Jump to content
Sign in to follow this  
Richie

Hacked by a player with no ID

Recommended Posts

My server with domination was attacked last night. I closed server, updated arma 3 alpha to dev mode, deleted: installscript.vdf and reload mission, so far I can play with passworded server.

Share this post


Link to post
Share on other sites
Hi,

we're aware of the issue and working on a fix which should prevent "hijacking" a function (like BIS_fnc_MP) for hacking purposes.

Now there's the good news right there.

[Pretentious Hacker Prick] 0 -- 1 [ArmA3]

Share this post


Link to post
Share on other sites

we are working on multiple solutions to these issues (as it's not just one while it seems to be)

Share this post


Link to post
Share on other sites
It makes no sense to allow persistent variables to carry over from one mission to the other

Campaign?

Share this post


Link to post
Share on other sites

@Pawel That .vdf file is legit, it's part of the install. The simplest cure (and I just tested it on our server) is:

1. all players shutdown Arma3 and restart

2. restart the mission from the server lobby.

It works until another infected player joins so up to you to lock or not.

Share this post


Link to post
Share on other sites

does anyone no when this will be fixed, how many days or hours or weeks. I just want to play

Share this post


Link to post
Share on other sites
Hi,

we're aware of the issue and working on a fix which should prevent "hijacking" a function (like BIS_fnc_MP) for hacking purposes.

does anyone no when this will be fixed, how many days or hours or weeks. I just want to play

Easy answer, when it is ready!

Until than play on passworded servers with your friends or play singleplayer.

Share this post


Link to post
Share on other sites

Thanks for the feedback BIS!

Im aware that there are several vectors to abuse these functions, however if this specific issue would be related to execution of BIS_fnc_MP it could help (for some time). It would certainly break missions that use BIS_fnc_MP in a regular, non-abusive way BUT if its not used overall in the mission it could work. Again however, if this remote execution is triggered by a PVEH that listens to BIS_fnc_MP_packet, and since there is no way to remove that PVEH, you could still execute code only by PVing this variable in the "right" way. So you are right, it needs low level checks - until then...

Enjoy

Share this post


Link to post
Share on other sites
Campaign?

We have a seperate persistent namespace for Campaigns I think. and it would make no sense, since you'd lose your campaign progress on a game restart...

Share this post


Link to post
Share on other sites

Haven't ever thought about it yet, but since even passworded servers aren't safe, is there a way to "hide" an online server from the Gamebrowser and lets you exclusively connect on it via "Join with IP"?

Share this post


Link to post
Share on other sites

im reasonably sure you simply tell your server to not to report to gamespy. Atlereast in a2 i had that option.

Share this post


Link to post
Share on other sites
Our Solution seems to work as for now. No follower hack executed yet.

How about you "share" your "solution"?

Share this post


Link to post
Share on other sites

Looks like its time for some friendly locked team coop between friends until this all blows over. Thanks for the info everyone. :)

Share this post


Link to post
Share on other sites
Haven't ever thought about it yet, but since even passworded servers aren't safe, is there a way to "hide" an online server from the Gamebrowser and lets you exclusively connect on it via "Join with IP"?

I suppose you could always remove the IP reporting done to gamespy. Not sure if that would work but seems like it.

You should have a reportingIP= "arma3pc.master.gamespy.com" somewhere in your config file, just comment it and restart the server.

Share this post


Link to post
Share on other sites

Wow I thought I was the only one having this problem on their server, prtty annoyimg ive restarted etc and still when I load any mission random people join and you start free fallin and get that message

Share this post


Link to post
Share on other sites
Haven't ever thought about it yet, but since even passworded servers aren't safe, is there a way to "hide" an online server from the Gamebrowser and lets you exclusively connect on it via "Join with IP"?

testing now will update if it works

Share this post


Link to post
Share on other sites

Hi all, the problem of multiplayer being a target of those who wish to ruin the experience for others is certainly not something we are ignoring. It's also far from an easy thing to solve. Just like with other big topics (optimization :confused:) there are no magic bullets. I'll try to expand on the issue and our plans in the next SITREP - but I do not intend to promise specific solutions until they are fully confirmed.

Share this post


Link to post
Share on other sites

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
Sign in to follow this  

×