2.2b Backdoor?!
Hi there,
just wanted to leave my comment about that nice backdoor, which is included in the e+ 2.2b release.while hammer and me updated the borgservers to the new version, a not further mentioned person came up to us with the info, that the anticheat tool includes a backdoor for beta-testers. they can use a certain command and a masterpassword on every server that runs the new version and check certain stats about shooting behavior, frame skipping etc.
i will add a screenshot, which was taken on the spacestation server, to proof my statement here. even tho i must admit, that the anticheat tool is a nice thing, since pb and pure are easy to be bypassed nowadays, it is a kick in the face to every serverowner.
this police-state-mentality makes it possible, that a hand full of random guys can spy on people on a server, that is payed by others. the worst thing is, that is kept so secret, that you have to write the command and the masterpassword at once, otherwise the console simply would say that this command for its own, doesn't exist.luckily we found out about that bullsh... soon enough.whoever came up with that "brilliant" idea, isn't better than the cheaters themselves, in my eyes. using such backdoors, without asking the serverowner or the admins, who probably won't know about that exploit, is the wrong approach. i think there should have been the possibility to let the serverowners / admins decide about the amount of rights, which is given to their guests. there is no need to make it public, how this anticheat tool works exactly, but like i said before, it should be the serverowners and the admins having the last say. something like xp_cheathunter 1/0 which make those people able to use that backdoor by sending a request to an admin or whatever. but not in that way, like it has been done here...
cheerz,
ShoX (2nd Admin of the Borg-Servers)
Well i reinstalled e+ on our own root to see if this really was true , and yes it was true ...
I couldnt believe my eyes
easy did such great things with the new mod its all much better then the old one but what i saw now isnt the way how things should go
This is obvious done on purpose , and i really dont have a clue by who from the dev team but this isnt acepptable
we found it out by totally accident , and whe where first like omg this is nice stuff !! we can follow suscpicious cheaters now with really advanced stuff!! ,
i started to ask one of the betatesters what some lines of that followtool meaned , and he reacted to me in the way : this is totally secret ! and : Im not gonna tell u that !!
A secret tool hidden for own serveradmins to spy other players with a secret masterpassword whats also secret for serveradmins , and so good hidden if u misstype the pass the tool dont even excist ..(normally it says : wrong password if u mistype wrong , Not unknown command like it is now)
So if u have a own server , with ure own trusted admins , be careful , peepz from outside ure adminteam can see exactly what players on ure servers do , how they shoot , how many times they do that on what place etc and way more ,
They even can see suspicious stats about any player ...its the same , u pay for a house but 200 others have they key of that house and u are so stupid to pay for it !!
For me it isnt acceptable that outside people can gather trusted info from a server&players without any permission from the serverowner !!
At least ask the serverowner permission , or let the serverowner know that when u install e+ they can acces it !!
For now its for me a good hidden backdoor made on purpose ...
regards
hammer of borg
first admin of borg servers
just change checker password.
Well i never really complain about things around here, because this mod is second to none. Being in coding >25 yrs, i pretty much know what im talking about. But never the less, in my opinion this is serious offence.
Funny thing is that i was Beta until i quit E+ admin, but i totally forgot cause some months have passed. I found out by incident Skull has created on a well known server by attacking the owners in public (on full server) how they dare to change the password. This has leaked of course, and then i found the solution.
I simply don't get why it was decided for this new version, which is brilliant in almost every aspect, to come packed with the backdoor. Sorry if this word appears strong, but i can't find more appropriate. If you allow unauthorized & hidden access, to sensitive informations of other people private property, then im not sure if there is any other way to call it.
Now i know from personal experience, this is totally bellow easys level and against his ethical standards. Same can be said for majority of Devs & Betas. So i just wonder, in which kitchen this "brilliant" idea was cooked. I mean okay, the mod is free and comes with no warranty, but then say okay the mod is free but it comes with an exploit. It's simply poor & very defective, and can result in a longterm mistrust.
I appeal on developers to come out in public with informations about this. It's ridiculous to even think how this could have stayed hidden, especially on E+. I fully understand reasons and good intentions, but keeping this behind users back creates much more damage then being open & honest about it.
I fully support the idea of ShoX & Hammer to at least allow server owners the possibility of choice. It would be much better if this has been done from the start, but i hope it's never to late to do the right thing. I mean the information has leaked & it can't be reversed even if this thread gets deleted. It seems that many ppl know for this, so please lets use this situation in the best possible way.
All the best, cheers.
excuse me but u are so damn
STUPID
hmm little correction all of above are stupids...
i think because of such people, this ACS should be removed totally from accessing trough command line and the data should automatically got sent to e+ database of ACS
i wonder who was so smart to give a razor to the monkeys this time, meh
sometimes i think people are so damn restarted that i would wish to born as monkey
wrote:excuse me but u are so damn
STUPID
hmm little correction all of above are stupids...
i think because of such people, this ACS should be removed totally from accessing trough command line and the data should automatically got sent to e+ database of ACS
i wonder who was so smart to give a razor to the monkeys this time, meh
sometimes i think people are so damn restarted that i would wish to born as monkey
n1
U guys are overreacting but it's ok, it's a normal thing on this forum First of all antycheat tool is on servers longer than u think , it's been in beta for some time now and seems it still is. Otherwise developers would
announce it and make an official final version. Was pretty loud about antycheat tool in some "friend circles" some time ago I guess there's more people that didn't hear about it than I thought. Also I didn't think that anyone will actually come and complain about antycheat tool (apart of cheaters caught by it xD ).
Offtopic:
This topic actually revealed the mistery about hidden antycheat tool in e+ releases ^^
IMO at this point we should start using it on clan wars + add some rules to ranking.
Ofcourse it could be still buggy (due to beta) but we could atleast speedup dev. process by reporting the bugs etc.
Well i never really complain about things around here, because this mod is second to none. Being in coding >25 yrs, i pretty much know what im talking about. But never the less, in my opinion this is serious offence.
Funny thing is that i was Beta until i quit E+ admin, but i totally forgot cause some months have passed. I found out by incident Skull has created on a well known server by attacking the owners in public (on full server) how they dare to change the password. This has leaked of course, and then i found the solution.
I simply don't get why it was decided for this new version, which is brilliant in almost every aspect, to come packed with the backdoor. Sorry if this word appears strong, but i can't find more appropriate. If you allow unauthorized & hidden access, to sensitive informations of other people private property, then im not sure if there is any other way to call it.
Now i know from personal experience, this is totally bellow easys level and against his ethical standards. Same can be said for majority of Devs & Betas. So i just wonder, in which kitchen this "brilliant" idea was cooked. I mean okay, the mod is free and comes with no warranty, but then say okay the mod is free but it comes with an exploit. It's simply poor & very defective, and can result in a longterm mistrust.
I
appeal on developers to come out in public with informations about this. It's ridiculous to even think how this could have stayed hidden, especially on E+. I fully understand reasons and good intentions, but keeping this behind users back creates much more damage then being open & honest about it.I fully support the idea of ShoX & Hammer to at least allow server owners the possibility of choice. It would be much better if this has been done from the start, but i hope it's never to late to do the right thing. I mean the information has leaked & it can't be reversed even if this thread gets deleted. It seems that many ppl know for this, so please lets use this situation in the best possible way.
All the best, cheers.
muhaha -- a dictator who has lost control. AWWWW
N1 Fala
wrote:excuse me but u are so damn
STUPID
hmm little correction all of above are stupids...
i think because of such people, this ACS should be removed totally from accessing trough command line and the data should automatically got sent to e+ database of ACS
i wonder who was so smart to give a razor to the monkeys this time, meh
sometimes i think people are so damn restarted that i would wish to born as monkey
STUPID
is not enough for what have been said here and publicited.It is like bunch of kiddies cry about why they wasnt involved into such hidden feature, well I tell you why this command exist and its suppose to be secret.
It is not an exploit, its just a devs info command that output certain info about players behaviour and because those infos output how this anticheat tool detect certain behaviours of autoshoot/autoaim cheats me or any one from devs team wont tell you what those letters/numbers means, simply because we dont want some hacker/cracker to get his hands on it and build own cheat that can fool this anti cheat tool and be undetectable.
All I can say this cant detect wallhack, only specific behaviours of your mouse.
and one more thing, its your 'slap in the face' into devs team that you publicited such hidden info about it, its been their hard work to build that tool and get rid of cheaters for once for all, its zero tolerance for cheaters and if I wouldnt be in beta testers team and did not knew about that command I wouldnt do such big halo about it exist and someone can spy my players on my own holy server, if you doesnt have anything to hide you shouldnt been afraid of it, just shut your mouth if you 'accidentally' discovered it, contact with the main admin @ easy and kindly ask 'hey, whats that command for?' - he would certainly reply to you, and add 'hey, its suppose to be hidden, please dont mention about it on public', but no, you had to have your 5 minutes, once again Its not an exploit, this tool was made for greater good of all the players on this mod, its not perfect solution, cuz it still has some flaws and we need to track certain behaviours to fix them asap, thats why this command is still here and hidden, once anti cheat tool became an atleast 99% non fault proggy this command will be for sure removed and nobody will see output from it, it will simply work by its own if enabled on your server.
thats my 5 cents about it.
wrote:excuse me but u are so damn
STUPID
hmm little correction all of above are stupids...
i think because of such people, this ACS should be removed totally from accessing trough command line and the data should automatically got sent to e+ database of ACS
i wonder who was so smart to give a razor to the monkeys this time, meh
sometimes i think people are so damn restarted that i would wish to born as monkey
Yea so the the guy who coded and contributed to the last few server updates (Ozy) is stupid according to fala? Xd plz
And "ranking being frozen for 2 weeks" was simply because Skullhead found out that the masterpassword can be changed so you can't hoard stats from every CW during that time (note: apparently not everyone changed, so they froze the rankings just cos there's a possibility they might not check EVERY cw).
This is what happens when you have an esoteric one-minded beta team.
Well it's sunday so it's time for the weekly prayer.
Dear God, I thank you for [HoQ] leages, for ESL cups, for Zotac, for #TDMPICKUP, for Jeesports and for the fact every gaming community would not give people like that positions of power.
@espi|lon: I have screencaps so I advise you let the community write their responses, let the thread take its natural course don't delete or lock this thread lest should this happen, this goes all over esr and a few other popular gaming journals which would make excessiveplus would become even more of a laughing stock than it already is, and your new playerbase would be coming pretty much from HISZY SERWERY SMIERCI))) till le end of time since no-one in their right mind would play this shit.
Amen.
And "ranking being frozen for 2 weeks" was simply because Skullhead found out that the masterpassword can be changed so you can't hoard stats from every CW during that time (note: apparently not everyone changed, so they froze the rankings just cos there's a possibility they might not check EVERY cw).
That wasnt the cause of it..
it doesn't matter if we can change the password or not, it is just a slap in the face, that these commands are included and hidden so well in the code of the new release.
our attention got called by someone to these commands, otherwise we wouldn't have known about them, which is ridiculous and a shame for the developers.