Jump to content
Sign in to follow this  
byteslam

Counter measures against Cheater / hijacker share the ban.txt

Recommended Posts

Is there a way to share the ban.txt?

We face an enormous increase of cheater and server hijackers (enter the server, steal admin rights and kick all players)

To take counter measures I would like to share the ban file and include ban lists from other administrators.

Any interest?

Share this post


Link to post
Share on other sites

It almost sounds to me like something that should be available on Six-Updater. Maybe each server could send it's ban.txt and then Six collates it into one file which then can be downloaded. Could end up being a fully automated process so that all servers that subscribe get an up to date ban list from all the other servers.

My server isn't fully up and running yet, but I would certainly be interested in something like this.

Share this post


Link to post
Share on other sites

again stealing admin rights... hijacking...

not enough given

1. what game is it ? (ARMA 2 or ARMA 2: OA)

2. what game build is it?

3. are You using BattlEye ?

4. are You using BattlEye RCON

5. are You using v2 signatures?

6. are following the securing server steps here?

e.g. http://forums.bistudio.com/showthread.php?t=121438

especially not using default config filenames and if possible moving them outside the game directory via commandline options

etc.

Share this post


Link to post
Share on other sites
again stealing admin rights... hijacking...

not enough given

1. what game is it ? (ARMA 2 or ARMA 2: OA)

2. what game build is it?

3. are You using BattlEye ?

4. are You using BattlEye RCON

5. are You using v2 signatures?

6. are following the securing server steps here?

e.g. http://forums.bistudio.com/showthread.php?t=121438

especially not using default config filenames and if possible moving them outside the game directory via commandline options

etc.

If it's the "admin hijacking", which is really just issuing commands via scripts and PVing them... then it has to be ArmA 2, so that answers question 1. As for the others, he'll have to answer them.

Also ban.txt is useless, you gotta use GUID bans instead, not UID bans.

Share this post


Link to post
Share on other sites
again stealing admin rights... hijacking...

not enough given

1. what game is it ? (ARMA 2 or ARMA 2: OA)

2. what game build is it?

3. are You using BattlEye ?

4. are You using BattlEye RCON

5. are You using v2 signatures?

6. are following the securing server steps here?

e.g. http://forums.bistudio.com/showthread.php?t=121438

especially not using default config filenames and if possible moving them outside the game directory via commandline options

etc.

1. what game is it ? ARMA 2

2. what game build is it? Latest official Linux Server release

3. are You using BattlEye ? YES

4. are You using BattlEye RCON NO

5. are You using v2 signatures? I am not sure, is there a how to for Linux?

6. are following the securing server steps here? So far, yes it is a Linux Server so I had some problems to follow the suggested steps.

The Hack was ...they make others players automatically vote for them as admin... and they where able to use planes while this was disabled from server side.

Share this post


Link to post
Share on other sites

the problem with sharing ban files is that you share all bans. if a player tk on one server and get banned.

it doesnt mean that another server rule is to perm ban players who do that, maybe they only ban for 1 day.

with my upcoming program "soon to be released". i have implemented a global ban system in my app where i only have bans of people who has cheated/hacked.

nothing else. since i find it unfair. my app checks for updates each hour.

any player who are listed i this database get booted of when they join with a message. you are global banned on bec enabled servers

i also want to build up a ban site for arma2 where game admins can report hacks/cheats with proof. but i really dont have time to do so.

if anyone has some php/mysql skills and are interested in helping building up such a site. please contact me.

Share this post


Link to post
Share on other sites

ok the problem is then clear,

there is flaw in the code from OA merge and they don't work properly

this affects only ARMA 2 release build 1.10

partial workaround is to erase \keys\bi.key and keep only \keys\bi2.key

full workaround needs to wait for next ARMA 2 patch or server hotfix

the same problem applies to the hacks aimed on the admin interface it seems the code wasn't merged fully from OA

Edited by Dwarden

Share this post


Link to post
Share on other sites
the problem with sharing ban files is that you share all bans. if a player tk on one server and get banned.

it doesnt mean that another server rule is to perm ban players who do that, maybe they only ban for 1 day.

with my upcoming program "soon to be released". i have implemented a global ban system in my app where i only have bans of people who has cheated/hacked.

nothing else. since i find it unfair. my app checks for updates each hour.

any player who are listed i this database get booted of when they join with a message. you are global banned on bec enabled servers

i also want to build up a ban site for arma2 where game admins can report hacks/cheats with proof. but i really dont have time to do so.

if anyone has some php/mysql skills and are interested in helping building up such a site. please contact me.

Currently we only permanent ban hackers and cheaters. Massive team killers as well banned but they are listed separately in the ban.txt... anyway if they apologize we remove.

---------- Post added at 03:43 PM ---------- Previous post was at 03:21 PM ----------

ok the problem is then clear,

there is flaw in the code from OA merge and they don't work properly

partial workaround is to erase \keys\bi.key and keep only \keys\bi2.key

full workaround needs to wait for next ARMA 2 patch or server hotfix

the same problem applies to the hacks aimed on the admin interface it seems the code wasn't merged fully from OA

ok bi.key is removed. Anyway a working tool to punish this guys is needed, a share of ban lists could make this counter measure more effective.

Share this post


Link to post
Share on other sites
Anyway a working tool to punish this guys is needed, a share of ban lists could make this counter measure more effective.

as i said. i have the tool. only need a site to maintain the bans. where few trustworthy community member would have access to add/remove bans.

my tool works like this. Server admin A reports a cheat/hack. server B,C,D,E,F all get the updated file with in the hour. the benefit of this is that server admins on server B,C,D,E,F do not need do any work since its automated.

so again. if any one want to help build up a ban site. lets make it happen.

Share this post


Link to post
Share on other sites

the automation don't need any tool, all you need is wget and doing interval checks on the file's date / size

the banlist itself can be simple .txt or any .archive format then anywhere on http hosting ...

for updates you can use any of these free online data hosting solutions

(so you may map it as network drive and directly update the bans as file operation)

or FTP / HTTP w/e You like

simple, effective, easy to deploy just find some time to set it up...

no need to run some 'unknown' code ;)

again limit is just imagination and usage of tools already on disposal for years

Share this post


Link to post
Share on other sites

the problem isnt really what tools that are being used. but how to maintain the bans. and who should be able to global ban people. it can become a mess quite fast.

thats why i suggest a ban site where server admins report in hacks/cheats with proof. by screenshot.logs or other means.. to ensure the player has been a bad boy.

else anyone can report a player as a hacker and he would get a unfair ban.

Share this post


Link to post
Share on other sites

there is no way to be 100% sure the bans are valid ...

that wasn't possible even with Punkbuster, screenshots and remote syslog logging ...

(the systems were repeatedly hacked or abused in various ways)

hence why admins could decide what lists to opt-for and use ...

so let say there is N admins uploading each his own banlist(s) (unique filename/folder/site w/e) ...

so all you neeed is download these N lists You trust, copy them together into 1 file and load the final list into engine ...

as i'm not sure if BattlEye supports multiple banlist files yet ...

Share this post


Link to post
Share on other sites
as i'm not sure if BattlEye supports multiple banlist files yet ...

not by default. but you can do this if you run a custom build rcon on the server :)

anyway. there seams to be little interest in this by server admins except a few people.

this is the 2nd thread about sharing bans.

the idea is good. but i fear it will only stay as an idea.

Share this post


Link to post
Share on other sites

Oh god stop calling them hacks. They are script kiddies nothing more. To call them.anything else is to give them more power and status then they deserve.

Share this post


Link to post
Share on other sites
Oh god stop calling them hacks. They are script kiddies nothing more.

well. there them who are caught by BE. "#Game hack X".. i woudnt call them script kiddies.

but the vast majority are script kiddies yes.

Share this post


Link to post
Share on other sites
as i said. i have the tool. only need a site to maintain the bans. where few trustworthy community member would have access to add/remove bans.

my tool works like this. Server admin A reports a cheat/hack. server B,C,D,E,F all get the updated file with in the hour. the benefit of this is that server admins on server B,C,D,E,F do not need do any work since its automated.

so again. if any one want to help build up a ban site. lets make it happen.

you can spread it via rsync or ftp... but anyway. if I can help you can get an account on my server (Linux)

Share this post


Link to post
Share on other sites
you can spread it via rsync or ftp... but anyway. if I can help you can get an account on my server (Linux)

i already have a domain ready for use. i just dont have the time at the moment to develop such a site.

you can download the database file from here

Edited by nuxil

Share this post


Link to post
Share on other sites
i already have a domain ready for use. i just dont have the time at the moment to develop such a site.

you can download the database file from here

mysql?

I would prefer something similar to http://denyhosts.sourceforge.net/

which prevent the script kids to run ssh attacks.

It is a file based exchange so far I understood.

Share this post


Link to post
Share on other sites

Not mysql.

it sqlite3 file. the site has a mysql database tho. but its does not allow remote login.

not sure why you start talking about ssh here.

Share this post


Link to post
Share on other sites
Not mysql.

it sqlite3 file. the site has a mysql database tho. but its does not allow remote login.

not sure why you start talking about ssh here.

denyhosts for ssh is a similar system, after some tries or attacks, a ID (IP) will be blacklisted in hosts.deny, this list can be exchanged with other servers.

In the end, you got a blacklist form a lot of servers who have been already attacked and it will prevent that you will be attacked too.

In my mind, we need two scripts:

1) to read the ban.txt and submit it to a central server and retrieve a actual list from the central server and consolidate the retrieved with the existing ban.txt

2) server script to consolidate different ban.txt files into one.

Share this post


Link to post
Share on other sites

We recognize a new very harrying way of "legal" cheating. Thanks to the free ArmA2, people join the oponent team, destroy bases with C4. This happens a couple of time and after checking the IP adresses this is for sure.

Same IP differen GUID and PlayerID.

I tried it on my own, I was able to join the OPFOR with my ArmA2 free and be in the BLUEFOR with my buyed ArmA2.

This becomes a real plague:mad:..... I know sometimes more then one player is behind an IP but at least the MAC could be filtered...

Share this post


Link to post
Share on other sites
We recognize a new very harrying way of "legal" cheating. Thanks to the free ArmA2, people join the oponent team, destroy bases with C4. This happens a couple of time and after checking the IP adresses this is for sure.

Same IP differen GUID and PlayerID.

I tried it on my own, I was able to join the OPFOR with my ArmA2 free and be in the BLUEFOR with my buyed ArmA2.

This becomes a real plague:mad:..... I know sometimes more then one player is behind an IP but at least the MAC could be filtered...

Not sure this is going to be the solution - I could already do that here with my three legit client copies of the full game and three PCs. Granted, the fact Arma2 Free is erm, Free, will probably increase the likelihood of this happening though.

Share this post


Link to post
Share on other sites
Not sure this is going to be the solution - I could already do that here with my three legit client copies of the full game and three PCs. Granted, the fact Arma2 Free is erm, Free, will probably increase the likelihood of this happening though.

Yes, this is for sure, on each match now when the server becomes full, we have this behaviour after a while. May ArmA Executable can detect if it is running alrady on the same PC, this will decrase the problem by 50%...it will not help if the kids are running multiple PCs.

Share this post


Link to post
Share on other sites
but at least the MAC could be filtered...

no it doesnt work. macs are rewritten as they pass though routers.

if the server is a rent server at a data center. you would only have the last routers mac, in the data center. so this is a nogo.

Share this post


Link to post
Share on other sites

blocking IPs won't really be a viable solution until IPv6 becomes commonplace and NAT'd IPv4 is no longer implemented imho...

Share this post


Link to post
Share on other sites

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
Sign in to follow this  

×