now I by no means claim to of
completely beaten this problem, but I've come up with
a neat and simple way to identify whether players are
using 'non-standard' code.
I've put the full description
but basically it boils down to this:
a private message is stored in both the server and client,
to check the client isn't using modified code, the server
sends a request to authorise followed by some random
numbers. the client performs a one way hash using a
combination of these numbers and the (constant) private
message and sends this back to the server. Said server
then checks that the correct private message was used
to generate the hash, if it wasn't, then the client
is using modified code (since it was built using an
incorrect private key).
this also bypasses any requirement for file checking
and other nasty system dependant checks, and keeps everything
nice and clean.
Another benifit of it is, you can also prevent old client
builds connecting to new servers, whilst still allowing
new clients to connect to old ones.
Client code is included in the
1.7 engine source -including the SHA1 code used in the
Server code: Will be added to
the project when I have the time (or if you want just request it)