Server being hacked - admin rights overruled

[gossamersolid 155]

Hi all

In the case of some one altering data on your server without permission, then that is a crime in most western countries. Contact your the police computer crimes department and your Server host provider to tell them to refer it to the police.

Kind Regards walker

Guys are most likely running through proxies so they would be near impossible to catch. That's the bad thing about the internet. If you want to stay anonymous, you will be able to.

[AThousandD 10]

But hey, it's also the good thing about the internet!

[$able 2]

Dont bother banning them with the game engine ban system, use the battleye system it's more robust and takes a bit more effort for them to bypass it.

[...]

• Use the Rcon application to administer your server
  

In fact, there hasn't been a single proof the BE GUID can be hacked (other than changing the cd-key). If the server-side GameSpy cd-key checking is done right and a non-existent cd-key causes a direct disconnect, it is secure.

And yes, only using BE RCon and disabling the in-game admin system could prevent the admin hijacking (I haven't checked yet).

[MJK-Ranger 0]

In fact, there hasn't been a single proof the BE GUID can be hacked (other than changing the cd-key). If the server-side GameSpy cd-key checking is done right and a non-existent cd-key causes a direct disconnect, it is secure.

And yes, only using BE RCon and disabling the in-game admin system could prevent the admin hijacking (I haven't checked yet).

How do i "disable the in-game admin system" ?

[walker 0]

Guys are most likely running through proxies so they would be near impossible to catch. That's the bad thing about the internet. If you want to stay anonymous, you will be able to.

Err no

A single proxy is not enough to protect you. Plus a significant number of proxies are fake, many keep logs as required by the government of the country they are in and some of them are even honey pots to catch the unwary. Many Proxy servers actually sign the data as sent through a proxy server alerting your Internet Service Provider to the fact you are using one and certainly sitting on their required by law log for the probable 5 years in the case of anyone wanting an easy search phrase; for when you thought you were doing something naughty. Frankly using a proxy is like sticking a sign on your self saying I am up to something naughty!

On another note how are they sending game data through a proxy? Only a limited number of Proxy servers allow this and most are known. If you are just using an http proxy you are dumber than an amoeba.

Plus you have the new and frightening problem of MAC address direct Geo location. Where the router closest to your computer is interrogated, then linked to the Google database.

Kind regards walker

Edited August 8, 2010 by walker

[$able 2]

How do i "disable the in-game admin system" ?

Remove the admin password from your server config.

I am not sure if this actually prevents the admin hack though.

[MJK-Ranger 0]

You can allways use the free PeerBlock 1.0+ (r404) and add proxy lists from www.iblocklist.com/lists.php

I use that little app + i have added other lists to, so now i'm blocking 1.001.517.869 IP's :p

Make sure you run PeerBlock on your ArmA 2 server :)

[walker 0]

You can allways use the free PeerBlock 1.0+ (r404) and add proxy lists from www.iblocklist.com/lists.php

I use that little app + i have added other lists to, so now i'm blocking 1.001.517.869 IP's :p

Make sure you run PeerBlock on your ArmA 2 server :)

Hi MJK-Ranger

Good simple solution.

Kind Regards walker

[MJK-Ranger 0]

Hi MJK-Ranger

Good simple solution.

Kind Regards walker

At this moment i use list:

Default Lists: (That are included in PeerBlock)

P2P

Spyware

Adverting

Education

Own added lists: (from http://iblocklist.com/lists.php )

Hacker

Proxy

Have been using this program for a long time now, and no problem.

You can make your own list too to add IP's.

Download from here:

http://peerblock.googlecode.com/files/PeerBlock-Setup_v1.0%2B_r404.exe

Homepage:

http://www.peerblock.com/

Edited August 8, 2010 by MJK-Ranger

[walker 0]

Hi all

Thought I had better repeat this as I was adding stuff too it not realising the thread had updated.

Guys are most likely running through proxies so they would be near impossible to catch. That's the bad thing about the internet. If you want to stay anonymous, you will be able to.

Err no

A single proxy is not enough to protect you. And chaining proxies can as easy mean you are just increasing the number of places you are leaving a track on. Using a proxy properly is a very fine art, and frankly the script kiddy numpties who grief know nothing about it. Most will be using an HTTP proxy I kid you not.

Plus a significant number of proxies are fake, many keep logs as required by the government of the country they are in and some of them are even honey pots to catch the unwary.

Many Proxy servers actually sign the data as sent through a proxy server alerting your Internet Service Provider (ISP) to the fact you are using one and certainly sitting on their required by law log for the probable 5 years in the case of anyone wanting an easy search phrase; for the times when you thought you were doing something naughty.

All proxy servers come with an attached IP hense how MJK-Ranger's suggestion works.

It also tells your ISP your were using them and since they are listed so you can find them, every ISP knows them, as they are added to the lists MJK-Ranger just pointed too, and every ISP admin gets those lists on automatic update, as I worked for an ISP I know.

Frankly using a proxy is like sticking a sign on your self saying I am up to something naughty! In some countries often by law it is likely to cause your ISP to stick you on their intercepting proxy for a special looksee by your countries police. I think some people would be surprised that it is in the law of their western country to do this, particularly where traffic crosses borders.

On another note how are they sending game data through a proxy? Only a limited number of Proxy servers allow this and most are known.

Plus you have the new and frightening problem of MAC address direct Geolocation. Where the router closest to your computer is interrogated, then linked to the Google database.

Kind regards walker

Edited August 8, 2010 by walker

[b00tsy 28]

B00tsy, I think that sliding around on respawn is just a bug, possibly the last movement you did before dying. I and mates have experienced it, b ut just double the tap the directional movement key you are stuck in.

Ahh okies that makes sence, I usually die when trying to run for cover lol. Till now I just reconnected when that happened, will try your suggestion next time.

[_Hurricane 0]

Can all players on the server be affected by the hacker?

To get back on this: yes, they can:

- make you say things in chat

- make you do certain moves (they made me do push-ups)

- kill you

- teleport you

- make you fly

- execute code on your character

- ...

And this is only 1 of 12 main parts of the hack..

However, I read that BattlEye has been updated and that the hack is now having trouble getting through. I'm afraid, though, this won't be for long..

Edited August 8, 2010 by _Hurricane

[Rustydog 10]

I am getting quite a few gamehack#3 kicks . Seems like the only ones joining servers now are hackers.

[SnR 1]

Same here, alot of them unfortunately are also wearing clan tags. Of course all are high pingers from OS.

[zyklone 1]

The easiest method to avoid the takeover of admin commands is to just log out and use the BE rcon to ban/kick people.

The kicking / banning is done by forcing the admin to use the serverCommand function.

This can only be used if someone is logged in as admin.

[brit~XR 0]

The easiest method to avoid the takeover of admin commands is to just log out and use the BE rcon to ban/kick people.

The kicking / banning is done by forcing the admin to use the serverCommand function.

This can only be used if someone is logged in as admin.

Yep i can confirm that. We been doing this for days sence benny warned all xr admins not to login because of the reasons you stated above

Edited August 9, 2010 by brit~XR

[Spayker 10]

Sorry for noob question, but what is BE rcon?

[$able 2]

Sorry for noob question, but what is BE rcon?

http://forums.bistudio.com/showthread.php?t=95454

Btw, I advise everyone to check their server logs for BE GameHack kicks and permanently ban the violating players' BE GUIDs.

[Rustydog 10]

I was able to be banned from my server and was not logged as a admin.

Good thing was I was a running a mission just to test server load and I got about five of these idiots banned.

---------- Post added at 06:36 PM ---------- Previous post was at 06:13 PM ----------

found a couple of quick fixes for this at least the banning part .

you have to use Battleye bans only .

I think the best way to deal with this is a master ban list on battleye . You can add your own banns but anyone caught with a hack gets banned from every BE server .

all Ive gotten the last few days is hackers or stupid kids running that hack .

[Spayker 10]

I think the best way to deal with this is a master ban list on battleye . You can add your own banns but anyone caught with a hack gets banned from every BE server .

Really, awesome idea to ban these bastards. What about to create some thread on this forum. In this thread every admin may left banned ID's or GUID's from his server log?

[SoggyMilk 10]

One thing I don't like about that, is that if some Admin decides to be a douche and ban someone simply because he doesn't like him, that if it streams to BE, then BE would ban that player from every BE Enabled server.....

OR maybe I'm understanding that wrong?

[$able 2]

One thing I don't like about that, is that if some Admin decides to be a douche and ban someone simply because he doesn't like him, that if it streams to BE, then BE would ban that player from every BE Enabled server.....

OR maybe I'm understanding that wrong?

Right, that's why there are no central BE global bans.

What you describe can be done with any ban system, and even something like PunkBuster is no exception - I have done research on that in the past. Almost no one in anti-cheat communities ever considers that, but simple logic proves this problem.

[_Hurricane 0]

Most likely it's also against privacy laws.

[$able 2]

Most likely it's also against privacy laws.

I don't think a GUID being generated and used on the server violates privacy.

There are lots of anti-cheat communities with centralized ban lists and there is nothing wrong about it. Just keep in mind that they could always be manipulated.

[terox 316]

@$able.

I fully agree with you about consistency of quality where a server admin could manually add a player to a public banlist for anything but the right reasons.

I do think there is a strong argument however for an automatically generated public banlist by Battleye itself. This list would not include ID's added to it by the server admin.

A server admin would however have the option to toggle On or Off using the Automated public banlist to populate his servers blacklist.

This I think would be a welcomed feature especially under the present circumstances