_Hurricane 0 Posted August 7, 2010 Recently our servers (TV2) have been victim of hacking. Not just the ordinary cheating, but really overruling admin rights. I was logged in as official admin (*Admin* behind my nick). Suddenly my character started doing push-ups. Right after that I got banned (no I did not ban myself) and the server was shutdown. It seems like a hacker took over the server, possibly via some kind of remote control. The required config for Rcon is not on our server, so it shouldn't be possible to use it. What happened, and what can we do about it. This is a major issue. Share this post Link to post Share on other sites
gossamersolid 155 Posted August 7, 2010 Stupid question, but do you have signed addons only on? Also maybe one of those addons has been compromised? I'm not sure, just trying to think of what would cause this. Share this post Link to post Share on other sites
_Hurricane 0 Posted August 7, 2010 We have only signed addons. They are: OA Expansion VopSound RH Heli sound mod TR Tracked Vehicles EliasSound Share this post Link to post Share on other sites
hund 0 Posted August 7, 2010 (edited) Sounds suspiciously like an addon I saw on a less-than-honest forum. The trouble these people will go through just to cause grief continually astonishes me. I mean running around being a bit of a wanker I can understand, but actually making a whole addon with dialogs and crap, that is just sad. Edited August 7, 2010 by Hund Share this post Link to post Share on other sites
_Hurricane 0 Posted August 7, 2010 I guess I found the program that does it all too. Any BIS official can send me PM when working on this. I will give you a link. Share this post Link to post Share on other sites
Dwarden 1125 Posted August 7, 2010 everyone knows about it ... only what I can for now suggest You is to password lock Your servers Share this post Link to post Share on other sites
_Hurricane 0 Posted August 7, 2010 Not really the solution what I was hoping for. Is BIS working on this? Share this post Link to post Share on other sites
$able 2 Posted August 7, 2010 I guess I found the program that does it all too.Any BIS official can send me PM when working on this. I will give you a link. I know about it. Long-term this has to be fixed in the game engine, it's definitely a very bad exploit that you can take over other players' control and even issue admin commands without logging in. And no, this is not related to BE RCon, these hacks use the game's own admin interface. Share this post Link to post Share on other sites
Sim.M 48 Posted August 7, 2010 So the big question here is; What is BIS doing to fix this? I don't even bother looking at the hacks, they disgust me, but I want to hear what is being done to stop this. Otherwise we're all going to be passwording our servers and locking out pubbers, which would hurt BIS's bottom line I'm sure. Share this post Link to post Share on other sites
Rustydog 10 Posted August 7, 2010 Stupid question, but do you have signed addons only on?Also maybe one of those addons has been compromised? I'm not sure, just trying to think of what would cause this. Signed addons do not stop this as they are able to spoof any addon allowed by the server. its going to be a fun couple of days untill the kids get bored . passwording the server , having a site to sign up on to play is going to be the norm for arma2/AO. has BIS thought about only having addons that run server side. Share this post Link to post Share on other sites
Pauldarrington 9 Posted August 7, 2010 Well i went and had a read of this proclaimed hack and its looks like a bad thing is heading our way soon and with a so called "competition" its only gonna get worse for ALL unprotected servers. My suggestion is password your server until either the kids get bored or bis or someone can stop it from getting past BE or Sigchecking Share this post Link to post Share on other sites
CarlGustaffa 4 Posted August 7, 2010 Can they be identified by IP? So as to block them from connecting in the first place? Pass protect everything is death to public servers - not fun, not fun at all... Share this post Link to post Share on other sites
gossamersolid 155 Posted August 7, 2010 So we all have to password our servers... Might as well just turn them off instead as nobody will be able to get into them Share this post Link to post Share on other sites
Dwarden 1125 Posted August 7, 2010 So we all have to password our servers... Might as well just turn them off instead as nobody will be able to get into them and what other answer You want hear in middle of weekend's night ? i gave simple advice what You can do now, nothing more or less and yes it's then obvious we noticed ...FPDR Share this post Link to post Share on other sites
BigMorgan 11 Posted August 7, 2010 ...and the popular servers will likely give out their PW to enough people that their games could be ruined anyway. So the only solution proposed is not a solution at all (no offense personally, Dwarden). I hope this is #1 on the priority list for the BIS devs right now. Share this post Link to post Share on other sites
SWAT_BigBear 0 Posted August 8, 2010 We kept our ArmA1 server locked due to this. I have no probs with locking again. Though, all servers Gamespy name should give added, for info to join. Share this post Link to post Share on other sites
eddie247 10 Posted August 8, 2010 (edited) Our server has been hacked 5 times in 2 weeks that i know of. Carpet bombs in perfect squares, a10's, apaches and SCUDS in warfare spawning , real time writing printed and changed in the middle of the screen, admin ban leaving ban.txt in server file manager. we ahve had ppl try to enter and kicked for gamehack #18 (and # 22 i think it was). server has only been up a few weeks so we don't have a huge amount of regulars in a community yet so for us passwording seems out of the question atm. I too hope this is sorted soon as this whole day has been trashed by hackers, 3 games closed. If there is a way to install software into the server for IP info that could be useful potentially, but really these problems require addressing. We are not running any addons, just plain OA with fairly new beta patch and it has been mostly warfare that has been hacked as that has been played the most but many games have crashed but i put that down to instability due to my noobish parameter settings but who knows... Edited August 8, 2010 by eddie247 Share this post Link to post Share on other sites
SWAT_BigBear 0 Posted August 8, 2010 server has only been up a few weeks so we don't have a huge amount of regulars in a community yet so for us passwording seems out of the question atm. What's more fun? Enjoying the game, or...... Our server has been hacked Share this post Link to post Share on other sites
-AIGB-~Steiner 10 Posted August 8, 2010 The [AIGB] Servers are all locked now, following the advise from Dwarden. I am sure BI will work on that Issue to give us the possibility to open the Servers again. I wrote a news in our Forum, how non Members are able to get the PW. This will be possible after registering at our Forum and writing a P.N to me providing the Player ID. Maybe this is one way to keep control over who is joining our Servers. I know it´s not a good one, but it´s the only Idea I had by now. Greetz, Share this post Link to post Share on other sites
b00tsy 28 Posted August 8, 2010 Can all players on the server be affected by the hacker? The last 2 weeks when I played online I had some moments (mostly after a respawn) that my character started moving sideways and backwards while I was trying to go(forward) to the ammo box, that was really weird and annoying. Thought till now that it was a bug or something. Share this post Link to post Share on other sites
Jack_Ryan_ 10 Posted August 8, 2010 B00tsy, I think that sliding around on respawn is just a bug, possibly the last movement you did before dying. I and mates have experienced it, b ut just double the tap the directional movement key you are stuck in. Share this post Link to post Share on other sites
terox 316 Posted August 8, 2010 Just to clarify some points here. Carrying out any or all of the following precautions WILL NOT defend from these hacks i.e Running with sig verification on Running with battleye "ON" Not running or allowing any additional addons The hack is written by an experienced coder, the "children" of their community learn through trial and error in most cases how to run the hack. Sometimes they screw it up and you can catch them and ban them. Dont bother banning them with the game engine ban system, use the battleye system it's more robust and takes a bit more effort for them to bypass it. If the admin is on the ball and watching his logs and whatever other monitoring system he may want to apply, he may get lucky and spot them. What they can do with the server depends on the addon that they are loading with the hack. Any client is a target For now your options are Use the Rcon application to administer your server Password your server. Wait for BIS to patch this Share this post Link to post Share on other sites
rexehuk 16 Posted August 8, 2010 We could get together and run a honeypot server... 20 or so people authorised there, anyone else joins and hacks begins they get BEYE banned. I know id be happy to set one up. Share this post Link to post Share on other sites
terox 316 Posted August 8, 2010 We could get together and run a honeypot server... 20 or so people authorised there, anyone else joins and hacks begins they get BEYE banned. I know id be happy to set one up. Now if that had been done via a pm to a selection of trusted players that may have been fun to do Share this post Link to post Share on other sites
walker 0 Posted August 8, 2010 (edited) Hi all In the case of some one altering data on your server without permission, then that is a crime in most western countries. Contact your countries police computer crimes department and your Server host provider to tell them to refer it to the police. Kind Regards walker Edited August 8, 2010 by walker Share this post Link to post Share on other sites
