People Hacking the Server? How can we Tell?

[xPaveway 10]

Hey all,

Recently we've been having issues and people are saying that it's been people coming on to the servers and hacking. (We are playing Domination)

For example: I've seen like 30 C130's crashed into the base. People are reporting that bombs are being dropped all over the map and people are randomly dying.

I'm trying to get more detailed reports of what's going on, but how exactly can we see if people are hacking? Can hackers spawn vehicles and drop unlimited bombs?

We're running Battleeye, which doesn't appear to help much. Nothing seems to appear in the server logs about a bunch of TKing or something strange, so I'm not really sure what exactly I can do to sniff out hackers.

Really looking for advice here! Thanks

[Arksa 10]

That C130 crashing is a bug.

[71527] Fixed: C130 was crashing on takeoff.

On lates OA beta patch.

[xPaveway 10]

I appreciate the help, however, there were 30 C130s that were all crashed into the main base, they came in from an angle that didn't have anything to do with taking off or landing.

That big was fixed for the C130 taking off at an airport.

[Pulverizer 1]

Yes it is possible to spawn everything without any limits if one gets a suitable modification around the signature checks and BE.

I think BIS should add a log option for dedicated servers to display which client is sending createVehicle and other scripting commands, so that at least IP banning would be possible. Also, to finally tell who is sending naughty markers on the map FPDR

[cannonouscrash 12]

Nothing can ever stop a determined 'cheater/hacker'

However if you sign your server, So that you control what mods can be used on your server, then this should solve your problem

[Jack_Ryan_ 10]

Could it be that someone 'adapted' your version of dom, and maybe the spawn points are covered? I saw a messed up version where vehicles were trying to respawn ontop of each other and the base was "raining" bodies, it was soo funny.

[Darkhorse 1-6 16]

Nah Jack, it's a hacker. I've seen the results of one hacker on an Australian server. A mosque (the main building in the center, not the walls) was dropped on top of somebody. The next day he was spawning ammo crates, tanks, and SCUDs, which don't fit a "rp" mission like the one that was playing.

[KeyCat 131]

I think BIS should add a log option for dedicated servers to display which client is sending createVehicle and other scripting commands...

Nice idea, hope BIS listen and add such a log-option in the future! This could also be used as the "proof" for banning their uniqe GUID's if BE is used.

/KC

Edited August 1, 2010 by KeyCat

[xPaveway 10]

Nah Jack, it's a hacker. I've seen the results of one hacker on an Australian server. A mosque (the main building in the center, not the walls) was dropped on top of somebody. The next day he was spawning ammo crates, tanks, and SCUDs, which don't fit a "rp" mission like the one that was playing.

Yeah this is what it seems to be. AFAIK we have signature checking enabled but someone still seems to randomly connect and spawn a bunch of bombs all over the main base.

Is there any way to see any of this on the RPT or log file?

[terox 316]

Nothing can ever stop a determined 'cheater/hacker'

However if you sign your server, So that you control what mods can be used on your server, then this should solve your problem

The particular hack that is currently being run bypasses this and battleye, therefore, for now you need to approach this problem from a different perspective.

[xPaveway 10]

The particular hack that is currently being run bypasses this and battleye, therefore, for now you need to approach this problem from a different perspective.

Right, the issue is I need some way to see who is running createVehicle, but I'm not sure what commands I could use to try and dump it to the .rpt file. I know there was some kind of sniffer for ArmA, but I don't think it's supported for A2:OA

[Herr_kalashnikov 10]

Not sure about this but maybe its worth the effort...

Perhaps CBA can handle this, maybe it has an createvehicle event u can use to log some info out?

[rexehuk 16]

Ensure server signing is on again, most of this "hacking" is actually a well known community mission testing addon which has been edited to work with MP.

I was trying to block the classes from the addon used, but no success. There are ways to see who is spawning things on Arma 2 server, I've seen it done... but not sure how to perform it myself.

I wonder if a script could run on the server (or mission) so that if a NEW createVehicle is created on the server, the script executes deleteVehicle? That would just delete their lame objects before they have a chance to mess up the game. Or any vehicle created is instantly teleported off the map to a location where it wont bother anyone... crude solutions but might work? You would need to differenciate between vehicles created BY say a warfare mission and those created outside of the mission... that is where the problem lies.

Edited August 1, 2010 by rexehuk

[cannonouscrash 12]

The particular hack that is currently being run bypasses this and battleye, therefore, for now you need to approach this problem from a different perspective.

Its no so much that it bypasses Battleye, But because the 'hack' is ran as a mod, battleye doesnt even blink an eye.

Basically, In my old clan, one of the people 'upstairs' had an edited version of Loki which pretty much allowed you to spawn anything. including atrilery barages and strangley enough, a paper car :-/

[terox 316]

Loki's addon is a set of scripts that can be easily copied into any addon and use any combination of global variables etc. With that in mind, there is no point in writing code that checks for specific booleans etc.

You need to look at the way they are implementing the addon cheat and work towards a solution for that rather than the addon itself.

Be very wary though, if you were to write anti cheat code, that would make you a big juicy target for these parasites who would then see your server as a challenge.

The better solution would have to be implemented by $able or B.I and if the net chat is anything to go by, the sooner the better

Edited August 1, 2010 by Terox

[-OGN-DarkPhantom 0]

BattlEye is working... we got this one today

Player Hexi got kicked by BattlEye: GameHack #17.

Now banned from our server

[rexehuk 16]

Nice! I await to see such messages :p. It should also stop Zargabad life memory hacks now...

[Rustydog 10]

Allowing just about any addon will make you targetable by the hackers. That script/hack/pb or whatever gets by the check sig file becuse they (the hackers) look for what addons the server allows and fakes the sig key . Battle Eye is doing a fair job but as long as addons are allowed they can get in .

What we need is a better way to check addons .

There is a whole web site going that discuss the hacks in detail , Zargab life just like CLR and the other Rp games seem to be the biggest target for some reason .Most peoplel know what web site I am talking about , they devote thier entire game play to destorying games for others.

your not really going to stop it , might slow it down .

[Pulverizer 1]

Signatures are used for BIS core game data all the same so it doesn't really make any difference wether you allow signed addons or not. Unless you fear that a modder's private key has been leaked but that seems rather unlikely.

[walker 0]

Hi all

Griefing behaviour is like any form of abusive behaviour, sexual in nature. Just the same as animal cruelty or pyromania. It is form of psychological public masturbation. Abusive behaviour also tends to escalate, that is why the police take such an interest in them.

I dare say the police will start to investigate them same as the do pyromaniacs and pedos, they are easy to track.

Nice to see that this particular script is so easily solved.

Kind Regards walker

Edited August 1, 2010 by walker

[xPaveway 10]

Hi all

Griefing behaviour is like any form of abusive behaviour, sexual in nature. Just the same as animal cruelty or pyromania. It is form of psychological public masturbation. Abusive behaviour also tends to escalate, that is why the police take such an interest in them.

I dare say the police will start to investigate them same as the do pyromaniacs and pedos, they are easy to track.

Nice to see that this particular script is so easily solved.

Kind Regards walker

The police are not going to go after internet game cheaters... lol walker, I know you tried to bark up that tree before but it's not the way.

---------- Post added at 11:56 PM ---------- Previous post was at 11:52 PM ----------

Ensure server signing is on again, most of this "hacking" is actually a well known community mission testing addon which has been edited to work with MP.

Yeah that's the thing though, signature verification and BE are not catching this stuff. Hopefully they'll catch up, but in the meantime I'm not sure what else I can do, since it's difficult to even tell who is spawning the stuff. If we could just see who's doing it, that would be a world of difference.

[rexehuk 16]

Yeah that's the thing though, signature verification and BE are not catching this stuff. Hopefully they'll catch up, but in the meantime I'm not sure what else I can do, since it's difficult to even tell who is spawning the stuff. If we could just see who's doing it, that would be a world of difference.

Couldn't agree more. I'm thinking there MUST be a way to capture the data and export it out. So the mission / server is WATCHED for commands sent to/from via clients and then written to a log. It would have to be done by a mod obviously and use something like JArma2Lib to gain data export capability.

[KeyCat 131]

Most peoplel know what web site I am talking about , they devote thier entire game play to destorying games for others.

This is what I really don't understand?

It truly must be some kind of mental dissorder and I hope these kidz get some professional help since it must be an awfull state of mind to be in.

Probably most will "snap out of it" when growing a bit older and getting laid but unfortunately I'm pretty sure some of them are well beyond their teen age!

/KC

Edited August 2, 2010 by KeyCat

[xPaveway 10]

Insulting them doesn't help. They watch these forums and love it when people get pissed off :D

[KeyCat 131]

Was not intended as an insult and if someone take it in such way it may be part of their underlaying issues!

Just speaking my mind and as I said I can't really understand this behavior even if I try to but OTOH there are lot's of other things I don't understand...

PS: I get the "attention" part but it can't be that simple!?

/KC

Edited August 2, 2010 by KeyCat