Zumbi 1 Posted March 15, 2012 (edited) A hacker came on to my server today, griefed and teamkilled until he was killed by other players, then he raged, spawned parachuting cows, ran Setdamage 1 on other players and froze them with DisableUserInput. I found his IP address with tcpdump, but his GUID simply was not recorded, I can't find it neither in the .log files nor the .pcap files. Apparently there was no GUID check whatsoever despite that the server runs verifysigs=2. I'm guessing his IP address is long changed, and the PID is just about useless, because I don't even know how to check for the PID's of current players, aside from regularly searching the current log file. Is there anything I can do to ban or stop this guy? This is all that I have on him: 11:51:37 Havid Dasselhoff uses modified data file - Arma 2: British Armed Forces (Lite);Arma 2: Private Military Company (Lite);Arm 11:51:37 Player Havid Dasselhoff connecting. 11:51:37 BattlEye Server: Player #18 Havid Dasselhoff (IP removed) connected 11:51:38 Player Havid Dasselhoff connected (id=8498950). and again: 13:03:52 Player Havid Dasselhoff disconnected. 13:04:02 Havid Dasselhoff uses modified data file - Arma 2: British Armed Forces (Lite);Arma 2: Private Military Company (Lite);Arm 13:04:02 Player Havid Dasselhoff connecting. 13:04:03 Player Havid Dasselhoff connected (id=8498950). 13:04:03 BattlEye Server: Player #18 Havid Dasselhoff (IP removed) connected Edited March 15, 2012 by W0lle IP address removed from post Share this post Link to post Share on other sites
W0lle 182 Posted March 15, 2012 Please do not post IP addresses, lame script kiddie or not. And yes, since the IP address from that ISP is not a static one even banning it won't make much sense. Share this post Link to post Share on other sites
Zumbi 1 Posted March 15, 2012 Thanks for responding. What would you do next if you were me? Is there a chance his GUID was logged somewhere else? He was on the server for hours. Can I somehow change BE settings to more aggressively check for a GUID at the expense of server bandwidth? Also, do you know if there is still a way to check the PID's of players currently in game, as they don't always display on connection? Or ban a PID for that matter? I know they're easy to spoof, but it's all I have to go on. Thank you again for your help! Share this post Link to post Share on other sites
.kju 3105 Posted March 15, 2012 a) contact $able (BE author) directly about the GUID problem b) use the latest scripting command filter option http://forums.bistudio.com/showthread.php?131759-New-BattlEye-features-for-server-admins Share this post Link to post Share on other sites
$able 2 Posted March 16, 2012 Thanks for responding. What would you do next if you were me? Is there a chance his GUID was logged somewhere else? He was on the server for hours. Can I somehow change BE settings to more aggressively check for a GUID at the expense of server bandwidth?Also, do you know if there is still a way to check the PID's of players currently in game, as they don't always display on connection? Or ban a PID for that matter? I know they're easy to spoof, but it's all I have to go on. Thank you again for your help! This is obviously caused by the cd-key hash packet having a different format than what the BE Server recognizes (currently it reads the hash from the game traffic so it can show the GUID right after the player connects). It seems there are still some rare cases that I haven't seen so far. However, the game server will still internally report the cd-key hash to the BE Server when the player joins the actual game (after the lobby, when the BE Client is loaded), so entering the "players" command via RCon should show his GUID. Anyway, this issue should be fixed in the next game patch at the latest. Share this post Link to post Share on other sites
