Hey, I was just chilling on my server and I noticed that there was some Network data that is being printed to every client. I do have superadmin with all permissions, but I demoted myself and tested the theory, and just for extra measure, I had one of my friends that were never promoted on the server try it out.
I find this would be a huge security problem, such as being able to find IP Addresses and using them to DDOS them. I feel that the IP Address should never be shown to standard users, and IP Addresses should only be shown to responsible administrators(Typically Server Owners).
this seems to be a leftover of R* code that given the way FiveM hooks into the game shouldn’t even be possible, are you sure these IPs resolve to actual players that were on the server?
if so, it might be a R* network relay server ended up contacted for some scenarios, or the user whose IP showed isn’t using a ‘router’ but directly is connecting their PC to an external address.
Ahh that’s what he meant, I personally would’ve worded it as ‘insecure connections’.
I don’t honestly know, how much that they FiveM Development team has control over GTA R* code, but if possible please delete this information from being printed. And if the developers that need this for any reason at all, then add a convar command to it, so we can hide and unhide this.
No… it’s something completely different. I’ve seen it in my console as well on my server. Not sure what causes it. Plus the peoples’ IPs I’ve seen, I know they use routers and are on home networks.
# you probably don't want to change these!
# only change them if you're using a server with multiple network interfaces
endpoint_add_tcp "0.0.0.0:30125"
endpoint_add_udp "0.0.0.0:30125"
# Load Resources
exec server_resources_basics.cfg
exec server_resources.cfg
sv_scriptHookAllowed 1
# change this
#rcon_password ChangeMe
sv_hostname "---------------------------------------------------------------------"
# nested configs!
#exec server_internal.cfg
# loading a server icon (96x96 PNG file)
load_server_icon logo.png
# disable announcing? clear out the master by uncommenting this
#sv_master1 ""
# want to only allow players authenticated with a third-party provider like Steam?
#sv_authMaxVariance 1
#sv_authMinTrust 5
# add system admins
add_ace group.admin command allow # allow all commands
add_ace group.admin command.quit deny # but don't allow quit
add_principal identifier.steam:------------------------------ group.admin # xrayhunter
add_principal identifier.steam:------------------------------ group.admin # ranger
# hide player endpoints in external log output
sv_endpointprivacy true
# server slots limit (default to 30)
sv_maxclients 32
# Get a key from https://keymaster.fivem.net
sv_licensekey ----------------------------------------------------------
This is my current server.cfg, and the exec are just resource starters.
the data is still sent to clients by GTA code, removing the print won’t do anything but make it less obvious (debugging the code, changing it, … will still evidently make it clear in this hook)
also I’m fairly sure there’s already tools for GTAO to get session addresses if these structures still contain that data, + it’ll possibly do an actual sendto so Wireshark and such will show it as well.
I think putting an if-statement that looks at a convar set in the server.cfg. Though looking through Wireshark, you really can’t hide things unless using encryption, which is ineffective to live performance game servers. Such as these.
I was actually unaware of this file, but if that file isn’t being streamed to the clients, then it’s fine.
except this data shouldn’t even be known by clients themselves, let alone be magically sent over the network, and the only explanation is some R* code communicating with a hardcoded server of sorts.
clients don’t know of server variables, the only right thing to do is remove the R* code that actually obtains the client’s external address, not write lots of weird replication code to conditionally disable a debug print that has actual use and can easily be re-enabled by people. :\
