2008-2010 - 2010-2012 - 2012-2018


Author Topic: aimbot report  (Read 1683 times)

L0ne

  • (Archive)Forum Member
  • *
  • Posts (Archive): 5
aimbot report
« on: August 02, 2015, 20:27:07 PM »
I had the same guy as yesterday on my insta server.
panic if you want his ipaddr just tell me.

PaniC

  • (Archive)Evil|Clan Member
  • *
  • Posts (Archive): 149
Re: aimbot report
« on: August 02, 2015, 20:30:52 PM »
Quote from: L0ne on August 02, 2015, 20:27:07 PM
I had the same guy as yesterday on my insta server.
panic if you want his ipaddr just tell me.

Hey, he also played on city server again and got kicked for 52 weeks coz !ban wont work.  ;D


 quote from Nutella after the ban: JOTTSEIDANK

L0ne

  • (Archive)Forum Member
  • *
  • Posts (Archive): 5
Re: aimbot report
« on: August 02, 2015, 20:34:43 PM »
I used the same technique as I used earlier, !lock blue and red then move him to spec xD
did the same + banaddr when he was already gone, you can view who's been banned
in the file serverbans.dat for people banned with banaddr

also I noticed something strange, dunno if it was when he connected but I had lots lines in my oaserver console
looked like:
cmd ""  "" # ! ''                               $ " "
cmd $2 #
and so on

looks to me that the aimbot does scan for stuff on the server that's how he was able to quickly change his name to one from another player

PaniC

  • (Archive)Evil|Clan Member
  • *
  • Posts (Archive): 149
Re: aimbot report
« on: August 04, 2015, 09:03:17 AM »
Quote from: L0ne on August 02, 2015, 20:34:43 PM
I used the same technique as I used earlier, !lock blue and red then move him to spec xD
did the same + banaddr when he was already gone, you can view who's been banned
in the file serverbans.dat for people banned with banaddr

also I noticed something strange, dunno if it was when he connected but I had lots lines in my oaserver console
looked like:
cmd ""  "" # ! ''                               $ " "
cmd $2 #
and so on

looks to me that the aimbot does scan for stuff on the server that's how he was able to quickly change his name to one from another player

Hm after your Post i tried to create the serverbans.dat for OA Admin System (who knows..?) but still "!ban: WARNING bot or without GUID or IP cannot write to ban file broadcast: print "name has been banned by console, duration: PERMANENT, reason: banned by admin\n" "

Your OA console output rly looks strange to me, if i see a aimbotter again i will check it too.

L0ne

  • (Archive)Forum Member
  • *
  • Posts (Archive): 5
Re: aimbot report
« on: August 04, 2015, 18:43:37 PM »
btw. I didn't check if it's logged in games.log
I saw this live in the server's console
I know some q3 exploits send very short strings
there was one hexa string like ff6a that could make the server crash IIRC
this may also be what is used by the aimbot to get access to the server's VM
it seems to be able to reuse names from other players
when he came in people were complaining about an aimbot but I didn't see it,
there was GoDMichel in the beginning who played with me in a team against 2-3 others
Michel then specced and also complained and tried to kick someone
then Michel disconnected and magically reconnected??? and that's when I saw that
suddenly the aimbot was using Michel's name...

serverbans is only used by banaddr and bandel as it seems

also I've been thinking of many different ways of fighting back...

PaniC

  • (Archive)Evil|Clan Member
  • *
  • Posts (Archive): 149
Re: aimbot report
« on: August 04, 2015, 21:43:02 PM »
Quote from: L0ne on August 04, 2015, 18:43:37 PM
btw. I didn't check if it's logged in games.log
I saw this live in the server's console
I know some q3 exploits send very short strings
there was one hexa string like ff6a that could make the server crash IIRC
this may also be what is used by the aimbot to get access to the server's VM
it seems to be able to reuse names from other players
when he came in people were complaining about an aimbot but I didn't see it,
there was GoDMichel in the beginning who played with me in a team against 2-3 others
Michel then specced and also complained and tried to kick someone
then Michel disconnected and magically reconnected??? and that's when I saw that
suddenly the aimbot was using Michel's name...

serverbans is only used by banaddr and bandel as it seems

also I've been thinking of many different ways of fighting back...

Hm exploiting to use another players name sounds like a big problem, i hope they cant get the players guid.

Sounds like it would be possible to ban this guy(s) on multible servers with the serverbans.dat. Would be cool if more players try to cheat..

I check the games.log now...
Code: [Select]
cmd ""  "" # ! ''                               $ " "
cmd $2 #

nothing like this found in games.log

L0ne

  • (Archive)Forum Member
  • *
  • Posts (Archive): 5
Re: aimbot report
« on: August 06, 2015, 20:40:50 PM »
well, it is what I expected...
it's also not logged when you use a tool like qrcon or similar
I think it uses old code from a q3 sdk to access the stuff
(that's why it accesses the VM by offsets instead of an API),
this means it shouldn't be aware of GUIDs if I am right since it didn't exist in old Q3A.
If the servers would only allow clients using a safe client
that isn't supported by the aimbot we would not see any of them again
means only official 0.8.8 by OA devteam or any self compiled binary
where the offsets are not known by the aimbot.

ah btw. I will take a look at the !admin system during the week end, and if you're interested in enhanced builds join #h4l on quakenet
you're welcome :)

PS: !ban is working now(also writes the ban to file) but is no more checking if the player has a GUID or an IP address(!kick doesn't do that check at all), the stuff that checks it is broken and is looking like nonsense, I need to add some better checking...
btw. here is what the !ban entry in admin.dat really looks like
[ban]
name    = ^0Need^42^0Focus
guid    = 2KNO3...
ip      = 127.0.0.1
reason  = banned by admin
made    = 08/07/15 16:22:08
expires = 0
banner  = console

!mute works now ;)
LOL spammers will like this one MUAHAHAHA xD

PaniC

  • (Archive)Evil|Clan Member
  • *
  • Posts (Archive): 149
Re: aimbot report
« on: August 14, 2015, 00:06:46 AM »
Quote from: L0ne on August 06, 2015, 20:40:50 PM
well, it is what I expected...
it's also not logged when you use a tool like qrcon or similar
I think it uses old code from a q3 sdk to access the stuff
(that's why it accesses the VM by offsets instead of an API),
this means it shouldn't be aware of GUIDs if I am right since it didn't exist in old Q3A.
If the servers would only allow clients using a safe client
that isn't supported by the aimbot we would not see any of them again
means only official 0.8.8 by OA devteam or any self compiled binary
where the offsets are not known by the aimbot.

ah btw. I will take a look at the !admin system during the week end, and if you're interested in enhanced builds join #h4l on quakenet
you're welcome :)

PS: !ban is working now(also writes the ban to file) but is no more checking if the player has a GUID or an IP address(!kick doesn't do that check at all), the stuff that checks it is broken and is looking like nonsense, I need to add some better checking...
Awesome that you fixed this old bugs so fast.  ;D  Do you have a github account and could try to get it into OA? Im pretty sure they use github for development nowadays.

Quote from: L0ne on August 06, 2015, 20:40:50 PM
btw. here is what the !ban entry in admin.dat really looks like
[ban]
name    = ^0Need^42^0Focus
guid    = 2KNO3...
ip      = 127.0.0.1
reason  = banned by admin
made    = 08/07/15 16:22:08
expires = 0
banner  = console

good to know, i guess a !readconfig is needed if the file is edited outside OA o.O

Quote from: L0ne on August 06, 2015, 20:40:50 PM
!mute works now ;)
LOL spammers will like this one MUAHAHAHA xD

Thats even a better news then the fixed ban stuff if SCASSA joins a match again. :D

btw im not a big IRC fan anymore.. you can find me once in 2 years at quakenet. xD

I worked on a reporting system at the city server as you suggested. PPL can now contact the admins with a cmd if they are known admins in the admin.dat file. I just have to add players to lower admin levels. You and Ham are the first candidates xD

Edith: there is the OA repo https://github.com/OpenArena/

L0ne

  • (Archive)Forum Member
  • *
  • Posts (Archive): 5
Re: aimbot report
« on: August 27, 2015, 19:39:22 PM »
Quote from: PaniC
Awesome that you fixed this old bugs so fast.  ;D  Do you have a github account and could try to get it into OA? Im pretty sure they use github for development nowadays.
some were no bugs, it seems really they just copy-pasted stuff from tremulous, I just glued the stuff together where it was still needed
my servers are all running now with the fixes+my mod
ah and I don't like git, it's just something that looks like a fashion to use git because Big LINUS made it
I had a subversion server once... I need to set it up again ^^
oh and like my name suggests I work alone :D

PS: I'd like to check that report system, is it something you added to admin.dat?