$able 2 Posted August 28, 2010 So the only solution for now is PW? Or is anything changed with 1.54? This hack is entirely blocked from BE servers for a while already. Share this post Link to post Share on other sites
Dwarden 1124 Posted August 28, 2010 server admins needs cease to use in-game admin feature and start to use BattlEye driven remote control (RCON)... these so called admin hacks are just abusing ingame scripting system (on which the original admin system rely) ... until this is completely rewritten / changed You server is and will be on danger being messed up by script kiddies ... so once more stop using ingame admin, start use BE's RCON ... Share this post Link to post Share on other sites
Overlord 0 Posted August 28, 2010 Thank you all for explenation and advice, too bad those script-junkies choose to use their skill trying to destroy MP games instead of doing something productive.... Torning on BE now BTW: is BE able to override in-game admin (logged in by pw)? Share this post Link to post Share on other sites
Gvozd 0 Posted October 27, 2010 server admins needs cease to use in-game admin feature would you please explain how it could be done? turning off passwordAdmin in server config will be enough? or there's somthing else that is "need-to-know"? Share this post Link to post Share on other sites
bearbison 10 Posted October 30, 2010 Gvozd, have a look at the post http://forums.bistudio.com/showpost.php?p=1718045&postcount=90 a bit further down Share this post Link to post Share on other sites
Gvozd 0 Posted October 31, 2010 Gvozd, have a look at the post http://forums.bistudio.com/showpost.php?p=1718045&postcount=90 a bit further down Thanks for info, mate. Share this post Link to post Share on other sites
nocturna 10 Posted November 2, 2010 (edited) server admins needs cease to use in-game admin feature and start to use BattlEye driven remote control (RCON)... these so called admin hacks are just abusing ingame scripting system (on which the original admin system rely) ... until this is completely rewritten / changed You server is and will be on danger being messed up by script kiddies ... so once more stop using ingame admin, start use BE's RCON ... Many servers NEED ingame admins to set up missions/missions parameters etc... that cant be done with BE's rcon so thats not really a solution.. BIS needs to FIX exploits instead of sweeping them under the carpet Edited November 2, 2010 by nocturna Share this post Link to post Share on other sites
vohk 10 Posted November 6, 2010 Just happened once again. According to some people that were on earlier, it's the second time that day. I really hope this is near the top of the priority list... Share this post Link to post Share on other sites
nuxil 2 Posted November 6, 2010 (edited) you only log in as admin in the lobby., once the parameters are set and misions started you log out and use rcon instead if somoen is need to be kicked. this will prevent you from beeing baned from your own server afik. the server is only allowed to kick witout admin on Edited November 6, 2010 by nuxil Share this post Link to post Share on other sites
Hud Dorph 22 Posted November 6, 2010 Not the solution as the adminpass should be entirely removed from server.cfg, thus you are not able to login at all. I see this problem as priority #1 too. Share this post Link to post Share on other sites
$able 2 Posted November 6, 2010 Btw, it has been verified that the admin hijack hack works even if no admin is logged in. Removing the admin password from the server config doesn't help either. This is possible due to a vulnerability in the scripting engine that has to be fixed by BIS. Share this post Link to post Share on other sites
Hud Dorph 22 Posted November 6, 2010 Ohh getting better and better - cant get any higher on the priority-list :) Share this post Link to post Share on other sites
=WBG=ati 10 Posted November 7, 2010 (edited) Misstake! Edited November 7, 2010 by =WBG=ati Share this post Link to post Share on other sites
gossamersolid 155 Posted November 7, 2010 Btw, it has been verified that the admin hijack hack works even if no admin is logged in. Removing the admin password from the server config doesn't help either.This is possible due to a vulnerability in the scripting engine that has to be fixed by BIS. Well then, we have 0 protection against this "hack"... Screw AI tweaks, we need more secure dedicated servers. Share this post Link to post Share on other sites
Kochleffel 10 Posted November 7, 2010 Well then, we have 0 protection against this "hack"...Screw AI tweaks, we need more secure dedicated servers. ive just found a a way to detect every hack and cheat which u can see ingame. so if someone does this on our server i will report him here. Share this post Link to post Share on other sites
gossamersolid 155 Posted November 7, 2010 ive just found a a way to detect every hack and cheat which u can see ingame.so if someone does this on our server i will report him here. And do you feel like sharing this information with the rest of the community? Share this post Link to post Share on other sites
Kochleffel 10 Posted November 8, 2010 (edited) And do you feel like sharing this information with the rest of the community? If i can say it Works then Yes, 10 minutes of logfile eat 80-120mb depending in the ammount of Players. Now it Runs 3 days Stable. -----------------------UPDATE---------------------- here a short tutorial how it works: first download wireshark: http://www.wireshark.org/ Install it. then make a shortcut or use firedeamon to the file: dumpcap.exe (inside of the wireshark folder) and give the parameters to it, i use following dumpcap.exe -f"udp port 2350 and dst 178.63.21.198" -w F:\Logrotation\Server-3\pvp.pcap -b duration:600 files:144 change the values to that what u need port 2350 for example to 2302 dst is your gameserver ip w ist the path where the logs have to be stored duration the time in seconcs when a new file will be written files how many files will be writen until the first will be overwritten. if u start the tool it does collect each packet from client to server what he sends to server u can now open with wireshark this files an search with STRG+F in the string for a possible hack,harmfull script or bad words in chat or on the Map. that was a simple test with writing fuck in the chat, but u can find strings like removehandledamage and some things with GBU aswell. Edited November 8, 2010 by Kochleffel Share this post Link to post Share on other sites
$able 2 Posted November 9, 2010 *BUMP* for Kochleffel's update. That's a very good way to detect many script hacks. Share this post Link to post Share on other sites
Pulverizer 1 Posted November 10, 2010 I always thought the traffic wouldn't be human-readable to make packet hacking less easy. Are scripting commands really sent as plain text, or just the code strings that are used to call scripting commands on clients? Share this post Link to post Share on other sites
Kochleffel 10 Posted November 10, 2010 I always thought the traffic wouldn't be human-readable to make packet hacking less easy. Are scripting commands really sent as plain text, or just the code strings that are used to call scripting commands on clients? yes plain text. Share this post Link to post Share on other sites
larsiano 12 Posted November 10, 2010 @Kochleffel: Could you give some more info on how to find the actual cheating from a code? For some reason the dumpcap.exe does not want to start on my win7 x64 server with the modline. Without the modline it starts counting something in a dos screen. So if you could give some more details on the parameters and how to get it working it would be greatly appreciated, thx in advance! Share this post Link to post Share on other sites
Kochleffel 10 Posted November 10, 2010 @Kochleffel: Could you give some more info on how to find the actual cheating from a code? For some reason the dumpcap.exe does not want to start on my win7 x64 server with the modline. Without the modline it starts counting something in a dos screen. So if you could give some more details on the parameters and how to get it working it would be greatly appreciated, thx in advance! here are the possible dumpcap options: dumpcap -h Dumpcap 1.4.0 Capture network packets and dump them into a libpcap file. See http://www.wireshark.org for more information. Usage: dumpcap [options] ... Capture interface: -i <interface> name or idx of interface (def: first non-loopback) -f <capture filter> packet filter in libpcap filter syntax -s <snaplen> packet snapshot length (def: 65535) -p don't capture in promiscuous mode -B <buffer size> size of kernel buffer (def: 1MB) -y <link type> link layer type (def: first appropriate) -D print list of interfaces and exit -L print list of link-layer types of iface and exit -S print statistics for each interface once every second -M for -D, -L, and -S produce machine-readable output Stop conditions: -c <packet count> stop after n packets (def: infinite) -a <autostop cond.> ... duration:NUM - stop after NUM seconds filesize:NUM - stop this file after NUM KB files:NUM - stop after NUM files Output (files): -w <filename> name of file to save (def: tempfile) -b <ringbuffer opt.> ... duration:NUM - switch to next file after NUM secs filesize:NUM - switch to next file after NUM KB files:NUM - ringbuffer: replace after NUM files -n use pcapng format instead of pcap Miscellaneous: -q don't report packet capture counts -v print version information and exit -h display this help and exit Example: dumpcap -i eth0 -a duration:60 -w output.pcap "Capture network packets from interface eth0 until 60s passed into output.pcap" Use Ctrl-C to stop capturing at any time. to find a possible hack, just a capturefile in wireshark and CTRL+F to find a string which could contain addeventhandler.... then u have the ip and can lookup on logifle the Username used by this IP Share this post Link to post Share on other sites
