Author Topic: Server Limitations  (Read 4723 times)

RHS_Chris

  • PGP
  • Posts: 17
Server Limitations
« on: April 27, 2015, 04:24:50 AM »
Hi All,

I'm wanting to pick your brains again.

I am the IT techy in the school and on a lunch time we have digital paintball running.

We have to monitor the game to prevent any bullying/racism/etc,..

Is there any possible way to restrict access to the starting a single player game or other to only join the server.

I have currently tried to remove the from the menu folder and getting paintball to boot up straight into the network menu.

Thanks
Chris


ic3y

  • Committee Member
  • Autococker
  • Posts: 1398
Re: Server Limitations
« Reply #1 on: April 27, 2015, 07:50:41 AM »
Block the single player for playing alone, or that no1 can create a server ?

mRokita

  • Autococker
  • Posts: 598
Re: Server Limitations
« Reply #2 on: April 27, 2015, 08:03:45 AM »
Hi All,

I'm wanting to pick your brains again.

I am the IT techy in the school and on a lunch time we have digital paintball running.

We have to monitor the game to prevent any bullying/racism/etc,..

Is there any possible way to restrict access to the starting a single player game or other to only join the server.

I have currently tried to remove the from the menu folder and getting paintball to boot up straight into the network menu.

Thanks
Chris


simple solution: append "quit" or "killserver" to pball/configs/server.cfg
Good luck!

xrichardx

  • 68 Carbine
  • Posts: 295
Re: Server Limitations
« Reply #3 on: April 27, 2015, 10:07:26 AM »
simple solution: append "quit" or "killserver" to pball/configs/server.cfg
AFAIK the server.cfg is only there for admins to have a basic config file, it will not be executed when clicking on Play -> Start New Game. I just tested it, and i could play locally.

There are different ways to accomplish that. The main question is: What can you force the clients to do? Can you force them to not edit menu files? Can you make them not use custom executables? Booting the game directly into the "join server" menu could be done by starting paintball with the "+menu play_joinserver" parameter. If you can't force everyone to start paintball through a custom file link (which I think you can't), you could also put the content of the "menus/play_joinserver.txt" into the "menus/main.txt". But, people will still be able to use the console in-game, so basically, they can still do whatever they want.

I think to really force everyone, you would have to compile your own version of the game which doesn't accept specific commands that are used to start a game (e.g. "map"). Then, you would have to restrict their permissions to only execute your own paintball executable so they cant bring the original game on a thumbdrive and play it. Thats still a lot of work and will probably make jitspoe crazy due too many modified content detections.

As a third option, you could just watch the network traffic on a central hub and see if there is any UDP traffic from/to computers that are not your servers. If that happens, check whether there is a server running on that PC (send a status packet or something similar) and if it is, just tell your firewall to block all traffic from/top that computer. Tell everyone that they are not allowed to host custom servers and you're done.


SuperMAn

  • Committee Member
  • Autococker
  • Posts: 902
Re: Server Limitations
« Reply #4 on: April 27, 2015, 01:52:46 PM »
Haven't tested any of this but this could be a possible solution if you have a Windows domain.

1.  Use Group Policy to block incoming traffic on port 27910 on all client machines through windows firewall.

This should prevent people from simply joining a friends game since 27910 is the default port.  They could get around this by changing the port the server is running on.  Prevent this with step 2.


2.  Change permissions on the configs folder so that your users aren't able to modify anything except the config.cfg file (i think?).  They will need to be able to modify this to change their in-game settings.


3.  Create a shortcut that will join your server directly and put it on their desktops or in their games folder or w/e.  Shortcut to: paintball2://10.10.10.10:27910  (replace IP with your server IP obviously)

4.  May also be able to delete the menu file associated with creating a new game so they get an error whenever they try.


mRokita

  • Autococker
  • Posts: 598
Re: Server Limitations
« Reply #5 on: April 27, 2015, 01:54:59 PM »
Haven't tested any of this but this could be a possible solution if you have a Windows domain.

1.  Use Group Policy to block incoming traffic on port 27910 on all client machines through windows firewall.

This should prevent people from simply joining a friends game since 27910 is the default port.  They could get around this by changing the port the server is running on.  Prevent this with step 2.


2.  Change permissions on the configs folder so that your users aren't able to modify anything except the config.cfg file (i think?).  They will need to be able to modify this to change their in-game settings.


3.  Create a shortcut that will join your server directly and put it on their desktops or in their games folder or w/e.  Shortcut to: paintball2://10.10.10.10:27910  (replace IP with your server IP obviously)

4.  May also be able to delete the menu file associated with creating a new game so they get an error whenever they try.


Superman!!!!!!!!!!!
Use IRC again =P
Welcome back? =D
(Yup this is offtopic)

On topic:
I think appendig "connect xx.xx.xx.xx:27910" to pball/configs/config.cfg" is better than a shortcut.

xrichardx

  • 68 Carbine
  • Posts: 295
Re: Server Limitations
« Reply #6 on: April 27, 2015, 02:18:20 PM »
Changing the port without being able to edit the config file is no problem, you just have to start paintball with "+set port XYZ". Running a server can be done via the console too. "set deathmatch 1; map XYZ". Basically, as long as they can run the paintball.exe, they can do everything with it. No auto-connect and no auto-go-to-that-menu mechanism will help there. Also, people can just bring their own setups for custom servers on a flashdrive and run a dedicated server from that. Even if you set up all permissions so that noone can do anything, they could still bring some kind of RasPi and use that as a server. IMO the only effective way is searching for suspicious traffic and block that.

#NeverTrustTheClient https://en.wikipedia.org/wiki/Defensive_programming