Script Hackers (Need Help)

Need some advice from other server admins or just people who know about securing servers.

I run a domination server and no matter what I do, we continue to get a script hacker in the server every now and again.

http://forums.bistudio.com/showthread.php?t=121438

I've followed that. Changed the files around, renamed, moved out of dir ect. Still no luck.

I do however still use verifysig 1 because I can't get 2 working correctly, it continues to kick people who try to join for some reason. I just want to add common sound mods for people to use such as VOP and JSRS ect.

But yeah, any additional help would be great to help secure my server!

Thanks!

If you use verifysig 1, you are asking for trouble. I'm sorry, but that's one of the biggest holes they use to get in.

Also, don't call them hackers, they are nothing more than Script Kiddies with small cocks.

If you use verifysig 1, you are asking for trouble. I'm sorry, but that's one of the biggest holes they use to get in.

Also, don't call them hackers, they are nothing more than Script Kiddies with small cocks.

As much as I'd love to switch back over, I can't recommend v2 signatures until the PMC/BAF issues are fixed. (OP: using the v2 signatures will prevent anyone with the full PMC/BAF add-ons from playing)

My suggestion: signature checks on, BattlEye on, mission-based anti-cheat like DooACS or something similar (this will NOT block anyone out that knows what they're doing, but it'll block out idiots who download some random hack from certain sites and think they're all cool), and a packet sniffer such as tcpdump or Wireshark running server-side.

I'll go ahead and mention this too:

http://pastie.org/pastes/2468787 (yes, he did buy another copy recently)

As much as I'd love to switch back over, I can't recommend v2 signatures until the PMC/BAF issues are fixed. (OP: using the v2 signatures will prevent anyone with the full PMC/BAF add-ons from playing)

My suggestion: signature checks on, BattlEye on, mission-based anti-cheat like DooACS or something similar (this will NOT block anyone out that knows what they're doing, but it'll block out idiots who download some random hack from certain sites and think they're all cool), and a packet sniffer such as tcpdump or Wireshark running server-side.

I'll go ahead and mention this too:

http://pastie.org/pastes/2468787 (yes, he did buy another copy recently)

Nevermind, did http://forums.bistudio.com/showpost.php?p=1844337&postcount=28 and it worked fine ;).

Hey I installed that dooacs correctly how it said with CBA ect. How do you make sure it's workign though, I added to the command line but shouldn't it give you some messgae ingame or soemthing when a user connects?

I'll go ahead and mention this too:

http://pastie.org/pastes/2468787 (yes, he did buy another copy recently)

The guy is a compete cock.

Need some advice from other server admins or just people who know about securing servers.

I run a domination server and no matter what I do, we continue to get a script hacker in the server every now and again.

http://forums.bistudio.com/showthread.php?t=121438

I've followed that. Changed the files around, renamed, moved out of dir ect. Still no luck.

I do however still use verifysig 1 because I can't get 2 working correctly, it continues to kick people who try to join for some reason. I just want to add common sound mods for people to use such as VOP and JSRS ect.

But yeah, any additional help would be great to help secure my server!

Thanks!

if u wanna Allow v2,

your Mods which u wanna have on your server should be v2 to.

JSRS isnt v2 compatible atm for example

Hi,

I'm looking for anti-hacking tools for Arma2. Now I found this Page:

Lets not post links to crap which we do not want to share, link removed

This guys are using there time for creating hacking tools.

I don't know why, I think they can't hack other games, but I think someone needs to do somethink.

My knowlege is there are 2 optional tools:

battleye

dooacs

Did someone know if it is possible to defend Arma2 server with an firewall-tool?

I think to defend the hackers in the servercode is to close. If there is a external software (on linux sonethink like iptables) it is much better.

I know arma2 use UDP. Is there more information about the communication between server and clients?

I think it is possible to blocking clients with bad packets, before they arrive the Arma2 software.

Somethink like sentinal or tripwire should be nice.

Thx Pillord.

I think it is possible to blocking clients with bad packets, before they arrive the Arma2 software.

unless you want a lag fest.

There are way to many combination possible.

ofcource. its not impossible. preferly you want to have a pc doing this work alone where all traffic are routed through.

server<--->analyzer<--> (www)<--> clients

best tip i can give is. run WS with a filter searching for spesific troll commands. ie. diableuserinput.

then just ban his guid.

using any kind of realtime analyze of networks frame. looking for script commands is basicly out of the question.

unless you want a lag fest.

There are way to many combination possible.

ofcource. its not impossible. preferly you want to have a pc doing this work alone where all traffic are routed through.

server<--->analyzer<--> (www)<--> clients

best tip i can give is. run WS with a filter searching for spesific troll commands. ie. diableuserinput.

then just ban his guid.

Nice answer thx!

But now I think to ban the ID don't help.

Did you see the Arma2_hacking.dll? This guy can change his ID every time and since Arma2 Free you need only differend mailadr. for creating new ID's.

And you are right, if we want to stop that hacker only Bohemia can do somethink, cause they use the scriptfunktions like Createvehicle and this function can be called in missions on clients. The hacker use that too and create many vehicles on the server.

I hope there will be a solution in short time, cause we lost the fun to play Arma2 if we will be hacked at all time.

But now I think to ban the ID don't help.

Battleye guid has not been bypassed yet afik.

imo. Arma2 Free was a mistake by bis. its like inviting hackers to the game. people who might wanted this game no longer wants in because of all cheats in a2 Freee

no it will not help banning by using pid. you have to use guid to ban.

Battleye guid has not been bypassed yet afik.

imo. Arma2 Free was a mistake by bis. its like inviting hackers to the game. people who might wanted this game no longer wants in because of all cheats in a2 Freee

I think you talk about that: http://forums.bistudio.com/showthread.php?t=96228

But since Arma2 Free you need only a new Mail-Address for getting a new Account.

I know arma2 use UDP. Is there more information about the communication between server and clients?

I think it is possible to blocking clients with bad packets, before they arrive the Arma2 software.

iptables string match filters could work, but performance could also be an issue if you have too many of them. I've been looking into doing something like this for awhile, but that's my main concern. If you have a separate box, it may work.

The ideal solution would be something like a Palo Alto appliance - those have dedicated ASICs for this task, and as a result are much faster. Of course, such a solution isn't very practical for a game considering the $X,XXX (quite possibly $XX,XXX) cost.

Hi!

We've got an Arma3 Epoch server and yesterday we've got troubles with a cheater (or mayby it was a hacker).

I hope my engish is good enough to describe the issue. Ok, so here comes the story....

Because of massive problems with players get kicked by script restrictions since the Epoch update to 0.3.0.1 and because some players BattlEye triggers an unexpected disconnect (client not responding) we've decidet to deactivate BE. So we got running Infistar only.

Yesterday a cheater joines to our server an uses some "hacks" like teleporting, spawn weapons, ammo, etc. Banning him by using Infistar wasn't possible (I think because we had BE switched off). So I tried to use the console command "#exec ban 1234545678...(PlayerID)" but this didn't work too. There is no entry to find about this player in the bans.txt or epoch - bans.txt. The only way to get this cheater out of our server was to shut down it for a while.

Because of these issues I've decidet to activate BE again and switched some filters from "7" and "5" (= Kick/log) to "3" (= log only) because of players get kicked by script restrictions again.

After that I tried to ban the cheater by using the "#exec ban PlayerID" command again but it looks like, this has still not not working. I can't find any entries which are telling me that the cheater is banned now. I tried to kick an other player for testing if the commands are working but it doesn't had any effect.

Because of all this issues I've got these following questions:

1. Why these commands not working? Do I have to use the "#login adminPW" first to use other commands or am I automaticly logged in as an administrator? (In the configuration of the server I am registered as an administrator)

2. Do these commands working without having an active BE on the server?

3. Why I wasn't able to ban the cheater with Infistar? I've selected/spectated him and choose Ban for hacking, but nothing happends and the tool told me there is no target selectes ore something like this.

4. Is it possible to ban players by using Infistar without having an active BE on the server?

Would be nice if somebody could help us with these questions!

This should be its own thread under the ARMA 3 forum, but in case you still need help, the ingame kick/ban commands have changed from ARMA 2. You now need to wrap the name of the person to be kicked with quotes.

Arma 3

In Arma 3 #exec kick and #exec ban commands require quotes for Name, UID or Player#.

#exec kick "5"
#exec ban "imah4x0r"
#exec kick "938679499494"

#kick command can still be used either way:

#kick imah4x0r
#kick "imah4x0r"

In case of banning, ban.txt file is created in root Arma 3 directory that contains a list of banned UIDs.

[/Quote]