Raised This Month: $44 Target: $400
 11% 

Solved Is it possible to ban hackers who spoof their steam IDs?


Post New Thread Reply   
 
Thread Tools Display Modes
Author Message
Psyk0tik
Veteran Member
Join Date: May 2012
Location: Homeless
Old 03-27-2018 , 00:39   Is it possible to ban hackers who spoof their steam IDs?
Reply With Quote #1

Hey, I'm wondering if it is possible to catch these recent pesky hackers on TF2 who seem to bypass steam authorization by spoofing their steam IDs. When I check the console for their steam ID, they have this as their steam ID: STEAM_ID_STOP_IGNORING_RETVALS

I tried using this method but I feel that it is either unreliable or inefficient.

PHP Code:
public void OnPluginStart()
{
    
RegAdminCmd("sm_bancheck"cmdBanCheckADMFLAG_KICK"Automatically checks the server for any hackers with a spoofed Steam ID and bans them.");
}

public 
void OnClientPostAdminCheck(int client)
{
    
iBanCheck(client);
}

public 
Action cmdBanCheck(int clientint args)
{
    if (
args 0)
    {
        
ReplyToCommand(client"Usage: sm_bancheck");
    }

    for (
int iPlayer 1iPlayer <= MaxClientsiPlayer++)
    {
        
iBanCheck(iPlayer);
    }
}

int iBanCheck(int client)
{
    
char steamid[64];
    
GetClientAuthId(clientAuthId_Steam2steamidsizeof(steamid));
    if (
StrContains(steamid"STEAM_ID_STOP_IGNORING_RETVALS"false) || StrContains(steamid"STEAM_ID"false) || StrContains(steamid"STEAM_ID_STOP_IGNORING"false) || StrContains(steamid"STOP_IGNORING"false))
    {
        
ServerCommand("sm_ban %s 0 \"Banned for hacking.\""steamid);
    }

Any help is appreciated. Thanks!
__________________

Last edited by Psyk0tik; 03-27-2018 at 02:29. Reason: Marked as [Solved]
Psyk0tik is offline
Mitchell
~lick~
Join Date: Mar 2010
Old 03-27-2018 , 00:53   Re: Is it possible to ban hackers who spoof their steam IDs?
Reply With Quote #2

IP ban them? also you have to consider the fact that some players can connect without cheats and get a steamid error.
Mitchell is offline
Psyk0tik
Veteran Member
Join Date: May 2012
Location: Homeless
Old 03-27-2018 , 00:57   Re: Is it possible to ban hackers who spoof their steam IDs?
Reply With Quote #3

Quote:
Originally Posted by Mitchell View Post
IP ban them? also you have to consider the fact that some players can connect without cheats and get a steamid error.
Yeah I was worried about that part. Unfortunately, these hackers also seem to bypass the IP bans. SB can't even seem to detect the IP nor Steam ID of the hacker on any of the servers owned by the community I am a part of.
__________________
Psyk0tik is offline
Psyk0tik
Veteran Member
Join Date: May 2012
Location: Homeless
Old 03-27-2018 , 01:13   Re: Is it possible to ban hackers who spoof their steam IDs?
Reply With Quote #4

Also, wouldn't OnClientPostAdminCheck() be called when the player has already been authorized? That means the plugin would only ban players who still don't have a valid steam ID after being authorized, right?
__________________
Psyk0tik is offline
DarkDeviL
SourceMod Moderator
Join Date: Apr 2012
Old 03-27-2018 , 01:41   Re: Is it possible to ban hackers who spoof their steam IDs?
Reply With Quote #5

Quote:
Originally Posted by Crasher_3637 View Post
Hey, I'm wondering if it is possible to catch these recent pesky hackers on TF2 who seem to bypass steam authorization by spoofing their steam IDs. When I check the console for their steam ID, they have this as their steam ID: STEAM_ID_STOP_IGNORING_RETVALS
Quote:
Originally Posted by Crasher_3637 View Post
PHP Code:
int iBanCheck(int client)
{
    
char steamid[64];
    
GetClientAuthId(clientAuthId_Steam2steamidsizeof(steamid));
    if (
StrContains(steamid"STEAM_ID_STOP_IGNORING_RETVALS"false) || StrContains(steamid"STEAM_ID"false) || StrContains(steamid"STEAM_ID_STOP_IGNORING"false) || StrContains(steamid"STOP_IGNORING"false))
    {
        
ServerCommand("sm_ban %s 0 \"Banned for hacking.\""steamid);
    }

See THIS POST, as well as THIS POST.

Quote:
Originally Posted by Crasher_3637 View Post
Also, wouldn't OnClientPostAdminCheck() be called when the player has already been authorized? That means the plugin would only ban players who still don't have a valid steam ID after being authorized, right?
OnClientPostAdminCheck is called when the user has passed his/her check for admin privileges, if there are no valid Steam ID, it cannot be checked, and it won't ever be called.


If you expect any further assistance, please share your full plugin and extensions list:

Code:
meta list
sm exts list
sm plugins list
As you can read in the linked posts, you most likely have some poorly coded plugins that "fool" you somehow...
__________________
Mostly known as "DarkDeviL".

Dropbox FastDL: Public folder will no longer work after March 15, 2017!
For more info, see the [SRCDS Thread], or the [HLDS Thread].
DarkDeviL is offline
Psyk0tik
Veteran Member
Join Date: May 2012
Location: Homeless
Old 03-27-2018 , 02:29   Re: Is it possible to ban hackers who spoof their steam IDs?
Reply With Quote #6

Those posts taught me more about GetClientAuthId, and I found a plugin on that thread that does exactly what I was looking for.

https://forums.alliedmods.net/showpo...2&postcount=25

Thanks!
__________________
Psyk0tik is offline
Fyren
FyrenFyrenFyrenFyrenFyren FyrenFyrenFyrenFyrenFyren FyrenFyrenFyrenFyrenFyren FyrenFyrenFyrenFyrenFyren
Join Date: Feb 2106
Old 03-27-2018 , 04:27   Re: Is it possible to ban hackers who spoof their steam IDs?
Reply With Quote #7

Any code that attempts to compare the string from GetClientAuthId to STEAM_ID_STOP_IGNORING_RETVALS is fundamentally misunderstanding what the function does on some level. At the very least, there's no reason to check the string for that value because you could have checked the return value instead.
Fyren is offline
Mainstaff
AlliedModders Donor
Join Date: May 2011
Old 03-27-2018 , 09:09   Re: Is it possible to ban hackers who spoof their steam IDs?
Reply With Quote #8

Best what works against such spoofer is using the function IsClientAuthorized when they enter the server (OnClientPutInServer).
If they are not authorised you just restrict them, e.g.:
SetClientListeningFlags => VOICE_MUTED
Event player_changename => Prevent notication
Commands jointeam, say, say_team etc.. => Stop them
Timer to kick them after 30 seconds
etc...

However, also the authorisation for legit users might be delayed for various reasons. Therefore, I recommend you using OnClientAuthorized to check if a player already entered the server and remove the restrictions applied above.

You also might want to consider the rare case that Steam servers are down and that no player receives the authorsation. Therefore, you probably want to build in something that the restrictions are only applied if e.g. at least 60% of the players on the server already received an authorisation.
Mainstaff is offline
Visual77
Veteran Member
Join Date: Jan 2009
Old 03-27-2018 , 10:45   Re: Is it possible to ban hackers who spoof their steam IDs?
Reply With Quote #9

Then the question remains. How do you retrieve a steamID on a player that is both connected and in game, but reports STEAM_ID_STOP_IGNORING_RETVALS because the steam connection was somehow temporarily lost?

Solution: steamauthstringvalidation no.
Visual77 is offline
DarkDeviL
SourceMod Moderator
Join Date: Apr 2012
Old 03-27-2018 , 10:51   Re: Is it possible to ban hackers who spoof their steam IDs?
Reply With Quote #10

Quote:
Originally Posted by Visual77 View Post
Then the question remains. How do you retrieve a steamID on a player that is both connected and in game, but reports STEAM_ID_STOP_IGNORING_RETVALS because the steam connection was somehow temporarily lost?

Solution: steamauthstringvalidation no.
As I have said multiple times across this forum, and as Fyren said above...

If you're seeing that phrase, you got one or more plugins that ARE NOT DOING THEIR JOB PROPERLY.

The game itself does NOT report that Steam ID ever...

If you don't want to have "SteamAuthstringValidation" set to yes, then no one can help you at all.
__________________
Mostly known as "DarkDeviL".

Dropbox FastDL: Public folder will no longer work after March 15, 2017!
For more info, see the [SRCDS Thread], or the [HLDS Thread].

Last edited by DarkDeviL; 03-27-2018 at 10:52.
DarkDeviL is offline
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -4. The time now is 14:59.


Powered by vBulletin®
Copyright ©2000 - 2022, vBulletin Solutions, Inc.
Theme made by Freecode