Merge pull request #118 from sapphonie/5_4_1

#118

README.md

@@ -60,7 +60,7 @@ Even better, this plugin is set up to be as easy to use and install as possible,
 2) extract the downloaded zip, and copy all the folders inside of it into `/tf/addons/sourcemod/` on your tf2 server. Overwrite any files if prompted.
 3) restart your server
 
-The current list of cvars is listed [here](cvars.md). The defaults should be good for most people, if you want to the plugin to autoban. If not, you can set any "detection" cvar to 0 to never ban, and to -1 to never even log or check in the first place. If you want to edit cvars,
+The current list of cvars and admin commands is listed [here](cvars.md). The defaults should be good for most people, if you want to the plugin to autoban. If not, you can set any "detection" cvar to 0 to never ban, and to -1 to never even log or check in the first place. If you want to edit cvars,
 
 4) wait 30 seconds after doing the above
 5) edit `/tf/cfg/sourcemod/stac.cfg` to your liking

cvars.md

@@ -1,44 +1,208 @@
-- `stac_enabled` - `enable/disable plugin (setting this to 0 immediately unloads stac)`
-
-- `stac_verbose_info` - `[StAC] enable/disable showing verbose info about players' cvars and other similar info in admin console (recommended 0, this is essentially a debug cvar)`
-
-- `stac_max_allowed_turn_secs` - `[StAC] maximum allowed time in seconds a client can use +right/+left inputs before getting kicked. -1 to disable autokicking, 0 instakicks (recommended -1 unless you're using this in a competitive setting that bans such usage)`
-
-- `stac_ban_for_misccheats` - `[StAC] ban clients for non angle based cheats, aka cheat locked cvars, netprops, invalid chat characters, etc. (defaults to 1, will only log otherwise)`
-
-- `stac_optimize_cvars` - `[StAC] optimize cvars related to patching backtracking, patching doubletap, limiting fakelag, patching any possible tele expoits, etc. (defaults to 1)`
-
-- `stac_max_aimsnap_detections` - `[StAC] maximum aimsnap detections before banning a client. -1 to disable this check (saves cpu), 0 to print to admins/stv but never ban (recommended 20 or higher)`
-
-- `stac_max_psilent_detections` - `[StAC] maximum silent aim/norecoil detections before banning a client. -1 to disable this check (saves cpu), 0 to print to admins/stv but never ban (recommended 10 or higher)`
-
-- `stac_max_bhop_detections` - `[StAC] maximum consecutive bhop detections on a client before they get \antibhopped\, where their gravity is set to 8x. if the same client does 2 more consecutive frame perfect bhops on 8x gravity, they are banned. if they fail to bhop, their gravity gets reset to normal. -1 to disable this check (saves cpu), 0 to print to admins/stv but never ban (recommended 10 or higher)`
-
-- `stac_max_fakeang_detections` - `[StAC] maximum fake angle / wrong / OOB angle detections before banning a client. -1 to disable even checking angles (saves cpu), 0 to print to admins/stv but never ban (recommended 10)`
-
-- `stac_max_cmdnum_detections` - `[StAC] maximum "cmdnum spikes" a client can have before getting banned. lmaobox does this with nospread on certain weapons, other cheats utilize it for other stuff, like sequence breaking on nullcore etc. (recommended 20 or higher)`
-
-- `stac_max_tbot_detections` - `[StAC] maximum triggerbot detections before banning a client. this can, has, and will pick up clients using macro software as well as cheaters. This check also will not be run if the wait command is enabled on your server, as wait essentially allows for legal triggerbotting. (defaults 0 - aka, it never bans, only logs. recommended 20+ if you are comfortable permabanning macroing users)`
-
-- `stac_max_spinbot_detections` - `[StAC] maximum spinbot detections before banning a client. (recommended 50 or higher)`
-
-- `stac_min_interp_ms` - `[StAC] minimum interp in milliseconds that a client can have before getting autokicked. set this to -1 to disable having a min interp. (recommended -1, this is essentially a legacy check)`
-
-- `stac_max_interp_ms` - `[StAC] maximum interp (lerp) in milliseconds that a client is allowed to have before getting autokicked. set this to -1 to disable having a max interp (recommended 101)`
-
-- `stac_min_randomcheck_secs` - `[StAC] stac runs cvar/netprop checks for clients at random intervals between this value and stac_max_randomcheck_secs, in seconds. (recommended 60)`
-
-- `stac_max_randomcheck_secs` - `[StAC] stac runs cvar/netprop checks for clients at random intervals between stac_min_randomcheck_secs and this value, in seconds. (recommended 300)`
-
-- `stac_include_demoname_in_banreason` - `[StAC] enable/disable putting the currently recording demo in the SourceBans / gbans ban reason (recommended 1)`
-
-- `stac_log_to_file` - `[StAC] enable/disable logging to file (highly recommended 1)`
-
-- `stac_fixpingmasking_enabled` - `[StAC] enable clamping client cl_cmdrate and cl_updaterate values to values specified by their server side counterparts (sv_mincmdrate, sv_minupdaterate, sv_maxcmdrate, sv_maxupdaterate)? This also allows StAC to detect and even ban cheating clients attempting to "ping reduce".`
-
-- `stac_kick_unauthed_clients` - `[StAC] kick clients unauthorized with steam? This only kicks if steam has been stable and online for at least the past 300 seconds or more. (recommended 1)`
-
-- `stac_silent` - `[StAC] If this cvar is 0 (default), StAC will print detections to admins with sm_ban access and to SourceTV, if extant. If this cvar is 1, it will print only to SourceTV. If this cvar is 2, StAC never print anything in chat to anyone, ever. If this cvar is -1, StAC will print ALL detections to ALL players. (recommended 0)`
-
-- `stac_max_connections_from_ip` - `[StAC] Max connections allowed from the same IP address. Useful for autokicking bots, though StAC should do that with cvar checks anyway. (recommended 5)`
+## Cvars
+
+// [StAC] enable/disable plugin (setting this to 0 immediately unloads stac)
+// (recommended 1)
+// -
+// Default: "1"
+// Minimum: "0.000000"
+// Maximum: "1.000000"
+stac_enabled "1"
+
+// [StAC] enable/disable showing verbose info about players' cvars and other similar info in admin and server console
+// (recommended 0 unless you want spam in console)
+// -
+// Default: "0"
+// Minimum: "0.000000"
+// Maximum: "1.000000"
+stac_verbose_info "0"
+
+// [StAC] ban duration that StAC will use upon banning cheating clients. 0 = permanent.
+// (recommended 0)
+// -
+// Default: "0"
+// Minimum: "0.000000"
+stac_ban_duration "0"
+
+// [StAC] maximum allowed time in seconds before client is autokicked for using turn binds (+right/+left inputs).
+// -1 to disable autokicking, 0 instakicks
+// (recommended -1.0 unless you're using this in a competitive setting)
+// -
+// Default: "-1.000000"
+// Minimum: "-1.000000"
+stac_max_allowed_turn_secs "-1.000000"
+
+// [StAC] ban clients for non usercommand based cheats, aka cheat locked cvars, netprops, invalid names, invalid chat characters, etc.
+// (recommended 1)
+// -
+// Default: "1"
+// Minimum: "0.000000"
+// Maximum: "1.000000"
+stac_ban_for_misccheats "1"
+
+// [StAC] optimize cvars related to patching "server laggers", patching backtracking, mostly patching doubletap, limiting fakelag, patching any possible tele expoits, etc.
+// (recommended 1)
+// -
+// Default: "1"
+// Minimum: "0.000000"
+// Maximum: "1.000000"
+stac_optimize_cvars "1"
+
+// [StAC] maximum aimsnap detections before banning a client.
+// -1 to disable even checking angles (saves cpu), 0 to print to admins/stv but never ban.
+// (recommended 20 or higher)
+// -
+// Default: "20"
+// Minimum: "-1.000000"
+stac_max_aimsnap_detections "20"
+
+// [StAC] maximum silent aim/norecoil detections before banning a client.
+// -1 to disable even checking angles (saves cpu), 0 to print to admins/stv but never ban.
+// (recommended 15 or higher)
+// -
+// Default: "10"
+// Minimum: "-1.000000"
+stac_max_psilent_detections "10"
+
+// [StAC] maximum consecutive bhop detections on a client before they get "antibhopped", aka they get their gravity set to 8x.
+// client will get banned on this value + 2 (meaning they did 2 more perfect bhops on 8x gravity), so for default cvar settings, client will get banned on 12 tick perfect bhops.
+// ctrl + f for "antibhop" in stac.sp for more detailed info.
+// -1 to disable even checking bhops (saves cpu), 0 to print to admins/stv but never ban
+// (recommended 10 or higher)
+// -
+// Default: "10"
+// Minimum: "-1.000000"
+stac_max_bhop_detections "10"
+
+// [StAC] maximum fake angle / wrong / OOB angle detections before banning a client.
+// -1 to disable even checking angles (saves cpu), 0 to print to admins/stv but never ban
+// (recommended 5)
+// -
+// Default: "5"
+// Minimum: "-1.000000"
+stac_max_fakeang_detections "5"
+
+// [StAC] maximum cmdnum spikes a client can have before getting banned.
+// lmaobox does this with nospread on certain weapons, other cheats utilize it for other stuff, like sequence breaking on nullcore.
+// legit users should never ever trigger this!
+// (recommended 20)
+// -
+// Default: "20"
+// Minimum: "-1.000000"
+stac_max_cmdnum_detections "20"
+
+// [StAC] maximum triggerbot detections before banning a client. This can, has, and will pick up clients using macro software as well as run of the mill cheaters.
+// This check also DOES NOT RUN if the wait command is enabled on your server, as wait allows in-game macroing, making this a nonsensical check in that case.
+// defaults 0 - aka, it never bans, only logs.
+// (recommended 20+ if you are comfortable permabanning macroing users)
+// -
+// Default: "0"
+// Minimum: "-1.000000"
+stac_max_tbot_detections "0"
+
+// [StAC] minimum interp (lerp) in milliseconds that a client is allowed to have before getting autokicked. set this to -1 to disable having a min interp
+// (recommended -1.0, but if you want to enable it, feel free. interp values below 15.1515151 ms don't seem to have any noticable effects on anything meaningful)
+// -
+// Default: "-1"
+// Minimum: "-1.000000"
+stac_min_interp_ms "-1"
+
+// [StAC] maximum interp (lerp) in milliseconds that a client is allowed to have before getting autokicked. set this to -1 to disable having a max interp
+// (recommended 101.0)
+// -
+// Default: "101"
+// Minimum: "-1.000000"
+stac_max_interp_ms "101"
+
+// [StAC] check AT LEAST this often in seconds for clients with violating cvar values/netprops
+// (recommended 60)
+// -
+// Default: "60.000000"
+// Minimum: "5.000000"
+stac_min_randomcheck_secs "60.000000"
+
+// [StAC] check AT MOST this often in seconds for clients with violating cvar values/netprops
+// (recommended 300)
+// -
+// Default: "300.000000"
+// Minimum: "15.000000"
+stac_max_randomcheck_secs "300.000000"
+
+// [StAC] enable/disable putting the currently recording demo in the SourceBans / gbans ban reason
+// (recommended 1)
+// -
+// Default: "1"
+// Minimum: "0.000000"
+// Maximum: "1.000000"
+stac_include_demoname_in_banreason "1"
+
+// [StAC] enable/disable logging to file
+// (recommended 1)
+// -
+// Default: "1"
+// Minimum: "0.000000"
+// Maximum: "1.000000"
+stac_log_to_file "1"
+
+// [StAC] enable fixing clients "pingmasking". this also allows StAC to ban cheating clients attempting to reduce their reported ping.
+// (recommended 1)
+// -
+// Default: "1"
+// Minimum: "0.000000"
+// Maximum: "1.000000"
+stac_fixpingmasking_enabled "1"
+
+// [StAC] maximum number of times a client can spam userinfo updates (over the course of 10 seconds) before getting banned.
+// (recommended 10+)
+// -
+// Default: "25"
+// Minimum: "-1.000000"
+stac_max_userinfo_spam_detections "25"
+
+// [StAC] forcibly reconnect clients unauthorized with steam - this protects against cheat clients not setting steamids, at the cost of making your server inaccessible when Steam is down.
+// (recommended 0, only enable this if you have consistent issues with unauthed cheaters!)
+// -
+// Default: "0"
+// Minimum: "0.000000"
+// Maximum: "1.000000"
+stac_kick_unauthed_clients "0"
+
+// [StAC] if this cvar is 0 (default), StAC will print detections to admins with sm_ban access and to SourceTV, if it exists.
+// if this cvar is 1, it will print only to SourceTV.
+// if this cvar is 2, StAC never print anything in chat to anyone, ever.
+// if this cvar is -1, StAC will print ALL detections to ALL players.
+// (recommended 0)
+// -
+// Default: "0"
+// Minimum: "-1.000000"
+// Maximum: "2.000000"
+stac_silent "0"
+
+// [StAC] max connections allowed from the same IP address. useful for autokicking bots, though StAC should do that with cvar checks anyway.
+// (recommended 0, you should really only enable this if you're getting swarmed by bots, and StAC isn't doing much against them, in which case, consider opening a bug report!)
+// -
+// Default: "0"
+// Minimum: "0.000000"
+stac_max_connections_from_ip "0"
+
+// [StAC] allow StAC to work when sv_cheats is 1. WARNING; you might get false positives, and I will not provide support for servers running this cvar!
+// (recommended 0)
+// -
+// Default: "0"
+// Minimum: "0.000000"
+// Maximum: "1.000000"
+stac_work_with_sv_cheats "0"
+
+## Admin commands
+
+"sm_stac_checkall"
+Force check all client convars (ALL CLIENTS) for anticheat stuff
+
+"sm_stac_detections"
+Show all current detections on all connected clients
+
+"sm_stac_getauth"
+Print StAC's cached auth for a client
+
+"sm_stac_livefeed"
+Show live feed (debug info etc) for a client. This gets printed to SourceTV if available.
 

scripting/stac.sp

@@ -27,7 +27,7 @@
 #pragma semicolon 1
 #pragma newdecls required
 
-#define PLUGIN_VERSION  "5.4.0"
+#define PLUGIN_VERSION  "5.4.1"
 
 #define UPDATE_URL      "https://raw.githubusercontent.com/sapphonie/StAC-tf2/master/updatefile.txt"
 
@@ -120,6 +120,8 @@ public void OnPluginStart()
 
     // hook sv_cheats so we can instantly unload if cheats get turned on
     HookConVarChange(FindConVar("sv_cheats"), GenericCvarChanged);
+    // hook host_timescale so we don't ban ppl if it's not default
+    HookConVarChange(FindConVar("host_timescale"), GenericCvarChanged);
     // hook wait command status for tbot
     HookConVarChange(FindConVar("sv_allow_wait_command"), GenericCvarChanged);
     // hook these for pingmasking stuff

scripting/stac/stac_client.sp

@@ -22,7 +22,7 @@ public void OnClientPutInServer(int Cl)
         {
             StacLog("%N joined. Checking cvars", Cl);
         }
-        QueryTimer[Cl] = CreateTimer(60.0, Timer_CheckClientConVars_FirstTime, userid);
+        QueryTimer[Cl] = CreateTimer(30.0, Timer_CheckClientConVars_FirstTime, userid);
 
         CreateTimer(10.0, CheckAuthOn, userid);
 

scripting/stac/stac_cvar_checks.sp

@@ -28,6 +28,8 @@ char miscVars[][] =
     "cl_thirdperson",
     // must be == 0
     "r_portalsopenall",
+    // must be == 1.0
+    "host_timescale",
     // sv_force_transmit_ents ?
     // sv_suppress_viewpunch ?
     // tf_showspeed ?
@@ -107,12 +109,16 @@ public void ConVarCheck(QueryCookie cookie, int Cl, ConVarQueryResult result, co
     // you know what this does and what it should be. 0.
     else if (StrEqual(cvarName, "sv_cheats"))
     {
-        if (StringToInt(cvarValue) != 0)
+        // if we're ignoring sv_cheats being on, obviously don't check this cvar
+        if (!ignore_sv_cheats)
         {
-            oobVarsNotify(userid, cvarName, cvarValue);
-            if (banForMiscCheats)
+            if (StringToInt(cvarValue) != 0)
             {
-                oobVarBan(userid);
+                oobVarsNotify(userid, cvarName, cvarValue);
+                if (banForMiscCheats)
+                {
+                    oobVarBan(userid);
+                }
             }
         }
     }
@@ -247,6 +253,20 @@ public void ConVarCheck(QueryCookie cookie, int Cl, ConVarQueryResult result, co
         }
     }
 
+    // host_timescale (cheat cvar! should NEVER not be 1)
+    // used to bypass VAC: https://github.com/ValveSoftware/Source-1-Games/issues/3911
+    else if (StrEqual(cvarName, "host_timescale"))
+    {
+        if (StringToFloat(cvarValue) != timescale)
+        {
+            oobVarsNotify(userid, cvarName, cvarValue);
+            if (banForMiscCheats)
+            {
+                oobVarBan(userid);
+            }
+        }
+    }
+
     /*
         cheat program only cvars
     */
@@ -375,6 +395,8 @@ Action Timer_CheckClientConVars_FirstTime(Handle timer, int userid)
         hasWaitedForCvarCheck[Cl] = true;
         CreateTimer(0.1, Timer_CheckClientConVars, userid);
     }
+
+    return Plugin_Continue;
 }
 
 // timer for (re)checking ALL cvars and net props and everything else