New wave of hackers, more deadly than before.

[TSAndrey 1]

You exaggerate. I merely want proof of Dwarden's as of yet unsubstantiated claim.

It's not unsubstantiated. Custom anti-hacks aren't working client-side, they just use BE logs to kick/ban for known scripts.

[Zumbi 1]

while you have such bold claims, what about show me single of these non-BE based anti-cheats ;)

for years the only additional method to BattlEye (and before BE (pre-ARMA era) was to read packets in raw mode and parse and filter afterward

while it can be classified as anticheat method, it's just scripts detection (incoming to server) ...

yet it has nothing with client side anti-cheat (e.g. against ESP, aimbots etc) which is primary BE's job

Dwarden, is there any hope of re-enabling the old method (logging everything)?

Maybe an option in server.cfg to disable packet encryption?

Since the hackers got around encryption and it isn't helping us anymore, it would be nice if server admins could monitor all the client-server traffic again. :)

It really gave us a lot more power to be able to log everything, not just hackers but it helped us catch team-griefers on non-DayZ servers by seeing who drove what vehicle etc... Although the BE filters have come a long way since 1.62 came out, getting our logs back would really help us stay abreast of the newest hacks, by seeing all the scripts that they execute on our servers, without having to go on their stupid script kiddie forums and look at the hacks in order to catch them.

It's not unsubstantiated. Custom anti-hacks aren't working client-side, they just use BE logs to kick/ban for known scripts.

Actually, I think the more advanced ones run some scripts on the clients to check them, but the "99%" referred to both log-based and script-based solutions, so it is still correct.

[Harzach 2508]

You exaggerate. I merely want proof of Dwarden's as of yet unsubstantiated claim.

How am I exaggerating? You are making a fuss about a game you don't play. And how does Dwarden owe you anything?

[kualus 1]

How am I exaggerating? You are making a fuss about a game you don't play.

Because I want to see how the developers will react. I want to see what the community is like when I interact with them. Testing the waters for the future.

And how does Dwarden owe you anything?

Owe us, you mean. His statement came across as unsubstantiated and rash. If he doesn't want to offer proof, fine. But don't expect me to immediately believe what he says otherwise.

[Dwarden 1124]

what proof? source codes of these solutions admins use? ... unless you have something constructive to say ... please go troll somewhere else ...

[Jastreb 69]

Please disconnect from the internet right now. Lock your server, reinstall it, and if you cant do it alone ask someone to help you, or hire someone if you have to.

Mother of God...

[Addictionubg 1]

what proof? source codes of these solutions admins use? ... unless you have something constructive to say ... please go troll somewhere else ...

Here is some constructive criticism. Develop an ability for server admins that allows them to see in REAL TIME what code or script is coming for EACH person. With their GUID/IP/ID....

OR

Develop accounts based through a website much like battlefield 3 to keep the CD-Key theft DOWN so that way when they get banned it actually means something.

[slatts 1978]

While not 100% relevant to the posts above. I just proved to a friend I could get around his "secure" server. He left sig check off and I brought with me an addon console addon that allows me to easily to pretty much what I please(hello AH-64 in wasteland). Hacking? No, cheating...yea since I was abusing it's creators purpose ;)

The point being, there are some servers with BE on and sig check off, I've come across plenty(DayZ and non-DayZ..before and after DayZ). So if you're one of those don't go crying BE won't stop hackers. Because sometimes "hackers" aren't hacking ;)

[Addictionubg 1]

While not 100% relevant to the posts above. I just proved to a friend I could get around his "secure" server. He left sig check off and I brought with me an addon console addon that allows me to easily to pretty much what I please(hello AH-64 in wasteland). Hacking? No, cheating...yea since I was abusing it's creators purpose ;)

The point being, there are some servers with BE on and sig check off, I've come across plenty(DayZ and non-DayZ..before and after DayZ). So if you're one of those don't go crying BE won't stop hackers. Because sometimes "hackers" aren't hacking ;)

if he left his sig check off... thats not a secure server.

[eddieck 10]

Well, thank you. I hope someone never considers your work to be useless either. But that's what I hear every day anyway, so I guess it must be right...

You're doing an excellent job. Anyone that actually understands the situation will agree.

This is a problem with missions at this point.

Here is some constructive criticism. Develop an ability for server admins that allows them to see in REAL TIME what code or script is coming for EACH person. With their GUID/IP/ID....

http://forums.bistudio.com/showthread.php?138736-Introducing-Server-side-Event-Logging-Blocking

http://en.wikipedia.org/wiki/Tail_(Unix) / http://www.baremetalsoft.com/wintail/

:)

Develop accounts based through a website much like battlefield 3 to keep the CD-Key theft DOWN so that way when they get banned it actually means something.

I'm not sure you understand what "CD key theft" actually is. It refers to malicious software executed on one's computer that obtains their CD key from the registry and sends it to someone. That typically results in the key getting globally banned, when someone else cheats with it.

Such software usually masquerades as a DayZ or ArmA cheat, so as long as you're not looking for such things, you'll probably be fine.

I fail to see how something like Battlelog would improve the situation at all, besides by changing the attack method (instead of reading the value of a registry key, a keylogger would be needed to capture the user's login credentials). And as far as increasing the effectiveness of bans? If someone gets BE global banned and wants to play, they have to buy a new CD key. If someone gets Battlelog banned (or VAC banned, or whatever), they have to buy a new key. What's the difference?

[iceman77 18]

I'm not sure you understand what "CD key theft" actually is. It refers to malicious software executed on one's computer that obtains their CD key from the registry and sends it to someone. That typically results in the key getting globally banned, when someone else cheats with it.Such software usually masquerades as a DayZ or ArmA cheat, so as long as you're not looking for such things, you'll probably be fine.

Exactly, and then people have the nerve to come on here & complain after their keys been stolen... If you're keys getting stolen, You're in the wrong. You either A) Are trying to downlaod and use "tools", B) Using an "unofficial" dayz mod that you downloaed and installed via exe (Which isn't legit anyhow), C) You're a cheap bastard and instead of paying ~20$ for the game, you try and buy a key for ultra cheap from some unofficial key vendor.

Anyway you look at it. If you're keys stolen. You did it wrong. No one else is to blame.

And also, If you can't secure your server from hackers, then it's time to find a good admin that knows what he's doing. I mean.. really knows what he's doing. Admining is a pain. You may aswell forget about playing altogether.

Edited February 6, 2013 by Iceman77

[Dwarden 1124]

Here is some constructive criticism. Develop an ability for server admins that allows them to see in REAL TIME what code or script is coming for EACH person. With their GUID/IP/ID....

OR

Develop accounts based through a website much like battlefield 3 to keep the CD-Key theft DOWN so that way when they get banned it actually means something.

actually majority of admins will confirm this is what I wanted for quite some time and still want for our games ...

system similar to state packet inspection firewalls , where you setup rules to block or log incoming events (scripting or else)

but it's not easy to make as it looks,

so in meantime it was decided to have performance / development compromise with BattlEye server side filters, which allows logging event and prevent script execute if detected for kick

Edited February 4, 2013 by Dwarden

[slatts 1978]

if he left his sig check off... thats not a secure server.

That why I wrote it as "secure". He said it was.

[dmarkwick 261]

I don't have to. In the words of Chico Marx, "Never mind, whose confession is this?

Hmm so you demand proof of someone's words, but not willing to provide any such thing yourself. You're very select in your notion of obligation :)

[kualus 1]

Hmm so you demand proof of someone's words, but not willing to provide any such thing yourself. You're very select in your notion of obligation :)

Another strawman from a troll trying to reignite a flame war, and a smiley doesn't change that. :) At the time I said that, I asked for proof, he dodged. I never said I wasn't willing to provide proof, and I don't care whether or not he offers it now.

[dmarkwick 261]

Another strawman from a troll trying to reignite a flame war, and a smiley doesn't change that. :) At the time I said that, I asked for proof, he dodged. I never said I wasn't willing to provide proof, and I don't care whether or not he offers it now.

Well...

while you have such bold claims, what about show me single of these non-BE based anti-cheats ;)

I don't have to. In the words of Chico Marx, "Never mind, whose confession is this?"That was then, this is now. I am still interested in ArmA2 regardless as the developers actually aren't interested in censoring feedback and isolating themselves from it, unlike a certain sim and developer I've already vented about...

... is what I was reading. Anyway, good luck in your journalistic endeavors :)

[Addictionubg 1]

I seriously do wonder if people are just trolling with their responses here..

[metalcraze 290]

Purchasing anti-hacks from hackers (protection money!) instead of learning how to secure a server is something one can't really troll.

[Dwarden 1124]

also if You have dayz server then realize the insecure coding in dayzmod (it got even worse with 1.7.5.1) is nothing what can BattlEye and my BE server filters fix ...

[SavageCDN 231]

Purchasing anti-hacks from hackers (protection money!) instead of learning how to secure a server is something one can't really troll.

Yeah I gave up after page 1 :p

[icomrade 1]

If you know what you are doing, you can add scripts to your mission file to prevent hacks/restrict what players can do. Of course, it can always be bypassed but it's not economical for a scum bag to sell and develop cheats that only work on your server. If the teleport prevention script in DayZ (useless now) was never added to the mod for everyone and kept private to some servers then it probably would never had been bypassed for the masses. Of course, keeping anticheat scripts and filters private only hurts the community, but the caliber of server hosts these days aren't worth sacrificing a secure server for myself.

[Addictionubg 1]

If you know what you are doing, you can add scripts to your mission file to prevent hacks/restrict what players can do. Of course, it can always be bypassed but it's not economical for a scum bag to sell and develop cheats that only work on your server. If the teleport prevention script in DayZ (useless now) was never added to the mod for everyone and kept private to some servers then it probably would never had been bypassed for the masses. Of course, keeping anticheat scripts and filters private only hurts the community, but the caliber of server hosts these days aren't worth sacrificing a secure server for myself.

Classic case of not knowing wth your talking about.

[Dwarden 1124]

partially ... anyone with time, mood and scripting knowledge can write sanity checks and secure the 'mod' or/and 'mission' on his server

as any server side code could be unique using unknown variable name to cheaters, the security will be higher

it's same with simple yet effective server-side scripts to detect teleportation, speed-hacking and flight / levitation abuse, warping via vehicles and so forth ...

[zooloo75 833]

Classic case of not knowing wth your talking about.

Looks like you're the only one with the lack of knowledge here...

He is saying that you can code in your own countermeasures against hackers. For example, to prevent teleporting, do a loop that gets the player's position, wait a second, then get it again; then have the script compare the two positions to see if it has changed drastically within that second.

Now you can do whatever you like as a result of this script. You can make it say "x is hacking" or have it kick/ban the player, etc.

[iceman77 18]

Classic case of not knowing wth your talking about.

He actually makes some good points though m8. :)

Edited February 15, 2013 by Iceman77