diamond-optic
03-10-2008, 04:54 PM
DoD Block Exploits
- Version 3.0 Beta 1
- 03.10.2008
- original: FireStorm
- updates: diamond-optic
BETA INFORMATION:
The purpose of this beta is to allow greater testing
prior to the 'final' release of this version. As this
time I would really prefer to solve any problems and
bugs before I say that this new version is officially
finished
There is also a few things that I'm still working on
implementing that I would like to finish up prior to
the final release and this gives me more time to work
on that stuff while still letting server admins run
the new version on their servers
** NOTE **
..with this new version, a lot of changes have been made,
so therefor you should redo any customization to CVAR values
that you had made with the previous 2.x versions and you will
also need to use the new .ini file as well
Credits:
- FireStorm: original DoD Block Exploits (v1.3)
- Gray Death: spectator fix
- Anthrax & DarkSnow: basis of setinfo check
- TatsuSaisei: lots of help on the logging method
- ucubed: decals thru walls client cvar
- WARDOG: voice chat name spoofing exploit
- VEN: error logging
Information:
Contains the following blocks/detection/fixes/etc:
- fullupdate command block
* blocks a command that can be used as an 'exploit' in many plugins
* can also prevent an attempt to flood the server
- pistol zoom block
* blocks the exploit/bug where clients can zoom in with their pistol,
at least most of the time, still happens on a rare occasion
- spectator duck bug fix
* fix for the bug where sometimes when you die crouched, you have to
press crouch again afterwards to get out of the spectator 'option'
mode and whatnot
- decals thru walls
* theres a client cvar that can be set to allow players to see decals
(as in blood, bullet marks, explosions, etc) thru walls. This will
lock that cvar at the default value.
- third-person view fix
* fixes a bug on player connect that allows players to be in
third-person view, which allows you to easily see around corners
- connecting client team fix
* connecting clients should now show as spectators instead
of appearing on a team
- steam id pending
* checks a clients steam id when they join, if it returns a value of
STEAM_ID_PENDING, it waits 60 seconds and checks the steam id again,
if the steam id still hasnt been auth'd it triggers this detection
- setinfo cheat traces
* scans a clients setinfo data when they join. Some known cheats
add specific traceable keys to a players setinfo when they run them.
a detection doesnt mean 100% that they are cheating, but the chances
are likely that they are. it also means that they at the very least
used the specific cheat in the past and didnt clean up after it
- spectator killing
* blocks & detects when clients attempt to use the exploit that will
allow them to be a 'spectator' and still kill people.
* this is fixed according to the dod change log from 08.24.05, but you
can still detect when a player attempts to use this exploit
- white player model
* blocks & detects when clients attempt to use the exploit that
makes their player model all white
- undeployed mg reload
* blocks & detects when clients attempt an exploit that will
allow them to reload an MG without having to deploy it first
- respawn timer bypass
* blocks & detects when clients try to bypass the respawn delay
- class limit bypass / white model
* there's a way to use the VGUI class selection menu to gain access
to a class that is full/turned off (mainly axis sniper)
* a player using this exploit also spawns with a white player model
- voice chat name spoofing
* clients can abuse certain characters to hide who they are, or to
spoof their name as someone else on the server while using voice chat.
* this block will stop clients from using voice chat if their name is a
single illegal character, or if it contains more then the cvar value.
CVARs (amxx.cfg):
/////////////////////////////////////////
dod_blockexploits_adminflag "c" // Sets the admin level used by the plugin
/////////////////////////////////////////
// Warning Message
dod_blockexploits_warnmsg "...Exploits/Cheats/Bugs are not welcome here!"
dod_blockexploits_warnwho "2" // Who get warned
// 0 = nobody gets warned
// 1 = guilty client only
// 2 = guilty client & admins
// 3 = admins only
// 4 = all clients
/////////////////////////////////////////
// AMXBans
dod_blockexploits_amxbans "0" // Use AMXBans
// 0 = off
// 1 = on
/////////////////////////////////////////
// Third Person View Block
dod_blockexploits_thirdperson "1" // Third Person View Setting
// 0 = Disable Blocking
// 1 = Enable Blocking
/////////////////////////////////////////
// Steam ID Pending CVARs
dod_blockexploits_idpending "1" // Steam ID Pending action
// 0 = do nothing
// 1 = show warning msg
// 2 = kick
dod_blockexploits_idpending_log "1" // Log Steam ID Pending detections
// 0 = off
// 1 = on
/////////////////////////////////////////
// Setinfo Traces CVARs
dod_blockexploits_setinfo "3" // Setinfo Traces action
// 0 = do nothing
// 1 = show warning msg
// 2 = kick
// 3 = ban
dod_blockexploits_setinfo_log "1" // Log Setinfo Traces detections
// 0 = off
// 1 = on
dod_blockexploits_setinfo_ban "180" // Setinfo Traces ban time in minutes (if set to ban)
/////////////////////////////////////////
// Spectator Killing CVARs
dod_blockexploits_speckilling "3" // Spectator Killing action
// 0 = do nothing
// 1 = silently block
// 2 = block with warning msg
// 3 = kick
// 4 = ban
dod_blockexploits_speckilling_log "1" // Log Spectator Killing detections
// 0 = off
// 1 = on
dod_blockexploits_speckilling_ban "60" // Spectator Killing ban time in minutes (if set to ban)
/////////////////////////////////////////
// White Player Model CVARs
dod_blockexploits_whitemodel "4" // White Player Model action
// 0 = do nothing
// 1 = silently block
// 2 = block with warning msg
// 3 = kick
// 4 = ban
dod_blockexploits_whitemodel_log "1" // Log White Player Model detections
// 0 = off
// 1 = on
dod_blockexploits_whitemodel_ban "120" // White Player Model ban time in minutes (if set to ban)
/////////////////////////////////////////
// Non-Deployed MG Reload CVARs
dod_blockexploits_mgreload "1" // Non-Deployed MG Reload action
// 0 = do nothing
// 1 = silently block
// 2 = block with warning msg
// 3 = kick
// 4 = ban
dod_blockexploits_mgreload_log "1" // Log Non-Deployed MG Reload detections
// 0 = off
// 1 = on
dod_blockexploits_mgreload_ban "60" // Non-Deployed MG Reload ban time in minutes (if set to ban)
/////////////////////////////////////////
// Respawn Timer Bypass CVARs
dod_blockexploits_respawntimer "0" // Respawn Timer Bypass action
// 0 = do nothing
// 1 = silently block
// 2 = block with warning msg
// 3 = kick
// 4 = ban
dod_blockexploits_respawntimer_delay "15" // Respawn Timer Bypass delay (in seconds)
// This controls the amount of time
// before the client can rejoin a team.
// 15seconds is the default dod spawn time
// but you might want to increase it to
// make it more of a punishment for trying.
dod_blockexploits_respawntimer_log "0" // Log Respawn Timer Bypass detections
// 0 = off
// 1 = on
dod_blockexploits_respawntimer_ban "10" // Respawn Timer Bypass ban time in minutes (if set to ban)
/////////////////////////////////////////
// Class Limit Bypass / White Player Model CVARs
dod_blockexploits_limitbypass "4" // Class limit bypass / white model action
// 0 = do nothing
// 1 = silently block
// 2 = block with warning msg
// 3 = kick
// 4 = ban
dod_blockexploits_limitbypass_log "1" // Log Class limit bypass / white model detections
// 0 = off
// 1 = on
dod_blockexploits_limitbypass_ban "120" // Class limit bypass / white model ban time in minutes (if set to ban)
/////////////////////////////////////////
// Voice Chat Name Spoofing
dod_blockexploits_micspoof "1" // Voice Chat Name Spoofing action
// 0 = do nothing
// 1 = block silently
// 2 = block with warning msg
// 3 = kick
// 4 = ban
dod_blockexploits_micspoof_log "1" // Log Voice Chat Name Spoofing detections
// 0 = off
// 1 = on
dod_blockexploits_micspoof_ban "60" // Voice Chat Name Spoofing ban time in minutes (if set to ban)
dod_blockexploits_micspoof_num "2" // Number of allowed illegal characters
Commands:
dod_blockexploits_info - This console command will print out
some information & stats about the
the plugin on the current server.
- dod_blockexploits_adminflag CVAR also
controls the level needed to use this.
Installation:
- you should put this close to the top of your plugins.ini file, such as
putting it underneath all the default plugins but before third-party
plugins works very well. Otherwise some third-party plugins might hook
something before this plugin gets to block it.
- Put the "dod_blockexploits.ini" file in "../amxmodx/configs/"
Extra:
- Logs will be created daily in: addons/amxmodx/logs/dod_blockexploits/
- If you have a previous version installed on your server already,
I highly recommend rebooting your server for the sake of changes
to the default CVARs
Change Log:
- 12.26.06 - Version 1.4
added public tracking cvar
replaced some if statements with switches
fixed mistake in respawn timer handling
cleaned up code a bit
- 05.28.07 - Version 2.0
Rewrote almost everything...
Added fix for spectator duck bug
Added fix for connecting players showing up on a team
Added check for cheat traces in setinfo lines
Added Steam ID Pending check
Added FullUpdate block
Logs are now daily and in their own folder
- 06.04.07 - Version 2.1
Fixed banning function.. stupid me :P
- 08.07.07 - Version 2.2
Third Person View block actually works now
Added block for seeing decals thru walls
Added block class limit bypass (and white model)
Added control over who will see the warning msg
- 09.23.07 - Version 2.3
Added CVAR to control third-person view block
Removed detection for decals thru walls (now it just blocks)
Now using an INI file to set the detection names
Removed some junk left over from previous versions
- 11.06.07 - Version 2.4
Updated INI file * important *
Removed the pointless 'fullupdate' logging
Removed 'fullupdate' block console msg (showed when recording demos)
Enhanced INI file checking & error logging
Removed some old unused code
Reduced some msg sizes due to words being cut off
Added compiler define for new amxx 1.8.0+ log title format
- 11.27.07 - Version 2.5 (non-public release)
Updated INI file * important *
Fixed a mistake in one of the setinfo traces
- 03.09.08 - Version 3.0 Alpha Final
Total Plugin Re-Write
- 03.10.08 - Version 3.0 Beta 1
Public Beta Released
Download Mirror: http://www.avamods.com/download.php?view.164
** this is a CLOSED SOURCE plugin, as approved by bailopan.. there is no sma available for public download.. so technically you run this plugin at your own risk **
download the plugin files zip attachment and inside you will find seperate folders for different AMXX versions, use the dod_blockexploits.amxx that corresponds to the AMXX version you are running.... but be warned this is written for and tested on AMXX 1.8.1.3679, so no guarantee that any previous versions work fully...
** also note that because the way i have the plugin files setup now, I can no longer upload to a web compiler for older versions of AMXX, so i must compile the plugin locally. Therefor if you need it for a specific version of AMXX not already available please request it and I will make an effort to get a copy of that version so I can compile it for you **
- Version 3.0 Beta 1
- 03.10.2008
- original: FireStorm
- updates: diamond-optic
BETA INFORMATION:
The purpose of this beta is to allow greater testing
prior to the 'final' release of this version. As this
time I would really prefer to solve any problems and
bugs before I say that this new version is officially
finished
There is also a few things that I'm still working on
implementing that I would like to finish up prior to
the final release and this gives me more time to work
on that stuff while still letting server admins run
the new version on their servers
** NOTE **
..with this new version, a lot of changes have been made,
so therefor you should redo any customization to CVAR values
that you had made with the previous 2.x versions and you will
also need to use the new .ini file as well
Credits:
- FireStorm: original DoD Block Exploits (v1.3)
- Gray Death: spectator fix
- Anthrax & DarkSnow: basis of setinfo check
- TatsuSaisei: lots of help on the logging method
- ucubed: decals thru walls client cvar
- WARDOG: voice chat name spoofing exploit
- VEN: error logging
Information:
Contains the following blocks/detection/fixes/etc:
- fullupdate command block
* blocks a command that can be used as an 'exploit' in many plugins
* can also prevent an attempt to flood the server
- pistol zoom block
* blocks the exploit/bug where clients can zoom in with their pistol,
at least most of the time, still happens on a rare occasion
- spectator duck bug fix
* fix for the bug where sometimes when you die crouched, you have to
press crouch again afterwards to get out of the spectator 'option'
mode and whatnot
- decals thru walls
* theres a client cvar that can be set to allow players to see decals
(as in blood, bullet marks, explosions, etc) thru walls. This will
lock that cvar at the default value.
- third-person view fix
* fixes a bug on player connect that allows players to be in
third-person view, which allows you to easily see around corners
- connecting client team fix
* connecting clients should now show as spectators instead
of appearing on a team
- steam id pending
* checks a clients steam id when they join, if it returns a value of
STEAM_ID_PENDING, it waits 60 seconds and checks the steam id again,
if the steam id still hasnt been auth'd it triggers this detection
- setinfo cheat traces
* scans a clients setinfo data when they join. Some known cheats
add specific traceable keys to a players setinfo when they run them.
a detection doesnt mean 100% that they are cheating, but the chances
are likely that they are. it also means that they at the very least
used the specific cheat in the past and didnt clean up after it
- spectator killing
* blocks & detects when clients attempt to use the exploit that will
allow them to be a 'spectator' and still kill people.
* this is fixed according to the dod change log from 08.24.05, but you
can still detect when a player attempts to use this exploit
- white player model
* blocks & detects when clients attempt to use the exploit that
makes their player model all white
- undeployed mg reload
* blocks & detects when clients attempt an exploit that will
allow them to reload an MG without having to deploy it first
- respawn timer bypass
* blocks & detects when clients try to bypass the respawn delay
- class limit bypass / white model
* there's a way to use the VGUI class selection menu to gain access
to a class that is full/turned off (mainly axis sniper)
* a player using this exploit also spawns with a white player model
- voice chat name spoofing
* clients can abuse certain characters to hide who they are, or to
spoof their name as someone else on the server while using voice chat.
* this block will stop clients from using voice chat if their name is a
single illegal character, or if it contains more then the cvar value.
CVARs (amxx.cfg):
/////////////////////////////////////////
dod_blockexploits_adminflag "c" // Sets the admin level used by the plugin
/////////////////////////////////////////
// Warning Message
dod_blockexploits_warnmsg "...Exploits/Cheats/Bugs are not welcome here!"
dod_blockexploits_warnwho "2" // Who get warned
// 0 = nobody gets warned
// 1 = guilty client only
// 2 = guilty client & admins
// 3 = admins only
// 4 = all clients
/////////////////////////////////////////
// AMXBans
dod_blockexploits_amxbans "0" // Use AMXBans
// 0 = off
// 1 = on
/////////////////////////////////////////
// Third Person View Block
dod_blockexploits_thirdperson "1" // Third Person View Setting
// 0 = Disable Blocking
// 1 = Enable Blocking
/////////////////////////////////////////
// Steam ID Pending CVARs
dod_blockexploits_idpending "1" // Steam ID Pending action
// 0 = do nothing
// 1 = show warning msg
// 2 = kick
dod_blockexploits_idpending_log "1" // Log Steam ID Pending detections
// 0 = off
// 1 = on
/////////////////////////////////////////
// Setinfo Traces CVARs
dod_blockexploits_setinfo "3" // Setinfo Traces action
// 0 = do nothing
// 1 = show warning msg
// 2 = kick
// 3 = ban
dod_blockexploits_setinfo_log "1" // Log Setinfo Traces detections
// 0 = off
// 1 = on
dod_blockexploits_setinfo_ban "180" // Setinfo Traces ban time in minutes (if set to ban)
/////////////////////////////////////////
// Spectator Killing CVARs
dod_blockexploits_speckilling "3" // Spectator Killing action
// 0 = do nothing
// 1 = silently block
// 2 = block with warning msg
// 3 = kick
// 4 = ban
dod_blockexploits_speckilling_log "1" // Log Spectator Killing detections
// 0 = off
// 1 = on
dod_blockexploits_speckilling_ban "60" // Spectator Killing ban time in minutes (if set to ban)
/////////////////////////////////////////
// White Player Model CVARs
dod_blockexploits_whitemodel "4" // White Player Model action
// 0 = do nothing
// 1 = silently block
// 2 = block with warning msg
// 3 = kick
// 4 = ban
dod_blockexploits_whitemodel_log "1" // Log White Player Model detections
// 0 = off
// 1 = on
dod_blockexploits_whitemodel_ban "120" // White Player Model ban time in minutes (if set to ban)
/////////////////////////////////////////
// Non-Deployed MG Reload CVARs
dod_blockexploits_mgreload "1" // Non-Deployed MG Reload action
// 0 = do nothing
// 1 = silently block
// 2 = block with warning msg
// 3 = kick
// 4 = ban
dod_blockexploits_mgreload_log "1" // Log Non-Deployed MG Reload detections
// 0 = off
// 1 = on
dod_blockexploits_mgreload_ban "60" // Non-Deployed MG Reload ban time in minutes (if set to ban)
/////////////////////////////////////////
// Respawn Timer Bypass CVARs
dod_blockexploits_respawntimer "0" // Respawn Timer Bypass action
// 0 = do nothing
// 1 = silently block
// 2 = block with warning msg
// 3 = kick
// 4 = ban
dod_blockexploits_respawntimer_delay "15" // Respawn Timer Bypass delay (in seconds)
// This controls the amount of time
// before the client can rejoin a team.
// 15seconds is the default dod spawn time
// but you might want to increase it to
// make it more of a punishment for trying.
dod_blockexploits_respawntimer_log "0" // Log Respawn Timer Bypass detections
// 0 = off
// 1 = on
dod_blockexploits_respawntimer_ban "10" // Respawn Timer Bypass ban time in minutes (if set to ban)
/////////////////////////////////////////
// Class Limit Bypass / White Player Model CVARs
dod_blockexploits_limitbypass "4" // Class limit bypass / white model action
// 0 = do nothing
// 1 = silently block
// 2 = block with warning msg
// 3 = kick
// 4 = ban
dod_blockexploits_limitbypass_log "1" // Log Class limit bypass / white model detections
// 0 = off
// 1 = on
dod_blockexploits_limitbypass_ban "120" // Class limit bypass / white model ban time in minutes (if set to ban)
/////////////////////////////////////////
// Voice Chat Name Spoofing
dod_blockexploits_micspoof "1" // Voice Chat Name Spoofing action
// 0 = do nothing
// 1 = block silently
// 2 = block with warning msg
// 3 = kick
// 4 = ban
dod_blockexploits_micspoof_log "1" // Log Voice Chat Name Spoofing detections
// 0 = off
// 1 = on
dod_blockexploits_micspoof_ban "60" // Voice Chat Name Spoofing ban time in minutes (if set to ban)
dod_blockexploits_micspoof_num "2" // Number of allowed illegal characters
Commands:
dod_blockexploits_info - This console command will print out
some information & stats about the
the plugin on the current server.
- dod_blockexploits_adminflag CVAR also
controls the level needed to use this.
Installation:
- you should put this close to the top of your plugins.ini file, such as
putting it underneath all the default plugins but before third-party
plugins works very well. Otherwise some third-party plugins might hook
something before this plugin gets to block it.
- Put the "dod_blockexploits.ini" file in "../amxmodx/configs/"
Extra:
- Logs will be created daily in: addons/amxmodx/logs/dod_blockexploits/
- If you have a previous version installed on your server already,
I highly recommend rebooting your server for the sake of changes
to the default CVARs
Change Log:
- 12.26.06 - Version 1.4
added public tracking cvar
replaced some if statements with switches
fixed mistake in respawn timer handling
cleaned up code a bit
- 05.28.07 - Version 2.0
Rewrote almost everything...
Added fix for spectator duck bug
Added fix for connecting players showing up on a team
Added check for cheat traces in setinfo lines
Added Steam ID Pending check
Added FullUpdate block
Logs are now daily and in their own folder
- 06.04.07 - Version 2.1
Fixed banning function.. stupid me :P
- 08.07.07 - Version 2.2
Third Person View block actually works now
Added block for seeing decals thru walls
Added block class limit bypass (and white model)
Added control over who will see the warning msg
- 09.23.07 - Version 2.3
Added CVAR to control third-person view block
Removed detection for decals thru walls (now it just blocks)
Now using an INI file to set the detection names
Removed some junk left over from previous versions
- 11.06.07 - Version 2.4
Updated INI file * important *
Removed the pointless 'fullupdate' logging
Removed 'fullupdate' block console msg (showed when recording demos)
Enhanced INI file checking & error logging
Removed some old unused code
Reduced some msg sizes due to words being cut off
Added compiler define for new amxx 1.8.0+ log title format
- 11.27.07 - Version 2.5 (non-public release)
Updated INI file * important *
Fixed a mistake in one of the setinfo traces
- 03.09.08 - Version 3.0 Alpha Final
Total Plugin Re-Write
- 03.10.08 - Version 3.0 Beta 1
Public Beta Released
Download Mirror: http://www.avamods.com/download.php?view.164
** this is a CLOSED SOURCE plugin, as approved by bailopan.. there is no sma available for public download.. so technically you run this plugin at your own risk **
download the plugin files zip attachment and inside you will find seperate folders for different AMXX versions, use the dod_blockexploits.amxx that corresponds to the AMXX version you are running.... but be warned this is written for and tested on AMXX 1.8.1.3679, so no guarantee that any previous versions work fully...
** also note that because the way i have the plugin files setup now, I can no longer upload to a web compiler for older versions of AMXX, so i must compile the plugin locally. Therefor if you need it for a specific version of AMXX not already available please request it and I will make an effort to get a copy of that version so I can compile it for you **