server icon indicating copy to clipboard operation
server copied to clipboard

Published 20 hours ago verified publisher icon FAForever

Kick players spoofing their name or rating

Open micheljung opened this issue 7 years ago • 7 comments

People spoofing their rating is a well-known problem. The best solution would be if not the player tells his peers what his rating is, but the peers would know from the server. Unfortunately, we don't seem to be able to send custom messages into the game yet (but there's a hack in place that should allow us to do so at least in lobby mode).

As an alternative, temporary solution, peers could tell the server what rating a player has reported to them. The server can then verify the claim against the actual rating and, on mismatch, removes the spoofing player from the game or even better, kickbans the player automatically for a few minutes.

While we can't force the game to be closed or tell the host of the game to kick the spoofing player (and it may even be the host itself who spoofs), removing the player from the game prevents him from receiving commands from the server, thus making it very difficult to impossible to participate in the game.

A unwanted side effect could be that everones game launches but not the spoofer's. This is unfortunate, but should happen very rarely and still kills the motiviation to spoof in the first place.

What needs to be done

  1. Add a new command like verify_rating to lobbyconnection
  2. Verify the claim against reality. Account for rounding errors
  3. Kick/Ban players on mismatch

micheljung avatar Oct 19 '17 08:10 micheljung

Unfortunately, we don't seem to be able to send custom messages into the game yet

Correct.

(but there's a hack in place that should allow us to do so at least in lobby mode).

That hack isn't working.

As an alternative, temporary solution, peers could tell the server what rating a player has reported to them

That requires the same facilities.

Here is the list of Messages we can send into the game and potentially interpret:

Connected
CreateLobby
HasSupcom
HasForgedAlliance
HostGame
JoinGame
ConnectToPeer
DisconnectFromPeer
SendNatPacket
EjectPlayer

CreateLobby is the one that currently has a "hack" implemented in lobby.lua, however as I said, it doesn't work because the game will only accept a single CreateLobby message (the one for actually creating the lobby).

This needs to be solved first.

duk3luk3 avatar Oct 19 '17 09:10 duk3luk3

Did GPG remove the io-functionality from lua? Maybe the faf client could create files on demand (following a defined pattern) and the game reads them (either at defined states or continuously).

Brutus5000 avatar Oct 20 '17 06:10 Brutus5000

I am pretty sure we have zero access to file io once in-game. (the init script does have some file access, but that doesn't help us here.)

duk3luk3 avatar Oct 20 '17 07:10 duk3luk3

How does "peers could tell the server" require the same facilities as "we can't send custom messages into the game"? We can send any kind of message to the server, so there's nothing keeping us from doing what I described.

I like the file-based idea @Brutus5000. If we are able to read/write any mounted file, this could actually solve our problem.

micheljung avatar Oct 20 '17 15:10 micheljung

Yeah, the client can write data to a lua file somewhere and then it's possible to use it in lobby/game with:

dirty_module('file.lua') -- to be able to re-read the file
local data = import('file.lua`)

I guess one would need to poll the file for changes, not sure /EnableDiskWatch is a good idea in a running game. With that switch, lua-files are reloaded when changed (executing whatever code they contain).

Crotalus avatar Nov 16 '17 18:11 Crotalus

Is spoofing still a thing ? I havent seen a problem with rating in lobbys as far as i remember.

KaukaHan avatar Nov 11 '21 11:11 KaukaHan

It's possible, but you can get banned for it.

Askaholic avatar Nov 13 '21 20:11 Askaholic