1. SA-MP Forums Archive
  2. SA-MP Scripting and Plugins
  3. Scripting Help

Threaded Mode
Player banned himself?
karemmahmed22
Big Clucker
***
Posts: 183
Threads: 35
Joined: Jun 2015
Reputation: 0
#1

04.09.2015, 12:39
Ok, i made a scratch gamemode, i'm sure NONE can use the ban command only admins, also NONE can be admin WITHOUT rcon admin /setlevel id level him.
So its impossible to happen srsly, i found this in my ban log
Код:
>> player(ID:0) banned player(ID:3): ban
While NOTHING in the script can ban him like that, heres my ban function

PHP код:
forward BanExMsg(playerid,reason[],adminid);
public BanExMsg(playerid,reason[],adminid)
{
    new
        pName[MAX_PLAYER_NAME],
        aName[MAX_PLAYER_NAME],
        tmpstr[125];
    GetPlayerName(playerid,pName,sizeof(pName));
    if(adminid != INVALID_PLAYER_ID && IsPlayerConnected(adminid)) GetPlayerName(playerid,aName,sizeof(aName));
    else if(adminid == 1111aName "IRC";
    else aName "System";
    
    format(tmpstr,sizeof(tmpstr),">> %s has been banned, reason: %s",pName,reason);
    SendClientMessageToAll(COLOR_ORANGE,tmpstr);
    format(tmpstr,sizeof(tmpstr),">> %s(ID:%d) banned %s(ID:%d): %s",aName,adminid,pName,playerid,reason);
    SendMessageToAdmins(tmpstr);
    LogBan(tmpstr);
    tmpstr "";
    format(tmpstr,sizeof(tmpstr),"Reason: %s",reason);
    SendClientMessage(playerid,COLOR_YELLOW,">> You have been banned. Please write the reason below ...");
    SendClientMessage(playerid,COLOR_ORANGE,tmpstr);
    SendClientMessage(playerid,COLOR_YELLOW,">> If you feel you have been WRONGFULLY banned, please appeal in");
    PlayerInfo[playerid][pBanned] = 1;
    SetTimerEx("BanMsg",100,0,"ds",playerid,reason);
    return 1;

May i know how that happend? D: its impossible in my script, maybe a hack?
EDIT: Heres my whole ban logs, lol
Код:
>> System(ID:65535) kicked Elmagek_mo2men(ID:0): INVALID LOGIN
>> System(ID:65535) kicked Elmagek_mo2men(ID:0): LOGIN FAILED
>> TOOMY(ID:0) banned TOOMY(ID:2): ban
>> player(ID:0) banned player(ID:3): ban
>> Vinicinhow(ID:0) banned Vinicinhow(ID:4): ban
>> Miku(ID:0) banned Miku(ID:5): ban
>> Infee(ID:0) banned Infee(ID:0): GTFO << i was testing if the ban works, so its me after i used /ban command 
>> System(ID:65535) kicked Infee(ID:0): LOGIN FAILED
Find
Reply
Freezo
Big Clucker
***
Posts: 60
Threads: 0
Joined: Sep 2015
Reputation: 0
#2

04.09.2015, 12:43
GetPlayerName(playerid,pName,sizeof(pName));
GetPlayerName(playerid,aName,sizeof(aName));

You are getting the same player, take a look at the playerid, the 2 need to be replaced by the target.
Find
Reply
karemmahmed22
Big Clucker
***
Posts: 183
Threads: 35
Joined: Jun 2015
Reputation: 0
#3

04.09.2015, 12:46
Oh ty, so how comes, ID 0 banned those guys, While even id0 wasn't an admin, lemme check logs thanks for this i was scripting while sleepy :X
EDIT:Omg
Код:
[21:43:13] [join] Toni_Bash has joined the server (0:141.136.15.117)
Seems like a hacker :S
Lemme check his INI file damn
EDIT Again:
Код:
Admin = 3
LOL wtf, how? is it possible? i think someone stolen my rcon password wtf.
Код:
[21:54:53] [part] Toni_Bash has left the server (0:1)
lol srsly, this hacker banned like 5-6 players in 11 mins n left srsly how? its IMPOSSIBLE to set level without being an rcon admin, is that possible, someone hacked my rcon??
Find
Reply
karemmahmed22
Big Clucker
***
Posts: 183
Threads: 35
Joined: Jun 2015
Reputation: 0
#4

04.09.2015, 12:54
Help -.-"
Find
Reply
Vince
Spam Machine
*****
Posts: 10,066
Threads: 38
Joined: Sep 2007
Reputation: 0
#5

04.09.2015, 12:57
Your ban function does no permission checking whatsoever. The problem must be higher up in the command itself.
Find
Reply
Freezo
Big Clucker
***
Posts: 60
Threads: 0
Joined: Sep 2015
Reputation: 0
#6

04.09.2015, 12:57
You are missing the check for access to ban.
Find
Reply
Alex Magaсa
High-roller
*****
Posts: 2,137
Threads: 37
Joined: Oct 2012
Reputation: 0
#7

04.09.2015, 12:59
Quote:
Originally Posted by karemmahmed22
Посмотреть сообщение
Oh ty, so how comes, ID 0 banned those guys, While even id0 wasn't an admin, lemme check logs thanks for this i was scripting while sleepy :X
EDIT:Omg
Код:
[21:43:13] [join] Toni_Bash has joined the server (0:141.136.15.117)
Seems like a hacker :S
Lemme check his INI file damn
EDIT Again:
Код:
Admin = 3
LOL wtf, how? is it possible? i think someone stolen my rcon password wtf.
Код:
[21:54:53] [part] Toni_Bash has left the server (0:1)
lol srsly, this hacker banned like 5-6 players in 11 mins n left srsly how? its IMPOSSIBLE to set level without being an rcon admin, is that possible, someone hacked my rcon??
Try to change rcon password to a bigger pass with @&3$:7(:&@@_? characters
And test /setlevel with a new acc.
Find
Reply
karemmahmed22
Big Clucker
***
Posts: 183
Threads: 35
Joined: Jun 2015
Reputation: 0
#8

04.09.2015, 13:00
PHP код:
dcmd_ban(playeridparams[])
{
    new
        id,
        reason[64];
    if (sscanf(params"us"idreason)) return SendClientMessage(playerid0xFF0000AA"[USAGE] ban <playerid/partname> <reason>");
    else if (id == INVALID_PLAYER_ID) return SendClientMessage(playerid0xFF0000AA"[ERROR]Player not found");
    else if (GetAdminLevel(playerid) < GetAdminLevel(id)) return SendClientMessage(playerid,0xFF0000AA,"[ERROR] You cannot use this command in this admin.");
    else
    {
        BanExMsg(id,reason,playerid);
    }
    return 1;

PHP код:
if(GetAdminLevel(playerid) == LEVEL_MANAGEMENT || IsPlayerAdmin(playerid)) //Management commands
    {
    dcmd(setlevel,8,cmdtext);
    } 
PHP код:
stock GetAdminLevel(playerid
{
return PlayerInfo[playerid][pAdmin];

LOL impossible. If he hacked my current rcon, so he can hack the other, also in my server console NO RCON LOGIN ATTEMPTS -.-"
PHP код:
    if(GetAdminLevel(playerid) >= LEVEL_ADMIN || IsPlayerAdmin(playerid)) // Admin Commands
    {
    dcmd(ban,3,cmdtext);
    dcmd(vr,2,cmdtext);
    dcmd(spectate,8,cmdtext);
    dcmd(spectateoff,11,cmdtext);
    dcmd(freeze,6,cmdtext);
    dcmd(unfreeze,8,cmdtext);
    dcmd(spawn,5,cmdtext);
    dcmd(spec,4,cmdtext);
    dcmd(specoff,6,cmdtext);
    dcmd(sethp,5,cmdtext);
    dcmd(goto,4,cmdtext);
    dcmd(get,4,cmdtext);
    dcmd(unban,5,cmdtext);
    
    } 
Find
Reply
karemmahmed22
Big Clucker
***
Posts: 183
Threads: 35
Joined: Jun 2015
Reputation: 0
#9

04.09.2015, 13:09
I'm sure 100%, He didn't even logged in rcon, Also his account started while his admin level is 0, is it possible to bypass the IsPlayerAdmin(playerid); check?
I think this hacked done that idk how n why n what but he done that -.-"
EDIT: Heres me logging in rcon >>
PHP код:
[15:09:03RCON (In-Game): Player #0 (Infee) has logged in. 
I searched for this line in the logs, since he logged on - off, i didn't found it, so any help? he just banned 6 players n used some fake kills hack, when the server went empty, he left
Код:
[21:52:17] [kill] vlad killed Toni_Bash Golf Club
[21:52:17] [kill] vlad killed Toni_Bash Golf Club
[21:52:18] [chat] [TOOMY]: wat
[21:52:18] *** IRC_OnUserSay (Bot ID 1): User BotGTL (3DBot@ip-9925c375.ultra-h.com) sent message to #gtl.echo: 04***  killed Toni_Bash. (Golf Club)
[21:52:22] [kill] vlad killed Toni_Bash Golf Club
[21:52:22] [kill] vlad killed Toni_Bash Golf Club
[21:52:22] *** IRC_OnUserSay (Bot ID 1): User BotGTL (3DBot@ip-9925c375.ultra-h.com) sent message to #gtl.echo: 04***  killed Toni_Bash. (Golf Club)
[21:52:23] [kill] vlad killed Toni_Bash Golf Club
[21:52:23] [kill] vlad killed Toni_Bash Golf Club
[21:52:24] *** IRC_OnUserSay (Bot ID 1): User BotGTL (3DBot@ip-9925c375.ultra-h.com) sent message to #gtl.echo: 04***  killed Toni_Bash. (Golf Club)
[21:52:25] [kill] vlad killed Toni_Bash Golf Club
[21:52:25] [kill] vlad killed Toni_Bash Golf Club
[21:52:25] *** IRC_OnUserSay (Bot ID 1): User BotGTL (3DBot@ip-9925c375.ultra-h.com) sent message to #gtl.echo: 04***  killed Toni_Bash. (Golf Club)
[21:52:30] [kill] player killed Toni_Bash Golf Club
[21:52:30] [kill] player killed Toni_Bash Golf Club
[21:52:30] *** IRC_OnUserSay (Bot ID 1): User BotGTL (3DBot@ip-9925c375.ultra-h.com) sent message to #gtl.echo: 04*** player killed Toni_Bash. (Golf Club)
[21:52:31] [kill] player killed Toni_Bash Golf Club
[21:52:31] [kill] player killed Toni_Bash Golf Club
[21:52:32] *** IRC_OnUserSay (Bot ID 1): User BotGTL (3DBot@ip-9925c375.ultra-h.com) sent message to #gtl.echo: 04*** player killed Toni_Bash. (Golf Club)
[21:52:32] [kill] player killed Toni_Bash Golf Club
[21:52:32] [kill] player killed Toni_Bash Golf Club
Find
Reply
jlalt
Banned
Posts: 1,266
Threads: 6
Joined: Oct 2014
#10

04.09.2015, 13:11
Quote:
Originally Posted by karemmahmed22
Посмотреть сообщение
I'm sure 100%, He didn't even logged in rcon, Also his account started while his admin level is 0, is it possible to bypass the IsPlayerAdmin(playerid); check?
I think this hacked done that idk how n why n what but he done that -.-"
read your gamemode well, maybe there are hidden commands were added
Find
Reply
« Next Oldest | Next Newest »


Forum Jump:


Users browsing this thread: 1 Guest(s)
  1. SA-MP Forums Archive
  2. SA-MP Scripting and Plugins
  3. Scripting Help