Hopefully we get a way to pass the owner id in a way that allows for instant bans. Yesterday we had 20 bans in a few min from players doing this.
According to the admins "*Problem: * Five guys in gg... banned by 4 different admins, over 20 times in total (see the screenshot, which spreads to the next page as well)... AND THEY KEEP COMING BACK... *Explanation*: That, my friends, would be the first occurrence of exploiters/grievers/hackers that own a Steam Family Sharing beta key, allowing them to create multiple temporary instances of their accounts to play on ... and when that account is banned, they just make a new one for free from the original. Rince and repeat." See the bans from the 24th: http://www.ibisgaming.com/sourcebans/index.php?p=banlist Hopefully, this is fixed in a future build :D On Thu, Oct 24, 2013 at 4:20 PM, Kyle Sanderson <kyle.l...@gmail.com> wrote: > In case anyone is following this, there's a WebAPI update planned for next > week which allows for getting the owner's account from a lender id. > > There's also a Steamworks update planned for between yesterday and (?), > which adds the owner's id to the ticket verification result > (ValidateAuthTicketResponse_t). However, this is too late for servers to > get the owner's id. SourceMod at the moment supports checking if they're > verified (by not handing out admin before IsClientFullyAuthenticated > happens). However, this happens far too late in the process (30 seconds > typically to a couple minutes, to never if Steam is down), subsequently > most servers (to my knowledge) have the feature disabled (or at least want > it disabled; from the threads I've seen). > > After the Steamworks update happens, I believe we need the owner's > accountid passed to the server at the same time as the actual rendered > SteamID (how it is at the moment, sent from the client at connection time). > This should allow for the same verification result as > IsClientFullyAuthenticated, and pre-usage that most of the engine does. > This should continue to allow for immediate usage, which is what is used > now. > > A public engine function would be appreciated to get the owner's account > id (or rendered SteamID, as to conform with everything else). Unless if I'm > neglecting something major, this should resolve the exploit for everyone as > clients are updated to support sending the supposed ownerid. > > Thanks, > Kyle. > > > On Tue, Oct 22, 2013 at 1:56 PM, Kyle Sanderson <kyle.l...@gmail.com>wrote: > >> The Steam Family Sharing Exploit is still a vivid problem CS:S, as it >> takes roughly 90 seconds to connect to a new VPN Server, create a new Steam >> account, and rejoin. I've re-banned the same griefer about 7 times now in >> the last 19 minutes; they're pretty persistent. Please help everyone using >> your products protect ourselves against this new `feature`. >> >> Thanks, >> Kyle. >> >> >> On Sat, Oct 19, 2013 at 5:23 PM, Kyle Sanderson <kyle.l...@gmail.com>wrote: >> >>> Today, we're seeing a ton of banned, griefing players using VPNs and >>> throw-away Steam accounts to bypass server bans. The problem already seems >>> to be pretty widespread in CS:S. Considering this is the first weekend >>> where the beta was opened up, it's only going to get worse. I'm sure this >>> isn't isolated to CS:S, or my servers. There are many others running >>> community servers, some probably not even using Source that are impacted by >>> this. The native Steam Exploit seems to be getting abused quite heavily. >>> >>> The theoretical is now the present, >>> Kyle. >>> >>> >>> On Fri, Oct 18, 2013 at 7:09 AM, Jesse Oak <wazanato...@gmail.com>wrote: >>> >>>> Every game copy should have an ID associated with it, this way an admin >>>> can ban per copy of the game rather then player ID. It's bad enough right >>>> now in TF2 and some of the Source mod games where a griefer can just >>>> quickly make a new account and reset their IP address having this start to >>>> happen in games like CSGO is going to be a major pain for admins. >>>> >>>> >>>> On Fri, Oct 18, 2013 at 1:29 AM, Valentin G. <nextra...@gmail.com>wrote: >>>> >>>>> Banning by IP is useless for many countries. And if cheaters abuse the >>>>> family sharing they will certainly go to the "lengths" of making a quick >>>>> new dial-in to grab that new IP. >>>>> >>>>> I have already said this much on the Beta Forums, and fully agree with >>>>> Kyle. This brings the TF2 F2P dilemma to every title. >>>>> >>>>> >>>>> On Fri, Oct 18, 2013 at 6:58 AM, Dominik Friedrichs >>>>> <d...@forlix.org>wrote: >>>>> >>>>>> On 2013/10/18 03:38, N-Gon wrote: >>>>>> >>>>>>> I agree with Dog. >>>>>>> However, I would also like to note that with SourceMod you could ban >>>>>>> the >>>>>>> users by IP. Sure they can change it, but most of the trolls are >>>>>>> either >>>>>>> too stupid to figure out how or too stupid to figure out how to do it >>>>>>> quickly. Meaning you'd see the "repeat offender" now and then, but >>>>>>> not >>>>>>> enough to be too much of a nuisance. >>>>>>> >>>>>> >>>>>> I'd like to note that for broadband providers in my area it is quite >>>>>> common to hand out a different IP on every dial in, while a connection >>>>>> with >>>>>> that same IP can be kept alive for 24 hours at maximum. Hence I would >>>>>> never >>>>>> bother to ban by IP if the ban is supposed to be longer than a few hours. >>>>>> >>>>>> >>>>>> >>>>>> ______________________________**_________________ >>>>>> To unsubscribe, edit your list preferences, or view the list >>>>>> archives, please visit: >>>>>> https://list.valvesoftware.**com/cgi-bin/mailman/listinfo/**hlds<https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds> >>>>>> >>>>> >>>>> >>>>> _______________________________________________ >>>>> To unsubscribe, edit your list preferences, or view the list archives, >>>>> please visit: >>>>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds >>>>> >>>>> >>>> >>>> _______________________________________________ >>>> To unsubscribe, edit your list preferences, or view the list archives, >>>> please visit: >>>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds >>>> >>>> >>> >> > > _______________________________________________ > To unsubscribe, edit your list preferences, or view the list archives, > please visit: > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds > >
_______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds