How to track down and report for arrest / stick it to hackers

[Fr33d0m 11]

Fellow ARMA 3 developers:

It is my distinct pleasure to inform you all that there IS quite in fact a way to get back at those naughty hackers gaining admin on your servers and doing whatever else it is these naughty bastards do.

NOTE: My method works off the idea of a 24/7 dedicated server with a steam based installation. I have not tried anything of the sort on a pick-up on play / host machines, but I suspect investigations of similar methods under said circumstances will lead to similar results. Feel free to post additional information to an add-on of what I have posted here.

OKAY so lets begin. My arma 3 server shows that last night about about 2 AM, some rotten asshole gained ADMIN to my server and re-started the mission. Well, you PRICK!! Fine, you think you're safe hiding behind a non-working battle eye ID? Think again!!

So we saw that someone gained admin in our server status window, you know, the window that opens up when you run armaserver.exe. DO NOT CLOSE THIS WINDOW and make note of the exact time the hacker did his dirty deed (if in-game, sometimes the seconds don't matter as much, so just note the hour and minute...)

We're gonna go into (in my directory, anyway) program files (x86) / Steam / Steamapps / Common / Arma 3

You will see a folder named "logs". In this folder we should find a number of logs. One of the should hold connection records of every swinging dick who connected to your server, complete with the RAW IP ADDRESS and PORT that the offender connected on.

The IP address with the corresponding time to the attack is highly likely to be your offender. If you have the server connection log, you can match a screen name to a connection time and then use the log of equal time to match to an IP address. Take this RAW IP Address to google and search it. A number of online "whois" and "ip lookup" services will give you the Internet Service Provider, and sometimes you can even get the exact address and a GPS MAP of where your offender lives.

You may now use this information how you please. If you are an equally rude dude, and the IP appears residential, why not try some modem / router cracking and try to gain control of his home network for mad lulz? Well...it IS illegal after all...teehee....or you could just do the right thing and notify the authorities....this is probably the best way to go to really ruin the game hackers day. Nothing like FELONY ELECTRONIC INTRUSION CHARGES to teach the snide little sonofabitch how cows eat cabbage.

With that, in case some of you (ok a lot of you) didn't know, the FBI has a special division that responds to complaints like the one you would have here. Please visit http://www.ic3.gov/complaint/default.aspx (A sister site of the Federal Bureau of Investigation) to report electronic intrusion crimes.

Happy hunting!!

Hackers::

Remember - Even though you are "just" game hacking, gaining unauthorized access to someone's computer can land you up to 25 years in federal, pound-you-in-the-ass prison. Probation isn't much fun either, if you're under 18. The laws don't just hit the adults anymore.

If you aren't skilled in the ways of intrusion anti-detection, and you cant get actual root to the server you are trying to hack, you may as well just not run your script and don't do the hack. It's not like you understand HOW its being done anyway. Real hackers call people like you "skids".

With that, in case some of you )ok a lot of you) didn't know, the FBI has a special division that responds to complaints like the one you would have here. Please visit http://www.ic3.gov/complaint/default.aspx (A sister site of the Federal Bureau of Investigation) to report electronic intrusion crimes.

[Hub 1]

Nice...

Our Wasteland has a built-in Anti-Hack which detects KNOWN scripts/hacks and then kicks them. Then I parse the logs and add their ID to the ban.txt. Here's a list of all the players that were caught scripting/hacking. Another good thing, is that this Anti-Hack is built and maintained by one of our admins, so it will always be updated.

I figured I would make a list of all of the players who have been identified from the anti-hack AgentRev built. This is for future purposes in case they come back to ask to be unbanned (even though they won't be).

Copy the PlayerID and add it to the ban.txt

Banned Hackers/Scripters

Personally Identifying Information Removed

You're welcome.

Edited June 14, 2013 by Max Power

[Amra 10]

What would FBI do with scriptkids from China and Iran? Or it's a CIA prerogative?

[TW_ 2]

....FBI for a skiddy.....

I want to hear/read the call/email you send to someone asking what can be done about a script kiddie...

LOL

[Amra 10]

- What are you going to do with Arma 3 hacker xXx_Hax0rr_xXx who gained admin rights to my server and re-started the mission?

- Don't worry sir, our best officers work days and nights. This case is of highest priority.

[LCpl A. Loveless 12]

May i just say. You do realize in the server there is a 'vote admin' command?

[redryder 10]

Yes, would you ban someone and report them for "hacking" if they were voted as the admin?

Not only do you have the voting issue, you also have the fact that, not every hacker is going to gain access as soon as they log in... it just is not practical. It would be much safer for the hacker to wait for, say, thirty minutes, then enable the hack. So, instead of banning the actual hacker, you are instead banning AND reporting someone to the FBI for something they did not do. This is not an effective way for banning hackers.

Also, how do you suppose the FBI would consider this to be hacking your PC? They are not stealing anyone's CD key... hopefully, anyways. They are not using a trojan to actually go into your PC.. they are merely hacking a game that places a whole lot of critical scripts onto the individual player. The FBI will not do anything to script kiddies. They only go after those who try to actually gain access to your PC using trojans, worms, etc. Besides, whats more important? A credit card number/social security number, or the sanity of gamers?

[Masharra 10]

Obviously gamers, we are much much louder. EA is the worst company in the world remember?

/irony

[zooloo75 833]

I just cried for humanity.

[thec1aw 1]

Nice...

Our Wasteland has a built-in Anti-Hack which detects KNOWN scripts/hacks and then kicks them. Then I parse the logs and add their ID to the ban.txt. Here's a list of all the players that were caught scripting/hacking. Another good thing, is that this Anti-Hack is built and maintained by one of our admins, so it will always be updated.

You're welcome.

Hey guys, would you be interested in working together? Sharing ban lists? This was released about a week ago *SNIP* and is what is wrecking everyones server.

EDIT by Deadfast: Link to hax removed.

Edited June 16, 2013 by Deadfast

[Hub 1]

Sent you a message thec1aw.

[Masharra 10]

Hackers::

Remember - Even though you are "just" game hacking, gaining unauthorized access to someone's computer can land you up to 25 years in federal, pound-you-in-the-ass prison. Probation isn't much fun either, if you're under 18. The laws don't just hit the adults anymore.

If you aren't skilled in the ways of intrusion anti-detection, and you cant get actual root to the server you are trying to hack, you may as well just not run your script and don't do the hack. It's not like you understand HOW its being done anyway. Real hackers call people like you "skids".

With that, in case some of you )ok a lot of you) didn't know, the FBI has a special division that responds to complaints like the one you would have here. Please visit http://www.ic3.gov/complaint/default.aspx (A sister site of the Federal Bureau of Investigation) to report electronic intrusion crimes.

lolld Team America World Police!

[Hatchet_Harry 1]

Hello there,

i just want one answer in this thread:

My Questions to BIS are:

Will battleye be able to give us protection against clientside scripts, which affect the other clients or base functions of the server?

We modders and hosters are wasting our time.

We build scripts: The hackers change their scripts. We change our scripts. The hackers change their scripts.

Every day the same bullshit.

Please give us a date.

regards

haary

@Mods

Nope there are not enough threads - since the skiddies are driving crazy- because it is a huge problem for us. i just wanted an answer.

[Brain 12]

Fellow ARMA 3 developers:

No authority would ever be interested to go after some kiddy who hacked a Wasteland server. Handle it over an attorney.

1. Get attorney

2. let him write some letter to the offender, demanding money and the costs for the attorney. otherwise threat him with other legal actions.

3. ?????

4. profit

[MissileMoose 10]

If the current build is remotely similar to that of any past game in the series, then I'm fairly certain that there is absolutely nothing illegal about people using scripts in multiplayer, unless those causing nuisance are modifying the function of the game engine (script injection). Scripting commands are provided by Bohemia Interactive, for use in their game.

People should be able to play without being disturbed by others' malicious intentions, however this is not a right granted by any license or law. People will always find ways to disturb others, be it by team killing or using scripts. More could be done however, and I believe that the first step is for gamers and developers to take a stand against websites which promote the illegal modification of games. Most people don't write their own hacks, nor have any knowledge of programming, so taking away their means of communication with more educated people with similar states of mind should have an impact, however small.

The Arma series has always appeared to me to be directed towards a responsible audience; with recent influx of players, sadly it seems that many cannot control themselves. I suspect that this is partly due to the closed and restricted nature of most games these days.

Will battleye be able to give us protection against clientside scripts, which affect the other clients or base functions of the server?

Yes, it probably will. Functionality for monitoring and blacklisting scripting commands is present in the beta build for Operation Arrowhead. This will probably not stop people from finding alternate ways to cause chaos in certain missions though.

Edited June 19, 2013 by MissileMoose

[eddieck 10]

If the current build is remotely similar to that of any past game in the series, then I'm fairly certain that there is absolutely nothing illegal about people using scripts in multiplayer, unless those causing nuisance are modifying the function of the game engine (script injection). Scripting commands are provided by Bohemia Interactive, for use in their game.

It is _possible_ (usual disclaimer applies here: IANAL, I might be, and hell, probably am, completely wrong) that certain script-based cheats, in particular black screen + disable input, could loosely be considered a DoS. Besides edge cases like that, I believe you are correct.

Nothing will ever be done LE-wise about that, if (and big if) anything is even possible. Getting them to do something about actual issues (DDoS) is practically impossible as it is.

[Hub 1]

Report them to their ISP, we've been to that rodeo plenty-o-times.

Nothing like being able to put real life experience to use (I'm a licensed Private Investigator, so I track/follow people down for a living). It's a lot of hard work to track down a DDoS'er, but it's possible - I've done it before.

Edited June 19, 2013 by Hub

[MissileMoose 10]

It is _possible_ (usual disclaimer applies here: IANAL, I might be, and hell, probably am, completely wrong) that certain script-based cheats, in particular black screen + disable input, could loosely be considered a DoS. Besides edge cases like that, I believe you are correct.

Nothing will ever be done LE-wise about that, if (and big if) anything is even possible. Getting them to do something about actual issues (DDoS) is practically impossible as it is.

The commands to disable input and blacken the screen are still part of the engine, though I do disagree with the inclusion of a command that blocks all input, that's simply not needed. I'm hopeful that BattlEye will allow server administrators to manage if and how certain commands are allowed to be executed (e.g., own client/all clients).

[Hatchet_Harry 1]

How to prevent DoS attacks:

1. You cant really prevent good DoS attacks

2. Dont waste more time, than his attack takes.

3. 1.2 Billion People DONT KNOW that they are a part of a botnet.

One Attacker, with one machine:

Your Network: Prevent them by an intrusion Detection Firewall

A good hoster will do that for you.

Botnet (easy way):

1. Every machine in the botnet sends less than 10 requests

2. Your firewall will drop many packets, but will not identify the attack

3. Switch your IP

3.1. Switch your Gateway if you can

3.2. Switch your ISP and use your backup connection if you have

3.3. If you have a hoster: Your Hoster will block the attacked IP for 30-120 Minutes

It is possible to automate this. I have done that. I decided: The arma server are not important enough to automate it. Because: There are more other problems than Dos attacks.

Rule number 1: Separate your servers!!!

ATM you cant run NAT solutions.

[brunow 10]

Can anybody please tell me where to find that ban.txt and where to find the place where it shows when a hacker was kicked for using scripts ?

I'm using 404 TPG Wasteland map right now.

BTW ... can anybody share with me by PM the current list of banned hackers ?

Thanks

[SavageCDN 231]

ban.txt is in the root of your arma installation and you have to create the file if it's not there already.

http://community.bistudio.com/wiki/ArmA:_Dedicated_Server#Banning

I assume the place to find hacker kicked messages would be your .rpt file

http://community.bistudio.com/wiki/arma.RPT

[Hub 1]

Can anybody please tell me where to find that ban.txt and where to find the place where it shows when a hacker was kicked for using scripts ?

I'm using 404 TPG Wasteland map right now.

BTW ... can anybody share with me by PM the current list of banned hackers ?

Thanks

Your ban.txt should be located under your root ArmA 3 folder in Steam. If not, just create a ban.txt file in notepad.

Your .rpt logs will be stored under c:\Users\YOURUSERNAME\AppData\Local\Arma 3 Alpha\

To search for hackers/scripters who were kicked by the Anti-Hack, open the .rpt in Notepad ++ and search for "was kicked for" and it will display their Player Name, Player ID, and what they were kicked for. Just copy and paste their ID into the ban.txt

I will PM you our current ban.txt

[brunow 10]

Thanks for teaching where to find the .rpt files !

but I've another question ... they are like 10 rpt files, some with 2mb and other with 21mb

Is that normal ?

How would I be able to see the difference between one and another from here on ?

Thanks

[Tyl3r99 41]

please accept my apology for the recent post. was not correct

sorry guys and BIS

Edited June 23, 2013 by tyl3r99

[XoloX 10]

Nice...

Our Wasteland has a built-in Anti-Hack which detects KNOWN scripts/hacks and then kicks them. Then I parse the logs and add their ID to the ban.txt. Here's a list of all the players that were caught scripting/hacking. Another good thing, is that this Anti-Hack is built and maintained by one of our admins, so it will always be updated.

You're welcome.

The quote you added leads to a thread which has no posts on it for over a year, I am interrested in the playerID file cause now im getting sick of the AAN da sh!t server b f@cked message 4 times a day!

Thank you