PLEASE be secure..PLEASE....

[metalcraze 290]

Yes exactly. It would only be when a known hack its detected by the anti cheat run by BIS that you would get hit by a global ban. That's how it works with VAC as well. You would never want server admins setting a global ban. They might ban you for being rude, you only want to ban actual cheats.

LostKey is not a hack. LostKey is not a cheat. It's just a tool that idiots abuse.

And it's easily disallowed from being used on a server via limited keys.

Blacklisting a tool is a bad thing mmmkay

Blame server admins not BIS or "hackers"

[polar bear 10]

I think it's a little disingenuous to blame "lazy" server admins for the problem. You guys are saying that perhaps there is something more that the admins should have done to secure their servers, and the fault is theirs, for not having done so.

Well. From the perspective of a random ArmA player who just wants to find a good game in the server browser that is entirely unhelpful. While you're busy pointing the finger of blame here and there, he's getting a poor experience.

Much better to make a good experience the default.

Perhaps then the solution is to have in ArmA3 servers that are secure by default, locked down by default, and easier to secure than make insecure. You should have to do some work to make your server insecure, not the other way around. A lazy admin should wind up with a secure server, and it should require some significant effort (and thus presumably knowledge) to do the things that would make the server insecure--like run it without keys or whatnot.

Users who connect to insecure servers should also be warned that the server is insecure, and insecure servers should be visibly flagged in server browser as being insecure.

I realize that I'm probably setting that bar a little high if you take the last comment as an absolute--no doubt there are always some things an admin could do that would be hard to detect, that would be insecure. But that's the idea anyway, the direction that things should head in.

It's all about evaluating the situation from the perspective of the average player, and setting out to provide him or her a good experience. Plainly ArmA is a game with a steep learning curve, but the learning should relate to military simulation, scripting scenarios, etc., not obscure technical issues surrounding server security--even for admins.

Edited August 25, 2011 by Polar Bear

[noubernou 77]

It's all about evaluating the situation from the perspective of the average player, and setting out to provide him or her a good experience. Plainly ArmA is a game with a steep learning curve, but the learning should relate to military simulation, scripting scenarios, etc., not obscure technical issues surrounding server security--even for admins.

I really don't think you understand the technical issues at all, and I am wondering why you would keep commenting on them like this... :rolleyes:

If the server admin doesn't take the proper steps to secure their server then there is nothing you can do about it! It is the server admins responsibility to make sure that they are not allowing improper mods on, that they are running battleeye, that they administrate the server, or designate admins to make sure gameplay continues smoothly. BIS already provides all the tools to do that. We have told you that over and over and over again!

Public servers playing stuff like domination and insurgency and other pub game modes and do not have administrators on them are bound to get tossed up. There is nothing BIS can do about that!

Compare pubs to semi-private places like United Operations or any other place that requires you to be on Teamspeak or Ventrilo, or go someplace to get the server password and you will find that there is little to no issue with hacking. This is because they have active administration, servers setup to not allow stupid stuff through, and players that know when something is up.

[polar bear 10]

NouberNou, I trust that you are correct and believe you that with ArmA2 it is the case that if the server admins don't take "the proper steps" the server will wind up insecure, and that there is nothing BIS can do about it.

What I was suggesting in my post, however, is that ArmA3 is an opportunity to do that differently. That ArmA3 should ship with server software that configures itself securely by default, and does those "proper steps" automatically--prompting the admin for information if necessary, but secure. For example, if a security requires that there be keys associated with any installed module, the default modules would all have keys, and the process for adding a new module would require the keys to be present too or the new module would not be used. Now there may be development reasons why you need to disable that--so there could be extra steps to load modules insecurely, or turn off security, but that would not be the default mode. It should be extra work to make an insecure server, not extra work to make a secure one.

It certainly is possible to develop server software that is secure by default! The "proper steps" can be performed by an installer or a wizard. Certainly there are many vendors of many types of server software, including game servers, that set themselves up securely by default. This did not used to be the norm, but in the modern world it's sort of an industry standard now--secure by default.

Edited August 26, 2011 by Polar Bear

[Militant1006 11]

Team Deadly attacked a public insurgency server I was on yesterday aswell, it is a bit lame.

[rye1 21]

I vote public execution.

[eddieck 10]

Team Deadly attacked a public insurgency server I was on yesterday aswell, it is a bit lame.

It's not us. Since this has already been discussed in several other threads, I'll just leave it at that (you can do a search if you want to find the details). What I will say now is that any server administrator can contact me via PM on here or at eddie@teamdeadly.com for the GUIDs and info of the person doing this.

[maddogx 13]

It's not us. Since this has already been discussed in several other threads, I'll just leave it at that (you can do a search if you want to find the details). What I will say now is that any server administrator can contact me via PM on here or at eddie@teamdeadly.com for the GUIDs and info of the person doing this.

Are you saying it's still the same guy? oO

I would say he's a prime candidate for a global GUID ban, but from what I've read he's already on his 6th or 7th copy of the game, and still merriliy griefing away. :rolleyes:

[eddieck 10]

Are you saying it's still the same guy? oO

I would say he's a prime candidate for a global GUID ban, but from what I've read he's already on his 6th or 7th copy of the game, and still merriliy griefing away. :rolleyes:

Yep, it's still him.

I'm not sure if BI could legally do a global ban, since that'd have to be via GameSpy and it'd lock him out of playing even on private servers. I assume he's paying for these copies, or rather his father is, so chances are they couldn't legally do that.

[.kju 3241]

BE and verifySignatures should be enabled by default. I think atm only BE is.

So in other words BI should go for security over free addon use in the default settings.

At the same time the whole addon management and error+info message system needs to

be vastly improved.

[CarlGustaffa 4]

Problem for us is that we're unable to successfully v2 sign a few of our addons, and even verifysignatures = 1 doesn't accept them. We want to have a public server running, but is currently passworded. Not an ideal situation.

[eddieck 10]

Yeah, until the PMC/BAF issues are fixed (in 1.60), v2 signatures are IMO useless.

[.kju 3241]

Use a2/oa tools to pack pbos and signing always works.

You can always tell people to use the beta patch or rename the DLC folders for now.

Of course 1.60 is the real fix, yet useless is wrong. For some public play situations it is

tricky, but not useless.

[*LK1* 10]

Perhaps describe this in more detail and specifics to Dwarden by PM.

ok...

[Nicholas 5]

I know one really good way to curb the hacking. Allow server admins to choose whether or not a player can JIP. Most hackers will not want to wait to start ruining everyone else's fun. I know that in OFP, there were less hackers than what there is now, mainly because OFP did not have JIP.

And metalcraze, you haven't been around long enough then if you have not witnessed any hacking. I have been around since 2001 and have witnessed many hackers, even in private servers. Hackers can bypass the addon check and even BattlEye, unfortunately. Hackers can either use .pbos (bypass addon check) or inject .exe's (bypass BattlEye) to hack.

I have run a server before in the past and have come across many hackers, they can get around pretty much everything that BIS has in place to deter them.

[nuxil 2]

a sidenote to Dice.

there is no proof that be's guid is bypassed. if the player who has a hack that inject script. guid ban still works. they have only been able to change the pid afik.