Leap Exploit Fix
Eternal_Bliss
Join Date: 2002-11-07 Member: 7633Members, NS1 Playtester, Contributor
Join Date: 2002-11-07 Member: 7633Members, NS1 Playtester, Contributor
<div class="IPBDescription">Speed Cheater?</div> I was playing in UKSF server and some guy came in, went aliens and then he "leaped' over all our turrets and marines(map is siege btw) and started eating a resource tower, we sent 1 guy at him... and that guy kept saying he cant kill him because he is too fast, we sent 3 more marines(including me) and then i indeed noticed his speed.. he claimed he had celerity and a script of leap+bite, now i doubt that it's true.. since when you leap you hear a leap sound, and we heard NOTHING, we killed him and he came again... at this time he "leaped" from the middle room to the room with 1 res in it and back to middle room in about 2 sec(which is even impossible with leap because you dont have enough adren), then i started to take the demo and in the start of the demo you will see a guy flying in the sky all over the room(that is him), i agree that is possible with leap... the demo is all the game(hope it's not **** because i didn't type stop in the end), you will hear in the voice comm more marines saying he is acting weird and he is probably cheating... now i ask you fellow admins, do you think it's a cheat or not?
he was banned from UKSF server and mine aswell...
demo:
<a href='http://www.eternal.mossad.org.il/cheater.dem' target='_blank'>http://www.eternal.mossad.org.il/cheater.dem</a>
i finished uploading, you can grab the demo now..
oh btw wonid is: 2095399
<b>Note: voogru released a fix for this exploit and you can download it in the second page</b>
he was banned from UKSF server and mine aswell...
demo:
<a href='http://www.eternal.mossad.org.il/cheater.dem' target='_blank'>http://www.eternal.mossad.org.il/cheater.dem</a>
i finished uploading, you can grab the demo now..
oh btw wonid is: 2095399
<b>Note: voogru released a fix for this exploit and you can download it in the second page</b>
Comments
when i loaded the demo it took me like 3-4 minutes to get something
basically, I check there energy and save it, when they try to run the exploit and they have the same amount of energy they had the last frame then it will warn them. 3 strikes there out.
This method had few false positives, but it works.
Ill be releasing it tomorrow, no it wont be open source sorry. (Dont want lamers to try to figure out how to get around it.)
<!--emo&:)--><img src='http://www.unknownworlds.com/forums/html/emoticons/smile.gif' border='0' style='vertical-align:middle' alt='smile.gif'><!--endemo-->
Roob's Bubtastic NS 1.04
163.1.180.217:27016
Stats: <a href='http://163.1.180.217:27017' target='_blank'>http://163.1.180.217:27017</a>
basically, I check there energy and save it, when they try to run the exploit and they have the same amount of energy they had the last frame then it will warn them. 3 strikes there out.
This method had few false positives, but it works.
Ill be releasing it tomorrow, no it wont be open source sorry. (Dont want lamers to try to figure out how to get around it.) <!--QuoteEnd--> </td></tr></table><span class='postcolor'> <!--QuoteEEnd-->
So you summarize how it works and then claim that releasing it legaly (i.e. gpl compatable) will compromise it. Whatever...
basically, I check there energy and save it, when they try to run the exploit and they have the same amount of energy they had the last frame then it will warn them. 3 strikes there out.
<!--QuoteEnd--></td></tr></table><span class='postcolor'><!--QuoteEEnd-->
Dude .. Voogru.. that's the exact Idea I gave you for detecting it, 1 week ago and you came back to me about how you couldn't detect the energy level? WTH? Well I guess you figured it out. Since I was the one that brought you that exploit in the first place and we did work together on the orginal bugfix (that unforutantaly didn't work), then IM'd you a way of detecting it a few days later (which is the way you are doing it now), give me a little credit it! DOH!! <!--emo&:p--><img src='http://www.unknownworlds.com/forums/html/emoticons/tounge.gif' border='0' style='vertical-align:middle' alt='tounge.gif'><!--endemo-->.. Anywhooo I still want this fixed .. and I can't beeatch to much cuz I lack the programming skill to make the plugin myself. I'm more than willing to help and if you need someone to to compile for linux .. let me know.
Im gonna have it today after some testing.
SuicideDog, Ya its the idea you gave me. However at the time I had no clue how to get the players energy.
Now I do <!--emo&:)--><img src='http://www.unknownworlds.com/forums/html/emoticons/smile.gif' border='0' style='vertical-align:middle' alt='smile.gif'><!--endemo-->
basically, I check there energy and save it, when they try to run the exploit and they have the same amount of energy they had the last frame then it will warn them. 3 strikes there out.
This method had few false positives, but it works.
Ill be releasing it tomorrow, no it wont be open source sorry. (Dont want lamers to try to figure out how to get around it.) <!--QuoteEnd--></td></tr></table><span class='postcolor'><!--QuoteEEnd-->
So you summarize how it works and then claim that releasing it legaly (i.e. gpl compatable) will compromise it. Whatever... <!--QuoteEnd--> </td></tr></table><span class='postcolor'> <!--QuoteEEnd-->
This is a problem. I don't think the author of Metamod intended that all plugin authors be forced to open-source their plugins. Maybe he did, but I strongly doubt it. Most likely, he slapped the GPL down on his code to prevent "ripoffs" while still allowing him to release the source, not realizing the consequences. He _could_ distribute metamod under a modified GPL that explicitly exempts plugin authors from the open-source requirement. Perhaps I shall contact the Metamod author...
I like the GPL; it has many appropriate uses. However, I firmly believe that many, many authors slap the GPL on their code without understanding it. That's their fault, yes, but it's a problem nonetheless.
basically, I check there energy and save it, when they try to run the exploit and they have the same amount of energy they had the last frame then it will warn them. 3 strikes there out.
This method had few false positives, but it works.
Ill be releasing it tomorrow, no it wont be open source sorry. (Dont want lamers to try to figure out how to get around it.) <!--QuoteEnd--></td></tr></table><span class='postcolor'><!--QuoteEEnd-->
So you summarize how it works and then claim that releasing it legaly (i.e. gpl compatable) will compromise it. Whatever... <!--QuoteEnd--></td></tr></table><span class='postcolor'><!--QuoteEEnd-->
This is a problem. I don't think the author of Metamod intended that all plugin authors be forced to open-source their plugins. Maybe he did, but I strongly doubt it. Most likely, he slapped the GPL down on his code to prevent "ripoffs" while still allowing him to release the source, not realizing the consequences. He _could_ distribute metamod under a modified GPL that explicitly exempts plugin authors from the open-source requirement. Perhaps I shall contact the Metamod author...
I like the GPL; it has many appropriate uses. However, I firmly believe that many, many authors slap the GPL on their code without understanding it. That's their fault, yes, but it's a problem nonetheless. <!--QuoteEnd--></td></tr></table><span class='postcolor'><!--QuoteEEnd-->
No Mistake here. Look at the <a href='http://metamod.org/faq.html#gpl' target='_blank'>metamod FAQ</a>.
I don't think that authors using the GPL without understanding it is a <i>problem</i> at all. If they later decide that it would be better under a less restrictive licence then it's usually easy to change. IMHO the GPL is easy to understand and the <a href='http://www.gnu.org/licenses/gpl.html' target='_blank'>gnu faq on it is quite comprehensive</a>.
basically, I check there energy and save it, when they try to run the exploit and they have the same amount of energy they had the last frame then it will warn them. 3 strikes there out.
This method had few false positives, but it works.
Ill be releasing it tomorrow, no it wont be open source sorry. (Dont want lamers to try to figure out how to get around it.) <!--QuoteEnd--></td></tr></table><span class='postcolor'><!--QuoteEEnd-->
So you summarize how it works and then claim that releasing it legaly (i.e. gpl compatable) will compromise it. Whatever... <!--QuoteEnd--></td></tr></table><span class='postcolor'><!--QuoteEEnd-->
This is a problem. I don't think the author of Metamod intended that all plugin authors be forced to open-source their plugins. Maybe he did, but I strongly doubt it. Most likely, he slapped the GPL down on his code to prevent "ripoffs" while still allowing him to release the source, not realizing the consequences. He _could_ distribute metamod under a modified GPL that explicitly exempts plugin authors from the open-source requirement. Perhaps I shall contact the Metamod author...
I like the GPL; it has many appropriate uses. However, I firmly believe that many, many authors slap the GPL on their code without understanding it. That's their fault, yes, but it's a problem nonetheless. <!--QuoteEnd--></td></tr></table><span class='postcolor'><!--QuoteEEnd-->
No Mistake. Look at the <a href='http://metamod.org/faq.html#gpl' target='_blank'>metamod FAQ</a>.
I don't see why people are so shy about releasing source, whats the big deal?<!--QuoteEnd--></td></tr></table><span class='postcolor'><!--QuoteEEnd-->
I'm aware of the Metamod FAQ entry. The tone in his response makes me think that requiring plugin authors to open their source was not intentional. I recently emailed the Metamod author, asking for further details. I will let this forum know what I hear back.
There *are* several valid reasons for not wanting to release source. Sorry SotU, but you come across as a GPL-fanboy a little too often. I like open-source licenses as well (I'm more a modified-BSD license guy myself), but I can understand wanting to keep source closed.
In this specific case, keeping the source closed does way more good than harm. I'll use a very similar case, Voogru's previous bugfix.so/dll as an example. When the "stopcommandermode" exploit was first discovered, very few people knew how to go about "doing" it. Voogru was made aware, and he provided a metamod plugin so that administrators could immunize their servers. By releasing his source, use of the exploit would have likely grown by an order of magnitude, if not more. It took me a considerable amount of time to find out how the exploit was performed, and I consider myself more resourceful that the average exploit-user.
Yes, this is a form of "security through obscurity", but let me explain why that's not an issue in this case. "Responsible disclosure" is where a person who discovers (or is made aware) of a software vulnerability first contacts the author, and gives them adequate time to prepare and release a fix, before announcing their findings to the public. This is to make the "window of vulnerability" as small as possible, a courtesy to the system administrators who must update the machines in their care. Trust me, we appreciate it greatly. In the case of "stopcommandermode", Flayra was aware of the problem, but was not ready to release a new server version yet. Voogru provided a convenient way to prevent the exploit until a new version of NS was available. By not releasing the details of the exploit (his source), he did not increase the proliferation of the exploit's use, thus saving many administrators the need to install his plugin, while giving those who had such a need a cure.
There is little sense in handing a malicious person a weapon. Make him find his own, and you may have bought time to armor yourself.
I'm aware of the Metamod FAQ entry. The tone in his response makes me think that requiring plugin authors to open their source was not intentional. I recently emailed the Metamod author, asking for further details. I will let this forum know what I hear back.
<!--QuoteEnd--></td></tr></table><span class='postcolor'><!--QuoteEEnd-->
If it was unintentional it would have been very easy to change.
<!--QuoteBegin--verbose+--></span><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>QUOTE</b> (verbose)</td></tr><tr><td id='QUOTE'><!--QuoteEBegin-->
There *are* several valid reasons for not wanting to release source. Sorry SotU, but you come across as a GPL-fanboy a little too often. I like open-source licenses as well (I'm more a modified-BSD license guy myself), but I can understand wanting to keep source closed.
In this specific case, keeping the source closed does way more good than harm. I'll use a very similar case, Voogru's previous bugfix.so/dll as an example. When the "stopcommandermode" exploit was first discovered, very few people knew how to go about "doing" it. Voogru was made aware, and he provided a metamod plugin so that administrators could immunize their servers. By releasing his source, use of the exploit would have likely grown by an order of magnitude, if not more. It took me a considerable amount of time to find out how the exploit was performed, and I consider myself more resourceful that the average exploit-user.
<!--QuoteEnd--></td></tr></table><span class='postcolor'><!--QuoteEEnd-->
But why use metamod? There are alternatives.
<!--QuoteBegin--verbose+--></span><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>QUOTE</b> (verbose)</td></tr><tr><td id='QUOTE'><!--QuoteEBegin-->
Yes, this is a form of "security through obscurity", but let me explain why that's not an issue in this case. "Responsible disclosure" is where a person who discovers (or is made aware) of a software vulnerability first contacts the author, and gives them adequate time to prepare and release a fix, before announcing their findings to the public. This is to make the "window of vulnerability" as small as possible, a courtesy to the system administrators who must update the machines in their care. Trust me, we appreciate it greatly. In the case of "stopcommandermode", Flayra was aware of the problem, but was not ready to release a new server version yet. Voogru provided a convenient way to prevent the exploit until a new version of NS was available. By not releasing the details of the exploit (his source), he did not increase the proliferation of the exploit's use, thus saving many administrators the need to install his plugin, while giving those who had such a need a cure.
<!--QuoteEnd--></td></tr></table><span class='postcolor'><!--QuoteEEnd-->
I think a more convenient way of preventing this would have been a binary patch to the mod. The Metamod overhead is unacceptable to many (and requires effort if it's not installed already)
<!--QuoteBegin--></span><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>QUOTE</b> </td></tr><tr><td id='QUOTE'><!--QuoteEBegin-->
There is little sense in handing a malicious person a weapon. Make him find his own, and you may have bought time to armor yourself.<!--QuoteEnd--></td></tr></table><span class='postcolor'><!--QuoteEEnd-->
It would have been nice to get a list of people who cheat when they get the opportunity though. (cue conspiracy..)
I'm aware of the Metamod FAQ entry. The tone in his response makes me think that requiring plugin authors to open their source was not intentional. I recently emailed the Metamod author, asking for further details. I will let this forum know what I hear back.
<!--QuoteEnd--></td></tr></table><span class='postcolor'><!--QuoteEEnd-->
If it was unintentional it would have been very easy to change.
<!--QuoteEnd--></td></tr></table><span class='postcolor'><!--QuoteEEnd-->
Indeed it is, and I hope Will Day alters his license to exempt plugin authors from disclosing their source. I think that would make many plugin authors very happy, while not changing the game at all for those who prefer to release their source. Let the plugin authors decide.
<!--QuoteBegin--Scum of the Universe+--></span><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>QUOTE</b> (Scum of the Universe)</td></tr><tr><td id='QUOTE'><!--QuoteEBegin-->
But why use metamod? There are alternatives.
<!--QuoteEnd--></td></tr></table><span class='postcolor'><!--QuoteEEnd-->
Sort of. There are other systems such as Adminmod (GPL) and AMX mod (GPL soon, IIRC); nothing that I'm aware of that's equivalent to Metamod. What else allows me to make raw SDK calls besides the HL SDK itself?
<!--QuoteBegin--Scum of the Universe+--></span><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>QUOTE</b> (Scum of the Universe)</td></tr><tr><td id='QUOTE'><!--QuoteEBegin--><!--QuoteBegin--verbose+--></span><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>QUOTE</b> (verbose)</td></tr><tr><td id='QUOTE'><!--QuoteEBegin-->
...In the case of "stopcommandermode"...
<!--QuoteEnd--></td></tr></table><span class='postcolor'><!--QuoteEEnd-->
I think a more convenient way of preventing this would have been a binary patch to the mod. The Metamod overhead is unacceptable to many (and requires effort if it's not installed already)
<!--QuoteEnd--></td></tr></table><span class='postcolor'><!--QuoteEEnd-->
Binary patches are much more difficult than you make them out to be. This is not a run-of-the-mill "No-CD (compact disc) crack" where you change one "if equal to zero jump" to "if not equal to zero jump". Without the source code, I would classify these modifications as extremely difficult. And if you have the source, well, you're Flayra <!--emo&:p--><img src='http://www.unknownworlds.com/forums/html/emoticons/tounge.gif' border='0' style='vertical-align:middle' alt='tounge.gif'><!--endemo-->
Metamod's overhead is tiny. I would love to see examples to the contrary. If someone is too lazy to install Metamod, they're likely too lazy to install any exploit-fighting plugins as well. In addition, Metamod's installation is rather simple compared to AMX Mod and Adminmod.
<!--QuoteBegin--Scum of the Universe+--></span><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>QUOTE</b> (Scum of the Universe)</td></tr><tr><td id='QUOTE'><!--QuoteEBegin--><!--QuoteBegin--verbose+--></span><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>QUOTE</b> (verbose)</td></tr><tr><td id='QUOTE'><!--QuoteEBegin-->
There is little sense in handing a malicious person a weapon. Make him find his own, and you may have bought time to armor yourself.
<!--QuoteEnd--></td></tr></table><span class='postcolor'><!--QuoteEEnd-->
It would have been nice to get a list of people who cheat when they get the opportunity though. (cue conspiracy..)
<!--QuoteEnd--></td></tr></table><span class='postcolor'><!--QuoteEEnd-->
Honeypot? <!--emo&:)--><img src='http://www.unknownworlds.com/forums/html/emoticons/smile.gif' border='0' style='vertical-align:middle' alt='smile.gif'><!--endemo-->
In the case of "stopcommandermode", IIRC the server would crash at map's end (this correct admins, or just rumor?). Not desirable at all. Just as I implement bans based on the reports of other admins on this board, I'd prefer to prevent the lamers from acting, rather than reacting to their antics.
I tested it on a Linux server (same machine it was compiled on) and it seemed to work without any flaws other than the few false positives it does have.
But every time the exploit is tried it gets detected.
BTW, Thank Eternal Bliss for linux compile <!--emo&:)--><img src='http://www.unknownworlds.com/forums/html/emoticons/smile.gif' border='0' style='vertical-align:middle' alt='smile.gif'><!--endemo-->
Since the readme in kinda incomplete, I stuck a updated one here instead of putting a new attachment.
<!--QuoteBegin--></span><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>QUOTE</b> </td></tr><tr><td id='QUOTE'><!--QuoteEBegin-->
Leap Exploit Detection pluging.
by voogru (voogru@voogru.com)
Installation:
For Windows, put the leapdetect_MM.dll in the ns/dlls dir, then in your metamod config file put win32 dlls/leapdetect_MM.dll
For Linux put the leapdetect_MM.so in the ns/dlls dir, then in your metamod config file put linux dlls/leapdetect_MM.so
CVARS
nsa_leapaction Default: 1
This whether to ban or kick a player that has been caught with leap exploit x amount of times (where x is whatever you set nsa_leapwarnings too)
Kick = 1
Ban = 2
nsa_leapwarnings Default: 3
This is the amount of warnings in x seconds before taking action (x is whatever you set nsa_leapexpire to)
nsa_leapbantime Default: 15
This is how many mins to ban if they are caught with the exploit.
nsa_leapexpire Default: 60
Self Explanatory.
Note:
There will sometimes be a false positive, But they are rare (its about a 10% chance of a false positive)
<!--QuoteEnd--></td></tr></table><span class='postcolor'><!--QuoteEEnd-->
It does happen but its rare enough.
we tested it with sv_cheats 1 aswell, and today we didn't get any false positive, just yesterday..
Roo
Should have something tomorrow.
<!--QuoteBegin--Scum of the Universe+--></span><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>QUOTE</b> (Scum of the Universe)</td></tr><tr><td id='QUOTE'><!--QuoteEBegin-->
<!--QuoteBegin--></span><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>QUOTE</b> </td></tr><tr><td id='QUOTE'><!--QuoteEBegin-->
I'm aware of the Metamod FAQ entry. The tone in his response makes me think that requiring plugin authors to open their source was not intentional. I recently emailed the Metamod author, asking for further details. I will let this forum know what I hear back.
<!--QuoteEnd--></td></tr></table><span class='postcolor'><!--QuoteEEnd-->
If it was unintentional it would have been very easy to change.
<!--QuoteEnd--></td></tr></table><span class='postcolor'><!--QuoteEEnd-->
Indeed it is, and I hope Will Day alters his license to exempt plugin authors from disclosing their source. I think that would make many plugin authors very happy, while not changing the game at all for those who prefer to release their source. Let the plugin authors decide.
<!--QuoteEnd--></td></tr></table><span class='postcolor'><!--QuoteEEnd-->
Like it or not he has a right to impose conditions (to a degree) on people using his code. I think the GPL is fair enough.
<!--QuoteBegin--></span><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>QUOTE</b> </td></tr><tr><td id='QUOTE'><!--QuoteEBegin-->
<!--QuoteBegin--Scum of the Universe+--></span><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>QUOTE</b> (Scum of the Universe)</td></tr><tr><td id='QUOTE'><!--QuoteEBegin-->
But why use metamod? There are alternatives.
<!--QuoteEnd--></td></tr></table><span class='postcolor'><!--QuoteEEnd-->
Sort of. There are other systems such as Adminmod (GPL) and AMX mod (GPL soon, IIRC); nothing that I'm aware of that's equivalent to Metamod. What else allows me to make raw SDK calls besides the HL SDK itself?
<!--QuoteEnd--></td></tr></table><span class='postcolor'><!--QuoteEEnd-->
Look at botmans site - his bots don't use metamod, and he has a program for loading multiple bots at the same time.
<!--QuoteBegin--></span><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>QUOTE</b> </td></tr><tr><td id='QUOTE'><!--QuoteEBegin-->
<!--QuoteBegin--Scum of the Universe+--></span><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>QUOTE</b> (Scum of the Universe)</td></tr><tr><td id='QUOTE'><!--QuoteEBegin-->
<!--QuoteBegin--verbose+--></span><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>QUOTE</b> (verbose)</td></tr><tr><td id='QUOTE'><!--QuoteEBegin-->
...In the case of "stopcommandermode"...
<!--QuoteEnd--></td></tr></table><span class='postcolor'><!--QuoteEEnd-->
I think a more convenient way of preventing this would have been a binary patch to the mod. The Metamod overhead is unacceptable to many (and requires effort if it's not installed already)
<!--QuoteEnd--></td></tr></table><span class='postcolor'><!--QuoteEEnd-->
Binary patches are much more difficult than you make them out to be. This is not a run-of-the-mill "No-CD (compact disc) crack" where you change one "if equal to zero jump" to "if not equal to zero jump". Without the source code, I would classify these modifications as extremely difficult. And if you have the source, well, you're Flayra <!--emo&:p--><img src='http://www.unknownworlds.com/forums/html/emoticons/tounge.gif' border='0' style='vertical-align:middle' alt='tounge.gif'><!--endemo-->
<!--QuoteEnd--></td></tr></table><span class='postcolor'><!--QuoteEEnd-->
Of course you'd need the source. Even if it wasn't a patch the download of a new dll/so is still small compared to the entire mod download.
<!--QuoteBegin--></span><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>QUOTE</b> </td></tr><tr><td id='QUOTE'><!--QuoteEBegin-->
Metamod's overhead is tiny. I would love to see examples to the contrary. If someone is too lazy to install Metamod, they're likely too lazy to install any exploit-fighting plugins as well. In addition, Metamod's installation is rather simple compared to AMX Mod and Adminmod.
<!--QuoteEnd--></td></tr></table><span class='postcolor'><!--QuoteEEnd-->
I read that it was about 10% extra overhead without any plugins. I'd be interested to see some real results though. AMX mod and Adminmod require metamod to be installed anyway(of course).
<!--QuoteBegin--Scum of the Universe+--></span><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>QUOTE</b> (Scum of the Universe)</td></tr><tr><td id='QUOTE'><!--QuoteEBegin-->
<!--QuoteBegin--verbose+--></span><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>QUOTE</b> (verbose)</td></tr><tr><td id='QUOTE'><!--QuoteEBegin-->
There is little sense in handing a malicious person a weapon. Make him find his own, and you may have bought time to armor yourself.
<!--QuoteEnd--></td></tr></table><span class='postcolor'><!--QuoteEEnd-->
It would have been nice to get a list of people who cheat when they get the opportunity though. (cue conspiracy..)
Honeypot? <!--emo&:)--><img src='http://www.unknownworlds.com/forums/html/emoticons/smile.gif' border='0' style='vertical-align:middle' alt='smile.gif'><!--endemo-->
In the case of "stopcommandermode", IIRC the server would crash at map's end (this correct admins, or just rumor?). Not desirable at all. Just as I implement bans based on the reports of other admins on this board, I'd prefer to prevent the lamers from acting, rather than reacting to their antics.
<!--QuoteEnd--></td></tr></table><span class='postcolor'><!--QuoteEEnd-->
You've got a point <!--emo&:D--><img src='http://www.unknownworlds.com/forums/html/emoticons/biggrin.gif' border='0' style='vertical-align:middle' alt='biggrin.gif'><!--endemo-->, but you don't have to tell players that exploit x is blocked, IMHO It's worth logging wonids of people trying it on.