The main solutions we have today are IP ban + VPN blocking using a database of known VPN subnets and adding them all to the firewall, and a similar fingerprinting technique which scans their folder structure of certain system folders.
The main solutions we have today are IP ban + VPN blocking using a database of known VPN subnets and adding them all to the firewall, and a similar fingerprinting technique which scans their folder structure of certain system folders.
Is latency going to be good enough on mobile data (especially if they're also using proxies) for a FPS, though? Sure, they're using cheating software, but I wouldn't be surprised if the software gets the information it needs to cheat too late often enough for it to be useful.
Even for non-obvious use-cases, it's hard to beat the advantage provided by knowing the position of players.
On my own hotspot, I have less than 30ms of latency.
Regular IPs can post freely
VPN or mobile IPs (blacklisted) must pay for a key ($20/year) that allows posting from blacklisted IPs. Key is good for posting from one blacklisted IP, locked for 30 minutes, so users cannot share keys. That way, you can ban the user by their key, if their IP is public.
It's not a perfect solution but it seems to be the best they've found for such a situation so far.
Sophisticated cheats in games like CSGO (and other competitive shooters) are usually very subtle, such as displaying enemies on the mini-map when they shouldn't be visible which provides a major advantage without requiring superhuman input, and the added latency is often negligible—especially when the info can be relayed to teammates and now you essentially have the entire team cheating with only 1 player suffering from a bit of increased latency.
And I wouldn't say this is an edge case either as in my experience the majority of cheaters I encountered are individuals that play on an alt account and offer a service to guarantee wins in ranked games.
Edit: If you don't think this is an issue I urge you to Google "pokemon go belgium ip ban" for a fun rabbit hole.
I got to Supreme (2nd highest rank) with 150 ms ping. The people I queued with hit Global.
It's possible to play legitimately with very high ping. The higher ping put us at a disadvantage, but the skill gap between regions made it worth it to arbitrage.
the cheats are software, software has certain quirks, like the way it aims or the way it tracks. And I'm willing to bet it has enough distinctiveness from human aiming to be classified. Couldn't a classifier work on the behavior of the cheating software itself, rather than use IP bans?
EDIT: Well, I guess the tribe has spoken. Pretty surprising. I think y'all are just assuming you'll always be the ones with the "good" IPs...
I was going to mention how much I loved that game, until I realized I played UT99. Time sure does fly...
Which might be something you could guarantee, if the game were locked to wimpy console hardware; or if the game had minimal CPU physics such that it was effectively never running CPU-bottlenecked and there were massive gaps in frame-time where even the client CPUs are sitting idle, that a server running in lockstep could cram that kind of analysis into.
But gaming is a race-to-the-top, hardware-wise. The CPU in a gaming rig might not have as many cores as your average server CPU, but it's almost certainly going to have higher single-core perf.
And part of the reason for that, is that games really do try to use your whole CPU (and GPU), with AAA studios especially being factories for constant innovation in new ways to make even the minimum requirements just to run a game's physics, higher and higher every year.
And if the server can't do "faster than realtime" analysis of the streams of inputs of the players, then by queuing theory, it'll inevitably get infinitely backlogged — the server will keep receiving new analysis work to do every timestep, and will fall further and further behind, never catching up until new work stops being generated — i.e. until the match is over. And then it'll have to probably sit there for five more minutes thinking really hard before spitting out a "hey, wait just a minute..." about any given match.
Which is fine if there's a big central lobby server that the game is forced to connect to, and your goal is to ensure that some central statistic that that central server relies upon (e.g. match-rank ELO) gets calculated correctly, such that cheaters are prevented from climbing the leaderboards / winning their way into high-ranked play. (And that's exactly the situation the big eSports games companies are in.)
But in the context of older games that use arbitrary hosted servers and random-pairing (or manual lobby-based match selection) — or in modern, but "dead", games, that only persist due to being modded to accept private servers — this "after-the-fact" punishment is useless, as most servers have no incentive to do this analysis, especially when cheaters can just hop around between servers. So there's nothing preventing people from being matched with cheaters, sometimes over and over again, if the cheaters can just tell their clients to roll up with a new key+IP for every match.
...and that's assuming there even are servers. You can forget about any of this working in a p2p context. (Think about what a Sybil attack means in the context of a federated set of individual tiny disconnected p2p networks.)
https://redman.xyz/doku.php/schachtmeister2 was made specifically against people using VPNs.
It was made for Tremulous (ioquake3 fork) where people kept evading IP bans, but it can be used for any other games.
It is not my project, but I know the author, and I could personally fork it and make it suitable for specific (or any) games if there is demand for it.
You may also use heuristics, too, in schachtmeister2:
whois -10 "Hosting"
whois -10 "hosting"
whois -7 "Server"
whois -4 "server"
whois -10 "VPS"
whois -13 "VPN"
whois -3 "Private Network"
whois +7 "residential"
whois +7 "Residential"
whois -20 "Dedicated Server"
Edit: I noticed that the git repository returns 502, contacted the maintainer.In practice this means at lower ranks, it was not at all uncommon to be matched with players with similar rank but vastly better skills.
Also simple analysis of only the input streams as you stated really doesn't have to do with the phys rate of the game server and should be alot cheaper computationally. It can be offloaded to another process even if it was found to be too impactful to run alongside the game server directly. Something all those extra cores might be good for.
I don't play online anymore because I get destroyed but it's still fun to pop in for a quick match against AI when I have 30 minutes to kill.
a) run on 2nd pc passively capturing the screen and commands to a fake mouse device plugged into both machines,
b) "humanise" the aim with ai models trained on professional players
c) add random variances within the limits of human reaction times
So it doesn't solve things, really it'd still be playing catchup.
What do they do in such cases?
Assuming they get the report after the fact and assuming their "no logging" promises are true, can they even do anything? They're not even supposed to know which customer did it, after all.
If their promises are false, wouldn't they reveal their hand if they handed logs over willy nilly?
IIRC you also need one when playing from some countries, whether due to legal reasons or server restrictions.
On some Japanese BBSes, spammers tend to use non-Japanese IPs or data center IPs. A good chunk of the spam goes away by blocking non-Japan IPs (easy to do with BGP data) and disallowing data center IPs (these often host VPNs, scrapers, etc.) from posting.
Posting from overseas thus costs money or is not possible. The trade-off is 1-100 extra users or significantly reduced spam for little effort. It's not surprising that most website operators choose the latter.
I also know of a file uploader that recently had to block overseas IPs due to such IPs repeatedly uploading illegal content. This is an example of a few bad actors ruining things for everyone.
It's basically impossible to keep one's rank at Supreme if you only play against Gold Nova or so due to the way the rating system works.
Blocking IP ranges by country or ISP is pretty much always going to have to exist as long as certain countries and ISPs turn a blind eye to abuse.
Even with as poor a solution as IP blocks are, it's the best we have and alternatives seem worse.
You quickly run into the same kinds of problems you do in v4 though; most users have access to a shared pool of addresses, and you may need to ban the whole pool to ban an abuser, but then you also ban everyone else in that pool, and the abuser is more likely to have ability and motivation to use other pools.
It's better if you have multiple factors... if you don't like the IP, don't ban it, but be stricter on other measures, etc. So a well behaved client from a 'bad ip' can still play, but enough suspicious things and you can't play anymore.
Game companies invade our privacy and destroy our computer freedom with ineffective malware tier rootkit solutions only to fail to solve the problem in the end. Their business model depends on enabling people to play with any random from anywhere in the world. They are forced to trust untrustworthy clients. The truth is people should not allow their computers to talk to strangers.
That being said, the vast majority of cheats are not that sophisticated. "Simple" analysis of player input should still be used to make low effort cheats less or ineffective. Especially if used to compare consistency of mechanical play by a player. I doubt most cheaters want to just turn on a full bot that plays by itself for the whole game. You can build a model of play customized for an individual player to look for changes in mechanical skill during critical plays. Then even if that was incorporated into the cheat client so that its 'actions' can't be definitevly detected against the players baseline, it would at least be limited to cheating as that player always playing like it's their best day. Either that or the cheater would have to go fully hands off for that account which I imagine is not as appealing for most cheaters.
Input analysis, even much simpleler approaches, can still be a valuable tool to make cheating more difficult and less opportunistic. The goal would be to raise the barrier of entry to cheating without immediately getting banned beyond downloading and running a client. If people who consider cheating in a game have to: order, wait for, and setup additional hardware then aquire models trained for the latest version of the game that are also trained on pro play in a way that lets the cheating be humanly plausible to remain undetected; it will reduce the total number of people who cheat in that title. Will needing to aquire additional hardware stop all cheating? No, I had a friend as a kid that owned a GameShark that I used and ended up corrupting the save on one of my Pokemon games. But if all of that is what is required to be able to successfully and consistently cheat, it will raise both the cost of development of cheats as well as their price to cheaters.
For top level professional play, in person tournaments on managed setups will remain the gold standard for the forseeable future (and besides they are attractive as events for their own sake). And for the rest of us, we will continue to be trapped in the labyrinth with both the cat and the mice.
No. VPN blocking is useless to stop malicious actors as most residential connections have DHCP and VPN subnets are added and removed somewhat frequently, it's not that hard to find a "undocumented" one. It also completely excluds anyone using a VPN for non-malicous purposes.
Scanning files and folders is just ridiculous, not only an incredible invasion of privacy, but also trivial to work around.
Without a whitelist, it's only a matter of time before an actual cheater joins their server and ruins their fun.
Enumerating badness just doesn't work.
Yes it doesn't "solve" the problem, and yes it removes some legitimate users, but it's by no means useless. Given the tradeoffs involved I'm not at all surprised it's so common.
If you have a solution that's less invasive (e.g., some businesses can get away with not providing anything expensive till after a payment has cleared the normal fraud window, and many businesses don't have obscene levels of malicious traffic; in those cases you can just let bad traffic run rampant and ignore it till it's a problem) then that's probably better, but blocking VPNs or whole countries or whatever can be the difference between a successful business and bankruptcy.
Even without this IP bans only go so far as they're both easily swapped (VPN offers, or rent a VPS to forward traffic, or even by design with an ISP handing out dynamic IPs on router reboot) AND overreaching:
- NAT: ban household / campus
- CGNAT: ban whole neighbourhood
- IPv6: ban whole /64 => whole household (because of SLAAC + random privacy addresses)
Since the server owner insists on allowing non-steam accounts (pirated copies) to connect we can't rely on SteamID bans, similarly to GUID in Unreal. It's a bit trickier to change the spoofed ID as I assume it's buried deep in the game install somewhere obscure, but still possible. It's actually a very popular game in northern Africa, the former Baltic states and surrounding areas as well as north and west Asia: without these players the server would be a ghost town.
Anyway, our approach is twofold carrot and stick style: Steam players get near instant reloads and immunity to some of the more "enthusiastic" automodding/kick features: so for the price of a handful of VPN keys you can get a legitimate, allowed advantage over most of the server population as well as reserved username and "VIP" tag, plus you now own the game. Seems a great way to do it, as it's available to anyone instantly for that one time fee (which goes direct to the game dev), or for free by playing at least 1 game a week for 5 weeks, then contacting the mod team on social media.
The other side to that (the stick), is that rather than simply kick/ban the player we usually take some time to have fun annoying them, to show them they're really not welcome, and make them actively not want to come back.
Disarming them then giving F tier weapons, a few random teleports out of bounds or stuck in the floor, repeat amx_rocket to turn them into a firework, amx_drug to max out FOV and add "drunk" effect, and ofc a bit of teasing about what a lowskill looser you must be to have fun while AI plays the game for you.
There's also "illegal" amx plugins and commands, which are generally frowned upon and extremely abusable, but quite useful in these situations. My favorite (which most of the "illegal plugins" are based around) is amx_exec which essentially gives admins direct access to any client's in-game console, to run any command or set any setting!
It's actually kind of terrifying that exists. For example this set of commands sets network baudrate to 1000 (that'll be fun for the cheater until they notice), changes name, wipes all keybinds, then binds the default chat key to close the game, while setting max FPS low enough to be bothersome without being obvious! There are pre-built macros that do far worse to your settings too: although easily fixable by deleting to restore defaults, would be very frustrating if you hadn't backed up your config files.
amx_exec cheatername "rate 1000" amx_exec cheatername "name iCaNtAiM" amx_exec cheatername "unbind all" amx_exec cheatername "bind y quit" amx_exec cheatername "fps_max 50"
On an intriguing side note: Many servers charge for VIP advantages, to the tune of up to $20/month! At first I thought this pretty shocking, until I found out that there's some kinda shady clique where to be listed in a reasonable spot on 3rd party server browsers, a hefty fee is required, and a significant proportion of this income gets spent on "boosts".
When our server owner stopped paying for "boost" for two months, mean player count dropped from 14/32 to 3/32, and max players from a regular 28/32 on weekends, to 12/32 on a Friday night if lucky. The player count rocketed as soon as the owner started paying again... but the crazy thing is it's $180/month!
Before getting involved with moderating, I thought running a fun, deathmatch, well moderated, low ping, high performance server dedicated to remakes/remixes of the 2nd most popular map in the game would be enough to be popular/busy. But no, apparently you have to pay extortionate fees to incumbent gatekeepers, if you want your server to be visible to the majority of the playerbase!
I used to administrate CS 1.6 until a few years ago. I got a question concerning amx_exec. I thought cl_filterstuffcmd basically killed any usage admin slowhacking?
or is it that most nosteam cs 1.6 client have it set to 0 ?
Anyway, it's a tradeoff between dealing with bad actors effectively and not impacting common users. There's a lot more bad actors than common users running into those sorts of IP bans though.
Yes, we have something similar for UT2004, but only a handful of people are even aware it exists. It's too powerful and too easily abused. I have yet to share it, even with other admins.
You are very welcome on their Discord server, or Der Bunker's[2] (Zittrig) Discord server, too!
We may know each other. :)
[1] https://unvanquished.net/ (https://unvanquished.net/chat/)
So an GUID accumulates reputation after some amount of play in the provisional server. If you get enough reputation by not cheating, the GUID gets whitelisted for the "good" server. You can have multiple tiers, so the really good/fun people get to the third of fourth tier of demonstrated non-cheating.
If they cheat, get banned, they need to climb the tiers with GUIDs again. The cheaters will want to cheat, they won't want to pay the dues. The legit players will happily try to get to the second and third tiers, so you could probably just require 1 hour of not-cheating for the first tier of server, and then maybe 8 hours to get to the third tier.
You could shadowban/honeypot after the first tier, so you shut all cheaters that you detect to their own cheater server where the cheaters can all get shunted to.
You can find links to download the game, get a cd key, and configure for the new master servers so you can find servers online. Game tracker still lists this game, so you can check there to find the most popular servers which are still active and have players.
Why ban them? Flag them as cheaters behind the scenes, and let them only join cheater-only servers. They'll stop soon enough.
It's like telling a web scraper that its IP was banned. It's stupid cause you will have nothing to gain from that strategic move. A better way is to flag a web scraper IP behind the scenes, and give them only garbage data, randomly injected/inserted into the pages. That'll teach them not to scrape your website :D
In my opinion the same goes for cheat detection. You will only lose the strategic advantage you have by banning them, because rotating IPs or CD keys or accounts is just a minor inconvenience for them.