The online racing simulator
Impersonation and LFS server hacking
I was on a teamccuk demo server when a disturbing thing happened: a user called AdminShadow was able to impersonate several other users and got them banned. I'll explain better: at some point, after some other people got banned in the same way, it appeared a message saying "AdminShadow took over from Albieg", and Albieg (it's supposed to be me, I'd say :shrug sent a lot of messages and got banned. Obviously it wasn't me sending messages... How come that another user can send messages using my nickname? That should NEVER happen.
I don't know if this is a security flaw of the LFS Server used by Teamccuk or it's LFS, but as a newbie (who paid) I am quite disappointed that similar things can happen, especially when these things apparently aren't related only to stupid human behaviour, but also to some technical possibilities that shouldn't exist. No admin, fake or real, should ever be able to impersonate a user.
This is the second time I see such things. I can cope with some defects in the gameplay, but I can't stand such lack of basic security.
My apologies if this has been already discussed, I searched the forum but maybe I missed the right keywords. I would be grateful to anyone who could point me out to the correct pages or just tell me what really happens when someone "takes over from" your user, and why.
I have no dealings with the cc...something () people but I can give you a hint:

maybe you should report what you saw here: http://www.teamccuk.com/wreck

Or contact the devs if you suspect there was something strange...
I've seen the other thread, but these are not wreckers, technically speaking, and since there must be some obvious flaw somewhere (either in design or implementation) that permits impersonation I consider my post a request for information or for some countermeasures, if known. If it is really a technical problem, someone should address it by not permitting impersonation, but I don't know who's responsible for this.
Regards,
Alberto
But I'm sure the admins at ccuk want to see the mpr of the incident
You have just seen the LFS community "underground". Everywhere you can read how great LFS community is, and it is 95% true, but occasionaly you can meet some fools finding interest in making problems. This is problem of just every community - plz, dont trust people that says rFactor, GPL or anything else has better.... Visit D-R-T servers, for example. Thats where I am usually pushing my XRR to the "limits" and I had really good races there.

It is sad that your first LFS races were like you said. Just let it be, do as Hyperactive adviced, and loo on lfsworld for some other server..

Wish you good racing days,

See ya on the track, Cat
#6 - ORION
You can always be 100% exactly identified with your lfsworld username, so if you have the replay, we press CTRL-Shift, note the username and ban him from all servers.
Ingame, you can change your name, but the actual username will not change. If this is possible, the patch will be delayed for at least a month, because Scawen will have to rewrite major parts of the user management and authorization code.
So if you have a replay, please send it to me, so I can check it and inform the devs if there is a problem. (I will not share it, and maybe you shouldnt post it here either)
If you ask me, that was just an actual admin from the server who was drunk.

And it does make sense that admins can ban other people. They pay for the server, thus they need an ability to remove people if they are not racing clean!

If someone starts to abuse this, we have a problem.
if you wanna some motivation, I saw your PB on Blackwood in FOX.. really not bad - only 30 miles online and 10 secs behind WR, thats probably something that I can do in FOX, but I have driven 100times longer distance than you(and A LOT OF practising offline)
I'm not talking about the community because I'm not bashing the community. I like the way this forum is managed, and I like the tone. I've read a lot of stuff before even thinking about posting, and I like LFS. I don't care about all those This VS That fights. I read them and I am quite able to distinguish religious attitude from critical attitude. I'm quite good at that, certainly more than I'm good at driving or racing. I'm pointing out, for the third time, that I'd like to have technical explanations about this issue because it's not only due to people behaving in an unethical and annoying manner, but it's also due to some software that permits things that are, in my views, simply unconceivable. As for the mpr, I got banned before I could save. Brain and finger where both slow.
Good point, ORION. Next time I see such fools playing around in some server I will save a replay. Today, I can't. I'm banned on that demo server. There's no big problem about that, except for me not having a replay to state my case.
(and btw I agree with your point of view. If someone managed to hack his way through the netcode to do something like that I'd postpone everything to rush a patch to fix the problem).

(Actually it was a voteban because people thought I was spamming. The admin must be able to ban, and that's something I know, understand and approve, but no impersonation should ever be possible. Never.)
You have two 'names'. The actual login name which is the name you log in as which is a unique name to you chosen when you bought the product. This cannot be mimmicked.

You also have a display name, this is not unique, it is the name that appears above your car and you can change it to anything you like.

Most of us race with the same name day in and day out and never change it... (I once felt like a change, and changed the colour of my text...).

However it is possible to change your display name on a whim, and that is what the other person appears to have done. When he got banned it would be his login name that gets put on the banned list - thus preventing him from logging in.

You can display login names at any time by pressing shift-control I think. Also they are shown when logging in.

I would preffer a system where your race display name gets bound to your login account with a seperate 'team' prefix, and requires LFS staff approval for a name change (in the case of the other recent thread from "Janet" for instance).
He didnt use the exactly same name as you, thats impossible. He probably wrote a big "i" instead of the "l" in your name.

But that can only happen in demo servers; in S2 servers, you can always see the LFSW-names by pressing Shift+Control. Why do you even drive demo, when you are S2 licenced?
#12 - SamH
If you're having problems, you betcha we wanna hear at TeamCCUK. If you're new to LFS, I dare say you probably don't have an MPR (Multiplayer Replay).

If you got banned, it must have been this morning. I accidentally left vote banning on when we restarted our server in the night.

Our servers certainly seems to be making the headlines recently

FYI we also have a Beginners server, which is an excellent place to find your feet on LFS S2. We let a lot slide on there, and we don't do anything drastic like kicking or banning unless racers are determined to cause problems. It's a good place to get familiar with the cars and tracks without the risk of trashing more experienced racers.

In lieu of an MPR, unless anyone reading this was there and can send, I've unbanned you from the server. Please accept my apologies and come back ASAP!
Quote from zeugnimod :
But that can only happen in demo servers; in S2 servers, you can always see the LFSW-names by pressing Shift+Control. Why do you even drive demo, when you are S2 licenced?

Because I'm crap and I want to get better, but there's nothing more that I could learn from the AI. Demo servers are a better choice because as a newbie I feel better between a lot of newbies. I like staying behind and watching the crashes at T1, but at the moment I am still unwilling to participate in one, or, worse yet, generate it.

SamH, that's very kind. The apologies were not needed, I cannot accept them because I don't think teamccuk is at fault. I appreciate very much your feedback and the unban, and thank you for that.
#14 - SamH
Quote from ORION :If you ask me, that was just an actual admin from the server who was drunk.

Actually, I'm teetotal

The other admins don't wake up til stupid'o'clock, so it can't have been them.

I just re-read the original post. It was on one of our demo servers. I'm not absolutely sure whether unbanning on S2 will have the desired effect on demo. However, I am more than familiar with shadow. He's a loser from the iDi monger clan and has had more IPs than I've had baked beans. Leave Demo behind and you'll never have to deal with him again
Quote from Albieg :Demo servers are a better choice because as a newbie I feel better between a lot of newbies.

There are also "newbies" in S2 servers. And there are also many T1 crashes, although they normally dont happen, because a wrecker doesnt brake for T1 like in demo.

If you are only "slow", but can drive clean, I would recommend you driving on S2 servers.
Quote from zeugnimod :There are also "newbies" in S2 servers. And there are also many T1 crashes, although they normally dont happen, because a wrecker doesnt brake for T1 like in demo.

If you are only "slow", but can drive clean, I would recommend you driving on S2 servers.

I agree. I may not be the fastest driver, but it's better playing S2 with civilised folks than racing on demo servers with a bunch o' monkeys.

I like to go on the beginner server sometimes, but it's pretty silly as most the time people just use FO8s and spin off every other corner. :worried:
Sorry to say this, but as I dislike This VS That quarrels, I'm also quite unwilling to hop on the S2 Racers VS Demo Monkeys bandwagon. I've met a lot of nice Demo Racers and I don't want to bash them all because the free entry lets some childish users in. I like to spectate also some S2 servers, and sometimes - cars and tracks aside - I couldn't tell the difference. I guess starting this thread was an error because most answers tend to conform to the "human idiocy" point of view while I am interested in technical explanations, but I failed to document clearly what happened to me this afternoon. My mistake, so accept my apologies. Let me point out, for the n-th time, that I just wanted to know if this was a known behaviour (or problem) without having to enter in details such as driving skills, if R-Factor is better or worse or that S2 racers are so coooool and lots of Demo players are monkeys. This has nothing to do, imho, with the fact that some user "took over from" me or, like a text string in LFS.exe says, "%s^8 took over from %s"... What does that mean? Still no idea. Thank you for your answers, anyway.

Edited for some more info: I guess that there is a part of code in LFS that permits drivers to "take over" a car from another driver for endurance racing with multiple drivers per car. The sequence of some strings in LFS.exe suggest that. The strings are:

You can only change drivers when a pit stop is finished
3g_oswapend
%s^8 wants to take over
3g_xwantsto
%s^8 wants you to take over
3g_xwantuto
%s^8 took over from %s
3g_xtakovrx
%s^8 renamed to %s

The question is: is there a way for admins or non-admins to exploit this? For me, the answer is YES. Such a shame I don't have a replay. The next questions are up to the people who are willing to investigate a potential security issue.
I did my best :/
Quote from Albieg :...most answers tend to conform to the "human idiocy" point of view while I am interested in technical explanations...

...S2 racers are so coooool and lots of Demo players are monkeys. This has nothing to do, imho, with the fact that some user "took over from" me or, like a text string in LFS.exe says, "%s^8 took over from %s"...

If you would have read my answer, you would have read, that he didnt use the exactly same name as you, but probably wrote a big "i" instead of your "l". It says the message with "taking over", because the impersonater made a new driver profile and selected it. Thats the technical explanation, you wanted.

And it has something to do with that, because this is only possible in demo. In S2, you can always see the LFSW-names, which dont change. And IMO, the monkey rate in demo IS much higher than in S2.
Now that's a more complete answer. I'll think again about that later. Thank you.
And about monkeys, I never cross the limits of humanity when talking about some other human beings. Language helps me to respect other people, and anatomy too.
In previous versions of LFS, if you went into options and changed your display name from Bill to Ted, a message would pop up saying "Bill changed his name to Ted" or similiar.

For some reason, since the driver swapping feature was introduced, this was changed so the message says "Ted took over from Bill". I guess it was felt it would be more immersive or something, I dont know.

But in this case, its probably just that the driver changed their name to something visibly the same as other users. I'm not discounting the possibility that there is a wierd admin hack out there, but in this case it doesnt seem all that likely.
I understand this, but since I had absolutely no idea of what "took over from" meant in this case, it sounded really obscure. I guess that the old name change string was a lot clearer in this context and could lead to less abuses.
Regards,
Albie
Quote from Albieg :Because I'm crap and I want to get better, but there's nothing more that I could learn from the AI. Demo servers are a better choice because as a newbie I feel better between a lot of newbies.

Well, there is allot of newbies in S2 to
Skipped most of the thread, just looking at your lfsw stats i'm sorry you got such a rubbish start in s2.

I know about the impersonation problems from demo servers, but i've never seen in it s2.

Edit: okay so it was on a demo server.
Quote from Albieg :As for the mpr, I got banned before I could save. Brain and finger where both slow.

Damn :/
You can always rename the temp.mpr in the mpr folder...
anyways, you should enable mpr autosave
1

FGED GREDG RDFGDR GSFDG