viperx 10 Posted January 5, 2015 Every Arma2OA armaplayer may have noticed the result of this exploit like masskilling script kiddies and so on. http://dev.withsix.com/issues/75896 So @community please upvote this issue at the Issue Tracker. @Dwarden please close this fuckn exploid like in arma 3. It cannot be that BIS is still selling this game without closing such security holes! Share this post Link to post Share on other sites
viperx 10 Posted January 7, 2015 (edited) 2 days gone and not even 1 official statement.... Here some steam statistics what player play at the moment: Arma 2 OA 13,590 ingame Arma 3 31,105 ingame DayZ Standalone 21,664 ingame Is this the way you deal with a game that still is played from so many player??? Edited January 7, 2015 by viperx Share this post Link to post Share on other sites
jeffplsgo 10 Posted April 18, 2015 (edited) Whoops, dubble post Edited April 30, 2015 by jeffplsgo Share this post Link to post Share on other sites
jeffplsgo 10 Posted April 18, 2015 (edited) I've been researching this problem since servers are getting destroyed due to this. The exploit only works on the createUnit that has the init in it's array. The init will execute on all players on the server and bypass the remoteexec.txt filter which you really do not want happening. Vunerable: type createUnit [position, group, init, skill, rank] However you can also use createUnit another way, which doesn't have the vulnerability: Not vulnerable: group createUnit [type, position, markers, placement, special] As you can see this one has no init and therefore is not vulnerable. If BI could remove the old one in total from Arma we could just transform our scripts to work with the new one. Init, skill and rank can still be set with a simple work-around: setVehicleinit (replaces init, this will get checked by remoteexec.txt filter) setSkill setRank EG: old way: _unit = "US_Pilot_Light_EP1" createUnit [position player, group player, "bla bla bla;", 6, "MAJOR"]; new way: _unit = group player createUnit ["US_Pilot_Light_EP1", position player, [], 0, "NONE"]; _unit setRank "MAJOR"; _unit setSkill 6; _unit setVehicleinit "bla bla bla;"; These scripts will both do exactly the same. BI doesn't even need to fix it. Just remove the vulnerable one. Till we get a fix: If you need a unit that doesn't need to move I suggest using createVehicle If you need an actual AI unit you're pretty f**ed. The only proper way to be cheater proof is to only use createUnit serversided and setup a scripts.txt filter for createUnit If you don't need AI you can just remove all the createUnit's in your mission and setup a script.txt filter for createUnit Edited April 18, 2015 by jeffplsgo Share this post Link to post Share on other sites