Jump to content
Sign in to follow this  
_Hurricane

Server being hacked - admin rights overruled

Recommended Posts

Recently our servers (TV2) have been victim of hacking.

Not just the ordinary cheating, but really overruling admin rights.

I was logged in as official admin (*Admin* behind my nick). Suddenly my character started doing push-ups. Right after that I got banned (no I did not ban myself) and the server was shutdown.

It seems like a hacker took over the server, possibly via some kind of remote control. The required config for Rcon is not on our server, so it shouldn't be possible to use it.

What happened, and what can we do about it. This is a major issue.

Share this post


Link to post
Share on other sites

Stupid question, but do you have signed addons only on?

Also maybe one of those addons has been compromised?

I'm not sure, just trying to think of what would cause this.

Share this post


Link to post
Share on other sites

We have only signed addons.

They are:

OA Expansion

VopSound

RH Heli sound mod

TR Tracked Vehicles

EliasSound

Share this post


Link to post
Share on other sites

Sounds suspiciously like an addon I saw on a less-than-honest forum. The trouble these people will go through just to cause grief continually astonishes me. I mean running around being a bit of a wanker I can understand, but actually making a whole addon with dialogs and crap, that is just sad.

Edited by Hund

Share this post


Link to post
Share on other sites

I guess I found the program that does it all too.

Any BIS official can send me PM when working on this.

I will give you a link.

Share this post


Link to post
Share on other sites

everyone knows about it ...

only what I can for now suggest You is to password lock Your servers

Share this post


Link to post
Share on other sites
I guess I found the program that does it all too.

Any BIS official can send me PM when working on this.

I will give you a link.

I know about it.

Long-term this has to be fixed in the game engine, it's definitely a very bad exploit that you can take over other players' control and even issue admin commands without logging in. And no, this is not related to BE RCon, these hacks use the game's own admin interface.

Share this post


Link to post
Share on other sites

So the big question here is; What is BIS doing to fix this? I don't even bother looking at the hacks, they disgust me, but I want to hear what is being done to stop this. Otherwise we're all going to be passwording our servers and locking out pubbers, which would hurt BIS's bottom line I'm sure.

Share this post


Link to post
Share on other sites
Stupid question, but do you have signed addons only on?

Also maybe one of those addons has been compromised?

I'm not sure, just trying to think of what would cause this.

Signed addons do not stop this as they are able to spoof any addon allowed by the server.

its going to be a fun couple of days untill the kids get bored .

passwording the server , having a site to sign up on to play is going to be the norm for arma2/AO.

has BIS thought about only having addons that run server side.

Share this post


Link to post
Share on other sites

Well i went and had a read of this proclaimed hack and its looks like a bad thing is heading our way soon and with a so called "competition" its only gonna get worse for ALL unprotected servers.

My suggestion is password your server until either the kids get bored or bis or someone can stop it from getting past BE or Sigchecking

Share this post


Link to post
Share on other sites

Can they be identified by IP? So as to block them from connecting in the first place? Pass protect everything is death to public servers - not fun, not fun at all...

Share this post


Link to post
Share on other sites

So we all have to password our servers... Might as well just turn them off instead as nobody will be able to get into them

Share this post


Link to post
Share on other sites
So we all have to password our servers... Might as well just turn them off instead as nobody will be able to get into them

and what other answer You want hear in middle of weekend's night ?

i gave simple advice what You can do now, nothing more or less

and yes it's then obvious we noticed ...FPDR

Share this post


Link to post
Share on other sites

...and the popular servers will likely give out their PW to enough people that their games could be ruined anyway.

So the only solution proposed is not a solution at all (no offense personally, Dwarden).

I hope this is #1 on the priority list for the BIS devs right now.

Share this post


Link to post
Share on other sites

We kept our ArmA1 server locked due to this.

I have no probs with locking again.

Though, all servers Gamespy name should give added, for info to join.

Share this post


Link to post
Share on other sites

Our server has been hacked 5 times in 2 weeks that i know of. Carpet bombs in perfect squares, a10's, apaches and SCUDS in warfare spawning , real time writing printed and changed in the middle of the screen, admin ban leaving ban.txt in server file manager. we ahve had ppl try to enter and kicked for gamehack #18 (and # 22 i think it was). server has only been up a few weeks so we don't have a huge amount of regulars in a community yet so for us passwording seems out of the question atm. I too hope this is sorted soon as this whole day has been trashed by hackers, 3 games closed. If there is a way to install software into the server for IP info that could be useful potentially, but really these problems require addressing.

We are not running any addons, just plain OA with fairly new beta patch and it has been mostly warfare that has been hacked as that has been played the most but many games have crashed but i put that down to instability due to my noobish parameter settings but who knows...

Edited by eddie247

Share this post


Link to post
Share on other sites
server has only been up a few weeks so we don't have a huge amount of regulars in a community yet so for us passwording seems out of the question atm.

What's more fun?

Enjoying the game, or......

Our server has been hacked

Share this post


Link to post
Share on other sites

The [AIGB] Servers are all locked now, following the advise from Dwarden. I am sure BI will work on that Issue to give us the possibility to open the Servers again.

I wrote a news in our Forum, how non Members are able to get the PW. This will be possible after registering at our Forum and writing a P.N to me providing the Player ID.

Maybe this is one way to keep control over who is joining our Servers. I know it´s not a good one, but it´s the only Idea I had by now.

Greetz,

Share this post


Link to post
Share on other sites

Can all players on the server be affected by the hacker? The last 2 weeks when I played online I had some moments (mostly after a respawn) that my character started moving sideways and backwards while I was trying to go(forward) to the ammo box, that was really weird and annoying. Thought till now that it was a bug or something.

Share this post


Link to post
Share on other sites

B00tsy, I think that sliding around on respawn is just a bug, possibly the last movement you did before dying. I and mates have experienced it, b ut just double the tap the directional movement key you are stuck in.

Share this post


Link to post
Share on other sites

Just to clarify some points here.

Carrying out any or all of the following precautions WILL NOT defend from these hacks

i.e

  • Running with sig verification on
  • Running with battleye "ON"
  • Not running or allowing any additional addons

The hack is written by an experienced coder, the "children" of their community learn through trial and error in most cases how to run the hack. Sometimes they screw it up and you can catch them and ban them.

Dont bother banning them with the game engine ban system, use the battleye system it's more robust and takes a bit more effort for them to bypass it.

If the admin is on the ball and watching his logs and whatever other monitoring system he may want to apply, he may get lucky and spot them.

What they can do with the server depends on the addon that they are loading with the hack. Any client is a target

For now your options are

  • Use the Rcon application to administer your server
  • Password your server.
  • Wait for BIS to patch this

Share this post


Link to post
Share on other sites

We could get together and run a honeypot server... 20 or so people authorised there, anyone else joins and hacks begins they get BEYE banned. I know id be happy to set one up.

Share this post


Link to post
Share on other sites
We could get together and run a honeypot server... 20 or so people authorised there, anyone else joins and hacks begins they get BEYE banned. I know id be happy to set one up.

Now if that had been done via a pm to a selection of trusted players that may have been fun to do

Share this post


Link to post
Share on other sites

Hi all

In the case of some one altering data on your server without permission, then that is a crime in most western countries. Contact your countries police computer crimes department and your Server host provider to tell them to refer it to the police.

Kind Regards walker

Edited by walker

Share this post


Link to post
Share on other sites

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
Sign in to follow this  

×