// Preamble $pageName = "Speed/Time Cheat Protection"; $focused = "none"; // Dock icon name to gets a border require("parts/preamble.php"); // Load most of document ?>
The "time cheat" relies on the client lying to the server about how much time has passed since the last packet was sent. Knowing this, detecting the time cheat is simple. For a period of say, 30 seconds, the QuakeForge server adds up the times from all the movement packets received from a specific client. If the client says that more then 30 seconds have passed in 30 seconds, a red flag is raised.
Sadly, the Windows QuakeWorld clients before 2.33 had a bug in keeping track of time (This is not really a bug in QuakeWorld, but Windows 95 and 98). The longer Windows is up, the faster time will seem to pass. While there is not a noticeable speed boost from this until it has been up for more then a day or so, it is detectable even after the system has been up only a few hours.
This, along with other factors including lag and packet loss, can cause the time reported by the client to be over the time the server expects.
QuakeForge's cheat detection is adjustible within the server, so that administrators can decide what settings work best. Here are descriptions of some of the config variables ("cvars") that you can use to configure time cheat detection on your server.
sv_timekick: This cvar controls the number of times a player has to be caught "cheating" before they get kicked. sv_timekick shows up in serverinfo if it is changed from the default. If sv_timekick is less than 1, speed cheat detection is disabled. Default is 3.
sv_timekick_fuzz: This cvar affects how strict the protection is. The higher the number, the more "fuzz" gets applied, and the less strict the detection code is. Raise this if your players are being kicked for packet loss and lag. The values of this cvar are in tenths of a percent. Default is 10, giving a fuzz factor of about 1 percent.
sv_timekick_interval: This cvar controls how often, in seconds, the time tally is counted. Lowering this value increases the chance of false positives, but helps to minimize the amount of damage a time-cheating player can cause. Default is 30 seconds.
Obviously, we suggest using one of QuakeForge's QuakeWorld-compatible clients (available in the Downloads Section of our web site), none of which exhibit this problem. If you don't want to use QuakeForge, you can use QuakeWorld 2.33-005, the last "test release" before id Software released the source. You can also use any of the QuakeWorld-compatible clients released by the other engine projects, but of course we can't verify that any of them do not exhibit the problem or even if they work. require("parts/postamble.php"); // Finish this sucker up ?>