You are an unregistered user, you can register here
Navigation

Information

Site

Donations
If you wish to make a donation you can by clicking the image below.


 
Go Back   The Unreal Admins Page > Forums > Hosted Forums > UTDC > General Chat

Reply
Thread Tools Display Modes
  #1  
Unread 10th September, 2004, 10:38 AM
NapalmDawn NapalmDawn is offline
Rampage
 
Join Date: Oct 2002
Location: USA.gif
Posts: 81
Default

ScriptLog: +---------------------------------------------------+
ScriptLog: [UTDC] Client have hooked addresses
ScriptLog: [UTDC] Player Name......: Player10
ScriptLog: [UTDC] Player IP........: Withheld
ScriptLog: [UTDC] Client UT version: 451
ScriptLog: [UTDC] Server Received..: Initial check
ScriptLog: [UTDC] Hooked adresses..: 103a250b-d45589?103a252f-5452ff?103900b3-485494?10390489-ac878b?103904eb-5c52ff?10390523-8892ff?105a0b91-0?1038cf09-645e5f?

This person said he was running Windows ME, UT 451, TS2 and Mirc at the time he got this. I was on voice with him and he's claiming he wasn't hooking at all. IS there any chance of a false positive?
Reply With Quote
  #2  
Unread 10th September, 2004, 03:21 PM
[HYP]Absyntho's Avatar
[HYP]Absyntho [HYP]Absyntho is offline
Forum Newcomer
 
Join Date: Aug 2004
Posts: 7
Default

Yesterday i had the same pb with a member of my clan.
He was running UT v451 but there were 2 versions

If he is running v451A utdc will kick him for illegal hook

With the 451B there is no pb

Cu
Reply With Quote
  #3  
Unread 10th September, 2004, 07:36 PM
NapalmDawn NapalmDawn is offline
Rampage
 
Join Date: Oct 2002
Location: USA.gif
Posts: 81
Default

The guy commented he went backwards to 436 and wasn't kicked for the hook. I think perhaps this bears looking into?
Reply With Quote
  #4  
Unread 11th September, 2004, 11:27 AM
{ROW}Mase {ROW}Mase is offline
Dominating
 
Join Date: Jun 2004
Location: AK
Posts: 106
Default

could we get this to work with 451?
Reply With Quote
  #5  
Unread 11th September, 2004, 07:55 PM
DonutHunter DonutHunter is offline
Rampage
 
Join Date: Nov 2002
Location: USA.gif
Posts: 54
Default

:-)

I'd like to invite people to test it on two of my servers, both setup for match play, because while this is a wonderful addition to the anti-cheat universe, it's not likely that many admins with large public servers will use it. I hope I'm wrong...:-)

The issue of false positives needs to be resolved, I'm asking my admins to test my servers and report back to me, and I'd like the larger UT community to test and do the same. These are normal and turbo IG servers...I'm putting up a weapons later today...test and get back to me on GS or Protium, #DonutHole....

IP's: unreal://69.28.220.213 and unreal://69.28.220.211 (both 451b servers, zp and non-zp)

In return, I'll post the results back here.

Thanks People,

DonutHunter
__________________
"If you can't be a good example, then be a horrible warning."
Reply With Quote
  #6  
Unread 12th September, 2004, 12:05 AM
2399Skillz 2399Skillz is offline
Super Moderator
 
Join Date: Jan 2004
Location: North Carolina
Posts: 2,245
Default

DonutHunter, I run a public server and I have it running. It's not so bad, because the anti-cheat will ask the user to install the anti-cheat if it's not already installed. Which is a plus. Once it's installed, there UT will reboot; and then they will be able to enter.
__________________

UT-FILES.COM
Get your files
Reply With Quote
  #7  
Unread 12th September, 2004, 05:26 PM
[CdV]_Raptor [CdV]_Raptor is offline
Forum Newcomer
 
Join Date: Aug 2004
Location: Germany
Posts: 4
Default

-


This AntiCheat blocks Helios Bot (great), but for what price.

I've noticed, if our 12 Slot-Server is full he's laggy. When i'm deactivating UTDC, the Server is pretty running.


-
Reply With Quote
  #8  
Unread 12th September, 2004, 06:15 PM
PizzaMan's Avatar
PizzaMan PizzaMan is offline
Holy Shit!!
 
Join Date: Jun 2004
Location: Bergen - Norway
Posts: 2,389
Default

Try lowering the check frequencies.
Reply With Quote
  #9  
Unread 13th September, 2004, 03:48 AM
DonutHunter DonutHunter is offline
Rampage
 
Join Date: Nov 2002
Location: USA.gif
Posts: 54
Default

Hi All,

As promised to the forum let me relate what I have learned so far. Mostly good, but some bad.

First of all....UTDC works and works like a charm at catching the 3.1 and lower Helios Hook bot and radar. Awesome job Troublesome and thank you Skillz for bringing it here.

I have about 6 servers now and 5 more going live it the next two days...so I'm a baby server admin, but I'm very lucky to have a loyal and trusting player base on my popular 44oz DonutHole server. So I asked one of my admins to research and get the latest Helios and he came back with 3.1 I then went into the server and told the players (mostly regulars) that we were going to test a bot on the server AND then test whether UTDC would catch it. They were cool of course. Two of us spec'd on the "fake botter" and about 5 of us were all on Teamspeak as he went about his botting. Frankly it was amazing how lifelike it was, except being a newbie botter he wasn't very good at hiding "when" he changed or adjusted the bot and after awhile as spec's this was moderately easy to see.

So the damn bot worked, what a surprise. Now we asked everyone to stay and I shutdown the server, copied over the ini (I was using a terminal window watching the the server box and UT advanced console and I had the Task Manager Open to watch the Performance Tab).

Our friendly neighborhood botter tried to join and he was kicked immediately for the hook. It was nice to see. And it was gratifying to see players who beat my butt also pass the UTDC protection and KNOW they weren't cheating. This sounds strange but it removed any doubts I had about these people. (Sorry I'm not perfect.)

Ok all was good, until two players much later and today, who are only middle level but good players nevertheless, got kicked for having the hook. Humm, it didn't make sense either in terms of how they played, their skill, or their personality. Then there was a player where UTDC didn't know where to install the program and she didn't know what to do and couldn't play. She was using something called UT2 that allows mulitple people use the same computer with their own settings she said. I'd never heard of it. This was a easy problem to fix of course.

So what about false positives....what can create them, is anyone else having them. This is the key...what is UTDC scanning to report a hooked client. Can anything else even remotely fire it off. Like the "KeepItClean" mutator that scans for "bad" words, and changes them, it can also scan for those bad words embedded in longer words and change them....could UTDC find something within something and create a false positive. I really hate to accuse someone of hooking unless I can be sure....Really sure.

Next item. CPU usage, which Pizza hit on indirectly. My main colocation server is a dual Opteron 248, 1.5 gigs of ram, 10k raptors etc...a beefy game server, running only 5 UT servers on it. It's usual cpu utilization is about 1-2% with all servers running and about 30 players. Turn on UTDC on just One 10 person server and the CPU utilization jumped in front of my eyes to 15-18%.....and it was up and down constantly as long as UTDC was on. Now I'm thinking the frequency needs to be changed too, any settings that work great posted here would be helpful, but anything that causes a 10+ fold increase in cpu utilization is a problem. I can handle it on my box, I own it, but I know some gaming companies that are going to kill it ASAP because it would cripple the box. Many gaming companies run between 8-10 UT servers per box on a dual 1800 or equilvant, and run at 40-60% cpu utilization. This is a serious problem.

So bottomline, I'm putting it on the match servers I have, and will 'experiment' with turning it on and off the publics for now. It is a great program and thank you Troublesome for the time, art and skill of making it. I'm going to ask the classic client question, "can you make it even better" by identifying the issues with false positives and reducing CPU utilization.

You Rock T,

DonutHunter
__________________
"If you can't be a good example, then be a horrible warning."

Last edited by DonutHunter : 13th September, 2004 at 04:42 AM.
Reply With Quote
  #10  
Unread 13th September, 2004, 05:00 AM
2399Skillz 2399Skillz is offline
Super Moderator
 
Join Date: Jan 2004
Location: North Carolina
Posts: 2,245
Default

Nice review DonutHunter.

I must say, I own my own box also; where I run a couple UT server's myself. Though I hadn't noticed THAT big of a jump in CPU usage, I did notice a couple presentages when I first put it on. Lag hasn't been a problem for me either. However, I have had a few people not be able to connect due to it not knowing where to install. This was fixed once they installed it manually.

Either way, this is a good step in the right direction I think.
__________________

UT-FILES.COM
Get your files
Reply With Quote
  #11  
Unread 14th September, 2004, 01:46 AM
DonutHunter DonutHunter is offline
Rampage
 
Join Date: Nov 2002
Location: USA.gif
Posts: 54
Default

We are having a debate on our server forums that I frankly don't know the answer to....maybe someone here can educate me. One of the admins is wondering if a false positive could be a program like a Logitech mouse software program that he has macros programmed in to perform certain things in UT. I remember always envying Lathathiel's awesome abilities at programming his mouse buttons and I hadn't even thought of this as a possible source of false positives.

Immediately, another admin piped up and said, "The server log will show what files and addresses the hook is linked to. If they match the address for a helios version, then it's not some other program setting it off. I also don't think it can be a false positive."

Interesting comment and could he be right? Can someone explain the underlying theory of the "addresses" mentioned and how they could or could not create a false positive or are false positives truly impossible?

Thanks Skillz, btw...pop up the Task Manager on your server and repeat my experiment, I'm curious how other server configurations perform. And what do you have your settings at...if you will say.

Thanks!

Donut
__________________
"If you can't be a good example, then be a horrible warning."
Reply With Quote
  #12  
Unread 14th September, 2004, 08:07 PM
2399Skillz 2399Skillz is offline
Super Moderator
 
Join Date: Jan 2004
Location: North Carolina
Posts: 2,245
Default

I assume you're running a Windows based server?

I am using Linux.
__________________

UT-FILES.COM
Get your files
Reply With Quote
  #13  
Unread 23rd September, 2004, 10:39 PM
core2k core2k is offline
Forum Newcomer
 
Join Date: Jun 2004
Posts: 5
Default

any ideas on this one,he claims it was a key bind.

ScriptLog: [UTDC] Client have hooked addresses
ScriptLog: [UTDC] Player Name......: XXXXXXX
ScriptLog: [UTDC] Player IP........: XXXXXXXXXX
ScriptLog: [UTDC] Client UT version: 436
ScriptLog: [UTDC] Server Received..: CV16961-14
ScriptLog: [UTDC] Hooked adresses..:

no address apeared
Reply With Quote
  #14  
Unread 25th September, 2004, 09:59 AM
IndySkyz IndySkyz is offline
Forum Newcomer
 
Join Date: Sep 2004
Posts: 9
Default

Has the UTDCv12 been beat already? I swear I was on a server running it and there were aimbotters playing, it was an insta gib server with only 4 players and 2 of them were geting multi kills regularly.
Reply With Quote
  #15  
Unread 25th September, 2004, 12:10 PM
Troublesome Troublesome is offline
Godlike
 
Join Date: Aug 2004
Posts: 361
Default

Quote:
Originally Posted by IndySkyz
Has the UTDCv12 been beat already? I swear I was on a server running it and there were aimbotters playing, it was an insta gib server with only 4 players and 2 of them were geting multi kills regularly.
no i dont think its been beaten - it would be by private hook then...they could have used uscript based aimbots or maby good players
Reply With Quote
  #16  
Unread 25th September, 2004, 04:15 PM
IndySkyz IndySkyz is offline
Forum Newcomer
 
Join Date: Sep 2004
Posts: 9
Default

Hmmm, well maybe and I say maybe they were good players, but I say it with much hesitation, Multikills in Insta gib with only 4 players in Curse, they would have to be really goooooood players, now you might belive this, but I find it very hard too.
Reply With Quote
  #17  
Unread 25th September, 2004, 05:03 PM
grep grep is offline
Dominating
 
Join Date: May 2004
Location: The Netherlands
Posts: 128
Default

That's doable. I once made a monsterkill against 2 opponents @ Curse.
Doing it several times in a row is more difficult, but I guess there are some guys out there that can do it.
__________________
_
Reply With Quote
  #18  
Unread 29th September, 2004, 07:33 AM
Gambit Gambit is offline
Rampage
 
Join Date: Sep 2004
Location: Queens, New York
Posts: 91
Default

i think utdc13 came out
Reply With Quote
  #19  
Unread 29th September, 2004, 10:49 AM
fugley fugley is offline
Rampage
 
Join Date: Jun 2004
Location: New Zealand
Posts: 99
Default

Quote:
Originally Posted by Troublesome
no i dont think its been beaten - it would be by private hook then...they could have used uscript based aimbots or maby good players
YES! altho this is by a private bot ... i don't know if the person would talk but if wanted i could put ya in touch with him
Reply With Quote
  #20  
Unread 11th October, 2004, 11:11 AM
Justice Justice is offline
Forum Newcomer
 
Join Date: Oct 2004
Location: Melbourne, Oz
Posts: 1
Default

Quote:
Originally Posted by IndySkyz
Has the UTDCv12 been beat already? I swear I was on a server running it and there were aimbotters playing, it was an insta gib server with only 4 players and 2 of them were geting multi kills regularly.
omg.. if ur any good at gib, u'd know with only 3 targets, more to point, only 3 ppl shootin at u, u can clean up EASY, over and over.. just find ur rhythm...

to make combo's in gib is sooooooo easy, u only have to hit every second shot....

a little too much paranoia floatin round?
Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT +1. The time now is 09:57 AM.


 

All pages are copyright The Unreal Admins Page.
You may not copy any pages without our express permission.