[SomePanns]

Hello everyone,

Today a group of people, which includes me, released a new community-driven project that focuses on keeping nasty hackers/cheaters away from your servers, and thus it is time to also post it here on AlliedModders.

Requirements to run SourceCBL

• SteamWorks
• SMJansson (if you're getting Invalid ELF Header, use the extension from the zip attached in the thread and not from GitHub)
• SourceMod 1.7+

ConVars
sm_scbl_enabled - 1 to enable, 0 to disable the plugin.

Compatible games
As for now, these are the game we know it works for

• Team Fortress 2
• CS:GO
• L4D2
• DoD

But if you try it on other Source games that can run it, let us know and we'll add it to the list.

Notes to coders
To be able to compile this plugin, you need the .inc file from the GitHub of SMJansson, as the one provided in the original thread/zip is OUTDATED and will return errors.

How to install SourceCBL.smx
Download the latest version from GitHub and extract everything into your /addons/sourcemod/ folder. Click here for more detailed instructions.

Whitelisting SteamIDs
With version 1.1 you can whitelist steamids in sourcecbl_whitelist.cfg.
Example:

Code:

"1234" // steamid64
{
"whitelist" "1" // 1 to whitelist, 0 to do nothing
}

What is SourceCBL (Source: Community Ban List)?
SourceCBL is a non-profitable organization that lets other communities keep hackers out of their SourceMod servers without having to ban them on their own, by using our database containing all hackers from multiple communities.

We strive after improving the gameplay on all Source-related games and we can achieve this by having our own powerful API that everyone can use to prevent listed hackers from connecting to their servers.

All bans in our database are submitted by community admins and our own staff, while following a very strict policy to ensure quality of our bans.

How exactly does the plugin work?
When a player connects to your servers, his/hers steamID64 is sent as a GET request to our API, where it's compared to tons of other bans on our database, and if it finds a row equal to that steamID64 then the target gets kicked out of your servers with an error message telling them that they have been banned by SourceCBL for hacking/cheating.

I know what many of you think: "Don't we have SMACBans, A, B or C already?" and that's a completely legit question.
We are aware that similar services already exist, yes, but our goal is not exactly the same as theirs. We do not provide an auto-detect system for hacks that bans them automatically or anything similar to that, we are simply just like SteamREP but for hackers instead of scammers.

Can I report a hacker from anywhere?
We've decided to mostly accept reports from SourceCBL protected servers only, but if you follow the .dem file requirements (as found here) you can submit a report from any server (talking about the 'status' command requirement).

If you wish to read more about what we offer or how we work, you can always visit our policy page and if you're looking for our Terms of Service, you can find them as mentioned.

We already have support from some big TF2 communities out there such as Teamworktf and KritzKast for example, and we hope to get even more support!

Let's work together to keep those filthy cheaters away from our (quality) servers!
Go to our website.

Changelogs

Spoiler

2017-07-27
Plugin:
• The plugin now keep track of banned users that are connecting to a protected server and controlling whether they're allowed access (whitelisted) or blocked from connecting (which can be seen in the ban UI on the wesite)
• Replaced SteamTools with SteamWorks
• Rewrote most of the API request code
• Now uses auto updater
• You'll now see data of the target you're spectating, good for recording demos and submitting them as proof to us
• Added a sm_scbl_enabled cvar.
• Admins in-game are now notified in chat if a marked cheater is connecting to the server
• If the plugin fails to collect the clients Steam ID when they connect, they will be granted access and the plugin will automatically re-run the process and check if the client is banned after a couple of minutes.

Website/General:
• SourceCBL soul purpose is now to only deal with reports from servers running SourceCBL, meaning that we'll stand together as a community more (exceptions can be made if you follow the new updated policy)
• Policy has been updated (be sure to read it)
• Reworked the website template completely
• Added an improved documentation about SourceCBL services
• Added a help page with F.A.Q etc
• The home page now has more detailed information about SourceCBL
• Unban requests renamed to unban appeals (or just appeals)
• Removed the forums altogether
• Introducing a new, more detailed report system
• Introducing a new easier and more efficient appeal system
• Implemented a ticket system: this will serve as a system where you submit bug reports, send in complaints or just ask for help related to SourceCBL
• Added a staff page where all SourceCBL staff and community admins are listed
• The database overview has been reworked and it is now possible to search for a ban anywhere on the site
• Added a possibility to upload a demo directly to reports instead of having to provide a link (these are stored in /cdn/reports/)
• It is no longer possible to create a report if there already is a pending report of the same person available
• Updated accepted demo proof path (/cdn/demos/)
• Updated the name generation of all demo files to be equal to [64-bit steam id.timestamp of report] (for example: 76561198082943320.1498797626)
• Removed user profiles (for now) - all usernames now redirect you to the relative steam profile
• Removed news articles. We are instead focusing on using group announcements, which are displayed on the home page.
• Partners are now displayed directly on the home page
• Improved the ban listing UI
• Fixed a bug where the ban wouldn't display what partner community issued the ban if that was the case
• Updated the bans API with more data
• Improved the website performance
• Added an advanced search in the ban list that allows you to search by name as well as Steam ID
• Added a newsletter feature where we'll send patch notes before they're released (as previews) etc
• A banned user can now be marked as an alt account with a link to their banned main account (proof will not be available for an alt account, check their main account for that)
• Bans will now contain info about what kind of cheat that was used
• Bans now have an "additional notes" field

2017-06-30
+ Added a new cvar requested by teamworktf: sm_scbl_enabled - (1 to enable to plugin [default], 0 to disable it). This cvar also allows services such as teamworktf to detect what servers are running SourceCBL.
+ Added a whitelisting function to the SourceCBL plugin. Use sourcecbl_whitelist.txt in /addons/sourcemod/configs to force the plugin to make exceptions for specific steam ids, which means that they will still be able to connect to your server even if they're banned (this does only affect your server and not everyone elses).
! Fixed a CloudFlare cache bug that would cause the plugin to fail its API requests.
- Removed all pre-bans without proof

[sneaK]

I'll be the first to ask - what kind of oversight is available for this? Are all bans manually submitted and reviewed?

[SomePanns]

Quote:

Originally Posted by sneaK I'll be the first to ask - what kind of oversight is available for this? Are all bans manually submitted and reviewed?

All bans are manually submitted by our staff, and we always ensure that those we hire for the position of being a site mod knows how to spot a hacker (they've either been an admin somewhere, they are an admin somewhere or is generally just talented at spotting them), as well as carefully chosen admins from various communities that are dealing with them on a daily basis as it's their job to catch them.

As for who can be assigned to the community admin rank, we have specific requirements for that, as well as for site mods and partnerships. We take this very seriously and we'll put a lot of time and effort into always making sure the proof is valid (according to our policy).

[Ejziponken]

Are the proof open to the public? Or the very least the servers who are running this?

[SomePanns]

Quote:

Originally Posted by Ejziponken Are the proof open to the public? Or the very least the servers who are running this?

Yes, all proof are open to the public.

[Spyrek]

Great idea!
It would be nice if you could allow importing your database into existing sourcebans installation or just simple button to download latest DB dump. Maybe allow public sql access, but only with select permission.
I know that there is an API, but that's another additionally check on every player connect.

[SomePanns]

Quote:

Originally Posted by Spyrek Great idea! It would be nice if you could allow importing your database into existing sourcebans installation or just simple button to download latest DB dump. Maybe allow public sql access, but only with select permission. I know that there is an API, but that's another additionally check on every player connect.

I think we got a similar request to this earlier and I'm going to try to make it as clear as possible, if I have understood your request correctly:

We are not going to allow whitelisting of any kind with our bans, it's either all in or it's nothing. Being able to access a DB dump to import it into your existing SourceBans installation, without running SourceCBL (as I assume you won't run it if you do this), is going to allow you to delete bans you don't like. In other words you're whitelisting people, which as stated, is something we're not going to provide at the moment.

Of course, if you're experienced with PHP, you can use the API to manually add the bans into your SourceBans installation. However, this is against our ToS and if you get caught doing it you're going to get blacklisted from using our API.

[good_live]

I definitly like the idea of a global ban database, but restricting communitys in any way of who is allowed to join their server is not really a way to go.

Can you explain why exactly you are trying to enforce that all or nothing rule?

Also why aren't there any proofs available for the bans in the database so far?

[SomePanns]

Quote:

Originally Posted by good_live I definitly like the idea of a global ban database, but restricting communitys in any way of who is allowed to join their server is not really a way to go. Can you explain why exactly you are trying to enforce that all or nothing rule? Also why aren't there any proofs available for the bans in the database so far?

I think you got that part wrong(?)

We only, and only ban hackers that we have proof of. And if you get banned by us, you're not going to be able to connect to any server running this plugin, no matter the game. And if you have a friend/admin/staff/whatever that is cheating on your server and you want to allow them, I think it's time for you to re-think your choices. A cheater is a cheater, and the entire purpose of this project is to keep all cheaters away.

As for the proof part:

Spoiler

At this early stage of SourceCBL, we only have the basics to provide, and all of the current bans in our database are so called "base bans", which will serve as a good start for us, so the database isn't completely empty. Those bans are collected from various communities and they've been verified to be valid, although they do not come with proof. At the moment we can't have proof on our servers, as we're planning to migrate to better severs and get our own CDN in about a week or so from now on.

[good_live]

I got the point, but in my opinion transparancy is a very important part here.
So i don't really like the idea of non proofable bans.

Also let me turn this around.
Why are you regulating the use of the ban database?
Is there any abuse that you fear?
Or do you fear that users don't feal a ban as a threat?

Me as part of a community leadership don't really like the idea of giving up Control.
I still want to be able to allow any user I want to join the servers and as you said technicaly that's absoloutly no problem. As this isn't an automated detection there will be false positives. You wouldn't accept unban request if you don't agree on this.

So why don't you stop to try dictate the usage of this service? Is there any disadvantage at all?