People Hacking the Server? How can we Tell?

[Sekra 10]

Having a system where you could track which clients use what scripting commands in the game is really not a viable option in any way since for instance in missions like Domination a part of the spawning is done on the clients locally, so you would quickly end up with hundreds, maybe thousands of lines of logs of running a command and trying to figure out who is spawning stuff by cheating could and probably would be impossible from that.

The security systems of the game need to be enhanced to the 20th century in more than just the anti-hacking parts too. Addon makers need more protection for their models for example. I do not know how to make things better, but obviously we can all agree that the current system has / is failing and is not doing the job it is intended; it's starting to become like DRM systems, the ones being legit get more trouble from it than it is preventing the abuse.

[terox 316]

This is what I really don't understand?

It truly must be some kind of mental dissorder and I hope these kidz get some professional help since it must be an awfull state of mind to be in

/KC

I couldnt disagree with you more.

I hope they dont get help, I hope they dont lve long enough to enjoy the virtues of maturity and i hope they live the rest of their lives as they do now with those who are close to them showing little if any interest in them. This isnt because i am frustrated by their efforts its simply because they mean nothing to me, no more than if it was a fly in my kitchen. It wont live long and it feeds of crap and it's children are fed to fish:-)

Cant think of a better more fitting lifecycle for them.

Edited August 2, 2010 by Terox

[shadowze 1]

Yeah , who knows what goes through the mind of cheaters

We have even seen people we are supposed to know and trust do it

when playing PvP within a clan , usually some sort of invisible hack so

you cant shoot them , its sad really :(

[qwertz 10]

We should stop discussing this here or in any other public forum. Any attention just feeds those guys.

[Pain0815 10]

Just dont allow addons without keys...

[xPaveway 10]

Just dont allow addons without keys...

This is NOT the solution. As said before, it's possible to bypass BE and sig. verification.

---------- Post added at 04:31 PM ---------- Previous post was at 04:25 PM ----------

Having a system where you could track which clients use what scripting commands in the game is really not a viable option in any way since for instance in missions like Domination a part of the spawning is done on the clients locally, so you would quickly end up with hundreds, maybe thousands of lines of logs of running a command and trying to figure out who is spawning stuff by cheating could and probably would be impossible from that.

If the mission is made properly, there really won't be a lot of spawning from the clients. I know that Domi does use locally spawned ammo boxes, but respawning of vehicles and whatnot is handled by the server (and should be for any good map).

I'm not sure why you think createVehicle is constantly spammed by clients. Even if createVehicle was legitimately being used by local clients, you should be able to search through the log looking for people spawning "Bo_GBU_12" or whatever it is. The griefing scripts usually spawn thousands of objects in a very short amount of time. The objects are not typical and would easily stick out, when you see a log with a whole block of like 5000 lines of createVehicle GBU etc...

[Pain0815 10]

On our server there is such a restriction, and we never got any signs of cheating you mentioned here.

Then those hacks are maybe no self written addons, hope for battleeye then...

[walker 0]

Hi all

Time to close this thread?

It serves little purpose and the actual method has been closed with BE being uped to admin status.

Kind Regards walker

[Pulverizer 1]

Domination a part of the spawning is done on the clients locally, so you would quickly end up with hundreds, maybe thousands of lines of logs of running a command and trying to figure out who is spawning stuff by cheating could and probably would be impossible from that.

Impossible my sweet black arse.

A simple fifo buffer, some regexp filtering and a tiny bit of scripting would solve all those problem very easily. Just like everyone probably already do with the -netlog option which generates a lot of mostly useless information.

Even just keeping the output on a console screen would be useful on a server that has admins online all the time. See bombs raining? Alt+tab, check the last few lines from remote desktop or ssh shell and IP, BE and player ID ban the sucker on the spot.

---------- Post added at 06:25 PM ---------- Previous post was at 06:19 PM ----------

Time to close this thread?

Brushing problems under carpet and going "la la la la la" doesn't solve problems.

[SnR 1]

+1 to that:)

[$able 2]

Hi all

Time to close this thread?

It serves little purpose and the actual method has been closed with BE being uped to admin status.

Kind Regards walker

Why close it? Discussion about such an important topic should be welcomed IMO.

And no, the recent BE update doesn't prevent the bypassing of signature checks.

I can however tell everyone here that I am working on solutions to this problem, even though BE isn't specifically designed to detect script hacks.

[Gunnarmarine 10]

well we were playing warfare and some haxor got on it. screen turned black and a message appeared saying you got pwnd frs muhahahahaha. then the server shut down -_-

[qwertz 10]

Any form of public discussion about hackers (including case reports, venting, calling names) and the public discussion of countermeasures is counterproductive, as this is a primary goal for hackers in their unique psychology - getting attention and pissing off people. They live off these posts and collect them as trophy. And announcing / discussing countermeasures just triggers their destructive instinct in this arms race. This should happen behind closed doors.

Maybe we can organize some closed forum for server admins and BIS/BE devs on a invitation only basis ?

Edited August 6, 2010 by qwertz

[Sekra 10]

What I was trying to point out is that youre trying to cure the "symptom" and letting the "disease" live. Okay lets say they implement a log system for createvehicle. Next they will start using setdamage. Then setpos. Then like Gunnarmarine already tells theyre using other stuff too. What needs to be cured is the possibility to bypass the signatures. After that is fixed and allowing unsigned addons on your server it is only your own fault.

Then again you talk about "good" missions and I assume you mean technically well made missions. Then there are missions that are not that well made and I don't want to get banned from a server if someone makes a bad script in their mission.

[$able 2]

Any form of public discussion about hackers (including case reports, venting, calling names) and the public discussion of countermeasures is counterproductive, as this is the primary goal for hackers in their unique psychology - getting attention and pissing off people. They live off these posts and collect them as trophy. And any newly announced or publicly discussed countermeasure just triggers their destructive instinct. This should happen behind closed doors.

Maybe we can organize some closed forum for server admins and BIS/BE devs on a invitation only basis ?

I disagree. Sweeping problems under the rug doesn't help anyone. If there is need for such discussion, and obviously there is, it should be allowed as long as it stays constructive.

I don't really care about what the cheaters think. Let them collect these posts as trophy, so what? If the discussion remains serious and civilized, they haven't reached their goal IMO.

Besides, rest assured that I will not talk about the exact countermeasures I am working on. ;)

---------- Post added at 21:03 ---------- Previous post was at 20:48 ----------

What needs to be cured is the possibility to bypass the signatures. After that is fixed and allowing unsigned addons on your server it is only your own fault.

Technically not possible since everything running on a client can be hacked. It's not some bug/exploit that allows them to bypass signature checks, they really hack their game client.

This happens before BE is even loaded and could even be done as soon as the game is starting. The possibilities are endless.

[xPaveway 10]

Any form of public discussion about hackers (including case reports, venting, calling names) and the public discussion of countermeasures is counterproductive, as this is the primary goal for hackers in their unique psychology - getting attention and pissing off people. They live off these posts and collect them as trophy. And any newly announced or publicly discussed countermeasure just triggers their destructive instinct. This should happen behind closed doors.

Maybe we can organize some closed forum for server admins and BIS/BE devs on a invitation only basis ?

We need somewhere to discuss it, while I agree discussing the specifics of countermeasures in public is a big no-no, there isn't a lot of information about tools that admins can use to try and combat this stuff. The only thing we get is: run Sig Verification and BE, problem solved!

Well it's clearly NOT problem solved, so we need some sort of outlet (private would be nice) to try and work on this problem. I don't know much about the BE dev, is it just a one man show over there?

At any rate, the purpose of the thread initially was to understand if indeed we were experiencing hackers and if there are any other tools out there to help admins determine who's doing what. I think the main thing we need to get across to BIS is that we really need to start cracking down and implementing better admin tools for, at the very least, seeing who is doing what to the server.

I think that the (already small) multiplier community that this game has could be much larger if we had proper administration tools and controls.

---------- Post added at 07:17 PM ---------- Previous post was at 07:05 PM ----------

What I was trying to point out is that youre trying to cure the "symptom" and letting the "disease" live.

And how are you going to cure the disease? The only real way to cure the "disease" is to either 1. Stop the griefers' drive 2. Rework the game engine for more security.

SignatureVerification was a good step, but it's obviously not enough. BE attempts to help with this, but I would consider BE an attempt to cure the "symptom" as you put it, since really it's on BIS for core engine changes.

Okay lets say they implement a log system for createvehicle. Next they will start using setdamage. Then setpos. Then like Gunnarmarine already tells theyre using other stuff too.

Perhaps you are unaware of this, but it's a perpetual game of cat and mouse. For any game or piece of software out there, there WILL be people that will hack it and crack it, it's just the reality of life. Hacks and cracks continually evolve, and so must the countermeasures, it will never be "done".

I think ANYTHING is a step in the right direction. Even if it's very small, such as logging createVehicle, but it will have to be able to eventually log other things etc. I'm not talking about a one stop solution to the problem.

---------- Post added at 07:19 PM ---------- Previous post was at 07:17 PM ----------

On another note: Hell I would love to submit information to BE to aid them in preventing this stuff, but I don't really have any information I can gather from the server that would be useful.

[walker 0]

Hi all

Perhaps the best place to discuss this is in the BattlEye thread.

Kind regards Walker

[Pulverizer 1]

At least it would be a lot less funny for them if they couldn't anymore spawn whatever objects, bombs, vehicles or soldiers they please with no fear of getting caught. And it would probably be relatively easy to make such logging options.

The real problem is that a cheater could make an innocent player look quilty by making his client send the commands (the same way they run the text commands etc on your client), so admins who don't understand the scripting too well might ban wrong people.

[terox 316]

Having a restricted accesw to a Server Admin forum would be very useful for this and other issues. However how secure could that be, who would police membership etc.

I believe $able or B.I is the answer here. If one individual server was to implement some anti hack code instead of being done server wide, then that particular server would be targetted even moreso just because of the challenge

[brit~XR 0]

Not much battleye can do when its designed to detect memory hacks and not pbo hacks. I was told today we had a pbo hacker that bypassed signature checks but we caught him and guid banned him. Was also using proxy ip.

Type of hack he was using.

Banning players.

Blackening there screen and spawning crap

[$able 2]

Not much battleye can do when its designed to detect memory hacks and not pbo hacks.

Read this:

I can however tell everyone here that I am working on solutions to this problem, even though BE isn't specifically designed to detect script hacks.

[brit~XR 0]

Read this:

Sorry i missed of missed that post :)

[polar bear 10]

Signature checking and cheat detection only goes so far. The admins need to have enough information about what's going to to ban cheaters. Ideally there would be some sort of event log associated with Arma that would reveal key events and associated them with players?

[SoggyMilk 10]

It's been said before.....

But if people can bypass BattlEye and SigChecks, then they can do whatever they want to your server.

Also.... People don't have to HAVE the game in order to bomb your server, they just have to be able to communicate with your server.

Fighting these guys is hard. Indeed... I doubt we'll EVER see the end of hackers, because to them, this is fun. This is their hobby, not their bread and butter. And the only time that we'll see the end of cheating is when they're tired of doing it.

Which is unlikely to happen.

Which is why I don't really play FPS's on the PC all that much. I just play that crap on the Consoles, where it's much harder to hack.

*shrug*

Back to work fer me!

BTW:

The only thing that I've seen that makes them put in a LITTLE extra effort than to what they've already done to bypass BE and SIGCHECKS would be for someone to Monitor Scripts Being called on the server. Figure out what scripts are being used, and then when they're called up, GUID ban the person using BattleEye. They'll be able to bypass the GUID ban again, but it'll buy you some time. But keep in mind, that the experience hackers on the scene know how to change their GUID's.

So I think it's up to Bohemia to implement some OTHER kind of method to use in conjunction with GUID for banning people. Serial numbers on hardware components can be spoofed at the drop of a hat. Instead, find a way to lock the game up when the game senses something injecting/hooking into the EXE of the game. In essense..... Just make the game un-f*cked-with-able.

But hey, without hackers, and devs always trying to 1-UP each other, things wouldn't be where they are now. A little competition is allright in my books. I can't wait to see what both these guys come up w/ next.

Hackers: "HA! I pwned your systems!"

Devs: "Take... THAT! Now you can't do it anymore!"

Hackers: "POW! Bypassed your update!"

And it keeps on happening over, and over, and over again.

Guys, in order to keep the hacking of the game on a smaller level than what it already is, don't give the other guys the fortune of hearing you complain about them, or even try to challenge them outright. When you try to challenge them, that's when they get riled up, and start to think of the challenge..... as a challenge. And I have yet to meet an amateur hacker that won't step up to a challenge simply because of the security that the internet brings. They'll want to prove something when they sense that you're talking smack to them, and then that's when the rampages start. And thy don't fear reprisals simply because it's the internet! They stay anonymous! There's nothing out there that can find them and try to harm them for hacking on a game.

A professional hacker, well the ones I've seen, they don't really do it all the time. They spend most of their time making hacks for popular games, and won't waste their time on a game that only has a couple hundred people playing it a night.... They've got better things to do w/ their time, I.E. trying to defeat SpunkRuster so that their hacks can get more popularity, and in turn, more customers, and in turn, more money lining their pockets.

Anyway, I'm talking too much. My own personal beliefs are coming into play.

Good luck to the Devs, and to the hackers that are looking at this thread, Can't wait to see what you come up w/ next when the Devs pull a trick card out of their butts!

Edited August 5, 2010 by SoggyMilk

[Spudeater 0]

SoggyMilk...

That "Community" is having it's yearly World Teamkill Championship contest and it would seem from the start of this thread untill the next 5 more days that those who play this game are going to be out to earn some lame prize.

They are also talking about what you said above,that people don't need a game installed to raise cain on a server.

The worst part is they started a thread today and one member wants to have the admin OK his program that bypass's BI Sig/BE/BI keys-id and BE GUID...and can make anyone the server admin or kick/ban the real admin!