Please stop for a god-damn second and think about your "solution". PLEASE tell me how the server would possibly know whether the client has any plugins loaded? And even if there was a way, it could probably be blocked with 3 lines of code in a client plugin anyway
Clientplugins were never supposed to be a feature and are a side effect. There is nothing to do with clients in there by default, they are SERVERPLUGINS. The only secure way to fix this is enable plugins for dedicated servers only. On Saturday, April 3, 2010, Steven Crothers <[email protected]> wrote: > Possibly the worst idea ever mentioned on this list. > > -----Original Message----- > From: [email protected] > [mailto:[email protected]] On Behalf Of Allan Button > Sent: Saturday, April 03, 2010 1:42 AM > To: Half-Life dedicated Win32 server mailing list > Subject: Re: [hlds] Plugin Loading on clients, enough is enough. > > Make it a launch option of srcds to allow plugins on the server. Not a cvar. > And off by default. > > Then, for people who are serious about client plugins, maybe a way to have > them signed by Valve. Think Apple App Store for iPhone. > > Allan > > -----Original Message----- > From: [email protected] > [mailto:[email protected]] On Behalf Of Mark Gunnett > Sent: Saturday, April 03, 2010 12:14 AM > To: Half-Life dedicated Win32 server mailing list > Subject: Re: [hlds] Plugin Loading on clients, enough is enough. > > While you may not be removing all the cheaters by giving a cvar to disable > client side plugins, you will be preventing the people who are too stupid to > do some of the more complex cheats. Why make it easier to cheat? Learning > how to Lua script (Or script in sourcepawn) isn't all that hard, especially > if you have a shell to plug into that handles all the major hooking you need > to do. The fact is, there are a lot of people who know how to read > instructions and can install sourcemod into the client directory pretty > easy. And from the sounds of it, there are pre-written lua scripts that they > can learn from to do whatever they want with the new client lua interface. > However, giving servers the option to disallow clients with plugins loaded > just like having the option to filter out clients that have failed md5 > checksums for their textures isn't that bad of an idea. I can see where > client side plugins are useful, ESEA and such aside. However, they have no > place, or legitimacy being run on regular servers. While not all users do it > for malicious intent (Hey look, I was at a LAN!), the fact is most users > that use that interface, are doing so for malicious reasons. > > Again, it may not stop the big boys, but making it easier to cheat just > doesn't make sense in my book. > > On Fri, Apr 2, 2010 at 9:43 PM, AzuiSleet <[email protected]> wrote: > >> So consider Valve does disable clientside plugins, what will change? >> Absolutely nothing. All the cheaters will continue to use their cheats >> that don't rely on clientside plugins. Everyone else will use a >> network proxy, which can replication all the malicious exploits you're >> worried about. With a network proxy you just send net_SetConVar to >> force any cvar on the client. There's also the magic of the exploits >> in the netcode that aren't fixed, like net_StringCmd before you do any >> sign on, which is what the NULL player crash is. There's also the >> client disconnect control command, which is again being exploited by >> the lua clientside plugin, but is trivial to do with a network proxy. >> >> In the end Valve needs to fix the real exploits, which are the source >> of the issue, not disable a very useful feature. >> >> On Fri, Apr 2, 2010 at 8:22 PM, Charles Mabbott <[email protected]> >> wrote: >> > >> > --- Scott Highland wrote: >> > Maybe you could explain why this whole list, and the company that >> > runs it should all agree to completely remove the ability to >> > incorporate modifications just because it would suit YOUR needs as >> > an anti-cheat function to thwart the .3% of TF2 players that are >> > abusing it in this fashion? That's a pretty self-centered way of >> > thinking and kind of ridiculous, it's sad so many of you don't seem to > see it this way. >> > --- >> > >> > The only suggestion I have seen that seems appropriate is a server >> > CVAR >> that >> > forcefully unloads any non-valve released client plugins. (sv_pure >> extension >> > could be pretty good, but has a couple of issues). Which would allow >> > everyone a decent options. A CVAR was added to effectively disable >> > Mic >> spam, >> > remove the wait command from client scripts. Of which a very small >> portion >> > of the population actually used, however, it only takes one aimbot >> > to hop into a f -- Thanks, - Saul. _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
