GregRUS 10 Posted November 19, 2010 Some hackers are bypassing BattlEye init and "freeze" servers! Just look at this log (ID and config): 22:06:27 Player Hendrik connected (id=9121412Hendrik). 22:06:27 Hendrik uses modified config file - ?.?? And battleye cant do anything... no GUID or IP in arma logs... So their BE initialisation is delayed and they have enough time to do anything with the server... So I used -netlog and blocked his ISP IP range... ArmA II Admins - be careful, this player took down 3 servers today (maybe even more)!!! Share this post Link to post Share on other sites
=WBG=ati 10 Posted November 19, 2010 so if it was a hacker and your 100% sure... pass me the GUID from the player under you log files so i can bann hin manualy ... or maybe post the GUID here so all admins can get it PS: there must be a way to post admin bannes for Hackers so that server admin can add the bannes to there list ! to provent it Share this post Link to post Share on other sites
rscarrab 10 Posted November 20, 2010 ati, thats a good idea. If what you mention is enough to get those fuckers indefinitely banned from a server than i --for one-- would welcome a thread with a list of those details. I would strongly urge those who have any information to add it in. Unless of course that goes against BI policy/Forum Rules. :p Would need to be fairly well moderated though, dont you think? I mean, couldnt i just give --out of spite-- the details of some random chap cause he TK'd me by mistake, and i just wont get over it? Share this post Link to post Share on other sites
GregRUS 10 Posted November 20, 2010 As I wrote in my post - "their BE initialisation is delayed"! So we dont have GUID or BE reported IP! The only thing is NETLOG with their IPs! This hacker took down 3 servers and admins of this servers reported the same! I looked at the forums of famous arma 2 hack site and saw topic named: "Battleye unbanner and disabler tutorial"! So! Hackers have about 1-2 minutes disabled BE before they got kicked with "BattlEye initialisation failed" message! And also they can use their modified PBOs to hack the server! Hacker named "Hendrik" had IPs in my netlog: 84.140.180.27 84.140.220.6 etc... So I blocked IP range 84.140.*.* Yes I know - thats too agressive but I dont had another choice! Our [sUB7]OA/CO servers are popular and it looks like a great target for some dirty hackers... Also I wrote some serverside script that counts configpatches number and writes their numbers to log files... so thats a little solution to detect some "hack menus" in client action list! Share this post Link to post Share on other sites
=WBG=ati 10 Posted November 20, 2010 ati, thats a good idea. If what you mention is enough to get those fuckers indefinitely banned from a server than i --for one-- would welcome a thread with a list of those details.I would strongly urge those who have any information to add it in. Unless of course that goes against BI policy/Forum Rules. :p Would need to be fairly well moderated though, dont you think? I mean, couldnt i just give --out of spite-- the details of some random chap cause he TK'd me by mistake, and i just wont get over it? .. well i had a chat with some of my folks and we are working on a page were Clans / comunitys /server admin can get axxes to a page and post there banneds and share with others so thay can use that list on there servers. the datea base will only hold permanat banneds and not tk´s and so on .. but all that needs sorting out befor ! so maybe im hoping clans / communities will use it ! Share this post Link to post Share on other sites
=WBG=ati 10 Posted November 20, 2010 As I wrote in my post -Also I wrote some serverside script that counts configpatches number and writes their numbers to log files... so thats a little solution to detect some "hack menus" in client action list! can you pn me the script Share this post Link to post Share on other sites
rscarrab 10 Posted November 20, 2010 If you could send that script my way as well that would be much appreciated. :) Share this post Link to post Share on other sites
brit~XR 0 Posted December 22, 2010 Never noticed this thread before till now but the reason a players guid and ip aint shown on arma logs is because battleye only works once a player has joined the game. If they dont join the game but enter lobby then there guid/ip wont be displayed on sever conole and wont be on logs. I asked about this months ago when i sent a pm to be marker Re: BE suggestionsQuote: Originally Posted by brit~XR Hello is there some way to make BE run when players join server lobby? Theres a few problems we have because of this. First problem is that people been geting kicked from server when they join 22220658: 18646.021: 1830 Player L. Meyer: Wrong signature for file addons\darky.pbo 22325514: 2105.513: 19:13:09 Player L. Meyer: Wrong signature for file addons\darky.pbo 22810985: 4230.179: 22:15:08 Player xip: Wrong signature for file addons\darky.pbo 24645709: 16418.986: 12:36:52 Player soj: Wrong signature for file addons\darky.pbo 28203579: 589.945: 17:10:04 Player Luke: Wrong signature for file C:\Users\Luke\Documents\ArmA 2\ca\addons\darky.pbo 28205579: 671.345: 17:11:25 Player Luke: Wrong signature for file C:\Users\Luke\Documents\ArmA 2\ca\addons\darky.pbo 32569929: 12546.573: 11:32:34 Player alexo07: Wrong signature for file addons\darky.pbo 32571522: 12600.973: 11:33:28 Player Didier: Wrong signature for file addons\darky.pbo 32574824: 12704.301: 11:35:12 Player Didier: Wrong signature for file addons\darky.pbo 32582744: 12927.725: 11:38:55 Player Didier: Wrong signature for file addons\darky.pbo 32583509: 12944.456: 11:39:12 Player Didier: Wrong signature for file addons\darky.pbo 36475314: 26020.920: 15:16:56 Player arma: Wrong signature for file addons\darky.pbo 36494400: 26531.852: 15:25:26 Player Bango-Bango: Wrong signature for file addons\darky.pbo But There guid doesnt get displayed because they wasnt in game. 2nd problem is. On rcon you cant see people in lobby so cant kick afk players. And 3rd problem is. People could still use the hack to kick and ban people when game is waiting and when admin is loged in on lobby seting mission parameters . Basiclly i was saying all them hackers was auto kicked for wrong signature before BE could log there guid. He said Not possible right now. Maybe it will be in a future ArmA2 version though Was about 4months ago i asked that. No idear if its been sorted as i hardly play these days Also have that guys guid if someone still wants E:\logfiles\19.10.2010\net.log 33612: 11678.570: Pe(1):ask(84.140.218.210:2304,'Hendrik',1077438873,1077438873,33,3) 33614: 11678.574: Ch(13):acc(84.140.218.210:2304,'Hendrik',1077438873,1077438873) 33617: 11678.636: 11:19:52 Player Hendrik connecting. 33626: 11679.698: 11:19:53 Player Hendrik connected (id=629442). 33639: 11680.694: 11:19:54 Player Hendrik: Wrong signature for file expansion\addons\bafwolf.pbo 33641: 11680.841: 11:19:55 Player Hendrik: Wrong signature for file expansion\addons\darky.pbo 33644: 11681.051: 11:19:55 Player Hendrik disconnected. E:\logfiles\20.10.2010\xr.log 00694: 19:30:18 Player Hendrik connecting. 00695: 19:30:22 Player Hendrik connected (id=329442). 00732: 19:35:54 BattlEye Server: Player #9 Hendrik (84.140.214.198:2304) - GUID: c32fd39a1b92656f2557187c7b015c20 00733: 19:35:54 Player Hendrik kicked off by BattlEye: Banned 00734: 19:35:54 Player Hendrik disconnected. Share this post Link to post Share on other sites
