hohlraum 1 Posted October 24, 2012 (edited) This is on a windows server btw. Ignore the linux/unixish commands. I just use a cygwin shell because it's easier to work with the log files. Anyway, here is a better example of a dbag flooding our server and being ignored by battleye. Same MaxSetDamagePerInterval and setdamage.txt are in place as in the previous post. EDIT: I just checked the logs and this guy WAS kicked for set damage by battleye. But that doesn't change the fact that it took 9 seconds and 4500 violations before it took place. :/ First command shows how many set damage the guy did before he was eventually banned by dayz anti-hax. $ zgrep Freddie *.gz | grep '1.000000' | wc -l 4592 This command show when it started. $ zgrep Freddie *.gz | grep '1.000000' | head setdamage.log.20121024_044015.gz:24.10.2012 04:19:06: Freddie (86.9.210.94:2304) 563cc824a0ec3e619f2f6328abfceac2 - #0 1.000000 27:743 setdamage.log.20121024_044015.gz:24.10.2012 04:19:06: Freddie (86.9.210.94:2304) 563cc824a0ec3e619f2f6328abfceac2 - #1 1.000000 27:743 setdamage.log.20121024_044015.gz:24.10.2012 04:19:06: Freddie (86.9.210.94:2304) 563cc824a0ec3e619f2f6328abfceac2 - #0 1.000000 27:743 setdamage.log.20121024_044015.gz:24.10.2012 04:19:06: Freddie (86.9.210.94:2304) 563cc824a0ec3e619f2f6328abfceac2 - #1 1.000000 27:743 setdamage.log.20121024_044015.gz:24.10.2012 04:19:06: Freddie (86.9.210.94:2304) 563cc824a0ec3e619f2f6328abfceac2 - #0 1.000000 27:743 setdamage.log.20121024_044015.gz:24.10.2012 04:19:06: Freddie (86.9.210.94:2304) 563cc824a0ec3e619f2f6328abfceac2 - #1 1.000000 27:743 setdamage.log.20121024_044015.gz:24.10.2012 04:19:06: Freddie (86.9.210.94:2304) 563cc824a0ec3e619f2f6328abfceac2 - #0 1.000000 27:743 setdamage.log.20121024_044015.gz:24.10.2012 04:19:06: Freddie (86.9.210.94:2304) 563cc824a0ec3e619f2f6328abfceac2 - #1 1.000000 27:743 setdamage.log.20121024_044015.gz:24.10.2012 04:19:06: Freddie (86.9.210.94:2304) 563cc824a0ec3e619f2f6328abfceac2 - #0 1.000000 27:743 setdamage.log.20121024_044015.gz:24.10.2012 04:19:06: Freddie (86.9.210.94:2304) 563cc824a0ec3e619f2f6328abfceac2 - #1 1.000000 27:743 This command shows how long it went on. $ zgrep Freddie *.gz | grep '1.000000' | tail setdamage.log.20121024_044015.gz:24.10.2012 04:19:16: Freddie (86.9.210.94:2304) 563cc824a0ec3e619f2f6328abfceac2 - #0 1.000000 27:743 setdamage.log.20121024_044015.gz:24.10.2012 04:19:16: Freddie (86.9.210.94:2304) 563cc824a0ec3e619f2f6328abfceac2 - #1 1.000000 27:743 setdamage.log.20121024_044015.gz:24.10.2012 04:19:16: Freddie (86.9.210.94:2304) 563cc824a0ec3e619f2f6328abfceac2 - #0 1.000000 27:743 setdamage.log.20121024_044015.gz:24.10.2012 04:19:16: Freddie (86.9.210.94:2304) 563cc824a0ec3e619f2f6328abfceac2 - #1 1.000000 27:743 setdamage.log.20121024_044015.gz:24.10.2012 04:19:16: Freddie (86.9.210.94:2304) 563cc824a0ec3e619f2f6328abfceac2 - #0 1.000000 27:743 setdamage.log.20121024_044015.gz:24.10.2012 04:19:16: Freddie (86.9.210.94:2304) 563cc824a0ec3e619f2f6328abfceac2 - #1 1.000000 27:743 setdamage.log.20121024_044015.gz:24.10.2012 04:19:16: Freddie (86.9.210.94:2304) 563cc824a0ec3e619f2f6328abfceac2 - #0 1.000000 27:743 setdamage.log.20121024_044015.gz:24.10.2012 04:19:16: Freddie (86.9.210.94:2304) 563cc824a0ec3e619f2f6328abfceac2 - #1 1.000000 27:743 setdamage.log.20121024_044015.gz:24.10.2012 04:19:16: Freddie (86.9.210.94:2304) 563cc824a0ec3e619f2f6328abfceac2 - #0 1.000000 27:743 setdamage.log.20121024_044015.gz:24.10.2012 04:19:16: Freddie (86.9.210.94:2304) 563cc824a0ec3e619f2f6328abfceac2 - #1 1.000000 27:743 Edited October 24, 2012 by Hohlraum Share this post Link to post Share on other sites
$able 2 Posted October 25, 2012 EDIT: I just checked the logs and this guy WAS kicked for set damage by battleye. But that doesn't change the fact that it took 9 seconds and 4500 violations before it took place. :/ Thanks for confirming that BE actually kicked him. Anyway, that shows you how the server is stalling (i.e. not executing the main server frame) due to such a flood attack. I will see if I can force the kick earlier in the future. Share this post Link to post Share on other sites
hohlraum 1 Posted October 26, 2012 Anyone have any ideas how to prevent this new debug monitor replacement from being injected into the server? It was called Mr Mc Epicness. Always have the newest filters running from the DCBL. Share this post Link to post Share on other sites
TSAndrey 1 Posted October 26, 2012 Anyone have any ideas how to prevent this new debug monitor replacement from being injected into the server? It was called Mr Mc Epicness. Always have the newest filters running from the DCBL. You mean like Monky Monitor? Yeah, that's pretty bad If you click F12 while the Monky Monitor is on, you get teleported and you die! How can they do this? Share this post Link to post Share on other sites
Dolph 1 Posted November 1, 2012 What's the new "dayz_logDamage" that's spamming the publicvariable.log? Sometimes it shows multiple names, is that when people are in combat together now? 01.11.2012 06:22:32: Colby (IP) GUID - #0 "dayz_logDamage" = ["Colby","Tim",1.385] 01.11.2012 06:22:32: Colby (IP) GUID - #0 "dayz_logDamage" = ["Colby","Tim",1.03049] 01.11.2012 06:22:32: Colby (IP) GUID - #0 "dayz_logDamage" = ["Colby","Tim",1.13709] 01.11.2012 06:22:32: Colby (IP) GUID - #0 "dayz_logDamage" = ["Colby","Tim",3.27479] 01.11.2012 06:22:32: Colby (IP) GUID - #0 "dayz_logDamage" = ["Colby","Tim",0.101046] 01.11.2012 06:22:34: Colby (IP) GUID - #0 "dayz_logDamage" = ["Colby","Tim",1.38673] 01.11.2012 06:22:34: Colby (IP) GUID - #0 "dayz_logDamage" = ["Colby","Tim",1.98367] 01.11.2012 06:22:34: Colby (IP) GUID - #0 "dayz_logDamage" = ["Colby","Tim",1.19589] 01.11.2012 06:22:34: Colby (IP) GUID - #0 "dayz_logDamage" = ["Colby","Tim",2.75311] 01.11.2012 06:22:34: Colby (IP) GUID - #0 "dayz_logDamage" = ["Colby","Tim",0.132196] 01.11.2012 06:22:34: Colby (IP) GUID - #7 "dayzDeath" = ["35774209",0,<NULL-object>,"86533638","Colby"] ---------- Post added at 20:07 ---------- Previous post was at 18:50 ---------- Or, more importantly, the scripts.log is growing rapidly. More than 5MB in a few hours. This is being spammed almost constantly by every player int he server: _cmpt = toArray (_x); _cmpt set [0,20]; _cmpt set [1,toArray ("-") select 0]" 01.11.2012 04:04:35: PlayerName (IP) GUID - #177 "le,_x] call object_getHit; _part = "PartGeneric"; Share this post Link to post Share on other sites
sxp2high 22 Posted November 1, 2012 That's a DayZ issue...... Why don't you just fix it yourself? 1 "toArray" !"_cmpt = toArray (_x);" !"_cmpt set [1,toArray (\"-\") select 0]" As server admin, you really should learn how to write and edit the scripts.txt Share this post Link to post Share on other sites
Dolph 1 Posted November 1, 2012 Rather than just comment it out, I wanted to learn WHY it's doing it. Thanks for your informative reply. Share this post Link to post Share on other sites
Qauntum 1 Posted November 5, 2012 It is doing that because the new version of DayZ has //change "HitPart" to " - Part" rather than complicated string replace _cmpt = toArray (_x); _cmpt set [0,20]; _cmpt set [1,toArray ("-") select 0]; _cmpt set [2,20]; _cmpt = toString _cmpt; in dayz_code.pbo\compile\fn_selfActions.sqf as part of the new vehicle fixing code and the scripts.txt you are using was obviously made for a previous version of DayZ. Share this post Link to post Share on other sites
Dwarden 1125 Posted November 9, 2012 (edited) server side BE filters got fresh air with more info logged and more filters , you need OA beta 98866 or newer new Linux server ftp://downloads.bistudio.com/arma2.com/update/a2oa-server-1.62.98874.tar.bz2 http://forums.bistudio.com/showthread.php?142401-ARMA-2-OA-beta-build-98886-(1-62-MP-compatible-build-post-1-62-release) next to the new setVariable.txt and setVariableVal.txt and also AddBackpackCargo.txt there is more additional informations available in existing logs and new BE settings e.g. MaxAddBackpackCargoPerInterval 10 1 MaxAddMagazineCargoPerInterval 48 1 MaxAddWeaponCargoPerInterval 10 1 all in use e.g. for DayZ https://code.google.com/p/dayz-community-banlist/source/browse/filters good hunt... Edited November 9, 2012 by Dwarden Share this post Link to post Share on other sites
maddogx 13 Posted November 28, 2012 Have you guys ($able etc.) explored the possibility of enabling regular expressions in filters? Something like the following (perl style) regex that would log all BIS variables: 1 /^BIS[\w]+$/ Or this, which would only allow variables called myVar followed by between one and three numbers (for example myVar504): 5 !=/^myVar[\d]{1,3}$/ I think this could make the system more powerful, but obviously checking against regular expressions would eat some more performance. Has this even been considered as a possible feature? Share this post Link to post Share on other sites
$able 2 Posted November 29, 2012 Have you guys ($able etc.) explored the possibility of enabling regular expressions in filters?[...] Has this even been considered as a possible feature? Yes, it has been considered already. I hopefully will be able to add it at some point in the future. Share this post Link to post Share on other sites
maddogx 13 Posted November 29, 2012 Good to know, thanks. :) Share this post Link to post Share on other sites
hohlraum 1 Posted November 29, 2012 What does the new attachto.txt do and does it require a specific arma 2 beta? Share this post Link to post Share on other sites
$able 2 Posted November 30, 2012 What does the new attachto.txt do and does it require a specific arma 2 beta? http://community.bistudio.com/wiki/attachTo - exploited for teleporting. It's supported in the latest beta versions, I can't remember since which one exactly, sorry. Support for two more files allowing admins to block remote control scripts will be added tomorrow. I will also finally update the first post with all available features. Share this post Link to post Share on other sites
hohlraum 1 Posted November 30, 2012 Thanks brother! :) Share this post Link to post Share on other sites
hohlraum 1 Posted December 1, 2012 So what kinda stuff should people NOT be attaching to? Looking at how it's logging I've seen known hackers attaching to Camo1_DZ, Sniper1_DZ and Survivor2_DZ what were they doing? Share this post Link to post Share on other sites
.kju 3244 Posted December 2, 2012 Does DZ use attachTo itself at all? Share this post Link to post Share on other sites
hohlraum 1 Posted December 2, 2012 ;2259873']Does DZ use attachTo itself at all? Lots of entries from people who I know aren't cheating. Crossbow bolts appear to use it for sure. Share this post Link to post Share on other sites
Prodavec 10 Posted December 2, 2012 Drag function uses attachTo in DZ For some reason "#beclient players" command doesn't work reliable now. Share this post Link to post Share on other sites
.kju 3244 Posted December 3, 2012 report it to $able Share this post Link to post Share on other sites
cm. 10 Posted December 10, 2012 can we PLEASE have all the info consolidated in a wiki and/or the original post? As much as the new changes are good the info is certainly lacking on a lot of these filters. Share this post Link to post Share on other sites
oppa 1 Posted December 23, 2012 yes, would be nice if someone could sum up all the latest information in one post Share this post Link to post Share on other sites
cm. 10 Posted January 11, 2013 Honestly we need concise, aggregated documentation on how these filters work. I'm getting seriously fed up of having to trawl through random forum posts to find (or most cases - not find) the info I need. People have better things to do with their lives then spend time testing random shit with arma 2 servers because there is no doco on anything. You guys need to up your game - a lot. Share this post Link to post Share on other sites
quatermass 1 Posted January 12, 2013 Sadly I have to agree with cm. Getting totally lost on the filters. Is there any recent documents available? Share this post Link to post Share on other sites
Dwarden 1125 Posted January 13, 2013 what you want explained CM ? I already answered all what's needed and provide PoC how dot it which works for Dayz, I start to feel you expected unreal things Share this post Link to post Share on other sites
