Go Back   Steam Users' Forums > Steam Game Discussions > # - C > Counter-Strike: Source > CSS Beta

Reply
 
Thread Tools Display Modes
Old 05-16-2010, 03:56 AM   #1
GodlikeGER
 
Join Date: Aug 2009
Reputation: 11
Posts: 76
Remove the possibility of Client-Sided Plugins

STILL REQUESTED

It would be cool if you removed the possibility of client sided plugins like .lua, ES etc.
There is no need to install ES on your client O.o
THis would fix many exploiters and make it harder to inject hacks

Some quotes:
Quote:
Originally Posted by freddukes View Post
Code:
Quote:
Originally Posted by walkabout747 View Post
LSS wasn't originally intended to exploit the game. When HaloShadoW made the 1.5 update, he made sure that backwards crash all exploit wouldn't work. LSS changed the disconnect messages differently and @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ crashed YOUR game. He was not expecting huge exploits like crash-all or pause-all. Nor was he expecting MikE to leak his own disconnect exploit menu. It's also ***** that you're only giving out about client-side plugins that bypass sv_cheats,etc. now...
I've been moaning for AGES about client side addons. I don't care the original intentions of client side addons; that doesn't change the fact that they're used for exploits now. EventScripts was never meant for exploits; yet with 1 simple command you have a VAC proof wall hack. Client side addons should NOT be allowed IMO at all, but there are other solutions (read on).

Code:
Quote:
Originally Posted by walkabout747 View Post
There was a sourcemod bypasser made ages ago but then when LSS included one you all **** bricks...
What difference does SM, ES or LSS make? I want them all banned. I'm very big into server side programming (making many scripts for ES) which is why I know the power that these addons allow. They should not allow the client to do that much.

Code:
Quote:
Originally Posted by walkabout746 View Post
Also, don't blame LSS for the disconnect exploits. It's Valves fault they made disconnect messages client-side.Why not just fix that and kick somebody if they bypass a cvar?

Yeah that's right... That's just like saying "Hey, if I kill someone by running them over, it's the car manufacturers fault for supplying me with the car!"... No, that's just stupid ideology. You should not have the right to exploit bugs if they are found out; just like you're not allowed to shoot another human being just because you own a gun.

Now, in my opinion there are 3 solutions for this.

1. This is the by far the best / most reliable solution: simply don't allow any client-side addons.
2. Change sv_pure to handle libraries within the addons folder as well which should kick anybody for having files within the ../addons/ directory
3. This is probably the least problematic and abusive method; allow modders to retrieve loaded addons via the IPlayerInfo instance which returns information as a keyvalue; similar to the information provided from plugin_print. This means that we don't have to rely on the addon providing us with known client commands to filter out, or relying on public variables we can pick up. With the latest version of LSS they use a dynamic client command so no script knows the actual command; nor does it make itself public. This stops ANY addon from gaining information from it and thus is undetected.

Overall, something needs to be done about this. It's too simple for an abusive player to just walk onto a server, and type 1 command and cause devastation. I really hope something is done about this; with the rate that all these children are getting a hold of these exploit scripts, CSS will not be a very fun place any more.

-freddukes
Quote:
Originally Posted by Omega_K2 View Post
Code:
Quote:
Originally Posted by Pandora92 View Post
I can see the argument against allowing LUA plugins to run alongside your game, especially since the legitimate ones are (in my experience) not actually all that useful, and the game isn't intended to support them anyway, however I don't see an issue with letting people run something like ES on their client, lots of people use that in order to test plugins/scripts they've written in a local server first.
Code:
Quote:
Originally Posted by Owned|Myself View Post
I use Sourcemod, Metamod, ES and Mani client side to test things.
It's a false argument; You can test your plugins without any problems on a real local dedicated server (either the one from tools or the standalone one).
You don't need a listen server for that at all.

Code:
Quote:
Originally Posted by GunGravE View Post
It will only prevent total idiots from cheating.
So since total idiots seem to be a majority of the cheaters, that it's probably a lot of the hackers.
Even if it isn't, it's still less cheaters.

Code:
Quote:
Originally Posted by dungeonseeker_1 View Post
I am not sure of the feasability of this anyway.

I am not a developer and have very little knowledge of how things like MM, SM, ES etc interact with source servers however thinking it through, would it not take the developers of the tools themselves to write code into the tools which can differentiate between a dedicated server and a listen server?
The plugins (not ES/SM pluigins/addons) are usually designed to run on a dedicated server, not a listen server (infact, some don't work [properly] on a listen server).
There will be no rewrite whatsoever required.
And as for testing plugins, you don't need listen servers. Dedicated servers are sufficent.

Last edited by GodlikeGER: 08-10-2010 at 11:21 AM.
GodlikeGER is offline  
Reply With Quote
Old 05-16-2010, 04:07 AM   #2
AnAkIn
 
Join Date: Oct 2006
Reputation: 369
Posts: 4,345
That's up to Valve I guess, it's their Engine. I doubt Hidden Path got the possibility to do Engine updates, they can just do CSS updates.
AnAkIn is offline   Reply With Quote
Old 05-16-2010, 04:42 AM   #3
ActionDragon
 
Join Date: Dec 2007
Reputation: 52
Posts: 685
I agree with the OP. Currently the only server side plugin that prevents client side plugin exploits is Kigen's Anti-Cheat. But as you know majority of people who rent servers don't know how to protect their server properly so big amount of cheating is happening.
ActionDragon is offline   Reply With Quote
Old 05-16-2010, 06:22 AM   #4
GodlikeGER
 
Join Date: Aug 2009
Reputation: 11
Posts: 76
Quote:
Originally Posted by ActionDragon View Post
I agree with the OP. Currently the only server side plugin that prevents client side plugin exploits is Kigen's Anti-Cheat. But as you know majority of people who rent servers don't know how to protect their server properly so big amount of cheating is happening.
yeah but they cant check for all client sided plugins and thus there is still some cheating possible
GodlikeGER is offline   Reply With Quote
Old 05-16-2010, 06:39 AM   #5
Omega_K2
 
 
 
Join Date: Jul 2006
Reputation: 247
Posts: 1,146
I completly support this. Cheating with clientside plugins has gone to far, and with a bit of knowledge, you can avoid detection though Kigen's Anti Cheat aswell.
Omega_K2 is offline   Reply With Quote
Old 05-16-2010, 08:19 AM   #6
Nelson340
 
 
 
Join Date: Mar 2008
Reputation: 111
Posts: 1,641
No.
A client-side plugin a day keeps the sv_pure away.
Nelson340 is offline   Reply With Quote
Old 05-16-2010, 08:39 AM   #7
GunGravE
 
 
 
Join Date: Apr 2009
Reputation: 15
Posts: 227
The Lua scripting plugin wasn't ever intended for exploiting purposes. It's just that all of the French-Canadians and danish flocked to our forum when they heard the words CSS, script, and forum in one sentence. They post wallhack and speedhack scripts they made. Next thing you know, they get the plugin blocked by KAC.

I say allow client plugins.
GunGravE is offline   Reply With Quote
Old 05-16-2010, 09:30 AM   #8
m4ster
 
Banned
Join Date: May 2007
Reputation: 5
Posts: 234
GunGravE:
its not too hard to make Lua plugin undetected by KAC.
m4ster is offline   Reply With Quote
Old 05-16-2010, 09:35 AM   #9
AnAkIn
 
Join Date: Oct 2006
Reputation: 369
Posts: 4,345
Quote:
Originally Posted by m4ster View Post
GunGravE:
its not too hard to make Lua plugin undetected by KAC.
It is completely undetectable by KAC now, by the new methods they use.

Quote:
Originally Posted by GunGravE View Post
The Lua scripting plugin wasn't ever intended for exploiting purposes. It's just that all of the French-Canadians and danish flocked to our forum when they heard the words CSS, script, and forum in one sentence. They post wallhack and speedhack scripts they made. Next thing you know, they get the plugin blocked by KAC.

I say allow client plugins.
Looks like someone using client side plugins. Am I right? The LUA scripting plugin is just a cheat, you are loading a 3rd party dll inside the game.
AnAkIn is offline   Reply With Quote
Old 05-16-2010, 09:37 AM   #10
lamuerteinhell
 
Join Date: May 2010
Reputation: 7
Posts: 66
I wouldnt minde client side plugins to dissapear. They aint used for anything anyway!
lamuerteinhell is offline   Reply With Quote
Old 05-16-2010, 09:46 AM   #11
Pandora92
 
Guest
Posts: n/a
I can see the argument against allowing LUA plugins to run alongside your game, especially since the legitimate ones are (in my experience) not actually all that useful, and the game isn't intended to support them anyway, however I don't see an issue with letting people run something like ES on their client, lots of people use that in order to test plugins/scripts they've written in a local server first.
  Reply With Quote
Old 05-16-2010, 10:08 AM   #12
GodlikeGER
 
Join Date: Aug 2009
Reputation: 11
Posts: 76
I just dont see the point in running client sided plugins
They only exist to give you an advantage over the other players
GodlikeGER is offline   Reply With Quote
Old 05-16-2010, 10:19 AM   #13
Pandora92
 
Guest
Posts: n/a
Quote:
Originally Posted by GodlikeGER View Post
I just dont see the point in running client sided plugins
They only exist to give you an advantage over the other players
Read my post above yours.

"however I don't see an issue with letting people run something like ES on their client, lots of people use that in order to test plugins/scripts they've written in a local server first."
  Reply With Quote
Old 05-16-2010, 10:39 AM   #14
sang^
 
Guest
Posts: n/a
Quote:
Originally Posted by Pandora92 View Post
Read my post above yours.

"however I don't see an issue with letting people run something like ES on their client, lots of people use that in order to test plugins/scripts they've written in a local server first."
There is no problem if those plugins only work on the players listen server, but the fact is, that's just not how it is. You can somewhat use plugins like ES and others on public servers to gain an advantage.
  Reply With Quote
Old 05-16-2010, 10:55 AM   #15
GunGravE
 
 
 
Join Date: Apr 2009
Reputation: 15
Posts: 227
Quote:
Originally Posted by AnAkIn View Post
It is completely undetectable by KAC now, by the new methods they use.

Looks like someone using client side plugins. Am I right? The LUA scripting plugin is just a cheat, you are loading a 3rd party dll inside the game.
Well, of course I use client plugins. Lua Source Scripting opens up the possibility of making scripts that read game events, use commands or functions at precise intervals, and much more.

If people didn't use it for the purpose of exploiting vulnerabilities in the game, nobody would care whether or not it was used. The argument that it's a cheat because you're using 3rd party files with your game is plain dumb. It's only a cheat when people abuse its capabilities as a cheat.
GunGravE is offline   Reply With Quote
Reply

Go Back   Steam Users' Forums > Steam Game Discussions > # - C > Counter-Strike: Source > CSS Beta


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



All times are GMT -7. The time now is 03:59 AM.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.
Site Content Copyright Valve Corporation 1998-2012, All Rights Reserved.