Dryke Posted August 16, 2014 Share Posted August 16, 2014 There's something out there that is allowing people to log into a MP server in some type of god mode. Unkillable, spawn anything at will, see/find anyone, etc. Just had to leave a MP server that was under assault by someone running this. Even with the admins working in the background to stop them, all they could really do was ban him and then he was just switching IP's and returning. While the two admins are some pretty sharp guys, it might be worth looking into how secure the program is against people giving themselves god mode. Link to comment Share on other sites More sharing options...
harakka Posted August 16, 2014 Share Posted August 16, 2014 It's still early days for PZ MP and the game's multiplayer code is still very client-authoritative, so unfortunately stuff like this can happen. Link to comment Share on other sites More sharing options...
EnigmaGrey Posted August 16, 2014 Share Posted August 16, 2014 Though feel free to PM one of us moderators what details he used. And . . . makes sure the server admins had set a password for the "admin" account. Link to comment Share on other sites More sharing options...
randomwhitedude Posted August 17, 2014 Share Posted August 17, 2014 Serveradmin here, password was set, i wasnt fully there while it happened and was just getting messages that theres someone doing stuff, login-logs showed no login as admin so its some kid of privilege escalation or privilege spoofing in client i guess but i got messages by Dryke and others who was doing it, so iwas banning his ip on the firewall level I persoanally do not see it as much of an isse as as you say its pretty early MP development. If I could wish anything from what you fix first its performance/stability anyway before you put effort into not trusting the client Link to comment Share on other sites More sharing options...
TITAN Posted August 17, 2014 Share Posted August 17, 2014 Im administrating the Server together with randomwhitedude and i got messaged when he started to destroy everything and logged in, so i can tell you what he did / could do. - Spawn boxes of wood walls- Spawn fire- TP to players- let players spawn near him- spawn all kinds of items- kinda change his name without being shown on the player board possibly he had full admin acces to the ingame commads too. While i agree with randomwhitedude that its not that much of an issue that early in MP developement, it just kills fun if sm1 comes and kills you + destroys everything without you being able to do anything against that. -TITAN Link to comment Share on other sites More sharing options...
EnigmaGrey Posted August 17, 2014 Share Posted August 17, 2014 Just to be sure, that's with the Lua checksum enabled? Link to comment Share on other sites More sharing options...
TITAN Posted August 17, 2014 Share Posted August 17, 2014 Yes its enabled. Link to comment Share on other sites More sharing options...
Kirrus Posted August 17, 2014 Share Posted August 17, 2014 I... would really like to get my hands on his code. That's impressive work. Link to comment Share on other sites More sharing options...
Connall Posted August 17, 2014 Share Posted August 17, 2014 I... would really like to get my hands on his code. That's impressive work. When there's a will, there's a way. For the sake of curiosity, how is the server hosted? Personally or on a server hoster. Is it at all possible that the player might have been whitelisted as an admin intentionally, or through a trick of his own? Link to comment Share on other sites More sharing options...
randomwhitedude Posted August 18, 2014 Share Posted August 18, 2014 Its hosted personally, and if there is no another way than granting players admin privileges via the grantadmin command, i didnt give it to anyone intentionally and the "admin" account should be the only one with admin privileges from what i saw the serverlogs dont show that much useful stuff, but if you want me to upload them anyway - please say so! Link to comment Share on other sites More sharing options...
Brybry Posted August 18, 2014 Share Posted August 18, 2014 You might want to check the SQLite DB to see if any users are flagged admin that shouldn't be but from my initial poking at the list of things he could do I don't think he actually had admin.If he had admin he could have removed it from the other admins or kicked users, etc. Adding things like walls and spawning fire I'm almost positive are currently client authoritative. The simplest answer to me would be that he was using a modified version of the admintools mod (or wrote his own) + a workaround for the lua checksum Link to comment Share on other sites More sharing options...
bvhv Posted August 18, 2014 Share Posted August 18, 2014 Actually they could just right something that overrights the lua in-game? kindof like an injector although i think pz doesn't check for lua after in the server... Link to comment Share on other sites More sharing options...
Brybry Posted August 18, 2014 Share Posted August 18, 2014 I know of a bug that currently exists (I actually PM'd it to nasko a couple of days ago) that lets you get around the checksum without too much effort.I can think of various other ways to get around the checksum but I don't really want to give people ideas. Honestly, I think trying to perfectly secure the client is a lost cause. The checksum is nice to prevent average joes from simply editing their files to cheat.The real answer is that the server shouldn't trust the client where it can and then server administrators can handle anything else.I imagine once multiplayer is more mature that more commands will become server authoritative and can double check that the client should be able to do what it asks the server to do (and doesn't expose data to clients that it doesn't need to) and will make most lua 'hacks' moot. I'd guess that performance is a bigger priority than security to the devs right now because there's not much point to a secure game that you can't play Link to comment Share on other sites More sharing options...
TITAN Posted August 18, 2014 Share Posted August 18, 2014 You are propably right Brybry, but i got one point that bugs me, it did from the beginning but i couldnt think of what it was, now i got it. I couldnt Ban or Kick the Hacker because the server said there is no player with this name, using ip ban through the player list didnt work too, is this just broken or could he have disabled that too? -TITAN Link to comment Share on other sites More sharing options...
Brybry Posted August 18, 2014 Share Posted August 18, 2014 I couldnt Ban or Kick the Hacker because the server said there is no player with this name, using ip ban through the player list didnt work too, is this just broken or could he have disabled that too? -TITANI think that's a straight up bug. Banning by name and ip are pretty much the same command so probably have the same check (like if you look in the scoreboard lua ban ip is just /banuser $username ip=true) Do you have the names that he connected with from the server log?I just tested with a simple network client that I made and if I connect with a certain name that makes an unkickable/etc player (causes Error with packet of type: 81 for admin on the server).However, I can't get it to work with the actual client in windows because the client fails to save files due to windows filename restrictions (though there might be a creative way around that). I imagine it would work on linux or mac but I'm wondering if that's what he actually did. Link to comment Share on other sites More sharing options...
TITAN Posted August 18, 2014 Share Posted August 18, 2014 Small update: He also can kinda delete the map tiles (you just walk on black floor) Here is a screenshot from someone playing on our server: http://subefotos.com/ver/?a88212161728068a7d9e7c08b7add9e3o.png# And another Screenshot: http://subefotos.com/ver/?c50e3b5c5a3930076f024369f3049a7fo.png NOTE: There is someone with the name of admin, thats not me or randomwhitedude. -TITAN Edit: Answer to Brybry: We did just ban him by blacklisting his ip (or rather the full ip address room from his vpn provider) in our firewall. Link to comment Share on other sites More sharing options...
Connall Posted August 18, 2014 Share Posted August 18, 2014 Small update: He also can kinda delete the map tiles (you just walk on black floor) Here is a screenshot from someone playing on our server: http://subefotos.com/ver/?a88212161728068a7d9e7c08b7add9e3o.png# And another Screenshot: http://subefotos.com/ver/?c50e3b5c5a3930076f024369f3049a7fo.png NOTE: There is someone with the name of admin, thats not me or randomwhitedude. -TITAN Edit: Answer to Brybry: We did just ban him by blacklisting his ip (or rather the full ip address room from his vpn provider) in our firewall. admin is the default admin user. Change the password for it, see if that does anything. Link to comment Share on other sites More sharing options...
Brybry Posted August 18, 2014 Share Posted August 18, 2014 Chat names don't mean anything sadly. Chat is literally just a raw string and totally trusted by the client (even at the lua level) and so you can't trust that for banning/admin command purposes.He could be logged in admin or he could just be pretending by sending chat messages that are prefixed with admin by having edited his lua files.I think the scoreboard names are accurate though. In the Zomboid\Logs directory there will be %date%_user.txt logs and %date%_admin.txt logs so you can find the exact name he connected with that prevented you from kicking him and also see what admin commands were used if any to verify if he actually had admin or not. Link to comment Share on other sites More sharing options...
Kirrus Posted August 18, 2014 Share Posted August 18, 2014 It might be worth setting the server whitelist only, and start only letting those in who've posted on your forum threads, or those you trust. It doesn't stop things totally, but does add a barrier. Link to comment Share on other sites More sharing options...
TITAN Posted August 18, 2014 Share Posted August 18, 2014 His Scoreboard name was just: " or he propably couldbe logged in with no name as there was one row with no name at all. -TITAN Link to comment Share on other sites More sharing options...
b3ddbo1 Posted August 18, 2014 Share Posted August 18, 2014 here a few screenshots with a fake admin.. hacking our server Link to comment Share on other sites More sharing options...
Brybry Posted August 18, 2014 Share Posted August 18, 2014 His Scoreboard name was just: " or he propably couldbe logged in with no name as there was one row with no name at all. -TITANI think that was probably his name. " was the name (or any name with double quotes) that broke kick/ban/etc when I tested it.I wonder if anyone with linux or OS X can confirm that it works or if someone can figure out a way for it to work on windows. I don't think it will actually let you have a truly blank name but maybe you can put color codes in to make the name text the same color as the background on the scoreboard? But I would think the kick/ban buttons would still work in that case (as long as the name didn't have double quotes in it.) Link to comment Share on other sites More sharing options...
harakka Posted August 18, 2014 Share Posted August 18, 2014 Weird player names have come up previously IIRC, a fairly simple solution would be to have an (numeric?) ID associated with each connected player, and accept the number as parameter instead of name for all player-targeting commands. Link to comment Share on other sites More sharing options...
randomwhitedude Posted August 18, 2014 Share Posted August 18, 2014 closing up the server wouldnt really solve the problem, this way i/we/you can observer his behaviour some more, as on a 27 Server ill have to delete/reset the map every once in a while anyway so i dont see it much of a problem yet. As long as he's just "having fun" and not seriously hurting infrastructure im totally okay with that. After all its pretty impressive what he did eh Link to comment Share on other sites More sharing options...
Dryke Posted August 19, 2014 Author Share Posted August 19, 2014 Whitelisting is a good solution if the main goal is to keep this user off the server - particularly since he's just switching IP's at will and making it impossible to lock him out with an individual ban. Unfortunately the server as it is currently set up is based on an 'open community' model rather than a dedicated group of specific players, so committing to a whitelist system means changing that As others have said here, though...it is early in MP development yet and at some point in the future things will likely change. I really only brought all of this up as a way of identifying an issue that can be put on the list of things to take care of...eventually For now, it seems that those who play MP will either have to accept a closed/whitelisted group of players, OR accept the possibility that some random person could show up at any time and destroy everything they've worked for over and above the mechanics already in place in game (such as zombie death or PVP). Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now