SA-MP Forums

Go Back   SA-MP Forums > SA-MP > Bug Reports

Reply
 
Thread Tools Display Modes
Old 27/02/2014, 10:43 AM   #1
wups
High-roller
 
wups's Avatar
 
Join Date: Apr 2010
Location: Lithuania
Posts: 1,251
Reputation: 137
Default [urgent] Two people using the same id and even name

I don't know if this is fixed in 0.3z but on my server a hacker can somehow join the server then connect multiple accounts using the same id and even name! that opened countless ways of making money and, well, broke the server.
If this is fixed in 0.3z please let me now ASAP, else, address this issue quickly.
Some logs:
Quote:
[19:00:24] [join] Peter has joined the server (202:IP1)
[19:02:26] [join] Peter has joined the server (208:IP1) // notice there were no leaving messages inbetween. Same name, different ID
[19:03:06] [part] Peter has left the server (208:1) // he left?
[19:03:55] [join] Peter has joined the server (172:IP1) // comes again with the different id(notice that id 202 is still connected)
[19:05:46] [join] Peter has joined the server (37:IP1) // another id
[19:06:46] [join] John has joined the server (37:IP1) // diferent name, same ID and IP
[19:06:50] [part] John has left the server (37:1)
[19:07:10] [join] Peter has joined the server (37:IP1)
// and so on.. there are NO disconnect logs of the initial ids
there were NO name changing logs.
And i found a thread about it after writing this whole thing: http://forum.sa-mp.com/showthread.php?t=474358

P.S. No need to tell me that this can be avoided script-wise. It's a bug and it belongs here and also pretty dangerous.
P.S.S. What name does GetPlayerName return if a hacker changes his name with cheats?
wups is offline   Reply With Quote
Old 27/02/2014, 10:52 AM   #2
Konstantinos
Spam Machine
 
Konstantinos's Avatar
 
Join Date: Dec 2011
Posts: 11,973
Reputation: 1392
Default Re: [urgent] Two people using the same id and even name

It spoofs OnPlayerConnect callback and a solution was given in another thread: http://forum.sa-mp.com/showthread.php?t=479388
__________________
Life is like riding a bicycle. To keep your balance, you must keep moving.

[Tutorial] How to use SQLite
[FilterScript] Tune System
Konstantinos is offline   Reply With Quote
Old 27/02/2014, 10:55 AM   #3
wups
High-roller
 
wups's Avatar
 
Join Date: Apr 2010
Location: Lithuania
Posts: 1,251
Reputation: 137
Default Re: [urgent] Two people using the same id and even name

Quote:
Originally Posted by Konstantinos View Post
It spoofs OnPlayerConnect callback and a solution was given in another thread: http://forum.sa-mp.com/showthread.php?t=479388
Thanks a lot! Still the problem of connecting with different ids persists. As far as I can see in that script it only deals with using the same ids. There still needs to be an anti-namechange hack.
wups is offline   Reply With Quote
Old 27/02/2014, 11:32 AM   #4
Richie©
Banned
 
Join Date: Feb 2012
Location: Norway
Posts: 392
Reputation: 53
Default Re: [urgent] Two people using the same id and even name

Keep track of their legit name after login, i store playername in var and it only changes on legit name changes by the server. Account ID based saving also benefits.
If you do it like that, alot of ways to fuck up stats is eliminated. (Unless they know pw of a players account)
Richie© is offline   Reply With Quote
Old 27/02/2014, 12:34 PM   #5
Pottus
Godfather
 
Pottus's Avatar
 
Join Date: Jun 2012
Posts: 5,191
Reputation: 1241
Default Re: [urgent] Two people using the same id and even name

If I see this happening on my server I will surely make a patch but it has not yet so there isn't much I want to do yet until I can confirm it myself.

@Edit 5 minute patch, make sure this is included before anything else is included in your gamemode that way this patch is first in the chain of hooks and will prevent OnPlayerConnect() from actually being processed!

pawn Code:
#include <YSI\y_iterate>

static Iterator:ConnectIter<MAX_PLAYERS>;
static LoginNames[MAX_PLAYERS][MAX_PLAYER_NAME+1];
static bool:ProcessDisconnect[MAX_PLAYERS] = { true, ...};

public OnPlayerConnect(playerid)
{
    if(Iter_Contains(ConnectIter, playerid))
    {
        // Player was already connected! (Kick, ban, etc)
        return 1;
    }
    else
    {
        Iter_Add(ConnectIter, playerid);
        GetPlayerName(playerid, LoginNames[playerid], MAX_PLAYER_NAME+1);
        foreach(new i : ConnectIter)
        {
            if(i == playerid) continue;
            if(!strcmp(LoginNames[playerid], LoginNames[i]))
            {
                // Player name was already connected! (Kick, ban, etc)
                // No need to do any disconnect code since no connection code was done
                ProcessDisconnect[playerid] = false;
                return 1;
            }
        }
    }
   
    if (funcidx("AntiDL_OnPlayerConnect") != -1) return CallLocalFunction("AntiDL_OnPlayerConnect", "i", playerid);
    return 1;
}

#if defined _ALS_OnPlayerConnect
    #undef OnPlayerConnect
#else
    #define _ALS_OnPlayerConnect
#endif
#define OnPlayerConnect AntiDL_OnPlayerConnect

forward AntiDL_OnPlayerConnect(playerid);

// Remove any iterators
public OnPlayerDisconnect(playerid, reason)
{
    Iter_Remove(ConnectIter, playerid);
    if (funcidx("AntiDL_OnPlayerDisconnect") != -1 && ProcessDisconnect[playerid] == true) return CallLocalFunction("AntiDL_OnPlayerDisconnect", "ii", playerid, reason);
    ProcessDisconnect[playerid] = true;
    return 1;
}

#if defined _ALS_OnPlayerDisconnect
    #undef OnPlayerDisconnect
#else
    #define _ALS_OnPlayerDisconnect
#endif
#define OnPlayerDisconnect AntiDL_OnPlayerDisconnect

forward AntiDL_OnPlayerDisconnect(playerid, reason);

Last edited by Pottus; 01/03/2014 at 02:36 AM.
Pottus is offline   Reply With Quote
Old 27/02/2014, 03:15 PM   #6
wups
High-roller
 
wups's Avatar
 
Join Date: Apr 2010
Location: Lithuania
Posts: 1,251
Reputation: 137
Default Re: [urgent] Two people using the same id and even name

The script is good tho you should make some adjustments and release it in the include section, not many server owners will see it here.
wups is offline   Reply With Quote
Old 27/02/2014, 04:25 PM   #7
Pottus
Godfather
 
Pottus's Avatar
 
Join Date: Jun 2012
Posts: 5,191
Reputation: 1241
Default Re: [urgent] Two people using the same id and even name

Quote:
Originally Posted by wups View Post
The script is good tho you should make some adjustments and release it in the include section, not many server owners will see it here.
I'm sure they will find it here or someone will customize their own it's pretty simple I think most scripters could patch this easily.
Pottus is offline   Reply With Quote
Old 27/02/2014, 11:38 PM   #8
Misiur
High-roller
 
Misiur's Avatar
 
Join Date: Jul 2009
Location: Poland
Posts: 2,531
Reputation: 552
Default Re: [urgent] Two people using the same id and even name

@[uL]Pottus: Hey, the default (y_iterate) Player array works exactly as your ConnectIter, so I'd suggest using it instead.
Misiur is offline   Reply With Quote
Old 01/03/2014, 02:35 AM   #9
Pottus
Godfather
 
Pottus's Avatar
 
Join Date: Jun 2012
Posts: 5,191
Reputation: 1241
Default Re: [urgent] Two people using the same id and even name

Quote:
Originally Posted by Misiur View Post
@[uL]Pottus: Hey, the default (y_iterate) Player array works exactly as your ConnectIter, so I'd suggest using it instead.
Bad idea, we want to do this outside of anything internal and we also want to make sure this is done first so the gamemode will not even get a chance to process callbacks this makes implementation fool proof that will work with any script. The player iterator is not designed to handle this kind of event if you read the code in y_iterate there is absolutely no provisions in place for checking connection spoofing. So it doesn't work exactly the same as y_iterate your suggestion doesn't fit the dynamics of the problem unfortunately.
Pottus is offline   Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Please make it urgent urgent fiter12 Scripting Help 2 26/06/2013 04:04 PM
for all you people who -rep pepper Everything and Nothing 13 05/02/2013 02:53 AM
[HELP] [ URGENT ] NPC Stuck In Sky [ URGENT ] [HELP] Hussain Server Support 3 25/12/2011 11:54 AM
Why some people lost all their things when login and some people not? CTCCoco Help Archive 1 07/07/2011 11:05 AM
People Scaming People's Severs coutanche7 General 19 28/12/2008 05:06 PM


All times are GMT. The time now is 12:01 AM.


Powered by vBulletin® Version 3.8.6
Copyright ©2000 - 2018, Jelsoft Enterprises Ltd.