Sign in to follow this  
Followers 0
Richie

Hacked by a player with no ID

540 posts in this topic

Hello,

My server has been hacked by some little knob with no player ID and he somehow managed to inject a .vdf file inside of my A3 directory.

One of our regular players reported that a new message was displayed on joining the server, The message reads

Thank you BIS for making my hacking life so much easier. This BIS_fnc_MP command is just what i need to screw people up. Why don't you go bitch on the forums about it? Hmmm ... it's not exactly hacking anymore, now that it's a feature ...

Screen shot of the message > http://i36.tinypic.com/1z4bspi.png

There was also another error message that i hadn't seen before

Cannot open object a3\air_f\gbu12fly.p3d

After checking my A3 installation i noticed a file had been injected in my A3 directory, The file name was installscript.vdf

I still have the file but i won't post it's contents publically, If a moderator or someone from BE wants it i'll send it :)

The player had no game ID, I can't ban someone with no ID :confused:

All i have is

16:10:43 STSu*EroMusha uses modified data file
16:10:43 Player STSu*EroMusha connecting.
16:10:44 Player STSu*EroMusha kicked off - too big custom file 'face.jpg' (83659 B > 10 B).
16:10:44 Player STSu*EroMusha disconnected.

It had to be him/her as nobody else was online and the previous player i can vouch for.

I have VerifySignatures = 2; in my server.cfg so what else can i do ?

No doubt the little knob will be waiting for this post to get their lulz

Any help would be great to stop this or detect it :)

Edited by Dwarden
there is no file injected ... installscript.vdf is part of install

Share this post


Link to post
Share on other sites

nothing unexpected

the BIS_fnc_MP https://community.bistudio.com/wiki/BIS_fnc_MP

is evolution of TOH's replacement https://community.bistudio.com/wiki/BIS_fnc_MP_(Take_On_Helicopters)

of A2/OA old MPF (multiplayer framework) https://community.bistudio.com/wiki/Multiplayer_framework

as Alpha has no security yet, cheating or exploiting ingame scripting and functions is bound to happen

Share this post


Link to post
Share on other sites

* Removed after being informed installscript.vdf is a valid file *

Edited by Richie

Share this post


Link to post
Share on other sites

Are you sure that this "installscript.vdf" file was put there by a hacker / wasn't there before? According to Google, it seems to be a pretty standard Steam file that can be created in a Steam game's directory.

EDIT: I just checked my test server (which has only been used by me so far) and it also has an installscript.vdf file in the Arma3 directory. Not sure when that got there, but it certainly wasn't put there by a hacker. False alarm, I dare say.

Share this post


Link to post
Share on other sites

I don't know if it was there or not before the hack but it had been modified today, all other files and folders had an older date on but the installscript.vdf was the only recently modified file.

Removing it hasn't changed anything and my server is running again.

Can you send me a copy of your installscropt.vdf and i'll compare it to the one i have ?

*EDIT*

I got one from someone else, It is a normal file but it was modified today and the time was around the same as the hack.

Share this post


Link to post
Share on other sites

Sent. Btw. mine wasn't the newest file in the directory, but only a day older than the newest one.

Share this post


Link to post
Share on other sites

installscript oddly holds the install script.

Aka the steps that you must complete before starting the game..

DirectX,registry stuff.

Nothing wrong with it.

Share this post


Link to post
Share on other sites

Thanks for the help so far :)

So i now know VerifySignatures = 2; is pointless, It also causes lots of random lag.

Scripters can't be banned because they can join without a player ID, anyone know a way to kick/block a player without an ID ?

Share this post


Link to post
Share on other sites

hi, Richie

Same issue with our servers can you send me private message, we have 2 servers, using console.log and we had the same user connected to the servers.

it was the last one and each time, the hack was deployed.

So i would like to compare if this could be the same guy.

Thanks

Share this post


Link to post
Share on other sites

I don't think there's much we can do in that regard until the actual security measures are implemented. As Dwarden keeps repeating, security (including ID checks AFAIK) is currently nonexistent.

Hopefully, the situation will improve once the dedi server is out. (Some time next week, if the latest SITREP is to be believed.)

Share this post


Link to post
Share on other sites

This happened to me a few minutes ago.

Somebody joins my Server that had 40 ppl on it, slowly moves everybody into the sky and kills them one by one over and over and over. Also he starts playing sounds (I wonder how that works O.o) and keeps flashing the message

"I wont stop these attacks until the BIS_fnc_MP command or the BIS scripting library in general are discussed on the forums. No seriously. Go report it. Things will get worse otherwise."

I have my signature verification on 2, so I guess every precaution is in place, but still this person (which I cant identify 100%, I think he's the one thats producing errors in my .rpt about some face texture not being found) manages to get on my Server and execute scripting commands as he pleases ?

If this gets around I might have to close down! Please tell me, is this going to be hotfixed ??

And how can I idetify people who are running (or at least trying to run) script commands on my server?

Edited by Profecy

Share this post


Link to post
Share on other sites

ignore him, just attention jerk, cause it's nothing new, just replace of old functionality with newer , more optimized and powerful

various MP frameworks were part of engine since Arma 1 thru A2 and OA ... even while not perfect it's was under BattlEye watchful eye

MPF was then replaced by BIS_fnc_MP in Take On Helicopters and Arma 3 has advanced version of it

so once again I repeat , there is no security in Alpha so this and that script command, function or else can be exploited and abused

and yes, security related 'stuff' will come ...

Share this post


Link to post
Share on other sites

is there any possibility of file injecting/server scripting compromise the OS in the current alpha state?

Share this post


Link to post
Share on other sites

What i would like to know is how to identify somebody who is running unauthorized scripting commands. Is there some kind of Log feature or anything ?

I realize Arma 3 is still just an Alpha verison and there are bound to be bugs, but if this goes public an becomes widespread it would really disrupt the gameplay of an otherwise awesome game.

So please tell me how can I identify and ban those people?

Share this post


Link to post
Share on other sites

Apparently some jerk who has a hard on to make lives miserable for everyone else is attacking every server and will not stop until someone mentions the 819 or BIS (cant tell because of the in game font) scripting library.

Jackass... a thread has been made.. knock it off.. some of us have limited time to actually play the game. Why don't you email or start a thread yourself instead of griefing the entire community?

Share this post


Link to post
Share on other sites

What is going on ? everyone is dying,everything is exploding and some text appears on the middle of the screen saying the developers have to fix some shit ?

What is this ?

Look at the picture, Wtf

http://i37.tinypic.com/2hquycm.png (321 kB)

Edited by Eriksendrul

Share this post


Link to post
Share on other sites
What i would like to know is how to identify somebody who is running unauthorized scripting commands. Is there some kind of Log feature or anything ?

I realize Arma 3 is still just an Alpha verison and there are bound to be bugs, but if this goes public an becomes widespread it would really disrupt the gameplay of an otherwise awesome game.

So please tell me how can I identify and ban those people?

This issue is killing MP, almost all of the servers have experienced this issue. It would be a shame if we were forced to require passwords and some archaic process for users to acquire these passwords. I don't want lost functionality, but at the same time, we need a hotfix for servers, even in addon format.

Share this post


Link to post
Share on other sites

especially seeing as its on all the servers. ugh. Apparently the forums have been hacked as well

Share this post


Link to post
Share on other sites

Well if they cant keep a couple of hackers out why the hell do they sell games ?

Share this post


Link to post
Share on other sites

Well you have to remember it is still in Alpha they probably haven't got much against this sort of stuff

Yeah all the servers were attacked I checked 5 different ones and everyone reported the same mishap

Edited by Charlie1210

Share this post


Link to post
Share on other sites
This issue is killing MP, almost all of the servers have experienced this issue. It would be a shame if we were forced to require passwords and some archaic process for users to acquire these passwords. I don't want lost functionality, but at the same time, we need a hotfix for servers, even in addon format.

Also note that this compromises local installations. I entered a few servers with this hack, and now when I go into the Editor and create a mission and then enter Spectator mode / Screenshot mode I experience the same 'message' and animations.

Guess I'll be holding off playing the Alpha until this gets sorted out.

Share this post


Link to post
Share on other sites

Please stop being such a douchebag, your ruining alot of peoples evenings all in your own private vendetta..

Dont know what the fuck your talking about and i dont care, if its that important talk to the devs on twitter or contact them in some other way

Here, now we the players have announced your dickbag'nes, Happy?.. :mad:

Share this post


Link to post
Share on other sites

Literally every public server for ArmA 3 has been hacked, making all players constantly fly up into the air and eventually die, then the process repeats. Not sure if private/passworded servers were affected. All thanks to a 15 year old who googled how to use scripts in ArmA 3. Congrats.

Share this post


Link to post
Share on other sites

Its idiotic that this is even lasting for more then 5 minutes. Things like this should not happen alpha or not.

Share this post


Link to post
Share on other sites

Oh Charlie I didn't know that a gaming being in alpha state was an excuse to be a jerk to the entire community. I hope that BI finds out who this guy is and sues him or at least has him arrested.

Share this post


Link to post
Share on other sites

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
Sign in to follow this  
Followers 0