Server being hacked - admin rights overruled

[xPaveway 10]

Ban BE GUID?

Yeah but we can't tell who is spawning stuff. We can't just randomly hand out bans.

[$able 2]

Yeah but we can't tell who is spawning stuff. We can't just randomly hand out bans.

I didn't say that. I just said that you should ban BE GUIDs instead of PIDs.

[_Hurricane 0]

Waiting for next official patch and not allowing any addon and mods including betas?!

Was'nt this done on TV2 Server once before...how did it work out?

They will still be able to use the hack as it spoofs an official BIS addon-key (genuine game content).

[Rustydog 10]

I just cancled my server with my server provider. This is too much .

Yes Battleye is catching somethings , But even with not allowing addons the server is being hit by hackers like crazy. They fill up slots with ai to keep players out , spawn what ever they want when ever the want .

And then to make things worse I was sitting on the server when all 30 players where banned by battleye for game hack 3. Everyone even my self.

last straw , BIS needs to get this game fixed and put some real protection in .

[$able 2]

I just cancled my server with my server provider. This is too much .

Yes Battleye is catching somethings , But even with not allowing addons the server is being hit by hackers like crazy. They fill up slots with ai to keep players out , spawn what ever they want when ever the want .

And then to make things worse I was sitting on the server when all 30 players where banned by battleye for game hack 3. Everyone even my self.

last straw , BIS needs to get this game fixed and put some real protection in .

Sorry for this. Keep in mind that I and BIS are working on improving the situation though.

Also, I will probably disable the "#beserver [command]" feature until BIS fixes the admin hijacking. Then it will no longer be possible to kick/ban players on behalf of BattlEye. Btw, I suppose someone was logged in as admin when that happened?

Edited August 13, 2010 by $able

[Rustydog 10]

No I make sure that I never log in as admin.

It dont matter admin logged in or not . I was logged via the remote con though.

There where people spwaning things at will and filling up slots with AI untill no one could join . Then after a restart about 20 mins all heck broke loose

[$able 2]

No I make sure that I never log in as admin.

It dont matter admin logged in or not . I was logged via the remote con though.

There where people spwaning things at will and filling up slots with AI untill no one could join . Then after a restart about 20 mins all heck broke loose

Maybe another player was logged in as admin? I am only talking about the admin hijacking stuff here though.

[Rexxenexx 0]

$able did you get to read my post #75 on page 8 of this thread? I think it would be worth a try if possible. It won't totally stop hacks but it still would be a useful tool.

[Rustydog 10]

Maybe another player was logged in as admin? I am only talking about the admin hijacking stuff here though.

Nope I had voteing disabled and was the only one with the password.

I would also see player so and so gui # kicked game hack 3 :same player would come right on with darky.pbo sig wrong . get auto kicked and then log in again and start spawning stuff.

anyway untill this gets fixed the game is totaly messed up.

Edited August 13, 2010 by Rustydog

[$able 2]

$able did you get to read my post #75 on page 8 of this thread? I think it would be worth a try if possible. It won't totally stop hacks but it still would be a useful tool.

Yes, sorry, I actually wanted to answer.

But no, it's not possible for BE to see game/PID bans. Regarding BE bans, as I said, I will disable "#beserver [command]" (which allows to send commands to the BE Server when logged in as admin) so it's only possible to ban via BE RCon, which cannot be hijacked by hackers.

[igr 10]

Wouldn't "MaxCustomFileSize=0;" in the Arma2.cfg stop the hackers from joining? Or at least stop them from running the dreaded .pbo?

[Rexxenexx 0]

I think MaxCustomFileSize is for stuff like sound folder and face texture files right? Like profile addons I think right!?

But no, it's not possible for BE to see game/PID bans.

I mean like: To have the real admin protected; the server admin would have to find out his BE ID and copy paste it into a text file in the BE server directory. Then BE automatically protects that player from being kicked from the server.

EDIT: OOooh OK I gotcha, man this is a tough one. I guess maybe BIS should think of a PID file to put in the server folder instead? Only thing I can think of just protecting the real admin from being kicked. Maybe just a setting in the server.cfg like high-admin=[PID];

[cross 1]

Wouldn't "MaxCustomFileSize=0;" in the Arma2.cfg stop the hackers from joining? Or at least stop them from running the dreaded .pbo?

It does...

So does breaking a pencil in half, standing up and doing a 360 turn.

Knocking your mouse 4 times on your pad seem to work too.

Playing on Expert stop them as well..

And lastly, skillHacker=0; definitely stops them

:rolleyes:

[terox 316]

It does...

So does breaking a pencil in half, standing up and doing a 360 turn.

Knocking your mouse 4 times on your pad seem to work too.

Playing on Expert stop them as well..

And lastly, skillHacker=0; definitely stops them

:rolleyes:

I can't help but laugh Cross but the poor guy doesnt understand how they are doing it and he's probably a server admin who is having his gaming experience wrecked.

@ igR. I very much doubt it m8. They basically intercept comms from the server and respond to those comms misleading the server that their addon is infact another addon that the server allows.

They also spoof their ingame UID and obviously make up some game name as well.

$able then recodes Battleye to look for conditions that their hack causes and then implements a ban.

They then rework the way the addon is implemented or change some content to bypass this check

and then $able rewrites code to intercept them.

And round and round we go

How does it stop?

Well

1. Once one of these idiots changes data on the server for example and the admin is capable of tracking those changes and proving who did it, then the law can be called in, because that is illegal. This has repercussions for the website that host these exploits, their members etc. If this occurs then they will back off for awhile
   
2. Or if they get bored
   
3. Or if they start spruting pubic hair and lose their virginity. (Hopefully to a big dude in a public toilet against their will)
   
4. Or the brains behind the coding stop releasing the hacks
   
5. Or slowly but surely the kids who exploit these hacks get banned as an updated Battleye catches them out and their keygen stops working or they get fed up of actually re-buying the game
   

Edited August 14, 2010 by Terox

[Dwarden 1125]

disable ingame voting using

voteThreshold 1.10;

voteMissionPlayers=255;

and disable ingame admin system (admin password empty)

use only BattlEye's RCON administration

[walker 0]

Hi all

If they are altering data on a server they are breaking the law, eg altering passwords. Stealing a password is also against the law. It is a crime pure and simple. Contact the police in your country, they have the resources to trace who is doing it, it is free! You do not need a lawyer to do it. You just report the crime.

At least one member of the ArmA community already did this and the police went after the criminal.

He just followed this link to the US Cyber crime website.

http://www.ic3.gov/

In the UK you can use this link.

http://www.ceop.police.uk/reportabuse/

In the Holland it would be this link

http://www.meldpuntcybercrime.nl/english_information.html

Interpol also has a link

http://www.interpol.int/

Google seach for "Cyber crime police" in your mother tongue to find your own countries Cyber crime reporting site.

Virtually every country in the world has laws that make unauthorised changing of data on someone elses server a crime! Just use this link to find your country to find the relevant law to quote to your police service.

http://www.cybercrimelaw.net/Cybercrimelaw.html

Kind Regards walker

Edited August 14, 2010 by walker

[Rustydog 10]

disable ingame voting using

voteThreshold 1.10;

voteMissionPlayers=255;

and disable ingame admin system (admin password empty)

use only BattlEye's RCON administration

None of thouse settings will stop the attack . Even having no admin account and voting turned way up it still happens.

checking for sigs kind of works but Ive seen the same person come right after BIS kicks for sig check and gets in and starts trouble.

there is a MAJOR flaw in the way BIS handles things in game.

I am done with trying to host untill things get fixed

[Crowe 0]

Can the netlog file help here? Perhaps it contains information who did send PublicVariable or SetVehicleInit Commands ?

[nuxil 2]

jeezzes..

come one guys. download the cheat and depbo it, then you see how easly it is stopped.

there are several ways to do it..

here is a example of a verry simple way. only a tmp fix until he updated his idd's tho..

in your mission put something like this in init and or in respawn script

nil = [] execvm "player-anti-darky.sqf"

// supersimple..
allow the cheater to play as long as he dosent use the cheat menu..

waituntil {alive player};
waituntil{(dialog)};
_dcm = (findDisplay XXXXX) displayAddEventHandler ["MouseButtonDown","IamAlooser=[true,name player]; publicVariable ""IamaLooser"""];
_dck = (findDisplay XXXXX) displayAddEventHandler ["KeyDown","IamAlooser=[true,name player]; publicVariable ""IamaLooser"""];
nil = [] execvm "path\player-anti-darky.sqf";

XXXXX is the idd number of the darky dialog

then make a server script..

// execues from init.sqf or any other Init scripts
if ((isServer) or (isDedicated)) then
{
   IamaLooser=[false,null];
   while {(true)} do
   {
       _check = IamaLooser select 0;
       if (_check) then
       {
           _cheater = IamaLooser select 1;
           serverCommand Format["#kick %1",_cheater];
           IamaLooser=[null,null];
           publicVariable "IamaLooser";
       };
       sleep 0.25;
   };
};

this is a simple solution, but you should rather check the config file. to see if there is a useraction called "Darky menu"

Edited August 26, 2010 by nuxil

[Overlord 0]

Excuse my ignorance but do this hack applie to both Win and Linux servers?

@nuxil

With your methode every mission on server need to be reworked (and every time an updated hack is released)?

[nuxil 2]

Overlord with the metode above sadly yes.

you need to get your hand on the newest cheat all time. to see which idd or what name on the useraction that has been used.

[xPaveway 10]

jeezzes..

come one guys. download the cheat and depbo it, then you see how easly it is stopped.

And how easily I could circumvent your "anti-cheat".

[nuxil 2]

And how easily I could circumvent your "anti-cheat".

did you read what i said?.

here is a example of a verry simple way. only a tmp fix until he updated his idd's tho..

i never said it was a perm fix, i also said that config file should be checked instead to overcome the idd problem.

[Overlord 0]

So the only solution for now is PW? Or is anything changed with 1.54?

[emerald 8 10]

Find their IP and ban it.