quick zip action that doesn't look right compared to how it looks when you spectate most none hacking players. The snappy quick "lock on to" action looks extremelly abnormal.

Will update this section with Info on other major hacks at a later time but these two are the ones you should most look out for.

Part 5 : Recording Demos

When running counterstrike servers it is a good rule to have a community website with a forum where your players can interact and admins can access hidden sections of a forum for admin purposes.

Create a Forum Section called :
"Ban Request" , open to all members where players can submit demos of people incase no admin was present in your server at the time.

Create a Forum called:
"Sumbit Ban Demos" and "Admin Discussions", and make it so that only admins can accesss it and as a rule make your admins sumbit a demo for every ban they do on your network. This way people are being treatly fairly and you as the community owner have full control over whether justice was done and whether the ban was fair. You as the owner of the community or your head admins can then approve or dissaprove a ban.

Recording Demos:
To record a demo sit in spectate on your server and spectate the suspected hacker in first person view with admin ESP on. If it is for Aimbot leave ESP off as it makes it harder to see if somebody is aimbotting for sometimes and its not nessarary unless you suspect them of both Walling and Aimbot.

Then open your console and type:
record playnamehere

Although it does not need to be the players exact name you can call the demo anything you like such as , record scumbaghacker but if you use the same term again it will overwrite the demo file you already have with that name so jsut put a number after it.

After typing record playernamegoeshere type status , this saves a copy of the hackers steam ID in the demo that can be seen in the console when you play it back.

When your sure the demo you have is sufficient jsut type ;
stop

------------------------------

You can also allow all players to see the ESP when player is dead or in spectator mode by adding the following line add the very end of your amx.cfg file found at cstrike/addons/amxmodx/configs/amx.cfg

esp_allow_all 0/1 (on/off) default: 0

I have this on for my server personally so users can record and submit there own demos with ESP lines in that demo.

You can also Download and install a MOTD plugin where players can type /learn2demo for instructions on how to use record, status and stop, and techniques to do it effectively which I will explain now.

When demoing always be in 1st person view, change your name as to confuse hackers, change your steam avatar/picture in your profile, do not tell them that your watching them, this is a dumb mistake I see tons of people do is telling the hacker "im going to demo you your gonna get banned blah blah" and they just turn off/toggle there hacks, and also watching sus people from spectator mode is best and demoing multiple rounds to make sure that the demo shows a consistent pattern beyond reasonable doubt.

The user can then upload file to mediafire and post the link in your Ban Request section on your website and you can always ban them later after watching the demo if there was no admins in the server at the time.


Part 6 : Naming and Shaming

NAMING AND SHAMING IS AWESOMEEEEEE !!!!!!!!!!! DO IT

This is where you convert the demo file to a video format such as mpg or avi or wmv and upload the video to Youtube.com with a video title that contain the hackers STEAM ID, name and a reference to them being a hacker

eg: STEAM_0:1:XXXXXXXX Bob the Builder is a Wallhacker

As google usually displays youtube results first in its search results, if somebody thinks a person is a hacker and googles there STEAM ID they will be presented with a nice little video they can watch.

Also post the mediafire.com link to the demo file in the About Section of the video so others can see it is a genuine demo, because when they play back the demo if they open there console whien first starting the demo they can see that user corresponds to that STEAM ID if the admin typed status in console right after they started recording.

Part 7 : Additional Resources


Furthermore there are other handy tools but some of these have there PROS and there CONS

Block Wallhacks Plugin :
http://forums.alliedmods.net/showthread.php?p=905038
Although there seems to be an issue that make it feel like lag in your server use at your own discretion.

Aimbot Detection Plugin by Bugsy :
https://forums.alliedmods.net/showthread.php?t=77821
is another excellent plugin that places fake invisible playermodel above a suspected persons head to see if there aimbot will hit it.

A3 Recording
http://forums.alliedmods.net/showthread.php?t=48131&highlight=A3RA
It creates a demo automaticly with just 2 console commands and can also be enabled for all player who are not admins if you so wish

You only need to type "a3_record" in the console and you can go away pump some weights, make a coffee , or cook dinner come back and type "a3_stop" command in console and you have a demo recorded for you that you can watch later.

You can also bind it to keys to make it easier

bind "KP_HOME" "a3_record"
bind "KP_UPARROW" "a3_stop"

thats 7 and 8 on the far right number keypad or your keyboard.

Just select the player to record. It is so easy that a blind Stevie Wonder in a dark room with a blinfold and sunglasses on could do it.

----------------------

There are also programs such as Sxe Injected or EAC ( Easy Anti Cheat ) and other similar programs that require your players to log into these anti cheat client programs before being able to enter your server.

I don't really recommend them for the simple fact that they are a big turn off and players if they have to download something before being able to play on your server will just go to another server as they find these annoying


---------------------

Please do not go all grammer nazi or spelling bee on me in the comments, I know there is alot I have to do that I will get to later as far as fixing up the mistake and readability of the Tutorial.

Do not make posts pointing them out. I will fix them

--------------------
Last edited by CookieCrumbler; 11-15-2013 at 13:20.
CookieCrumbler is offline
Reply
AlliedModders Forum Index > Off-Topic & Trash > Trash

« Previous Thread | Next Thread »


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT -4. The time now is 00:55.

DMCA - Archive - Top

Powered by vBulletin®
Copyright ©2000 - 2024, vBulletin Solutions, Inc.
Theme made by Freecode