Jump to content

Getting banned on every silent server


Sky

Recommended Posts

Hello , I'm Sky and I'm from TWC clan, admin in TWC No Download.

I've been playing some silent from time to time a but I never really got much into that mod since I'm more a jaymod player.

But few weeks/months ago I decided to try silent again by visiting sky-e server, my visit abrubtly ended with a nice 365days autoban ... 

 

Now I posted a topic about it on sky-e forum and they didn't really believe my story : https://esport.rocks/forum/index.php?f=18&t=813&rb_v=viewtopic 

Few days ago I got the same problem when joining DRI server, I could play one map but as soon as the map changed I'd get autobanned, and today when I tried to join a few other silent servers the ban was instant.

 

I'm a 100% clean player, never cheated on public servers (I tried out cheats in my private server a few times) but some people are starting to question my playstyle so I'd like to be cleared out & understand why the AC keeps banning me , hope you can help me out , thanks ! 

Edited by Sky
Link to comment
Share on other sites

Sorry for double post but since I can't edit my post anymore : I just deleted and reinstalled ET (clean install just my cfg and etkey) and got same problem in another random server, I have no idea what's going on lol 

Edited by Sky
Link to comment
Share on other sites

Hello,

 

I am one of the owners of the TWC clan, which Sky is a member of. I have no doubt that he is getting falsely banned and tried to find out more about the problem. Here's what we did so far:

  • used TeamViewer to control his computer
  • set up a Silent mod server, all default settings
  • ran the game and got banned on map change
  • tried two different custom ET installers (one of which was downloaded from this forum)
  • no custom pk3 files, our unmodified server was the only one these installations were connected to
  • disabled anti-virus
  • killed all userland processes except for TeamViewer, ET and a few processes from Windows itself

We removed the ban between all of these tests respectively (some of the bullet points being several tests on their own). Surprisingly, when running ET Legacy we were able to connect to the server and get into the game perfectly fine. While we cannot currently identify the problem, we can definitely reproduce it 100%.

 

Unfortunately, the server wouldn't show anything more than a message like "banned for technical evidence of cheats". I assume there is no way to find out what that evidence is for security reasons? If that is the case, I'd like to know what we can do to help you identify the problem so that it can be fixed eventually.

 

While we don't run a Silent mod server for our clan we'd like to help solving this issue to protect the reputation of our member(s).

 

Thanks in advance,

Ligustah

Link to comment
Share on other sites

Just curious as it wasn't mentioned, unless i skimmed over it. What version did the server / client have.

 

And if its 0.9.0 are you sure you upgraded both server and client correctly. (As in using correct qagame/cgame and not mistakenly using the binary from the old version)

Also if 0.9.0 does it work on 0.8.x fine? (Trying to isolate which version is affected.)

Link to comment
Share on other sites

I set up the server just for this test. I downloaded the most recent version from this site, which I assume was 0.9.0 (can tell for sure later, currently using my phone).

 

Not sure if Sky is available today, but we can definitely try to see if older versions are affected as well.

Link to comment
Share on other sites

  • Management

I already pm'd him few days back to connect to my server so I can see the ban. Yes, there is a way to get detection classification code from the info sent by the client. If you want to make comparisons, you need to use 0.8.1, because it has most detections enabled from old versions.

 

http://www.wolffiles.de/index.php?filebase&cat=1&scat=14&p=2

Link to comment
Share on other sites

  • Management

You got multiple detections for hacking the engine (ET.exe) in memory (not possible to identify the actual cheat or program). I don't think it is false (as in bug) as these are also very old detections and have never given false detections in the past. It doesn't come from for example proxying the client dll. As you told in your unban thread at sky-e, you have installed multiple cheats in the past, so maybe one of those is not cleanly uninstalled. You should do a process dump of ET.exe using task manager to see if there is anything recognizable and weird loaded to the process, after you get the ban on your test server of course.

Link to comment
Share on other sites

We tried 0.8.1 and it didn't trigger a ban. We also go a list of all DLLs loaded into the ET process, and there weren't any that seemed suspicious to me (i.e. unsigned).

 

Interestingly, whatever software is causing this is apparently triggered by the filename, which is also why ET Legacy worked. When we renamed the stock ET binary it worked fine as well. So we also checked two programs (mouse, gpu) that allow creation of process specific profiles, but neither seemed to be the cause.

 

I'm now trying to compare memory dumps trying to find the parts that are being modified, though I probably haven't worked enough with this kind of low-level stuff to find something useful. If you have any other tips on how to track down this I'd very much appreciate it.

Link to comment
Share on other sites

  • Management

Sounds like there could be something that is installed as a service and is keeping track of the executable. You should check everything that can be found from the services tab of task manager (location may vary depending of your Windows version).

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...