Anti TCC Enhanced Security Mutator

Release 1.18c, Copyright 2003 by Wormbo

If you have any problems with Anti TCC, please have a look at the Anti
TCC homepage  or
post in the Anti TCC Forum
.


    Contents

    * Description <#description>
    * Targets <#targets>
    * Installation <#installation>
    * Console Commands <#console>
    * Configuration <#config>
          o Checks Lists <#config>
          o Other Settings <#othersettings>
          o Using Configuration Profiles <#usingprofiles>
    * Potentially Asked Questions <#paq>
    * Anti TCC Commandlets <#commandlets>

------------------------------------------------------------------------


    Description

Anti TCC is a mutator designed to perform a more detailed check of
various packages and clientside settings. Its main goal in UT2003 was to
detect SET command cheats, the so-called temporary console commands or
"TCCs". This type of check plays only a minor role in Anti TCC for
UT2004 though, since Epic turned on the masterserver feature which keeps
out SET command users.

------------------------------------------------------------------------


    Targets

This release targets the following cheats and potentially unwanted actions:

    * Skin hacks and the external bots that use them
    * Generic checking or disallowing of any file or package
    * Unsecure client-side classes
    * Faster weapon switching with the ThrowWeapon command (only v3236
      servers and earlier)
    * 'Flying Leviathan' exploit (only v3186 servers)
    * Invalid render settings (foghack on ONS-Dawn on v3186 servers,
      high texture mipmap bias)
    * Ingame chat spam
    * Abuse of the SetName command
    * Abuse of text color codes (only v3204 servers and earlier)
    * Server crash attempts (for v3236 and earlier)
    * certain types of UnrealScript hacks
    * Temporary Console Commands (same way as the masterserver detects
      it, only faster and without masterserver connection)

Anti TCC does /not/ check for the following:

    * Speed Hacks (the occasional speed warning is a UT2004 feature)

------------------------------------------------------------------------


    Installation

The ZIP archive you downloaded contains 8 files:

AntiTCC118c.u
    The main package file for Anti TCC.
AntiTCC118c.ucl
    Tells UT2004 about the Anti TCC mutator.
AntiTCC118c.int
    Tells UT2004 about the Anti TCC commandlets <#commandlets>.
AntiTCC118c.u.uz2
    A compressed version of AntiTCC118c.u. This file should be uploaded
    to a redirect server. (only if your server uses redirected downloads
    )
AntiTCC118cDefINI.txt
    Contains the default INI values. You can add these values to your
    UT2004.ini file if you feel better, but Anti TCC will use exectly
    this configuration also if you don't add it.
AntiTCC118cDefINI_Lite.txt
    Contains a lightweight configuration of Anti TCC for public servers
    that want to allow colored nicks and don't need player ID logging.
    This preset basically only protects against unknown classes and
    allowes admins to log in silently.
AntiTCC118cDefINI_League.txt
    Contains a special configuration for league servers with extended
    checks. /This is not meant to be used on public servers./
    This preset does not allow admins to log in silently and doesn't
    check for text flood or other things that could be annoying on
    public servers.
AntiTCC118cDefINI_ManualFullMD5s.txt
    This preset disables the built-in FullMD5 checks and manually adds
    Checks=(...) lines for them instead, so you can easily add new MD5s
    for them. Use this when a new patch is released and you want to have
    FullMD5 checks that support all previous official versions as well.
AntiTCC118c.htm
    This file.

If you want to redistribute Anti TCC, please keep this ZIP archive
unmodified.
*This goes especially for you ClanBase admins:* Please put this ZIP in
your own ZIP file if you really have to distribute Anti TCC with
additional default TXTs.
The original download can be found at
http://www.koehler-homepage.de/Wormbo/download2k4.html#AntiTCC.

Step 1
    You should unzip the archive directly in to your root UT2004
    directory with "expand folders" turned on.
    This will place all files in your *UT2004\System* subdirectory
    except for the last two, which will be placed in *UT2004\Help*.
Step 2
    Open the *UT2004\System\UT2004.ini*, *UT2004\System\Server.ini* or
    whatever main configuration file your server uses.
Step 3
    To automatically load Anti TCC all the time find the
    *[Engine.GameEngine]* section and add the following lines anywhere
    in that section:

        ServerActors=AntiTCC118c.AntiTCCServerActor
        ServerPackages=AntiTCC118c

    The ServerPackages line will ensure the Anti TCC package is
    downloaded by all clients connecting to the server and might also
    fix some problems with demo recording. The ServerActors entry
    automatically loads Anti TCC and prevents it from being removed from
    the mutators list. If you don't want that, don't add it. Instead
    manually start the Anti TCC mutator through the webadmin interface
    or the server's startup commandline, e.g.:

        ucc server
        DM-Rankin?game=xGame.xDeathmatch?mutator=AntiTCC118c.MutAntiTCCFinal,xGame.MutVampire

    *Note:* You don't need to add the ServerPackages entry. In the
    unpatched version of UT2004, Anti TCC will add the entry manually
    and in later versions the entry will not be neccessary for regular
    playing anymore.
    *IMPORTANT:* You really should remove the UTSecureServerActor and
    also any references to older versions of UTSecure or AntiTCC. Anti
    TCC and UTSecure will *NOT* work together and Anti TCC will try to
    get rid of the UTSecureServerActor on its own. Also, Anti TCC will
    not work together with the SafeGame security mutator by Cruicky.
Step 4
    Optionally you can add the changes found in *AntiTCC118cDefINI.txt*
    (or one of the other default configurations included in the Anti TCC
    ZIP archive) to the end of your INI file. The default settings
    provide good protection already, so if you only want change things
    through the webadmin, you can skip this step. Anti TCC will
    automatically write the default [AntiTCC118c.MutAntiTCCFinal] and
    [AntiTCC118c.AntiTCCSecurity] sections to your servers INI file.
    *Note:* You shouldn't add UPL, UCL or INT files to Anti TCC's list
    of file checks. The default skins stored in UPL files are checked
    seperately through Anti TCC's skin checks.

Make sure Anti TCC works properly by connecting to your server. The
client console should display something similar to the following example.

==================================================
 Anti TCC v1.18c build 2004-09-23 00:35
 Copyright (c) 2003-2004 Wormbo
==================================================
 
 * Your unique ID is [ 01234567-89abcdef-01234567-89abcdef ]
 * Player ID logging is enabled
 * Check Timeout: 60 seconds
 * Reaction to insecurities: Kick
 * Reaction to blacklisted files and classes: SessionBan
 * Reaction to modified skins: Kick
 * Reaction to invalid render settings: Message
 * Anti TCC is running in single MD5 mode
 * Admins may log in silently
 * Verified AntiTCC118c (default)
 * Verified HumanMaleA (default)
 * Verified HumanFemaleA (default)
 * Verified Jugg (default)
 * Verified Aliens (default)
 * Verified Bot (default)
 * Verified SkaarjAnims (default)
 * Verified XanRobots (default)
 * Verified ThunderCrash (default)
 * Verified Hellions (default)
 * Verified NewNightmare (default)
 * Verified PlayerSkins (default)
 * Verified UT2004PlayerSkins (default)
 * Verified DemoPlayerSkins (default)
 * Verified BrightPlayerSkins (default)
 * Verifying skins...
 * Verifying classes...
You have been validated successfully.

When a client connects to an Anti TCC 1.18c server for the first time
and you added file blacklist or MD5 checks for files outside the
client's UT2004 and WindowsXP Prefetch directories the client will see a
message box where he is informed about and has to agree to the check. If
he doesn't he will either be locked in spectator mode (if the match
already started and there are free spectator slots) or get disconnected.

Everything Anti TCC displays in the client's console is also written to
the file AntiTCC_ClientConsoleLog.log in the client's UT2004\UserLogs
directory.

You should check the server's log file (usually ucc.log or server.log)
for Anti TCC warnings. Anti TCC will tell you if something went wrong or
whether your configuration might cause problems. With the default
configuration something like this should be logged to the server's main
log file (usually server.log, ucc.log or ut2004.log):

AntiTCC: ==================================================
AntiTCC:  Anti TCC v1.18c build 2004-09-23 00:35
AntiTCC:  Copyright (c) 2003-2004 Wormbo
AntiTCC: ==================================================
AntiTCC:  * Preventing Fast Weapon Switching
AntiTCC:  * Admin faker name is 6lw2B (DM-Antalus.PlayerReplicationInfo)
AntiTCC:  * Initializing checks...
AntiTCC:  * Calculating Full MD5 for AntiTCC118c...
AntiTCC:    [ 9ff80ddfc9e1f51cb4b1b009cf45323f / 98E04E8011D90CF830000C8CB7637684 ]
AntiTCC:  * Player IDs are logged to PlayerIDsINI, old IDs are removed after 30 days
AntiTCC:  * Securing PlayerControllers
AntiTCC:  * Logging output to AntiTCC_xDeathMatch_DM-Antalus_2004-09-23_00-37
AntiTCC:    when neccessary

------------------------------------------------------------------------


    Console Commands

Anti TCC offers some new console commands. They only work ingame and not
from the webadmin interface.

Mutate AntiTCC Version
    This command displays the Anti TCC version on the client. If you run
    Anti TCC without mods that replace the PlayerController this command
    can be shortened to *Ver* instead of *Mutate AntiTCC Version*.
Mutate AntiTCC ShowIDs
    This command lists the ID hashes of all players connected to the server.
    If you run Anti TCC without mods that replace the PlayerController
    this command can be shortened to *ShowIDs*.
    You can disable this command for normal (non-admin) players by
    setting the *bClientsMayGetIDs* config property to False. (see
    *Options* below)
    Admins will get the player IDs and their IP addresses.
Mutate AntiTCC Whois /player name/
    This command lists a connected player's ID and other names that
    player has used on this server since ID logging started. Anti TCC
    will complete partial names, so you don't have to specify the
    player's full name.
    If you run Anti TCC without mods that replace the PlayerController
    this command can be shortened to *Whois*.
    You can prevent this command from displaying alias names for
    (non-admin) players by setting the *bClientsMayGetNames* config
    property to False. You can disable displaying player IDs through
    this command by setting the *bClientsMayGetIDs* config property to
    False. (see *Options* below)
    Admins will always see ID and alias names, as well as the player's
    IP address. The *Whois* command requires player ID logging to be
    enabled.
Mutate AntiTCC Whowas /player name or ID/
    This command lists the player IDs who used a specific name and their
    alias names. When an ID is specified instead of a player name, that
    ID's alias names are displayed.
    If you run Anti TCC without mods that replace the PlayerController
    this command can be shortened to *Whowas*.
    You can disable this command for (non-admin) players by setting the
    *bClientsMayGetNames* or the *bClientsMayGetIDs* config property to
    False. (see *Options* below)
    The *Whowas* command requires player ID logging to be enabled.
Mutate SilentAdminLogin /username password/
    This command allowes you to login as server administrator without
    broadcasting your admin status. Some admin commands may not be
    available when logging in like this. Silent admin login is only
    available when the AccessControlClass in the server ini's
    [Engine.GameInfo] section is set to *xAdmin.AccessControlIni*, i.e.
    when using advanced admin.
    If you run Anti TCC without mods that replace the PlayerController
    this command can be shortened to *SilentAdminLogin* instead of
    *Mutate SilentAdminLogin*.

------------------------------------------------------------------------


    Configuration


      Checks Lists

The following options need to go under the enter
*[AntiTCC118c.AntiTCCSecurity]* in your UT2004.ini file (or whichever
ini file configures your server).

Checks 	The first configuration option is the Checks data set. All of
the important data is combined into one entry for each file to check.
The format for the entry is seen here:

    Checks=(FName="file",MD5=("0123456789abcdef0123456789abcdef"),MD5Type=0|2,Optional=True|False)

Notice that each sub-field is separated by a comma and mixes string and
numeric data.
By default this list is empty because all relevant MD5 checks are
hard-coded.
*IMPORTANT:* Make sure there are no whitespaces in the *Checks* entries.
The available sub-fields are:

FName
    The FName sub-field defines which files you wish to check. How this
    field is handled is dependant on the MD5Type sub-field below. If you
    are doing a QuickMD5 or FullMD5 of an Unreal package, then you only
    need to include the package name (e.g. PlayerSkins, not
    PlayerSkins.utx).
    If you are doing a FullMD5 on a /non-package/ file, then you need to
    include the full filename and also the path to the file if it's not
    in the *UT2004\System* directory. If you specify a path it should be
    relative to UT2004's System directory, e.g. *..\Speech\BR.xml*.
    Please keep in mind that not everyone installed the game on their
    first harddrive and neither Linux nor Mac systems use drive letters,
    so using absolute paths or paths outside the UT2004 directory
    generally is a bad idea.
    You are free to use slashes or backslashes for paths. Both will work
    equally on all clients. 
MD5
    This is the MD5 that Anti TCC will expect to see for this file. Here
    you will have to supply a comma-seperated list of MD5s. Each must be
    enclosed in quotes and the whole list must be enclosed in parentheses.
    There is a considerable difference between a Quick MD5 and a Full
    MD5 so make sure you add the appropriate one depending on the
    MD5Type sub-field.
    MD5 hashes are always 32-digit hexadecimal numbers with a-f in
    lowercase. 
MD5Type
    This sub-field determines what type of MD5 check to perform.
    Possible values are:

    0
        QuickMD5 checks are much faster as it utilizes the fact that the
        package is already preloaded by the game. The drawbacks are it
        only works on UT2004 packages and the package must be loaded by
        the game.
    2
        FullMD5 checks can be performed on any file but tend to be
        slower for larger files.

    *IMPORTANT:* You shouldn't perform checks on UT2004's own .U, .DLL,
    .UPL or .UCL files or the Packages.MD5 file. These files are likely
    to change when patches, custom models or mods are installed. 
Optional
    If this value is set to *True* and the file is either not loaded (in
    the case of MD5Type 0) or not found (in the case of MD5Type 2) then
    it will not be considered a bad file.
    *Important:* Always set this to True when using "*not allowed*" as
    the *MD5*. 

FileBlacklist 	The file blacklist can be used to disallow individual
files or a range of file names using wildcards, where '*' represents
zero or more characters and '?' represents one or no character.

    FileBlacklist=DisallowedFilename

Use one FileBlacklist line for each disallowed file. Paths specified
here are relative to the client's UT2004\System directory, but if a file
name doesn't contain slashes (/), backslashes (\) or dot (.), Anti TCC
will look in all of the client's package directories for matching
package names.
You should use this instead of an MD5 check with "not allowed" as the
MD5 value because it's more efficient.
Certain blacklist files are hard-coded, such as OpenGL32.dll, Entry.dll,
den_p1p0-Hack.ini and UnrealGame.dll, as well as known aimbot names.
This blacklist allowes you to check files outside the UT2004 directory,
but Anti TCC will ask the client if he agrees to those checks if they
look for files outside the Windows XP Prefetch directory.
*Note:* To disallow files only in specific configuration profiles, put
the FileBlacklist=... lines for those files in the profile section instead.


      Other Settings

The following options need to go under the enter
*[AntiTCC118c.MutAntiTCCFinal]* in your UT2004.ini file (or whichever
ini file configures your server).
They can also be changed from the web admin interface and you can put
them in configuration profiles <#usingprofiles> to quickly switch
between different configurations.

bAllowClientConsoleMessages 	Anti TCC displays messages in the client's
console and log file about security checks. This option can disable the
console messages.
bBroadcastConsoleErrorMessages 	Enables or disables Anti TCC's red
console warning messages stating the reason for a kick. This will not
display a client console warning when *bAllowClientConsoleMessages* is
disabled, but the warning will still be logged in the client's log file.
bMessageBeep 	Enables or disables the beep sound played when Anti TCC
detects illegal files, settings or activities on a client.
bBroadcastClientScreenMessages 	Enables or disables Anti TCC's a red
warning message in the center of all clients screens when a client is
kicked by Anti TCC.
bDisplayProgressMessages
bDisplayProgressScreenMessages 	bDisplayProgressMessages enables or
disables Anti TCC's progress messages in the center of the screens
during initial checks.
bDisplayProgressScreenMessages specifies whether the progress messages
should be displayed in the center of the screen or in the chat area.
bClientsMayGetIDs
bShowOnlyFirstPartOfID
bShowOnlyLastPartOfID 	bClientsMayGetIDs determines, whether clients may
see other players' CD key hashes. Setting this to false will disable the
*ShowIDs* and *Whowas* commands and disable the ID display in *Whois*.
bShowOnlyFirstPartOfID will hide everything except the first eight
digits of the player ID, bShowOnlyLastPartOfID will hide everything
except the last eight digits. If both are False the whole ID is
displayed, if both are True the middle part of the ID is replaced with
astrerisks.
Usually half of the player ID should be enough identify a player.
Showing only parts of the ID prevents malicious users to abuse the keys,
but still allows propery identification.
bClientsMayGetNames 	Determines, whether clients are allowed to view
other players' alias names. Setting this to false will disable the
*Whowas* command and disable the alias name display of the *Whois* command.
bShowInServerDetails
bServerOSInServerDetails 	bShowInServerDetails tells Anti TCC whether it
should show up in the server details.
bServerOSInServerDetails determines whether Anti TCC should add the
server's operating system to the server details like it's done in some
other games.
bCheckSkins 	If set to True, Anti TCC will perform checks to ensure
neither the player skins listed in XPlayersL1.upl and XPlayersL2.upl nor
the default skin packages are modified.
bCheckMapMD5 	If set to True, Anti TCC will automatically do a Quick MD5
check of the map played before performing other file checks.
*Important:* This will make it impossible to allow unpatched Mac UT2004
clients to play on your server!
bCheckFullMD5 	If set to True, Anti TCC will automatically check all
default .U files' FullMD5s. Please note that this check only supports
client versions 3186 (unpatched), 3204, 3236, 3270 and 3323.
Other client versions (i.e. betas and newer patches) will be forced to
spectate or disconnect when this option is enabled.
bSingleMD5Mode 	This setting was added by request from ClanBase so
serveradmins can proof they don't exploit the option to specify multiple
MD5s. When enabled, it forces Anti TCC to ignore all but the first MD5
value specified for each custom file check.
Setting this to True or not having multiple MD5 reference values for any
filr check will make Anti TCC display "Anti TCC is running in single MD5
mode" to clients connecting to your server.
*Important:* You will no longer be able to have more than one MD5 value
per file check if you set this to true. (This does not affect the
built-in skin and FullMD5 checks.) This will make it impossible to allow
unpatched Mac UT2004 clients to play on your server if you told Anti TCC
to perform any custom QuickMD5 checks!
You should probably use Anti TCC's config profiles feature (see Using
Configuration Profiles <#usingprofiles> below) if you need to use this
option.
bLogClientPackages 	Determines, whether a list of all packages loaded on
the client should be logged in the server's log file.
This option probably is more useful in league matches than on public
servers. Also note, that this only logs the packages initially loaded.
Packages loaded during the match will not be listed here.
bLogClientClasses 	Determines, whether a list of all classes of
clientside objects should be logged in the server's log file.
This option probably is not that useful other than for troubleshooting.
Also note, that this only logs the classes of objects initially loaded.
Objects created during the match will not be listed here.
bCheckClientClasses
bTryToDisableHacks 	bCheckClientClasses makes sure certain classes used
by the client are actually known on the server. This check will be
repeated during the match to ensure newly loaded classes are known as well.
bTryToDisableHacks tries to disable detected hack classes and also
periodically tries to unload hacks based on the HelioS security hack
when the player dies. This causes a really short client-side freeze when
the player dies at least 2 minutes after the last attempt to unload
these types of hacks, regardless whether there are actually any hacks
loaded or not.
bDelayMatchStart 	Delays the start of a match until all players have
been validated.
It's probably not too wise to enable this on public servers because
every time a new player joins the match start is delayed further.
*Note:* The match will always start only after at least one client is
done with the clientside initialization of Anti TCC.
bDelayLateJoin 	Prevents players from spawning until they have been
secured. The difference to *bDelayMatchStart* is, that the actual match
start isn't delayed, but modified clients still can't affect gameplay.
It might be a good idea to disable this option in clan matches so the
game can quickly continue after a player dropped and reconnected.
*Note:* Clients will only be able to respawn if they are done with the
clientside initialization of Anti TCC.
bPreventFlyingLeviathan 	Prevents the 'Flying Leviathan' bug exploit in
UT2004 v3186, where a Leviathan can be attached to any other vehicle to
fly or drag it around.
bCheckRenderSettings 	If set to True, Anti TCC will make sure clients
don't use a DefaultTexMipBias > 0.5 or DrawDistanceLOD > 1.0.
Use WhatToDoRender to specify how these clients should be handled.
bCheckForTCCs 	If set to True, Anti TCC will look for clients who used
SET command hacks (Temporary Console Commands).
Use WhatToDoTCC to specify how these clients should be handled.
bRotationLock 	When Anti TCC secures the PlayerController it also makes
the view rotation invalid for anything that tries to draw something
after the HUD. Use this INI-only option to disable that feature.
TimeoutSeconds
bKickOnTimeout 	TimeoutSeconds determins how long the mutator will wait
before it considers the whole system to have timed out, i.e. not
functioning properly.
Values lower than 10 seconds are not allowed. The recommended minimum
value is 20 seconds for TimeoutSeconds and 60 for InitialTimeoutSeconds.
If bKickOnTimeout is true, when a player times out, he or she will be
kicked from the server.
*Important:* A timeout doesn't imply cheating. It is usually caused by
connection problems or client crashes or the client simply needs too
much time for precaching game content.
bSelfIntegrityChecks 	If set to True, Anti TCC will check itself and
other classes on initialization for modifications.
WhatToDo
WhatToDoBlacklisted
WhatToDoSkins
WhatToDoRender
WhatToDoTCC 	The WhatToDo options determine what your server will do if
it detects an insecurity.
The available options are:

LogOnly
    Nothing, just log the transgression
Message
    Log the transgression and display a message (if allowed)
Kick
    Log the transgression and kick the user
TempBan
    Log and kick ban the user for ten minutes or until the next map
    change (whichever happens first)
SessionBan
    Log and kick ban the user until the next map change
PermanentBan
    Log and kick ban the user for good.

WhatToDoBlacklisted applies to insecurities due to disallowed files or
illegal classes, WhatToDoSkins applies to modified UPL files,
WhatToDoRender is used for illegal render settings (i.e.
DefaultTexMipBias > 0.5 or DrawDistanceLOD > 1.0) and WhatToDoTCC
applies to detected SET command hacks; WhatToDo is used in all other cases.
Banning options are not available for WhatToDoRender.
bEnableAdminFaker 	This might fool aimbots into thinking an admin logged
in. Some aimbots have an admin login detection, which may get triggered
and automatically disconnects the cheater.
To find out the player ID of a suspicious player you can use the
*Whowas* command if player ID logging is enabled. (See *SavePlayerIDsTo*
option below.)
bAllowSilentAdminLogin 	When enabling this option, admins will be able
to log in without appearing as administrators using the
*SilentAdminLogin* command. This only works with advanced admin enabled,
i.e. in [Engine.GameInfo] you have to set
AccessControlClass=xAdmin.AccessControlIni.
*Note:* Some admin commands might not work correctly when using silent
admin login.
bNoTossWeaponSwitch 	Prevent faster weapon switching by throwing the
weapon and picking it up immediately while running forwards.
bNoSpamCheck 	Disables Anti TCC's chat spam filter.
Note: The spam filter will not work with mods that replace the
PlayerController.
bPreventMassSuicide 	Prevents suiciding in quick succession.
Note: This will not work with mods that replace the PlayerController.
bFilterPlayerNames 	Removes color codes from player names. Regardless of
this setting, Anti TCC will always strip color codes for its output.
Note: This may not work correctly with mods that replace the
PlayerController.
bStripMessageColors 	Removes color codes from Say and TeamSay messages.
Note: This will not work with mods that replace the PlayerController.
SavePlayerIDsTo
KeepPlayerIDsDays 	Set SavePlayerIDsTo to *PlayerIDsINI* or
*PlayerIDs*/x/*INI* (where /x/ is any number between including 1 and 9)
to log all players' IDs to PlayerIDs/x/.ini. All other values will
disable player ID logging and also Anti TCC's Whowas command, which
requires this feature.
KeepPlayerIDsDays tells Anti TCC after how many days an ID should be
removed from the database. You should try to find a good value here,
because if there are too many IDs in the database players on the server
might experience lag when a new player joins. (This value is not
affected by configuration profiles.)
AllowedConsoleClass
AllowedGUIControllerClass 	The AllowedConsoleClass specifies the console
class clients are allowed to use and the AllowedGUIControllerClass does
the same for the client's GUIController class.
bUseCustomLog 	When set to true, Anti TCC will send most of it's log
output to the log file specified in the next variable.
bSimpleLogMode
bSingleLineLogs 	In Simple Log Mode, Anti TCC will only create the
custom log file when an insecurity or important other problem is
detected. The time placeholders of the log file name will use the map
startup time, but the first logged line will show the time when the log
file was actually opened.
*NOTE:* Enabling this option will turn off the *bLogClientPackages* option.
Single Line Logs will cause Anti TCC to log only a single line for each
insecurity found instead of one line with the player data and one or
more lines with the description of the insecurity.
LogFileSaveInterval 	Values greater than 0 will cause Anti TCC to close
and re-open the custom log file once in a while to force all log data to
be written to disk.
This option is useful when dealing with server crashes possibly related
to cheats and other exploits because without it the custom log would
only be saved when switching maps.
LogFileTimestampFormat 	The timestamp format to be used in the custom
log file. This option has no effect when the custom log file is
disabled. You can use the following placeholders in the timestamp:

yyyy
    Year (four digits)
yy
    Year (two digits)
mm
    Month (two digits)
dd
    Day (two digits)
hh
    Hour (24 hours format, two digits)
nn
    Minute (two digits)
ss
    Second (two digits)

LogFileName 	Holds the name of the log file to output to. This file gets
stored in the \UserLogs directory and the file extension ".log" is
automatically appended.
You can use one or more of the following placeholders in the filename:

%y
    Year (four digits)
%m
    Month (two digits)
%d
    Day (two digits)
%h
    Hour (two digits)
%n
    Minute (two digits)
%s
    Second (two digits)
%i
    Server IP
%p
    Server port
%l
    Map name (Level)
%g
    Game type

CurrentProfile 	Holds the name of the configuration profil currently in
use. (see below) For obvious reasons this setting is only available in
[AntiTCC118c.MutAntiTCCFinal], but not in configuration profile INI
sections.


      Using Configuration Profiles

Anti TCC allows you to store more than one configuration in your
server's INI file. These configuration profiles contain the same options
as the *[AntiTCC118c.MutAntiTCCFinal]* section of you INI file, but
start with *[/profilename/ AntiTCCSettings]*. To load a profile you have
to add the parameter *?AntiTCCSettings=/profilename/* to the map URL
when switching maps with the *ServerTravel* command or on the server
startup commandline, e.g.:

    ucc server
    DM-Rankin?mutator=AntiTCC118c.MutAntiTCCFinal?AntiTCCSettings=1on1DM

(Of course, the "?mutator=AntiTCC118c.MutAntiTCCFinal" part isn't
neccessary if you run Anti TCC as a server actor.)
You can also use the webadmin interface to specify a profile name in the
*Current Profile* textbox.
You don't have to edit the server's INI file to create profiles. Just
use the *?AntiTCCSettings* parameter as described above with an unused
profile name and the new profile will be created. You can then change
the Anti TCC settings as usual in the webadmin interface. The changes
will be saved to the specified Anti TCC profile once you restart or
change the map.
When you return to a "profile-less" configuration, the last profile used
will stay active, but changes aren't saved to that profile anymore. To
disable profiles simply restart the map with the *?AntiTCCSettings*
parameter and leave the profile name empty or completely leave out the
*?AntiTCCSettings* parameter if there are other URL parameters like
*?game* or *?mutator*. You can also change the *Current Profile* setting
in the webadmin interface to "-" and restart the map.
------------------------------------------------------------------------


    Potentially Asked Questions

Do I still need to install UTSecure?
    No. Anti TCC completely replaces UTSecure.
    When you try to run both mutators Anti TCC will disable itself or
    UTSecure.
Will Anti TCC prevent my server from being listed as a standard server?
    No. The master server properly recognizes Anti TCC as part of a
    standard server's configuration.
I installed Anti TCC but it doesn't seem to start. What's wrong?
    Anti TCC will only run correctly on dedicated servers. Many of its
    features are disabled in Instant Action or on a listen server. Check
    the server's main log file (usually UCC.log or server.log in the
    server's System directory) to see what went wrong.
There are many players with the same ID, is that a bug?
    UT2004 assigns a special player ID to players who used a SET command
    to change certain things. This ID can indicate the use so-called
    TCCs (temporary console commands) and can blocked with the
    bCheckForTCCs configuration option.
How do I find out the MD5 value(s) for the Checks=... list?
    There are two different types of MD5's that can be generated.
    QuickMD5 rely on the fact that the package is already loaded. This
    is a very fast MD5 that's great for large files (like
    PlayerSkins.utx). The downside is it's only available for actual
    UT2004 packages. Full MD5s generate a full fledge MD5 hash of any file.
    You can obtain a Full MD5 of any file by using the following UCC
    commandlet:

        UCC MasterMD5 -f 

    This will give you the 32 digit MD5 you need for the MD5 field
    above. Please keep in mind that only files that will not change can
    be checked using Anti TCC. Do not attempt to check core .U files
    (they are already protected and have a different MD5 in every version).
    You can obtain a quick MD5 of any package by using the UCC commandlet:

        UCC MasterMD5 -q 

    Rember that you do not need to include the path or file extension
    for quick MD5's as UT2004 will use its internal package loading code
    to open it.
    MasterMD5 will always only give you the MD5 of one version of a
    file. Keep in mind that because of patches or different releases
    there might be more than one version of a file you wish to check.
Why is there an empty [AntiTCC118c.AntiTCCSecurity] section in my INI file?
    The default MD5 checks are hard-coded now. This has the advantage
    for clients, that they can be sure server admins don't exploit Anti
    TCC's feature to allow multiple MD5s for a given file check.
What does the "Security ID" in the log file mean?
    The Security ID is a unique number associated with the Anti TCC
    security actors. This number is increased by one every time an
    AntiTCCSecurity actor is spawned and will be reset when the map changes.
    A player keeps the same Security ID until he or she disconnects.
    When the player reconnects a new security actor is spawned and a new
    Security ID is assigned.

------------------------------------------------------------------------


    Anti TCC Commandlets

Anti TCC comes with a commandlet for working with the player ID logs. I
suggest installing Anti TCC on your client and copying your server's
PlayerIDs.ini to your own UT2004\System directory to make things easier.
To run one of Anti TCC's commandlets, just type the corresponding
command at the commandline, in a DOS box, in Windows' Run dislog box, etc.


      Log File Basics

Anti TCC's player ID log files are simple ini files with a list of IDs
and the names used by them. Multiple versions of Anti TCC can store IDs
in the same ini file, but they will only be able to read their own logs
from them unless you merge logs.

Generally an Anti TCC player ID log looks like this:

[AntiTCC118c.PlayerIDsINI]
Player=(Id="0123456789abcdef0123456789abcdef",Names=("foo","bar"),LastSeen="disconnecting at 2004-02-01 13:37")
Player=(Id="abcdef0123456789abcdef0123456789",Names=("Player","The_Real_Llama"),LastSeen="getting kicked at 2004-01-23 08:15)

The PlayerIDsINI part in [AntiTCC118c.PlayerIDsINI] corresponds to the
file name, in this case PlayerIDs.ini. IDs logged in e.g. PlayerIDs3.ini
would start with [AntiTCC118c.PlayerIDs3INI].
To convert an older version's ID logs, simply change the AntiTCC*. part
to AntiTCC118c and run the CleanUp command described further down. If
you want to combine multiple logs you don't need to clean them up before
merging them.
Please note that UT2003 player IDs are useless in UT2004 and vice versa.


      MergeLogs Command

The Anti TCC MergeLogs command combines all player ID logs (i.e.
PlayerIDs.ini, PlayerIDs1.ini, PlayerIDs2.ini, etc.) into a single log file.

Syntax
    *UCC AntiTCC MergeLogs* [LogName=/logfile/]
Parameters

    LogName=/logfile/
        Specifies the file the merged log should be saved to.
        You can specify a number between 0 and 9 which corresponds to
        the files PlayerIDs.ini, PlayerIDs1.ini, etc.
        If left out, Anti TCC's SavePlayerIDsTo setting is used. 


      CleanUp Command

The Anti TCC CleanUp command merges duplicate IDs and removes empty or
duplicate names from log files. This commandlet is mainly intended for
log files that have been merged manually instead of with the MergeLogs
command.

Syntax
    *UCC AntiTCC CleanUp* [LogName=/logfile/]
Parameters

    LogName=/logfile/
        Specifies the log file to be cleaned up.
        You can specify a number between 0 and 9 which corresponds to
        the files PlayerIDs.ini, PlayerIDs1.ini, etc.
        If left out, Anti TCC's default player IDs log file is cleaned up. 


      DuplicateLog Command

The Anti TCC DuplicateLog command copies a set of logged player IDs into
one or more other log files.
*Important:* The previous content of the log files specified will be lost!

Syntax
    *UCC AntiTCC DuplicateLog* [All|/number number.../] [LogName=/logfile/]
Parameters

    All
        Use the *All* parameter to copy the specified log to all other
        log files.
    /number/
        The /number/ parameters can be used to copy the specified log to
        only to the log files specified.
        You can specify a number between 0 and 9 which corresponds to
        the files PlayerIDs.ini, PlayerIDs1.ini, etc.
    LogName=/logfile/
        Specifies the log file to duplicate.
        You can specify a number between 0 and 9 which corresponds to
        the files PlayerIDs.ini, PlayerIDs1.ini, etc.
        If left out, Anti TCC's default player IDs log file is used. 


      FindPlayer Command

The Anti TCC FindPlayer command lets you search for IDs and nicks in a
player ID log.

Syntax
    *UCC AntiTCC FindPlayer* /ID/|/name/ [LogName=/logfile/]
Parameters

    /ID/
        A player ID written as 32-digit hexadecimal number. The
        commandlet will display all alias names for this ID.
    /name/
        A player name. The commandlet will list all IDs with the alias
        names used by them.
        You can use the wildcards * (matches any number of characters)
        and ? (matches exactly one character) anywhere in the player
        name. The string "d*hunter" would match the nicks D-Hunter,
        duck_hunter and dOgHuNtEr, but not ID_hunter or deadhunt.
    LogName=/logfile/
        Specifies the log file you want to search in.
        You can specify a number between 0 and 9 which corresponds to
        the files PlayerIDs.ini, PlayerIDs1.ini, etc.
        If left out, Anti TCC's SavePlayerIDsTo setting is used. 


[download file as is] (last changed: Sat, 25 Sep 2004 15:15:10 -0500)