This is a discussion on Server Files Information within the KO4life Private Server Area forums, part of the Private Servers category; Originally Posted by tompsu
There are memory editors that are pretty easy to use, but there have been servers with ...
From memory, Reallizt posted a guide so that people can implement it themselves.
We had same thing on our server, but we never enabled "Auto Disconnect" feature. The reason is, if we enable it, people try to login with cheats. As soon as they get disconnect, they do something different and try again until they can find a bug to bypass logging. My vote would be "enabling this addition", but keeping "Auto Disconnect/Ban" feature off; as well as putting this to "Volunteer/Dedicated Panel" on website. Detail: The few truthful members the admins choose, will be able to enter "Volunteer Panel" on website. They will be able to see the cheater logs. (just the character name, hacking attempt count and dates) If they want, they will be able to ban these users by clicking on their names. To prevent abuses (unlikely to happen, but more security doesn't hurt) the database will log the "Vounteer ID, The banned character, and date." It will be shown on "Admin Control Panel" on website, so the Admins and Game Masters can control if there are any mistakes. We had this system on our server and it worked pretty well. Low level random cheaters won't be a problem, because your community will know that they will be banned in few minutes. (They didn't even bother reporting the cheaters to be honest.) To be more and more secure, Aujard/Login Server logs (forgot which one contains it) can save Cheater's IP, controls if they "ever logged in with different account" and reports it to admins. It is good against the players who "koxps/macroes on his secondary accounts."
Back on KO Crusade I made use of the feature, and (only after a series of checks to eliminate any potential false detections) had them disconnected & banned. The fact that they're logged (and I was a freak on logging; so just about everything useful was logged) meant that I could now and then go over and check to see if there was any new accounts from people playing on IPs with banned accounts - and even easily, if they'd attempt to bypass the checks.
They'd re-register, but most didn't make too much of an effort to try cheating again. After a while, I implemented a couple of rules to lock out IP addresses after, if I recall, something similar to the 3-strike rule. A few cyber cafe owners had to PM me about it being a cyber cafe [which I double-checked first] that I had banned, after which I'd remove the ban and lift the restriction (by marking it as a cyber cafe - they had a slightly higher offense limit, but I'd never unban them the second time ).
All in all, it worked pretty effectively. That's without even having anthing in the way of an anti-cheat. Sure, times change, people get more cluey, but blah - that is no reason to cut back on the restrictions. All you get is cheaters who are allowed to cheat for longer. :P
Honestly, reporting cheaters on the main site is going to do be able to tip them off much easier, if you're including (like everybody who does it) the reported findings. There's *no* reason to give them that. Perhaps put a name to the detection, but there is NO reason to tell them what you found - as I said, it's a MUCH bigger tip than just having their character disconnected - at least I'm not telling you what I was looking for.
Just curious why would you tell the hackers how you plan to stop them?
Locks on the db could solve the injection some program have. Or have the db only accept injections from known user, GM's etc. Make all items have new id's, so programmers from the outside can't make programs for injecting items, since they dont know the right id's