I was on a teamccuk demo server when a disturbing thing happened: a user called AdminShadow was able to impersonate several other users and got them banned. I'll explain better: at some point, after some other people got banned in the same way, it appeared a message saying "AdminShadow took over from Albieg", and Albieg (it's supposed to be me, I'd say :shrug:) sent a lot of messages and got banned. Obviously it wasn't me sending messages... How come that another user can send messages using my nickname? That should NEVER happen.
I don't know if this is a security flaw of the LFS Server used by Teamccuk or it's LFS, but as a newbie (who paid) I am quite disappointed that similar things can happen, especially when these things apparently aren't related only to stupid human behaviour, but also to some technical possibilities that shouldn't exist. No admin, fake or real, should ever be able to impersonate a user.
This is the second time I see such things. I can cope with some defects in the gameplay, but I can't stand such lack of basic security.
My apologies if this has been already discussed, I searched the forum but maybe I missed the right keywords. I would be grateful to anyone who could point me out to the correct pages or just tell me what really happens when someone "takes over from" your user, and why.

I have no dealings with the cc...something (:D) people but I can give you a hint:

maybe you should report what you saw here: http://www.teamccuk.com/wreck

Or contact the devs if you suspect there was something strange...

I've seen the other thread, but these are not wreckers, technically speaking, and since there must be some obvious flaw somewhere (either in design or implementation) that permits impersonation I consider my post a request for information or for some countermeasures, if known. If it is really a technical problem, someone should address it by not permitting impersonation, but I don't know who's responsible for this.
Regards,
Alberto

But I'm sure the admins at ccuk want to see the mpr of the incident ;)

You have just seen the LFS community "underground". Everywhere you can read how great LFS community is, and it is 95% true, but occasionaly you can meet some fools finding interest in making problems. This is problem of just every community - plz, dont trust people that says rFactor, GPL or anything else has better.... Visit D-R-T servers, for example. Thats where I am usually pushing my XRR to the "limits" and I had really good races there.

It is sad that your first LFS races were like you said. Just let it be, do as Hyperactive adviced, and loo on lfsworld for some other server..

Wish you good racing days,

See ya on the track, Cat:thumb:

You can always be 100% exactly identified with your lfsworld username, so if you have the replay, we press CTRL-Shift, note the username and ban him from all servers.
Ingame, you can change your name, but the actual username will not change. If this is possible, the patch will be delayed for at least a month, because Scawen will have to rewrite major parts of the user management and authorization code.
So if you have a replay, please send it to me, so I can check it and inform the devs if there is a problem. (I will not share it, and maybe you shouldnt post it here either)
If you ask me, that was just an actual admin from the server who was drunk.

And it does make sense that admins can ban other people. They pay for the server, thus they need an ability to remove people if they are not racing clean!

If someone starts to abuse this, we have a problem.

if you wanna some motivation, I saw your PB on Blackwood in FOX.. really not bad - only 30 miles online and 10 secs behind WR, thats probably something that I can do in FOX, but I have driven 100times longer distance than you:)(and A LOT OF practising offline)

I'm not talking about the community because I'm not bashing the community. I like the way this forum is managed, and I like the tone. I've read a lot of stuff before even thinking about posting, and I like LFS. I don't care about all those This VS That fights. I read them and I am quite able to distinguish religious attitude from critical attitude. I'm quite good at that, certainly more than I'm good at driving or racing. I'm pointing out, for the third time, that I'd like to have technical explanations about this issue because it's not only due to people behaving in an unethical and annoying manner, but it's also due to some software that permits things that are, in my views, simply unconceivable. As for the mpr, I got banned before I could save. Brain and finger where both slow.

Good point, ORION. Next time I see such fools playing around in some server I will save a replay. Today, I can't. I'm banned on that demo server. There's no big problem about that, except for me not having a replay to state my case.
(and btw I agree with your point of view. If someone managed to hack his way through the netcode to do something like that I'd postpone everything to rush a patch to fix the problem).

(Actually it was a voteban because people thought I was spamming. The admin must be able to ban, and that's something I know, understand and approve, but no impersonation should ever be possible. Never.)

You have two 'names'. The actual login name which is the name you log in as which is a unique name to you chosen when you bought the product. This cannot be mimmicked.

You also have a display name, this is not unique, it is the name that appears above your car and you can change it to anything you like.

Most of us race with the same name day in and day out and never change it... (I once felt like a change, and changed the colour of my text...).

However it is possible to change your display name on a whim, and that is what the other person appears to have done. When he got banned it would be his login name that gets put on the banned list - thus preventing him from logging in.

You can display login names at any time by pressing shift-control I think. Also they are shown when logging in.

I would preffer a system where your race display name gets bound to your login account with a seperate 'team' prefix, and requires LFS staff approval for a name change (in the case of the other recent thread from "Janet" for instance).

He didnt use the exactly same name as you, thats impossible. He probably wrote a big "i" instead of the "l" in your name.

But that can only happen in demo servers; in S2 servers, you can always see the LFSW-names by pressing Shift+Control. Why do you even drive demo, when you are S2 licenced? :shrug:

If you're having problems, you betcha we wanna hear at TeamCCUK. If you're new to LFS, I dare say you probably don't have an MPR (Multiplayer Replay).

If you got banned, it must have been this morning. I accidentally left vote banning on when we restarted our server in the night.

Our servers certainly seems to be making the headlines recently :(

FYI we also have a Beginners server, which is an excellent place to find your feet on LFS S2. We let a lot slide on there, and we don't do anything drastic like kicking or banning unless racers are determined to cause problems. It's a good place to get familiar with the cars and tracks without the risk of trashing more experienced racers.

In lieu of an MPR, unless anyone reading this was there and can send, I've unbanned you from the server. Please accept my apologies and come back ASAP!

But that can only happen in demo servers; in S2 servers, you can always see the LFSW-names by pressing Shift+Control. Why do you even drive demo, when you are S2 licenced? :shrug:

Because I'm crap and I want to get better, but there's nothing more that I could learn from the AI. Demo servers are a better choice because as a newbie I feel better between a lot of newbies. I like staying behind and watching the crashes at T1, but at the moment I am still unwilling to participate in one, or, worse yet, generate it.

SamH, that's very kind. The apologies were not needed, I cannot accept them because I don't think teamccuk is at fault. I appreciate very much your feedback and the unban, and thank you for that.

If you ask me, that was just an actual admin from the server who was drunk.

Actually, I'm teetotal :thumb:

The other admins don't wake up til stupid'o'clock, so it can't have been them.

I just re-read the original post. It was on one of our demo servers. I'm not absolutely sure whether unbanning on S2 will have the desired effect on demo. However, I am more than familiar with shadow. He's a loser from the iDi monger clan and has had more IPs than I've had baked beans. Leave Demo behind and you'll never have to deal with him again :)

Demo servers are a better choice because as a newbie I feel better between a lot of newbies.

There are also "newbies" in S2 servers. And there are also many T1 crashes, although they normally dont happen, because a wrecker doesnt brake for T1 like in demo. ;)

If you are only "slow", but can drive clean, I would recommend you driving on S2 servers. :)

There are also "newbies" in S2 servers. And there are also many T1 crashes, although they normally dont happen, because a wrecker doesnt brake for T1 like in demo. ;)

If you are only "slow", but can drive clean, I would recommend you driving on S2 servers. :)

I agree. I may not be the fastest driver, but it's better playing S2 with civilised folks than racing on demo servers with a bunch o' monkeys. :razz:

I like to go on the beginner server sometimes, but it's pretty silly as most the time people just use FO8s and spin off every other corner. :worried:

Sorry to say this, but as I dislike This VS That quarrels, I'm also quite unwilling to hop on the S2 Racers VS Demo Monkeys bandwagon. I've met a lot of nice Demo Racers and I don't want to bash them all because the free entry lets some childish users in. I like to spectate also some S2 servers, and sometimes - cars and tracks aside - I couldn't tell the difference. I guess starting this thread was an error because most answers tend to conform to the "human idiocy" point of view while I am interested in technical explanations, but I failed to document clearly what happened to me this afternoon. My mistake, so accept my apologies. Let me point out, for the n-th time, that I just wanted to know if this was a known behaviour (or problem) without having to enter in details such as driving skills, if R-Factor is better or worse or that S2 racers are so coooool and lots of Demo players are monkeys. This has nothing to do, imho, with the fact that some user "took over from" me or, like a text string in LFS.exe says, "%s^8 took over from %s"... What does that mean? Still no idea. Thank you for your answers, anyway.

Edited for some more info: I guess that there is a part of code in LFS that permits drivers to "take over" a car from another driver for endurance racing with multiple drivers per car. The sequence of some strings in LFS.exe suggest that. The strings are:

You can only change drivers when a pit stop is finished
3g_oswapend
%s^8 wants to take over
3g_xwantsto
%s^8 wants you to take over
3g_xwantuto
%s^8 took over from %s
3g_xtakovrx
%s^8 renamed to %s

The question is: is there a way for admins or non-admins to exploit this? For me, the answer is YES. Such a shame I don't have a replay. The next questions are up to the people who are willing to investigate a potential security issue.

I did my best :/

...most answers tend to conform to the "human idiocy" point of view while I am interested in technical explanations...

...S2 racers are so coooool and lots of Demo players are monkeys. This has nothing to do, imho, with the fact that some user "took over from" me or, like a text string in LFS.exe says, "%s^8 took over from %s"...

If you would have read my answer, you would have read, that he didnt use the exactly same name as you, but probably wrote a big "i" instead of your "l". It says the message with "taking over", because the impersonater made a new driver profile and selected it. Thats the technical explanation, you wanted.

And it has something to do with that, because this is only possible in demo. In S2, you can always see the LFSW-names, which dont change. And IMO, the monkey rate in demo IS much higher than in S2. ;)

Now that's a more complete answer. I'll think again about that later. Thank you.
And about monkeys, I never cross the limits of humanity when talking about some other human beings. Language helps me to respect other people, and anatomy too.

In previous versions of LFS, if you went into options and changed your display name from Bill to Ted, a message would pop up saying "Bill changed his name to Ted" or similiar.

For some reason, since the driver swapping feature was introduced, this was changed so the message says "Ted took over from Bill". I guess it was felt it would be more immersive or something, I dont know.

But in this case, its probably just that the driver changed their name to something visibly the same as other users. I'm not discounting the possibility that there is a wierd admin hack out there, but in this case it doesnt seem all that likely.

I understand this, but since I had absolutely no idea of what "took over from" meant in this case, it sounded really obscure. I guess that the old name change string was a lot clearer in this context and could lead to less abuses.
Regards,
Albie

Skipped most of the thread, just looking at your lfsw stats i'm sorry you got such a rubbish start in s2. :(

I know about the impersonation problems from demo servers, but i've never seen in it s2.

Edit: okay so it was on a demo server. :)

Because I'm crap and I want to get better, but there's nothing more that I could learn from the AI. Demo servers are a better choice because as a newbie I feel better between a lot of newbies.


Well, there is allot of newbies in S2 to:tilt:

As for the mpr, I got banned before I could save. Brain and finger where both slow.
Damn :/
You can always rename the temp.mpr in the mpr folder...
anyways, you should enable mpr autosave

And it has something to do with that, because this is only possible in demo. In S2, you can always see the LFSW-names, which dont change. And IMO, the monkey rate in demo IS much higher than in S2. ;)



True, but I've experienced this once in S2 on AS Nat. This guy changes his nick to the same as one other guy on the server and starts wrecking.

A wonder that he wasn't kicked.

... Your racing on a demo server even tho you have an S2 licance? They have the warning, you can find stupid drivers, and just plain stupid people on the demo servers. It's not like some one could take your S2 user name and get you banned from an S2 server.

My start was not rubbish at all... as I stated before I like LFS, I like the community and generally I have no problems at all with idiots spoiling the fun. I had a question and I had some answers: zeugnimod's answer is satisfactory for my needs. Thinking about that all again, it was a case of childish social engineering applied to Live for Speed. Due to an obscure message and to my lack of knowledge of some features of LFS (e.g. driver swapping in Demo Servers) I was unable to understand it. Becky Rose said she did her best. I appreciate her answer and her effort (no, I'm not trying to pull a girl racer). In the same way, I appreciate all of the answers because they helped me to have a full understanding of what was going on. So thanks to everyone, because I would have liked to have an answer and I had it very quickly.

After reading some of the above, this is not an admin hack or anything like that.

On the Demo Servers, drivers can change there name to what ever they feel like at the time, hense being yours. Now when S1 demo and S2 demo was out we ( me included ) had this problem, especially with demo servers as the CTRL+SHIFT doesn't work on Demo Servers.

I am afriad, its one of those idiotic things you get on Demo servers :shrug:

But it is no server hack, admin flaw or anything like that

After reading some of the above, this is not an admin hack or anything like that.

On the Demo Servers, drivers can change there name to what ever they feel like at the time, hense being yours. Now when S1 demo and S2 demo was out we ( me included ) had this problem, especially with demo servers as the CTRL+SHIFT doesn't work on Demo Servers.

I am afriad, its one of those idiotic things you get on Demo servers :shrug:

But it is no server hack, admin flaw or anything like thatyeo, one of my friends called himself "CSimpok" and made me beleive id beaten the wr holder!

Just to explain the different messages:

Bill renamed to Ted = Player changed the nick in his current player profile from Bill to Ted

Ted took over from Bill = Player switched between two player profiles

Wreckers usually just make a new player profile with your nick, so they can quickly cycle through them, and that's what happened to you. Since I enjoy the XFG/BLGP combo, I'm racing on demo servers most of the time and have seen people do this a lot. As much as I love this game, allowing different players to have the same nick is simply retarded.

it appeared a message saying "AdminShadow took over from Albieg", and Albieg (it's supposed to be me, I'd say :shrug:)

Doesn't sound like a simple name change to me. Were you in the pits when AdminShadow 'took over' from you?

He's a loser from the iDi monger clan and has had more IPs than I've had baked beans. Leave Demo behind and you'll never have to deal with him again :)Ban the whole subnet. I know its harsh, and its a pain, since you have to manually enter all the IP's, but its better than nothing.

Personally, I'm still in favour of a global ban list network.

Doesn't sound like a simple name change to me. Were you in the pits when AdminShadow 'took over' from you?

i think it's nothing like that. he just changed his profile while being online. iirc the 'took over'-message will appear then too.

edit: oh, bal00 already said that.

I agree, this is not an admin hack at all, but a Demo Server shouldn't allow two players with the same nickname. If it really is this way (and not a slightly different name as zeugnimod suggested) this problem should be addressed to prevent at least a form of abuse that spoils the fun from the Demo. I liked LFS so I bought it even before entering some Demo racing, but I wonder if I would have ever bought it if something like that happened in my first online races. I always believed a demo is made to show the product, not to make potential customers stay away from it. There's no real need for multiple profiles in a demo. The answer could be simple as that. That wouldn't help prevent all kind of childish behaviour in demo servers, but at least would give less weapons to abusers.

Mate. Start using the S2 servers. We where all beginners once and we all generally recognise a good noob and a pain in the arse Noob, so come up to the Valhalla of S2 and start racing proper like . . .

When is Victor gonna post?

When he has a useful and informative comment that adds to this discussion thread in a positive manner. Just like your post. ;)

I agree, this is not an admin hack at all, but a Demo Server shouldn't allow two players with the same nickname. If it really is this way (and not a slightly different name as zeugnimod suggested) this problem should be addressed to prevent at least a form of abuse that spoils the fun from the Demo...

Im 100% sure, that its not possible to have 2 players with the exact same nick on one server, on S2 AND demo. You can try it yourself; if you want to change your nick to the nick of someone already on the server and use the exact same letters and symbols, it says "driver already on server" or sth like that.

You have to look really close at the nicks, there are always little differences. Only the big "I" and small "l" look exactly the same on the screen and this is exploited by demo wreckers. :(

I tried that too a few minutes ago. Names have to differ.