Jump to content
Sign in to follow this  
_Hurricane

Server being hacked - admin rights overruled

Recommended Posts

So the only solution for now is PW? Or is anything changed with 1.54?

This hack is entirely blocked from BE servers for a while already.

Share this post


Link to post
Share on other sites

server admins needs cease to use in-game admin feature

and start to use BattlEye driven remote control (RCON)...

these so called admin hacks are just abusing ingame scripting system (on which the original admin system rely) ...

until this is completely rewritten / changed You server is and will be on danger being messed up by script kiddies ...

so once more stop using ingame admin, start use BE's RCON ...

Share this post


Link to post
Share on other sites

Thank you all for explenation and advice, too bad those script-junkies choose to use their skill trying to destroy MP games instead of doing something productive....

Torning on BE now

BTW: is BE able to override in-game admin (logged in by pw)?

Share this post


Link to post
Share on other sites
server admins needs cease to use in-game admin feature

would you please explain how it could be done?

turning off passwordAdmin in server config will be enough? or there's somthing else that is "need-to-know"?

Share this post


Link to post
Share on other sites
server admins needs cease to use in-game admin feature

and start to use BattlEye driven remote control (RCON)...

these so called admin hacks are just abusing ingame scripting system (on which the original admin system rely) ...

until this is completely rewritten / changed You server is and will be on danger being messed up by script kiddies ...

so once more stop using ingame admin, start use BE's RCON ...

Many servers NEED ingame admins to set up missions/missions parameters etc... that cant be done with BE's rcon so thats not really a solution.. BIS needs to FIX exploits instead of sweeping them under the carpet :torture:

Edited by nocturna

Share this post


Link to post
Share on other sites

Just happened once again. According to some people that were on earlier, it's the second time that day. I really hope this is near the top of the priority list...

Share this post


Link to post
Share on other sites

you only log in as admin in the lobby., once the parameters are set and misions started you log out and use rcon instead if somoen is need to be kicked.

this will prevent you from beeing baned from your own server afik. the server is only allowed to kick witout admin on

Edited by nuxil

Share this post


Link to post
Share on other sites

Not the solution as the adminpass should be entirely removed from server.cfg, thus you are not able to login at all. I see this problem as priority #1 too.

Share this post


Link to post
Share on other sites

Btw, it has been verified that the admin hijack hack works even if no admin is logged in. Removing the admin password from the server config doesn't help either.

This is possible due to a vulnerability in the scripting engine that has to be fixed by BIS.

Share this post


Link to post
Share on other sites
Btw, it has been verified that the admin hijack hack works even if no admin is logged in. Removing the admin password from the server config doesn't help either.

This is possible due to a vulnerability in the scripting engine that has to be fixed by BIS.

Well then, we have 0 protection against this "hack"...

Screw AI tweaks, we need more secure dedicated servers.

Share this post


Link to post
Share on other sites
Well then, we have 0 protection against this "hack"...

Screw AI tweaks, we need more secure dedicated servers.

ive just found a a way to detect every hack and cheat which u can see ingame.

so if someone does this on our server i will report him here.

Share this post


Link to post
Share on other sites
ive just found a a way to detect every hack and cheat which u can see ingame.

so if someone does this on our server i will report him here.

And do you feel like sharing this information with the rest of the community?

Share this post


Link to post
Share on other sites
And do you feel like sharing this information with the rest of the community?

If i can say it Works then Yes,

10 minutes of logfile eat 80-120mb depending in the ammount of Players.

Now it Runs 3 days Stable.

-----------------------UPDATE----------------------

here a short tutorial how it works:

first download wireshark: http://www.wireshark.org/

Install it.

then make a shortcut or use firedeamon to the file: dumpcap.exe (inside of the wireshark folder)

and give the parameters to it,

i use following

dumpcap.exe -f"udp port 2350 and dst 178.63.21.198" -w F:\Logrotation\Server-3\pvp.pcap -b duration:600 files:144

change the values to that what u need

port 2350 for example to 2302

dst is your gameserver ip

w ist the path where the logs have to be stored

duration the time in seconcs when a new file will be written

files how many files will be writen until the first will be overwritten.

if u start the tool it does collect each packet from client to server what he sends to server u can now open with wireshark this files an search with STRG+F in the string for a possible hack,harmfull script or bad words in chat or on the Map.

that was a simple test with writing fuck in the chat, but u can find strings like removehandledamage and some things with GBU aswell.

dwm2010110719314053.th.jpg

Edited by Kochleffel

Share this post


Link to post
Share on other sites

*BUMP* for Kochleffel's update.

That's a very good way to detect many script hacks.

Share this post


Link to post
Share on other sites

I always thought the traffic wouldn't be human-readable to make packet hacking less easy. Are scripting commands really sent as plain text, or just the code strings that are used to call scripting commands on clients?

Share this post


Link to post
Share on other sites
I always thought the traffic wouldn't be human-readable to make packet hacking less easy. Are scripting commands really sent as plain text, or just the code strings that are used to call scripting commands on clients?

yes plain text.

Share this post


Link to post
Share on other sites

@Kochleffel: Could you give some more info on how to find the actual cheating from a code? For some reason the dumpcap.exe does not want to start on my win7 x64 server with the modline. Without the modline it starts counting something in a dos screen. So if you could give some more details on the parameters and how to get it working it would be greatly appreciated, thx in advance!

Share this post


Link to post
Share on other sites
@Kochleffel: Could you give some more info on how to find the actual cheating from a code? For some reason the dumpcap.exe does not want to start on my win7 x64 server with the modline. Without the modline it starts counting something in a dos screen. So if you could give some more details on the parameters and how to get it working it would be greatly appreciated, thx in advance!

here are the possible dumpcap options:

dumpcap -h
Dumpcap 1.4.0
Capture network packets and dump them into a libpcap file.
See http://www.wireshark.org for more information.

Usage: dumpcap [options] ...

Capture interface:
 -i <interface>           name or idx of interface (def: first non-loopback)
 -f <capture filter>      packet filter in libpcap filter syntax
 -s <snaplen>             packet snapshot length (def: 65535)
 -p                       don't capture in promiscuous mode
 -B <buffer size>         size of kernel buffer (def: 1MB)
 -y <link type>           link layer type (def: first appropriate)
 -D                       print list of interfaces and exit
 -L                       print list of link-layer types of iface and exit
 -S                       print statistics for each interface once every second
 -M                       for -D, -L, and -S produce machine-readable output

Stop conditions:
 -c <packet count>        stop after n packets (def: infinite)
 -a <autostop cond.> ...  duration:NUM - stop after NUM seconds
                          filesize:NUM - stop this file after NUM KB
                             files:NUM - stop after NUM files
Output (files):
 -w <filename>            name of file to save (def: tempfile)
 -b <ringbuffer opt.> ... duration:NUM - switch to next file after NUM secs
                          filesize:NUM - switch to next file after NUM KB
                             files:NUM - ringbuffer: replace after NUM files
 -n                       use pcapng format instead of pcap
Miscellaneous:
 -q                       don't report packet capture counts
 -v                       print version information and exit
 -h                       display this help and exit

Example: dumpcap -i eth0 -a duration:60 -w output.pcap
"Capture network packets from interface eth0 until 60s passed into output.pcap"

Use Ctrl-C to stop capturing at any time.

to find a possible hack, just a capturefile in wireshark and CTRL+F to find a string which could contain

addeventhandler....

then u have the ip and can lookup on logifle the Username used by this IP

Share this post


Link to post
Share on other sites

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
Sign in to follow this  

×