Jump to content

How to protect admins from GUID spoofing


gaoesa

Recommended Posts

  • Management

I'm writing this post to bring attention since the documentation is not well written around the subject.

 

Since GUIDs are not trustable at all. Not PB GUIDs or silEnT GUIDs. We included admin level protection system into the 0.5.0 version of the mod. This system effectively limits all benefits from GUID spoofing into gaining XP of the spoofed players. Even private messages are not possible without proper authentication with the server.

 

The system uses 2 cvars:

 

g_adminProtection : bitmask

1 Log succesfull authentications to the cheat log

2 Log admin spoofing attempts to the cheat log

4 Report admins waiting for confirmation on their level to the admin chat

 

g_protectMinLevel : integer

The minimum level of the protected admins.

 

To use the system, set the g_adminProtection to 7. This will enable all logging so you can see who authenticates to what level and if the authentication is succesfull or not. Set the g_protectMinLevel to the lowest level you want to protect. Don't set this to too low because it causes little overhead and also the credentials need to be given using online commands on the server.

 

When the silEnT notices there is an admin connecting to the server who has protected admin level but no credentials, it will report this admin to the admin chat. When this happens, the admin needs to be confirmed with !confirm command by someone who is able to identify the player identity. This only needs to done once for each admin. In the following connections, the silEnT is able to handle the authentications silently itself.

 

From now on, if someone spoofs the GUID of an admin, he will face the authentication procedure. The silEnT will inform into the admin chat that the player has lost his authentication and !setlevel is required. Do not do the !setlevel unless you know this one is genuinly the correct admin. Also, the !confirm command cannot be used anymore for the reason that the !confirm command can be given to less high admins without risks. If the player spoofing the GUID attempts to spoof the credentials, again the admin chat and cheat log is reported with the spoof attempt.

 

Important thing to know is that the !confirm command and !setlevel commands do not give credentials during the warmup period. Also, authentication does not operate during warmup but player needs to wait until the end of warmup before he gains access to his admin level. If you do !confrim or !setlevel during the warmup and the player is later on reported to not have yet been confirmed, just do the !confirm again.

 

I hope this information helps and brings some light to the subject. Feel free to ask questions in this thread and I we will answer those.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...