Time Nick Message 03:06 paramat hmmmm i made some progress in tracking down the bug in fractal mapgen, by using printfs, see conclusion at end of https://gist.github.com/paramat/1abc35738301624e97a9 04:26 paramat #3236 back later 04:26 ShadowBot https://github.com/minetest/minetest/issues/3236 -- Mapgen: Use mapgen-specific names for constants in headers by paramat 12:03 TenPlus1 hi folks 12:04 VanessaE hello 12:04 TenPlus1 VanessaE, how do you handle minetest clones connecting to your servers ? 12:05 VanessaE I just let them connect and play normally. 12:05 VanessaE I got tired of trying to "shoo" them awayu 12:05 VanessaE -u 12:06 TenPlus1 the newer clones have cheats build-in that allow players to subvert owned doors/chests/protection 12:06 VanessaE I wasn't aware of that. 12:06 VanessaE well I have anti-cheat turned on in my servers 12:06 VanessaE but that doesn't help much 12:07 TenPlus1 just got a few emails from players warning me about it, some players going around emptying chests and getting into places they shouldnt 12:07 VanessaE it should be impossible to empty out a locked, not-owned-by-you chest 12:07 TenPlus1 was hoping for a global string that tells you that you are playing on "minetest" or "freeminer" or "whatever" so I can disconnect before they join 12:07 VanessaE I'd think the server would stop that. 12:07 sfan5 ^ it would 12:08 TenPlus1 sadly no, it's happened to Xanadu's maze doors and chests, all empty by a new player 12:11 TenPlus1 Mine Clone II is one of the offending apps with built-in cheats 12:15 TenPlus1 and just reported that Multicraft 2 has cheats built in also 12:31 est31 TenPlus1, the chests cheat only works because you allow it 12:31 est31 I warned you months ago about it 12:31 est31 and there is no speedup 12:31 est31 (no real one) 12:32 TenPlus1 est: I dont use those 12:32 TenPlus1 since you told me about them 12:33 TenPlus1 multicraft2 is allowing players to subvert server checking, owner privs and even protection privs 12:33 est31 https://forum.minetest.net/viewtopic.php?p=184826#p184826 12:33 est31 Im talking about that 12:33 TenPlus1 and apart from strict_protocol_version_checking limiting everyone not on server version, there's no way to check game actually running... 12:34 TenPlus1 exactly est, since you posted I havent used it anymore 12:34 est31 nice :) 12:34 TenPlus1 but it's not just chests, they are getting passed doors too 12:34 est31 yeah, that can't really be prevented right now. 12:36 est31 (doors) 12:36 TenPlus1 any way of making a global string on startup that checks game directory and lets us check against it 12:36 est31 Chests should not be possible to be emptied, even with a cheating client 12:37 TenPlus1 e.g. minetest runs so "minetest", freeminer runs so "freeminer"... this may help since they cant legally call game directory SAME name 12:37 TenPlus1 well i dunno how but they did it here, also they have creative/give capabilities 12:38 est31 do they? 12:38 TenPlus1 yeah, have been giving stacks of items to othe rplayers including nyan rainbows... no way in hell they would even come close to finding a stack at all 12:39 sfan5 <TenPlus1> e.g. minetest runs so "minetest", freeminer runs so "freeminer"... this may help since they cant legally call game directory SAME name 12:39 est31 If we introduce such a "fork-identifier" for "multicraft", "minetest", "freeminer" etc, it wont be because of cheaters 12:39 sfan5 there was a PR that made the client send its ident string in the connect packet 12:39 est31 that wouldnt be legal 12:39 sfan5 but it wasn't merged 12:39 est31 legal use case i mean 12:39 est31 bc clients can just fake it 12:40 sfan5 you can however modify the server to force the client to fetch something from remote media and then capture the ident string sent as http user-agent 12:40 TenPlus1 they could, yes... but running a game called "multicraft 2" and having a "minetest" identifier would be suspect on it's own 12:40 sfan5 you can't sue them because they send the "wrong" bytes over the network 12:41 TenPlus1 true... it's just sad that players can get onto a server and cause havoc with protection and ownership etc 12:41 est31 first of all, I'd check that they don't have server privs or so 12:41 est31 so that they really use a hacked client 12:42 est31 then I would try to find out how they get things like these privs 12:42 sfan5 ^ 12:42 est31 or capabilities, to give it a more neutral way 12:42 VanessaE check for creative priv also. 12:42 est31 and as a last step, prevent them :) 12:42 VanessaE (if you use Unified Inventory) 12:43 est31 s/way/term/ 12:43 TenPlus1 they definitely used a hacked client, only 2 admin on server and that's myself and shinji, I checked their privs then quickly remvoked them for using hacked client 12:43 TenPlus1 we use inventory++ (text edition) and zcg for recipe's... no creative enabled 12:44 TenPlus1 not even for admin 12:44 est31 TenPlus1, so you gave shinji admin privs, then removed them again? 12:44 TenPlus1 no no, shinji is the owner of the server... 12:44 TenPlus1 I'm the only admin 12:44 est31 I see 12:45 TenPlus1 the players who used hacked clients had their privs checked "interact shout money" then had them revoked 12:47 est31 well, you can use some tricks in order to get nyan cats comparatively fast 12:48 TenPlus1 really ? whole stacks ? 12:48 est31 if you mine them for an hour, yes 12:49 est31 that method really depends on how long they had access to the server with the hacked client 12:49 TenPlus1 the client string sounds like a good idea though, I could check that on connect and kick anyone not using minetest 12:50 est31 it wont keep cheaters out 12:51 TenPlus1 not 100%, but it sure helps server owners check who's coming online 12:52 est31 I'm generally for such a string identifier, but it won't help against cheaters 12:53 est31 the only thing you can do with a hacked client is finding out what is inside locked chests. but you can't take out items 12:54 TenPlus1 there's a mod in the forum that lets you edit the owner string , if that was somehow built into the new client/clone then it's possible 12:54 est31 that mod needs server access 12:55 TenPlus1 yes, the mod does, but the code could be changed and added so anyone can use it as a cheat 12:55 est31 no 12:55 est31 the protocol simply doesn't allow for it 12:56 celeron55 the only way to disallow a modified client from avoiding the rules is to make the server check the rules 12:56 est31 ^ 12:56 celeron55 there's no other way 12:56 est31 full agree 12:57 celeron55 the thing that sucks is that it's much easier to disable checks on the client than to add checks on the server 12:59 est31 adding a proper "no noclip" prevention mechanism on the server is hard 12:59 TenPlus1 nope, sorry, I disagree, I just ran a test server and changed the owner of a locked chest using a normal player with "interact shout" privs only 12:59 TenPlus1 it was easy 13:00 est31 TenPlus1, can you try to do it on my server? 13:00 est31 connect to it, and change the owner 13:00 est31 digitalaudioconcepts.com port 30020 13:00 TenPlus1 what I mean is, if the clone game uses the same mod code that allows to CHANGE owner status of a chest or door then it'll let you access almost anything 13:01 TenPlus1 all you need is that 1 tool, if you had that mod installed then yes it would be easy... if I ran a minetest clone with that mod installed then YES it would be easy 13:01 est31 well, in singleplayer 13:01 * VanessaE tail -f's the log 13:01 VanessaE I gotta see this. 13:02 TenPlus1 no, I was running server... 2 users... 1 admin (who made and placed chest) and 1 normal user to managed to change owner string 13:02 TenPlus1 look in forums for "ownerhack" mod 13:02 est31 if you run a mod TenPlus1 that gives every player who joins server privs, then of course it is easy to steal from chests. 13:02 est31 its not the engine's fault at this point 13:02 TenPlus1 it didnt need server privs to work est31... 13:03 est31 yeah, of course 13:03 TenPlus1 I changed that part of the code so it only needed interact privs for the tool to work 13:03 est31 but it is not our fault if you install a mod like that 13:03 est31 on the server 13:03 est31 the moment you install it, you basically enable everybody to do it 13:04 VanessaE TenPlus1: please, do sign onto the server he pointed you to, and try it. 13:04 TenPlus1 http://pastebin.com/sVZa5c5V 13:04 TenPlus1 *sigh* est31, I do not have that mod on server 13:04 TenPlus1 I'm giving you an example of how easy it could be to change the owner of a chest 13:05 TenPlus1 by using a minetest clone RUNNING that mod 13:05 est31 well it is totally easy, once you have that mod 13:05 est31 but you need SERVER ACCESS 13:05 TenPlus1 to install the mod, yes 13:05 TenPlus1 but to use a clone with that mod included, no 13:06 TenPlus1 I apologise if I'm not making myself clear. 13:06 est31 they can install that mod on the client, its very well possible 13:07 est31 but even if they do, it doesnt affect connections from the server. 13:07 TenPlus1 - I could make a minetest clone called "noobcraft" and have that mod already included as a secret tool that players can craft to change any chest/door in any server they access 13:07 est31 ermm no? 13:08 est31 that tool would only be client side 13:09 TenPlus1 then how do these clones allow access to chests/locked doors etc ? or to give ultimate stacks of items ? 13:09 TenPlus1 if it's client side only 13:09 est31 that's the big question 13:10 TenPlus1 and this was my solution to a problem, nothing more 13:11 TenPlus1 if the client-side minetest-clone can somehow run and use tools like this build into the client's game then all it needs is an area of map to be loaded to access information and possibly change it 13:11 est31 it can access the information, but it can't change it 13:12 TenPlus1 player inventory and health is server side ? 13:12 est31 yes 13:12 VanessaE as are chests. 13:12 est31 yup 13:12 TenPlus1 and yet he gave himself stacks of nyancat and rainbows and diamonds and crystal blocks 13:13 TenPlus1 a noob of 2 days 13:13 VanessaE now, while I think TenPlus1 is seriously overracting to some of this, in his defense, I HAVE heard of a client-side tool that'll let you somehow get stacks of stuff 13:13 VanessaE overreacting* 13:13 est31 TenPlus1, does it note in the log "invoked /give stackstring=nyan:rainbow"? 13:14 TenPlus1 nope, nothing like that was ever logged 13:14 TenPlus1 not for that player, and he certainly wasnt given it by myself 13:15 est31 do you have the log where all player's dig events are recorded? 13:15 est31 you know the server log 13:15 TenPlus1 yes 13:15 est31 for the last 2 days 13:15 TenPlus1 everything is output to terminal 13:15 est31 (the time that player was online) 13:15 TenPlus1 dig/place/punch/attack etc 13:15 est31 yup 13:15 VanessaE TenPlus1: can't you get your hands on one of these clients and try it on est31's server? 13:15 TenPlus1 I dont have an android phone to use it on 13:16 TenPlus1 sorry 13:16 VanessaE https://www.genymotion.com/ 13:17 VanessaE (costs money though) 13:17 VanessaE hm, free for NC use. 13:20 TenPlus1 http://platinumcheats.com/multicraft-ii-hack-tool/ 13:20 TenPlus1 that's the tool that the player was reported using on server 13:21 VanessaE the textures look like minecraft... 13:22 TenPlus1 http://appgamecheats.com/multicraft-ii-free-miner-cheats-tips-review/ look under heading "Multicraft II cheats & tips" 13:22 TenPlus1 speed mining was seen also, 13:22 TenPlus1 digging right through 4 locked doors at speed to glitch through 13:23 TenPlus1 I don't wanna sound like a paranoid gaming nazi, but I do want to bring these points to the devs attention 13:24 TenPlus1 players enjoy Minetest and make some amazing worlds on them, then having an idiot noob on a hacked client come along and take the fun out of things 13:24 sfan5 VanessaE: the android sdk includes an android emulator 13:24 VanessaE ohh 13:42 TenPlus1 bye folks... 14:22 nrzkt est31: we could add a 1sec timer check to find if a player is inside a non possible non 14:22 nrzkt it's simple to look at the current node where is the player and see if it's a solid node or node 15:50 est31 ShadowNinja, there is lots of very trivial stuff like removig "stuff" from header comments in defaultsettings.cpp 15:50 est31 that can be separated 15:50 est31 then you have the non trivial changes separate from those where its more than just comment adjustment, variable renaming or whitespace changes 15:51 est31 eg you edit one file only because to rename a variable 15:51 est31 that are things that can be made separate 15:53 T4im what tenplus described earlier.. perhaps session hijacking or spoofing? sending network packets as someone else (like an admin or perhaps as singleplayer)? 16:17 est31 that doesnt work 16:17 est31 we check the identity 16:17 est31 by ip 16:27 est31 T4im, https://github.com/minetest/minetest/blob/master/src/network/connection.cpp#L2195 16:29 eugd #3199 should be good 16:29 ShadowBot https://github.com/minetest/minetest/issues/3199 -- split map_generation_limit into x/y/z components by EUGD 17:02 T4im ah, thanks est31 17:22 nrzkt Vanessae ? 17:22 nrzkt VanessaE* ? 17:39 nrzkt VannessaE: #3238 should be interesting for you :). est31 can you review ? :) 17:39 ShadowBot https://github.com/minetest/minetest/issues/3238 -- Fix players removed by object limit per node by nerzhul 17:55 est31 nrzkt, your code doesn't change behaviour: just look here: https://github.com/minetest/minetest/blob/8d03301138c0e82728d61b957ea47a5a4061633a/src/content_sao.cpp#L830-L833 17:55 est31 and here https://github.com/minetest/minetest/blob/fixplayersao_removal_mapnode_full/src/environment.cpp#L1501 17:56 est31 sorry here https://github.com/minetest/minetest/blob/fixplayersao_removal_mapnode_full/src/environment.cpp#L1830 17:56 est31 unfortunately it isnt that simple... 17:56 est31 perhaps it is :) 17:57 est31 but the fix is no fix 18:00 nrzkt est31: i noticed my wife playerSAO object was deleted from world exactly by this message 18:01 nrzkt but yes you are right static is not allowed 18:01 nrzkt but the object was deleted there from meory :s 18:01 nrzkt maybe be sure by adding the check could be good to prevent this 18:01 nrzkt i will test it on my server because it happens 1 or twice a week to my wife 18:02 est31 test it, best you put a log message there 18:03 est31 e.g. if (block->m_static_objects.m_stored.size() >= g_settings->getU16("max_objects_per_block") && obj->getType() == ACTIVEOBJECT_TYPE_PLAYER ) "OH NO, reached unreachable code!!"; 18:03 est31 note the == 18:06 est31 but I dont think it should be added to minetest 18:09 est31 nrzkt, how do you know it has deleted your wife? 18:09 nrzkt it's simple 18:10 nrzkt ingame my wife could not do anything, the server runs properly, player is connected but SAO didn't react 18:10 nrzkt and disappears 18:10 nrzkt if you set another player in the place where she is 18:20 est31 no log message that confirmed that the SAO was your wife? 18:20 est31 i mean the id 18:21 est31 perhaps it would make sense to track the player's id 18:21 est31 when they log in 18:37 nrzkt i see a id but don't resolve it 22:52 paramat i made some progress chasing the fractal mapgen bug, here's the issue #3239 fixing this makes fractal mapgen usable 22:52 ShadowBot https://github.com/minetest/minetest/issues/3239 -- Error when reading float mapgen parameters from map_meta.txt (fractal mapgen bug) 22:52 paramat ^ hmmmm