Server being hacked - admin rights overruled

[Defunkt 431]

I do think there is a strong argument however for an automatically generated public banlist by Battleye itself. This list would not include ID's added to it by the server admin.

Agreed, the possibility of an automated global ban would definitely thin their ranks quickly. If BE was uncomfortable with serving such a banlist almost as good might be inclusion of a salted MD5 hash when logging the detection and provision of a page allowing detections to be validated against this key. In this way server-ops could share bans without fear of abuses.

[Rustydog 10]

Thats what I was getting at .

If Battleye detects a hack then the id gets banned globaly. Admins can still add thier own bans but only hacks detected by BE would go on the global list.

another question is why does Battleye not auto ban and kick on hacks . I would rather have to go in and edit out bans than go through the log every day looking for hackers .

I got 8 more hackers today being caught by BE. they are coming in groups three or four at a time .

[$able 2]

I am not sure you understand what I mean.

I am not talking about kicks/bans issued by server admins. I mean BE's own violation kicks. If they were streamed to a master server they could be manipulated as well, i.e. innocent players could be banned. All it takes is a server admin with bad intentions and some hacking knowledge. It's always possible and in the end there is nothing you can do about it.

Again, this applies to well-known community systems like PunksBusted or PBBans as well.

[flufball 10]

I am not sure you understand what I mean.

I am not talking about kicks/bans issued by server admins. I mean BE's own violation kicks. If they were streamed to a master server they could be manipulated as well, i.e. innocent players could be banned. All it takes is a server admin with bad intentions and some hacking knowledge. It's always possible and in the end there is nothing you can do about it.

Again, this applies to well-known community systems like PunksBusted or PBBans as well.

There's always an element of risk. If you ignore the public banlists collated by the likes of PunksBusted the risk still remains with any system you run, the more restrictions you have, the more potential there is for someone to get caught up unfairly.

As soon as you choose to have a system that identifies and then issues a ban (and thus prevents further use of said anti-cheat software by a player) based upon the offence committed you open yourself up to varying problems and elements of risk.

Automated systems, as an example can cause mass problems when they go wrong by dint of being automated with no human oversight. Expansions, patches and changes to the game can often compound this.

It happened with the original Call of Duty upon the release of it's expansion. A large portion of players got a global hardware ban from Punkbuster simply for running the expansion on the day of release. It took some time for the issue to be rectified, during which players suffered a degree of stigma that was quite unfair.

Likewise, Call of Duty again has caused problems in a more recent setting with VAC banning a large number of Modern Warfare Two players. To be fair to Valve, they sorted this out quite promptly and even put in a free game for those who suffered from it.

The fact remains that autobanning has it's risks.

The reverse of this of course is having humans in the mix. If you push past the immediate concerns of trust when humans are involved you run into one simple inhibiting factor - cost.

Lets say you've an autobanning system that flags up cheats and will issue a ban on a delayed process (that is - cheat is flagged, ban is issued a while later rather than immediately, this is fairly standard practice) but as a fail safe you add a human team checking the bans going through, investigating any flagged issues coming up and as a final precaution to function as a process of appeal.

This is time consuming and will cost quite a bit keeping a team on hand to do the job. The people doing this work will not only have to be skilled at dealing with bans efficiently as they occur but also at investigating any appeal that may be made. It will take it's cost in effort and time as well as keeping people about to do the job, not to mention the abuse that will undoubtedly come from having an appeals process.

That said, keeping a human team on hand to do this has it's advantages, it allows you to deal with any false positives as they occur by having a human on hand to investigate and it allows an easier process for dealing with players who feel they have been wrongly issued a ban.

That's not to say either system is unworkable or that either is superior, both have their flaws and both have their advantages, how one adapts to these is what separates each instance.

Choosing not to issue bans has it's attractions but also has it's share of problems.

There is the obvious and classic system that simply boots people from the server for running a cheat, without any global banning, any hardware linking and so on. This is a minimalist approach and is a tried and tested way to successfully do the job, the down side of course is that it means while it allows honest players the leeway to solve any issues they may be having it also allows cheaters to remain free to carry on trying until something works (as opposed to a hardware ban that would keep them from entering anywhere using the anti-cheat software).

There is also the approach that Cheating Death took, which was to work in such a fashion that it made it very difficult for cheats to operate in a normal manner. Rather than kicking or banning a player cheats would simply cease to function. This again has it's advantages but also has as similar drawback that by not identifying cheaters it provides the scope for cheaters to return with new methods of bypassing the anti-cheat yet again.

No system is fool proof and sadly the gaming community operates on a “no smoke without a fire†policy most of the time when dealing with cheats. You could make the perfect system, designed to identify any problems as they arise and some sod will still show up and say “Well he must of done something X-System caught him!â€

Edited August 10, 2010 by Flufball

[Spayker 10]

How about, if some admin'll leave ban list from his server here. In this list we'll see GUID, ID, DATE, player nick and reason of baning. At the same time every admin will decide for himself to use this list in to your server or not. Also, if we gather a few ban lists from different servers, we could see the same nicks or id profile. This will allow us to understand that this guy seen with cheats on 2 or 3 servers and he can be baned with a clear conscience.

[Jack_Ryan_ 10]

What Gestapo gets to admin the list? Do the SS running it realize there's more then one person on the planet using that nickname? Does the Stasi BattleEye ever make mistakes? Anyone ever been kicked by BE when their totally legit? Your all freaking out over petty thieves and script kiddies. Locks are for honest people.

[_Hurricane 0]

I don't think a GUID being generated and used on the server violates privacy.

What I meant exactly is that Spayker's idea is against privacy laws. You can't just give out information like the player ID.

How about, if some admin'll leave ban list from his server here. In this list we'll see GUID, ID, DATE, player nick and reason of baning.

[Spayker 10]

Ok, we may except guid and id and leave date, nick and reason... even this data can give some information about cheaters. if some nick'll be detected in 2 or 3 ban list, we may ban this bastard. But this thing, all admin do on their own, ofcourse...

[nuxil 2]

tv2 was a victum of the darky cheat..

i was there when it happent.

it basicly consists of 2 parts..

1 injection program that spoof valid signatures and let you set a fake Id.

2 darky.pbo. just a addon that does bad things..

darky.pbo sets a new action menu on the player. "darky menu" which creates the dialog. there is also a bunch of scripts. adminhijack.sqf etc etc.

good news.. there is a way to stop this cheat. easly. but im not telling it publicly since the one who made this cheat has great understanding of sqf and might see this post..

[Beagle 684]

You can change nicks all the day, I think this is why I got already banned from one particular server... I use a different profile with a different fitting nick for every faction in the game.

[Pauldarrington 9]

would you mind pming me please nuxil

[walker 0]

Hi all

As $able and also I posted on a previous occasion with OFP and ArmA

Central Public ban lists are a legal minefield

Central Public ban lists are open to manipulation and could be used by nefarious people to spoof a system to create a legal case for libel, let us remember these people have already commited a crime in altering administration and access data on a server, so such scams would be only par for the course.

Thus the people who ran such a public ban list would be open to being sued possibly for a lot of money. This is aside from the ethical question of people being placed on such a list via the actions of a person spoofing the system.

However!

There is a simple three part solution:

1) All admins place their Own PUBLIC ban list in a standard format, on a public web page of their community.

2) They register that ban list page with a central server. This server does not contain bans, it is just an index server to the ban lists. It is a service, providing an index of ban lists, and not a ban list itself.

3) A program such as Yoma's synchronises the servers ban list to any ban list on the index that a server admin trusts and has ticked as trusted, server admins are within their rights to do this.

Results

A) It would only affect those subject to a ban, thus reducing administration load.

B) It places all arbitration and administration of a ban in the hands of the accuser and the defendant. So no different than already exists.

C) It would provide an open justice system where a person accused by a server Admin of being a griefer or other numpty may appeal to that specific server admin; ideally via a forum section linked from that Servers Ban List Page for that specific purpose, all though how such a system works is up to the server admin.

How that servers community then proceeds is up to them.

They could just say: your banned boo jay sucks to you, as it is their server after all.

Or if a more fair admin or community: Use the forum section to allow the banned person to provide mitigation or defense against the ban. Of course they would still be free to just say your banned boo jay sucks for you, as it is their server after all.

Either way it is no harm no foul for the server it is just being public about its own server ban list for which only it is accountable, and being nice by providing a method by which you can appeal the Ban.

This then removes all legal risk to the Server admin and is as fare as it needs to be, or as that particular community requires.

Other server admins can then view such server ban list systems and decide whether they trust the provider's Public ban list.

D) By forcing the people who appeal a ban to register with an email and perhaps even a proper IP, use MJK-Ranger PeerBlock or something similar to prevent anonymous proxies being used, you can weed out the crackers as they will seldom reply as it would allow the community to build information on them at one stroke, and would provide a traceable route for the police in the case of altering data on the server, eg the case here of a criminal altering administration rights on a server.

E) It would be self policing as any attempt to game the ban lists to ban innocents would make such a server quickly obvious to all and the general ArmA Communities trust of such a Server/Server Admin would removed and stop being ticked by other server admins. Additionally it would act as an information gathering method as to where such people congregate and what servers may be dodgy.

Any way that is my suggestion for how such a process could work.

Kind Regards walker

Edited August 11, 2010 by walker

[Dwarden 1124]

What I meant exactly is that Spayker's idea is against privacy laws. You can't just give out information like the player ID.

player nickname, ID, BEGUID, IP is public information so any privacy laws don't apply ...

privacy laws apply only to informations which can be used to personally identify You

therefore such public available informations not apply for it at all

Edited August 10, 2010 by Dwarden

[Rustydog 10]

I am seeing less and less gamehack 13 kicks now and more and more kick becuse battleye ban , even seeing the same people that came in banned come in under another name and different BIS id but BE catches it.

getting ready for the next wave

[cross 1]

Global ban lists cannot be trusted.

Perhaps you can use it only within a tight group where there is a "banning procedure" to which all admins abide. So that you can be sure that a player is not banned on first instance by a power hungry admin ;).

[Rustydog 10]

something needs to be done asap . a lot of hackers getting past BE now. at least 5 on at one time causing mayheem and restarts

[Imperator[TFD] 444]

Just had a session clearly shut down by a player using this method, I even watched myself get logged out only to have him shut it down mere moments later. Those who want his playerID are more than welcome to PM me.

[Spayker 10]

Send me plz his id

[$able 2]

Just had a session clearly shut down by a player using this method, I even watched myself get logged out only to have him shut it down mere moments later. Those who want his playerID are more than welcome to PM me.

Player ID doesn't really help as the hack changes it to whatever you want. I strongly advise server admins to completely stop banning PIDs, because they could easily ban innocent players that way.

[Spayker 10]

We can't play normally 5 days. Everytime some cheater connect to server and destroy game. This is one solution which works...

If you have better idea, leave it here.

[Beagle 684]

Waiting for next official patch and not allowing any addon and mods including betas?!

Was'nt this done on TV2 Server once before...how did it work out?

[$able 2]

We can't play normally 5 days. Everytime some cheater connect to server and destroy game. This is one solution which works...

If you have better idea, leave it here.

Ban BE GUID?

[cri74 10]

Last attack was more cheaters and less hacks. This one is worse, and this darky thing really catches on and expands it seems. The last attacks around march/april and we tried to set up the servers with no addons what so ever, it did not really help that much.

[Rustydog 10]

For every five honest log in's I get at least two xxxxx.pbo sig kick.

Getting A LOT of the ones I banned trying to come back in with different names and BIS id's.

Ive even seen kids come in with the xxxxx.pbo sig error get kicked ,change name and come back in with the dary thing not installed , guess what I ban them right away.

This too will pass as more and more get banned or just get bored killing servers.

Edited August 14, 2010 by W0lle
Name of the evil pbo removed

[Rexxenexx 0]

$able would it be possible to do a "reverse ban"? Say like the server has a high-admin.txt - file in the BE folder - with the BEGUID of the admin. Where if anyone other than the high-admin tries to ban the high-admin he/she gets banned with the note "XXXX was banned for attempting to ban the servers administrator". Something like that?