Risks of non-default CSM settings in 5.0+
- rheo
- Member
- Posts: 49
- Joined: Fri May 03, 2019 20:40
- GitHub: fluxionary
- IRC: flux fluxflux
- In-game: flux rheo
Risks of non-default CSM settings in 5.0+
Hello,
I'm wondering what the risks are of enabling non-default CSM settings in 5.0. It seems clear to me that LOOKUP_NODES_LIMIT prevents cheaty mods like oredetect from working, but I don't understand why the other functions are disabled by default. In particular, I have a CSM that requires CHAT_MESSAGES in 5.0, and want to understand what the risks of enabling those calls are, before possibly asking server operators do enable that setting.
I'm wondering what the risks are of enabling non-default CSM settings in 5.0. It seems clear to me that LOOKUP_NODES_LIMIT prevents cheaty mods like oredetect from working, but I don't understand why the other functions are disabled by default. In particular, I have a CSM that requires CHAT_MESSAGES in 5.0, and want to understand what the risks of enabling those calls are, before possibly asking server operators do enable that setting.
Last edited by rheo on Sun May 05, 2019 03:47, edited 1 time in total.
- Desour
- Member
- Posts: 1472
- Joined: Thu Jun 19, 2014 19:49
- GitHub: Desour
- IRC: Desour
- In-game: DS
- Location: I'm scared that if this is too exact, I will be unable to use my keyboard.
Re: Risks of non-default CSM settings in 5.0+
- The only flag that is off by default seems to be LOAD_CLIENT_MODS, which means that you can't use any csm if the server owner doesn't make effort to allow it.
- CHAT_MESSAGES allows the client to send chat messages. This includes strings with color escape sequences and strings that are interpreted as chatcommands (eg. "/status") . This can be used to spam the chat with many messages, however you can also spam manually. Some server owners said that they don't like it if their players can send chat messages that appear in color.
- READ_ITEMDEFS and READ_NODEDEFS allow to get the item/node definition of an item/node. This includes description, texture names, sound names, placment param2, node prediction, paramtype1, paramtype2, light level sent by a node, drawtype, groups and on and on. If the server doesn't have anything secret in a node or item def, this doesn't hurt, I think (no guarantees).
- LOOKUP_NODES_LIMIT can indeed make cheating easier, but you already know that. However, this might also be interesting for csms that want to play environmental sounds.
- READ_PLAYERINFO allows to get all player names. This is probably only a problem if the players have secrets about their position and existing among them.
he/him; Codeberg; GitHub; ContentDB; public personal TODO list; "DS" is preferred (but often too short)
- paramat
- Developer
- Posts: 3700
- Joined: Sun Oct 28, 2012 00:05
- GitHub: paramat
- IRC: paramat
- Location: UK
Re: Risks of non-default CSM settings in 5.0+
Yes that's a good and correct summary by DS-minetest.
- rheo
- Member
- Posts: 49
- Joined: Fri May 03, 2019 20:40
- GitHub: fluxionary
- IRC: flux fluxflux
- In-game: flux rheo
Re: Risks of non-default CSM settings in 5.0+
Ah yes, that chat coloring CSM. I'd think it'd be quite easy to restrict that server-side, but I suppose most server owners don't want to have to write/install another mod.
READ_PLAYERINFO could have quite an impact on servers with mods that don't show player names until they're very close to you, like Persistent Kingdoms. You could use it to monitor who's near you.
READ_ITEMDEFS could be used to make a CSM that warns you if your tool is near breaking. You already kind of can, by getting the damage of the held item, but there's no way to know exactly how many uses it has left without the item def, so far as i can tell.
READ_PLAYERINFO could have quite an impact on servers with mods that don't show player names until they're very close to you, like Persistent Kingdoms. You could use it to monitor who's near you.
READ_ITEMDEFS could be used to make a CSM that warns you if your tool is near breaking. You already kind of can, by getting the damage of the held item, but there's no way to know exactly how many uses it has left without the item def, so far as i can tell.
- rheo
- Member
- Posts: 49
- Joined: Fri May 03, 2019 20:40
- GitHub: fluxionary
- IRC: flux fluxflux
- In-game: flux rheo
Re: Risks of non-default CSM settings in 5.0+
Aren’t all this settings useless because the client can just ignore them?
The server can‘t know if a action is done by CSM or by the player.
That’s not the way how anticheat should work.
The server can‘t know if a action is done by CSM or by the player.
That’s not the way how anticheat should work.
- rheo
- Member
- Posts: 49
- Joined: Fri May 03, 2019 20:40
- GitHub: fluxionary
- IRC: flux fluxflux
- In-game: flux rheo
Re: Risks of non-default CSM settings in 5.0+
As I understand it, from reading people argue about this point endlessly, is that these settings are *not* useless primarily in that they raise the bar a bit higher for cheating. Not every player is a developer or able to build their own hacked client. These setting won't eliminate cheating, but they (supposedly) prevent it from becoming more widespread.Lejo wrote:Aren’t all this settings useless because the client can just ignore them?
The server can‘t know if a action is done by CSM or by the player.
That’s not the way how anticheat should work.
Re: Risks of non-default CSM settings in 5.0+
You can always easily make your code more complex to prevent cheaters.rheo wrote:As I understand it, from reading people argue about this point endlessly, is that these settings are *not* useless primarily in that they raise the bar a bit higher for cheating. Not every player is a developer or able to build their own hacked client. These setting won't eliminate cheating, but they (supposedly) prevent it from becoming more widespread.
But the goal of this settings weren’t to make cheaters more work. Than you could just add a setting CSM yes or No and not so complex settings as they are easy to ignore by clients.
- paramat
- Developer
- Posts: 3700
- Joined: Sun Oct 28, 2012 00:05
- GitHub: paramat
- IRC: paramat
- Location: UK
Re: Risks of non-default CSM settings in 5.0+
Very few players know how to create a hacked client, and few players use a hacked client.
Obviously anticheat is only completely effective serverside, but these 'CSM restrictions' are effective for non-hacked clients, so are useful.
Obviously anticheat is only completely effective serverside, but these 'CSM restrictions' are effective for non-hacked clients, so are useful.
Re: Risks of non-default CSM settings in 5.0+
I agree with that.paramat wrote:Very few players know how to create a hacked client, and few players use a hacked client.
Obviously anticheat is only completely effective serverside, but these 'CSM restrictions' are effective for non-hacked clients, so are useful.
But the work would be much more useful invested in creating Serverside Anticheats.
-
- Member
- Posts: 368
- Joined: Tue May 07, 2019 12:59
- GitHub: y5nw
- IRC: y5nw
- In-game: ywang
- Location: Germany
Re: Risks of non-default CSM settings in 5.0+
Yes, creating server-side anticheat is the beast way to fix the problem, but at the moment something is required to (at least) prevent players from cheating at client-side. This is what CSM settingd are for. Also, please take into account that anticheat mods can be a potential lag source especially when many servers already have enough mods to cause some lag. The easiest lag-free way would be having moderators from many different places to make sure that they aren't cheating.Lejo wrote:I agree with that.paramat wrote:Very few players know how to create a hacked client, and few players use a hacked client.
Obviously anticheat is only completely effective serverside, but these 'CSM restrictions' are effective for non-hacked clients, so are useful.
But the work would be much more useful invested in creating Serverside Anticheats.
Re: Risks of non-default CSM settings in 5.0+
You can also block almost all this csm cheats using serversideanticheat.yw05 wrote: Yes, creating server-side anticheat is the beast way to fix the problem, but at the moment something is required to (at least) prevent players from cheating at client-side. This is what CSM settingd are for. Also, please take into account that anticheat mods can be a potential lag source especially when many servers already have enough mods to cause some lag. The easiest lag-free way would be having moderators from many different places to make sure that they aren't cheating.
Bsp: Open chest somewhere: Check Range when modifying the inventory.
Bsp: oredetect: bad that the way to search for nodes have ever been added. But you can also block this if you send the ore only when the player is very near.
About Moderators: Humans are much more less accurate to detect if someone is cheating and engine anticheats doesn’t cause lag very much.
-
- Member
- Posts: 368
- Joined: Tue May 07, 2019 12:59
- GitHub: y5nw
- IRC: y5nw
- In-game: ywang
- Location: Germany
Re: Risks of non-default CSM settings in 5.0+
The problems are also obvious.Lejo wrote: You can also block almost all this csm cheats using serversideanticheat.
Bsp: Open chest somewhere: Check Range when modifying the inventory.
Bsp: oredetect: bad that the way to search for nodes have ever been added. But you can also block this if you send the ore only when the player is very near.
About Moderators: Humans are much more less accurate to detect if someone is cheating and engine anticheats doesn’t cause lag very much.
Bad Internet connection: Once the chest formspec showed up after I have already teleported (using server teleport commands like /spawn instead of /teleport because I have no teleport priv) to somewhere 5000 blocks away - in your case I would have to take a train for 5mins simply to get my items again.
And for sending nodes: those with a higher view range can have larger areas seen, and that wouldn't fix the problem.
Moderators: Yes, humans are less accurate, but here's the thing: you can't expect anyone to walk along the street and walk into someone else's private place simply to open the chest and take items, and you wouldn't expect that guy to only walk into houses with unprotected chests - that's obviously stealing. And for oredetect, you won't expect someone to keep changing the digging route and always finding ores.
Lag: some admins do disable anticheat because of lag, esp. on servers with lower configuration and/or more mods.
Re: Risks of non-default CSM settings in 5.0+
You don’t understand how can-inventory-cheats work:yw05 wrote:The problems are also obvious.
Bad Internet connection: Once the chest formspec showed up after I have already teleported (using server teleport commands like /spawn instead of /teleport because I have no teleport priv) to somewhere 5000 blocks away - in your case I would have to take a train for 5mins simply to get my items again.
With CSM you can everywhere open an inventory(a chest) as long as you have the Metadata of it. Using a simple anticheat you check if the player is near the chest. I think this anticheat has already been added to mt5.0
I agree that’s not easy to fix.And for sending nodes: those with a higher view range can have larger areas seen, and that wouldn't fix the problem.
I don’t have any better idea for an anticheat for this right now.
Moderators are a good Addition to the default anticheat. But Moderators can’t be anywhere. They go there where players fight, ... and not to someone alone in the mine.Moderators: Yes, humans are less accurate, but here's the thing: you can't expect anyone to walk along the street and walk into someone else's private place simply to open the chest and take items, and you wouldn't expect that guy to only walk into houses with unprotected chests - that's obviously stealing. And for oredetect, you won't expect someone to keep changing the digging route and always finding ores.
They are just mad!!!Lag: some admins do disable anticheat because of lag, esp. on servers with lower configuration and/or more mods.
You don’t want to know what’s possible when it’s disabled: You can do everything just like in creative except items cheating + infinity fast + teleportation. Btw. Item cheats are also possible if you have the wrong creative mods.
- Desour
- Member
- Posts: 1472
- Joined: Thu Jun 19, 2014 19:49
- GitHub: Desour
- IRC: Desour
- In-game: DS
- Location: I'm scared that if this is too exact, I will be unable to use my keyboard.
Re: Risks of non-default CSM settings in 5.0+
It's very reasonable to enable disable_anticheat and to not add any other anitcheating mods.Lejo wrote:They are just mad!!!Lag: some admins do disable anticheat because of lag, esp. on servers with lower configuration and/or more mods.
You don’t want to know what’s possible when it’s disabled: You can do everything just like in creative except items cheating + infinity fast + teleportation. Btw. Item cheats are also possible if you have the wrong creative mods.
Anticheat often makes playing experience much worse. And for what? Just because it is possible to cheat doesn't mean that everyone does. Humans are able to socialize. Do you not trust your players? Well, then maybe you have bad players. This might be caused by the missing wattles that need to be overwhelmed to join the server. For example any unsocial small child can be given a phone nowadays and this child can simply use the public server list to join a server and doesn't even have to ask for interact.
The server controls item movement, ergo the player can't take anything out of an inventory that he shouldn't be able to really access (with that I mean the right to take and put something). It's the responsibility of server owners not to install bad mods and to check installed mod (or have it checked by someone with enough experience). Having enormous anticheat measures to compensate bad modding is nonsense.
I could write much to the other statements, but I don't want to repeat what's already said and ergo waste my time. Most of the fears are irrational.
he/him; Codeberg; GitHub; ContentDB; public personal TODO list; "DS" is preferred (but often too short)
Re: Risks of non-default CSM settings in 5.0+
I mainly agree. Just a few things I disagree:DS-minetest wrote:It's very reasonable to enable disable_anticheat and to not add any other anitcheating mods.
Anticheat often makes playing experience much worse. And for what? Just because it is possible to cheat doesn't mean that everyone does. Humans are able to socialize. Do you not trust your players? Well, then maybe you have bad players. This might be caused by the missing wattles that need to be overwhelmed to join the server. For example any unsocial small child can be given a phone nowadays and this child can simply use the public server list to join a server and doesn't even have to ask for interact.
The server controls item movement, ergo the player can't take anything out of an inventory that he shouldn't be able to really access (with that I mean the right to take and put something). It's the responsibility of server owners not to install bad mods and to check installed mod (or have it checked by someone with enough experience). Having enormous anticheat measures to compensate bad modding is nonsense.
I could write much to the other statements, but I don't want to repeat what's already said and ergo waste my time. Most of the fears are irrational.
No anticheating mods:
It’s true that they sometimes lower the game quality but I for example have two: One noclip it has 0 false detections. And one fly it’s mostly working, only in some special cases(jumping diagonal with speed and jump potion down a hill) it’s wrong. But I keep it because it’s better to have it then not to have it and yes there are sadly fly hackers.
No direct interact:
Then you have a private server just because a player joins you are not online so he leaves again. Sadly I have no better way to check them.
-
- Member
- Posts: 368
- Joined: Tue May 07, 2019 12:59
- GitHub: y5nw
- IRC: y5nw
- In-game: ywang
- Location: Germany
Re: Risks of non-default CSM settings in 5.0+
Ok, so suppose that the server I play on has that anticheat and I'm having some lag (and we know that servers don't distinguish between clients and CSM), then the chest formspec showed up after I teleported 5000 blocks away from the chest (that did happen once) - do I have access to it, according to you?Lejo wrote: You don’t understand how can-inventory-cheats work:
With CSM you can everywhere open an inventory(a chest) as long as you have the Metadata of it. Using a simple anticheat you check if the player is near the chest. I think this anticheat has already been added to mt5.0
I know what can happen without anticheat, but there's something called "awareness" - people are aware that they aren't supposed to go around. On the server I'm playing on we have moderators almost 7/24 and they (quite often) teleport to other players to make sure that they don't cheat. Those who have been cheating are banned. And for fighting... at least the server I play on has no PvP.Lejo wrote:You don’t want to know what’s possible when it’s disabled: You can do everything just like in creative except items cheating + infinity fast + teleportation. Btw. Item cheats are also possible if you have the wrong creative mods.
Here's the case on the server I'm playing on:Lejo wrote: One noclip it has 0 false detections. And one fly it’s mostly working, only in some special cases(jumping diagonal with speed and jump potion down a hill) it’s wrong. But I keep it because it’s better to have it then not to have it and yes there are sadly fly hackers.
1. Moderators often teleport to players to make sure they aren't doing things against the server rules.
2. Only two people have noclip priv - if moderators teleport to a normal player and end up in solid mass... you know what happens.
3. Only a few moderators and trusted players have fly priv - if they teleport to a new player and find him hanging in midair... again, you know what happens.
Last edited by yw05 on Thu Jun 13, 2019 11:31, edited 4 times in total.
- Desour
- Member
- Posts: 1472
- Joined: Thu Jun 19, 2014 19:49
- GitHub: Desour
- IRC: Desour
- In-game: DS
- Location: I'm scared that if this is too exact, I will be unable to use my keyboard.
Re: Risks of non-default CSM settings in 5.0+
In the past, the only way to find servers was to search in the forum. Many needed you to ask in the forum to have interact. It actually worked very well. Nearly everyone who played there was a good player. And those servers were not private, with this I mean, there was not really a limited access, as everyone could ask for interact.Lejo wrote:No direct interact:
Then you have a private server just because a player joins you are not online so he leaves again. Sadly I have no better way to check them.
Sadly nowadays there are more servers than active players.
he/him; Codeberg; GitHub; ContentDB; public personal TODO list; "DS" is preferred (but often too short)
- Desour
- Member
- Posts: 1472
- Joined: Thu Jun 19, 2014 19:49
- GitHub: Desour
- IRC: Desour
- In-game: DS
- Location: I'm scared that if this is too exact, I will be unable to use my keyboard.
Re: Risks of non-default CSM settings in 5.0+
The client needs the inventory to be loaded in order to interact with it. If you load a meta inventory, move very far away and open the inventory, the inventory won't update properly in your sight as the server doesn't send the inventory. In 5.1 dev there's a new api function to send mapblocks to clients.yw05 wrote:then the chest formspec showed up after I teleported 5000 blocks away from the chest (that did happen once) - do I have access to it, according to you?Lejo wrote: You don’t understand how can-inventory-cheats work:
With CSM you can everywhere open an inventory(a chest) as long as you have the Metadata of it. Using a simple anticheat you check if the player is near the chest. I think this anticheat has already been added to mt5.0
There are mods that want the player to interact with far away inventories.
he/him; Codeberg; GitHub; ContentDB; public personal TODO list; "DS" is preferred (but often too short)
Re: Risks of non-default CSM settings in 5.0+
Great if there are such servers, but the most servers aren’t and it’s not easy to have trusted moderators 24/7.yw05 wrote: I know what can happen without anticheat, but there's something called "awareness" - people are aware that they aren't supposed to go around. On the server I'm playing on we have moderators almost 7/24 and they (quite often) teleport to other players to make sure that they don't cheat. Those who have been cheating are banned. And for fighting... at least the server I play on has no PvP.
Here's the case on the server I'm playing on:
1. Moderators often teleport to players to make sure they aren't doing things against the server rules.
2. Only two people have noclip priv - if moderators teleport to a normal player and end up in solid mass... you know what happens.
3. Only a few moderators and trusted players have fly priv - if they teleport to a new player and find him hanging in midair... again, you know what happens.
So for the most Server owners this is no solution.
The Problem we all play with.DS-minetest wrote:In the past, the only way to find servers was to search in the forum. Many needed you to ask in the forum to have interact. It actually worked very well. Nearly everyone who played there was a good player. And those servers were not private, with this I mean, there was not really a limited access, as everyone could ask for interact.
Sadly nowadays there are more servers than active players.
-
- Member
- Posts: 368
- Joined: Tue May 07, 2019 12:59
- GitHub: y5nw
- IRC: y5nw
- In-game: ywang
- Location: Germany
Re: Risks of non-default CSM settings in 5.0+
Yes, this is what I found on the server Wiki:Lejo wrote:Great if there are such servers, but the most servers aren’t and it’s not easy to have trusted moderators 24/7.yw05 wrote: I know what can happen without anticheat, but there's something called "awareness" - people are aware that they aren't supposed to go around. On the server I'm playing on we have moderators almost 7/24 and they (quite often) teleport to other players to make sure that they don't cheat. Those who have been cheating are banned. And for fighting... at least the server I play on has no PvP.
Here's the case on the server I'm playing on:
1. Moderators often teleport to players to make sure they aren't doing things against the server rules.
2. Only two people have noclip priv - if moderators teleport to a normal player and end up in solid mass... you know what happens.
3. Only a few moderators and trusted players have fly priv - if they teleport to a new player and find him hanging in midair... again, you know what happens.
So for the most Server owners this is no solution.
What you mentioned is the problem: new servers don't have many trusted players, and moderators around the world is basically out of the question. Still, most moderators appear to be in Europe and the US, so there is some time (about 1hr or so) when the server has almost no players online.Moderators are distributed around the world so there is at least one moderator on most of the time.
Also, I would say that trusted players can also help - when they accidentally see weird things happening.
Yes, we need more servers that are well moderated and not those that are almost empty. New servers appear eveeyday, but only a few can last: IhrFussel's, LinuxWorks, Survival X, Pandorabox, Xanadu, CTF, VanessaE's - you can count them.Lejo wrote:The Problem we all play with.DS-minetest wrote:In the past, the only way to find servers was to search in the forum. Many needed you to ask in the forum to have interact. It actually worked very well. Nearly everyone who played there was a good player. And those servers were not private, with this I mean, there was not really a limited access, as everyone could ask for interact.
Sadly nowadays there are more servers than active players.
Re: Risks of non-default CSM settings in 5.0+
On which server do you play? I (were) on one modded server but there the moderators where corrupt...yw05 wrote:[Yes, this is what I found on the server Wiki:What you mentioned is the problem: new servers don't have many trusted players, and moderators around the world is basically out of the question. Still, most moderators appear to be in Europe and the US, so there is some time (about 1hr or so) when the server has almost no players online.Moderators are distributed around the world so there is at least one moderator on most of the time.
Also, I would say that trusted players can also help - when they accidentally see weird things happening.
Another Problem are these fork mobile players. Multicraft and other apps + the missing iOS Minetest App.Yes, we need more servers that are well moderated and not those that are almost empty. New servers appear eveeyday, but only a few can last: IhrFussel's, LinuxWorks, Survival X, Pandorabox, Xanadu, CTF, VanessaE's - you can count them.
-
- Member
- Posts: 368
- Joined: Tue May 07, 2019 12:59
- GitHub: y5nw
- IRC: y5nw
- In-game: ywang
- Location: Germany
Re: Risks of non-default CSM settings in 5.0+
Yes, that's also a problem, but that's less related to CSM - you can also write CSM on Android using a text editor and use CSMs by editing clientmods/mods.conf but that isn't very convenient.Lejo wrote:Another Problem are these fork mobile players. Multicraft and other apps + the missing iOS Minetest App.yw05 wrote:Yes, we need more servers that are well moderated and not those that are almost empty. New servers appear everyday, but only a few can last: IhrFussel's, LinuxWorks, Survival X, Pandorabox, Xanadu, CTF, VanessaE's - you can count them.
Btw, the main problem with the mobile forks is about hacked clients. Some server admins complain that mobile users simply cheat with fly simply by pressing a button (on the hacked client, of course).
Personally I also play with my mobile, but I don't cheat (I use the official client). The result is that I get trusted - I have interlocked 5 train lines (one of them was removed later due to planning) with my friends, and only a few players have interlocking priv.
- paramat
- Developer
- Posts: 3700
- Joined: Sun Oct 28, 2012 00:05
- GitHub: paramat
- IRC: paramat
- Location: UK
Re: Risks of non-default CSM settings in 5.0+
it's not an equal amount of work, and it's not a case of one or the other.Lejo wrote:But the work would be much more useful invested in creating Serverside Anticheats.
Creating effective serverside anticheat is very complex and difficult, and adds a significant load on the server, see the 'serverside movement' PR at Github. It may be a long time before serverside anticheat is implemented.
However, the CSM restrictions were simple and quick to add, add no load on the server, and are effective for the large majority of players without hacked clients. So the work was a very good investment while we also, slowly, work on serverside anticheat.
Re: Risks of non-default CSM settings in 5.0+
It’s just a bit strange:
You have CSM great things are possible and then the server can completely disable CSM.
Why? The server doesn’t care about the most things done by CSM. The settings are much to strict especially by default. Why is the server allowed to disable CSM loading? That’s nothing the server should control. I fully agree with block lookup limits, they are needed. But others are overblocking just because there were some leaks to for example cheat items but as they are all fixed we don’t need a full CSM block.
You have CSM great things are possible and then the server can completely disable CSM.
Why? The server doesn’t care about the most things done by CSM. The settings are much to strict especially by default. Why is the server allowed to disable CSM loading? That’s nothing the server should control. I fully agree with block lookup limits, they are needed. But others are overblocking just because there were some leaks to for example cheat items but as they are all fixed we don’t need a full CSM block.
Who is online
Users browsing this forum: No registered users and 1 guest