Page 1 of 54 123451151 ... LastLast
Results 1 to 10 of 540

  Click here to go to the first Developer post in this thread.  

Thread: Hacked by a player with no ID

  1. #1

    Hacked by a player with no ID

    Hello,

    My server has been hacked by some little knob with no player ID and he somehow managed to inject a .vdf file inside of my A3 directory.

    One of our regular players reported that a new message was displayed on joining the server, The message reads
    Thank you BIS for making my hacking life so much easier. This BIS_fnc_MP command is just what i need to screw people up. Why don't you go bitch on the forums about it? Hmmm ... it's not exactly hacking anymore, now that it's a feature ...
    Screen shot of the message > http://i36.tinypic.com/1z4bspi.png

    There was also another error message that i hadn't seen before
    Cannot open object a3\air_f\gbu12fly.p3d
    After checking my A3 installation i noticed a file had been injected in my A3 directory, The file name was installscript.vdf
    I still have the file but i won't post it's contents publically, If a moderator or someone from BE wants it i'll send it

    The player had no game ID, I can't ban someone with no ID
    All i have is
    Code:
    16:10:43 STSu*EroMusha uses modified data file
    16:10:43 Player STSu*EroMusha connecting.
    16:10:44 Player STSu*EroMusha kicked off - too big custom file 'face.jpg' (83659 B > 10 B).
    16:10:44 Player STSu*EroMusha disconnected.
    It had to be him/her as nobody else was online and the previous player i can vouch for.

    I have VerifySignatures = 2; in my server.cfg so what else can i do ?
    No doubt the little knob will be waiting for this post to get their lulz

    Any help would be great to stop this or detect it
    Last edited by Dwarden; Apr 24 2013 at 05:03. Reason: there is no file injected ... installscript.vdf is part of install
    Signature removed as BIS thinks we're in the 90's
    Any picture bigger than a stamp is banned

  2.   Click here to go to the next Developer post in this thread.   #2
    nothing unexpected
    the BIS_fnc_MP https://community.bistudio.com/wiki/BIS_fnc_MP
    is evolution of TOH's replacement https://community.bistudio.com/wiki/...On_Helicopters)
    of A2/OA old MPF (multiplayer framework) https://community.bistudio.com/wiki/...ayer_framework

    as Alpha has no security yet, cheating or exploiting ingame scripting and functions is bound to happen

  3. #3
    * Removed after being informed installscript.vdf is a valid file *
    Last edited by Richie; Apr 23 2013 at 19:24.

  4. #4
    Are you sure that this "installscript.vdf" file was put there by a hacker / wasn't there before? According to Google, it seems to be a pretty standard Steam file that can be created in a Steam game's directory.

    EDIT: I just checked my test server (which has only been used by me so far) and it also has an installscript.vdf file in the Arma3 directory. Not sure when that got there, but it certainly wasn't put there by a hacker. False alarm, I dare say.

    Gigabyte P67X-UD3-B3 Motherboard | Intel Core i7 2600k @ 4.0GHz | NVidia GeForce GTX770 4GB
    16GB Corsair XMS3 1600Mhz RAM | Kingston HyperX SSD | ASUS Xonar D2X
    sound | be Quiet! 700W PSU | Windows 7 x64

  5. #5
    I don't know if it was there or not before the hack but it had been modified today, all other files and folders had an older date on but the installscript.vdf was the only recently modified file.
    Removing it hasn't changed anything and my server is running again.

    Can you send me a copy of your installscropt.vdf and i'll compare it to the one i have ?

    *EDIT*
    I got one from someone else, It is a normal file but it was modified today and the time was around the same as the hack.

  6. #6
    Sent. Btw. mine wasn't the newest file in the directory, but only a day older than the newest one.

  7. #7
    installscript oddly holds the install script.

    Aka the steps that you must complete before starting the game..


    DirectX,registry stuff.

    Nothing wrong with it.
    One of the authors of FA_stance
    Author of FA_gps
    Author of A3/A2 launcher
    Contributor to F2/F3

  8. #8
    Thanks for the help so far

    So i now know VerifySignatures = 2; is pointless, It also causes lots of random lag.
    Scripters can't be banned because they can join without a player ID, anyone know a way to kick/block a player without an ID ?

  9. #9
    hi, Richie
    Same issue with our servers can you send me private message, we have 2 servers, using console.log and we had the same user connected to the servers.
    it was the last one and each time, the hack was deployed.
    So i would like to compare if this could be the same guy.
    Thanks

  10. #10
    I don't think there's much we can do in that regard until the actual security measures are implemented. As Dwarden keeps repeating, security (including ID checks AFAIK) is currently nonexistent.

    Hopefully, the situation will improve once the dedi server is out. (Some time next week, if the latest SITREP is to be believed.)

Page 1 of 54 123451151 ... LastLast

Similar Threads

  1. server got hacked and now won't launch on port specified.
    By Laviski in forum ARMA 2 & OA - Servers & Administration
    Replies: 1
    Last Post: Jan 1 2013, 11:36
  2. My server keeps getting hacked.
    By xxnickpwnsxx in forum ARMA 2 & OA - Servers & Administration
    Replies: 4
    Last Post: Jul 1 2012, 12:54
  3. Complete Server Directory.
    By JackOGara in forum ARMA 2 & OA - Servers & Administration
    Replies: 1
    Last Post: Jul 23 2011, 19:09
  4. Server being hacked - admin rights overruled
    By _Hurricane in forum ARMA 2 & OA - MULTIPLAYER
    Replies: 121
    Last Post: Nov 10 2010, 20:13
  5. server was hacked
    By -|Bp|- Ron!n in forum ARMA 2 & OA - TROUBLESHOOTING
    Replies: 3
    Last Post: Jun 21 2009, 01:07

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •