Nice to see you're still grinding your gears in UT, Jack.
Thanks for opening our eyes to even MORE potential dangers.
It's always good to keep informed.
Client control mod
-
JackGriffin
- Godlike
- Posts: 3774
- Joined: Fri Jan 14, 2011 1:53 pm
- Personal rank: -Retired-
Re: Client control mod
Yeah, go ahead and trash it. I wanted to discuss whether this was something people would be interested in creating, but like everything else UT it just devolves into finger-pointing, post-baiting, and argument.
Look, billy is certainly not a dummy. He's perfectly able to figure out on his own how this stuff is done. He isn't the first guy, this stuff is in the wild more than you think. Nothing I've said either helps or hurts him (or anyone else for that matter). To be honest he ought to say "Yep, I'm gonna do this" and then maybe players would sit up and finally take notice. The point is there are bad servers that have already done this and we as players should be protecting ourselves to whatever extent possible. Absolutely nothing I would say here (short of posting the mod) would make it any easier for a malicious admin to do this. The code already exists in several mods generally released, it just requires a little reworking.
I've got a suspicion that the majority of "my UT server was haXXoRed !!1!11" generates from someone getting the access via this method. I've seen too many logs where damage was done from the start with no brute force entry attempts.
It's up to you paper/Flay. I'm done discussing it myself. I guess I got the replies I needed to know if there was interest.
Look, billy is certainly not a dummy. He's perfectly able to figure out on his own how this stuff is done. He isn't the first guy, this stuff is in the wild more than you think. Nothing I've said either helps or hurts him (or anyone else for that matter). To be honest he ought to say "Yep, I'm gonna do this" and then maybe players would sit up and finally take notice. The point is there are bad servers that have already done this and we as players should be protecting ourselves to whatever extent possible. Absolutely nothing I would say here (short of posting the mod) would make it any easier for a malicious admin to do this. The code already exists in several mods generally released, it just requires a little reworking.
I've got a suspicion that the majority of "my UT server was haXXoRed !!1!11" generates from someone getting the access via this method. I've seen too many logs where damage was done from the start with no brute force entry attempts.
It's up to you paper/Flay. I'm done discussing it myself. I guess I got the replies I needed to know if there was interest.
So long, and thanks for all the fish
Re: Client control mod
ok , in short.
Good Idea: Yes
Concept: *Finally allow clients to physically see what information server's have been stealing / modifying for the last decade
Too Late: Probably , Yes
Good Luck , Take Care
Good Idea: Yes
Concept: *Finally allow clients to physically see what information server's have been stealing / modifying for the last decade
Too Late: Probably , Yes
Good Luck , Take Care
-
papercoffee
- Godlike
- Posts: 10453
- Joined: Wed Jul 15, 2009 11:36 am
- Personal rank: coffee addicted !!!
- Location: Cologne, the city with the big cathedral.
- Contact:
Re: Client control mod
There is obviously interest in this ... and I wish you success with this project.
And yes this post-baiting is a really nasty habit.
There is sometimes only a trigger (idea giver) needed to turn a noob-admin into a bad-admin ... And I don't mean the active member on this board, I mean the unregistered lurker who did a google search.
And yes this post-baiting is a really nasty habit.
What I did mean was...JackGriffin wrote:this stuff is in the wild more than you think. Nothing I've said either helps or hurts him (or anyone else for that matter).
There is sometimes only a trigger (idea giver) needed to turn a noob-admin into a bad-admin ... And I don't mean the active member on this board, I mean the unregistered lurker who did a google search.
-
MrLoathsome
- Inhuman
- Posts: 958
- Joined: Wed Mar 31, 2010 9:02 pm
- Personal rank: I am quite rank.
- Location: MrLoathsome fell out of the world!
Re: Client control mod
It is sad that such a tool should be needed. This thread makes me sad.
A server doing something like that should be blasted offline by whatever means necessary.
No server-side mods/gametypes etc. should be changing or adding values/entries in any of the users default
ini files default sections IMO.
They should add new sections to the default ini's, or even better, just create new ini files on the users pc with
the variables needed. I remember writing a thing or 2 that HAD to change one of the users default settings
during gameplay. I wrote to save the users initial value, and then restore it at level/map end so that the
value in the users ini did not get changed.
If you can't figure out how to make that happen so your mod works, then either it shouldn't be done, or you shouldn't
be trying to do it.
Re: Fake players.
Almost a non-issue. Stupid, lame and pointless. Back when I was actually playing more I would figure
that out 2 minutes after joining a server.
Fix ---> Don't play on that server. Problem solved.
*Edit. Bots != Fake Players. I like bots. I like bots better than most players. HA!
Those are my random thoughts, but what do I know....
A server doing something like that should be blasted offline by whatever means necessary.
No server-side mods/gametypes etc. should be changing or adding values/entries in any of the users default
ini files default sections IMO.
They should add new sections to the default ini's, or even better, just create new ini files on the users pc with
the variables needed. I remember writing a thing or 2 that HAD to change one of the users default settings
during gameplay. I wrote to save the users initial value, and then restore it at level/map end so that the
value in the users ini did not get changed.
If you can't figure out how to make that happen so your mod works, then either it shouldn't be done, or you shouldn't
be trying to do it.
Re: Fake players.
Almost a non-issue. Stupid, lame and pointless. Back when I was actually playing more I would figure
that out 2 minutes after joining a server.
Fix ---> Don't play on that server. Problem solved.
*Edit. Bots != Fake Players. I like bots. I like bots better than most players. HA!
Those are my random thoughts, but what do I know....
blarg
-
papercoffee
- Godlike
- Posts: 10453
- Joined: Wed Jul 15, 2009 11:36 am
- Personal rank: coffee addicted !!!
- Location: Cologne, the city with the big cathedral.
- Contact:
Re: Client control mod
I like your random thoughts.MrLoathsome wrote: Those are my random thoughts, but what do I know....
[off-topic]
If a server uses bots then it's ok (I love my personalised bots) ...but it's not ok to lead the player to believe that those bots are real player by faking ping and names and what not.
[/off-topic]
Re: Client control mod
looking at this thread .. makes me feel again very uneasy about playing this game because I know firsthand that most all of these things have been done and are being done on servers today.
bb's interests in uploading .DLL files to clients computers , stealing players .ini settings and spoofing ID's to get players banned are just a few things this guy has done in the past and is still doing today.
I would recommend (just dawned on me now) that players should at least write protect their UT.ini files to prevent dodgy-changes.
as for reading the .ini as others have stated there are mods which can request probably anything from our computers with ease.
I would not be so nieve to believe that certain members could-not access just about anything if they wanted to.
another reason this games dying faster by the minute.
bb's interests in uploading .DLL files to clients computers , stealing players .ini settings and spoofing ID's to get players banned are just a few things this guy has done in the past and is still doing today.
I would recommend (just dawned on me now) that players should at least write protect their UT.ini files to prevent dodgy-changes.
as for reading the .ini as others have stated there are mods which can request probably anything from our computers with ease.
I would not be so nieve to believe that certain members could-not access just about anything if they wanted to.
another reason this games dying faster by the minute.