Wotuu

Think mine was at around 1.8gb, at which I decided it was enough and deleted it :P

That happens, they're getting smarter, and there's not much you can do about that manually. Check foe other things person may've done. Downloading all logs (except scripts.log) and searching for their names using Notepad++ Find in Files function helps with that. GL

No, where you found your scripts.log file, you should have those logs as well. If you don't, you're going to have to ask someone from Dayz.st, I only have knowledge of Vilayer.

Thank you for your interest. As stated a few replies above here, by tomorrow I'll have all the tutorials and documentation set up, then you can see how it's put together. Then by the time Gotcha releases the plugin system you can start developing. (Shouldn't be too long afterwards, I'll ask, but if it takes too long we can work something out to get you guys developing if you're interested still.) I've already created stuff that gets a list of survivors with their GUID, IP, player# etc. Of course I'll be happy to receive feedback once you got the chance to see how it's done!

It's a client side application, using RCON just like anything else. You can however run it on the server, but only if the server hoster permits it (I think Vilayer is the only hoster that offers/offered that).

This is not something that's open for discussion in this thread. You are right, Gotcha is however running server-side on Vilayer servers, so there is indeed some collaboration going on. If you want to discuss this issue, please open a thread at http://forum.gotcha-antihack.com/! Let's try to keep the discussion to the plugins here :]

What? How do you know if someone just logged in? (aside from people popping up in front of you, which you should shoot in case it's a hacker imho).

I'm currently working out all the details in tutorials etcetera, which will be ready by friday. You can read all about it by then (I'll post a link in this topic, so if you follow this topic you'll see it the moment I post it) I'm not sure if it *has* to be C#, the plugin system uses MEF (http://msdn.microsoft.com/en-us/library/dd460648.aspx) to load DLLs. If you can find a way to use MEF with C, then yes, it's possible. It's worth giving it a shot, if you can include the MEF framework in C it's possible. To answer your question, the plugins are proper DLLs. You have to create your own project, and build it as a DLL.

To get you started SetPos Logs teleporting, however, SetPos containing "shot" or "Shot" is legit. The rest most likely isn't RemoteControl Ban anyone in this log CreateVehicle Check for people spawning boxes, PipeBombs, a lot of entries from a single character (HE / smoke grenades) RemoteExecute Ban for anything that's not related to choppers crashing down. "_this spawn fnc_plyrHit;" is legit as well. Things containing "+"'s are hackers as well, ban. AddMagazineCargo Check for people with massive amounts of logs, spawning chests with all weapons in them. Instant ban those. DeleteVehicle Check for people with massive amounts of logs SetDamage Search for 1.00000, but this may sometimes be legit. Ban with caution, multiple logs per person = definite ban. AttachTo I've heared sounds of everything that's in here and contains a vehicle is from a hacker, but I'm not sure. Worth looking into anyways. ARMA2OASERVER.RPT Use this to detect combat loggers, people that are spawning in empty and killing others with CCO SD's 5 minutes later, etc. That's roughly it, in short.

Hi, If you're looking to try out Panthera, try out the WofjeM server (see signature). I'm the only admin as of now, and I actively ban hackers if they're on. I can't be around 24/7 ofcourse, but I always inspect the logs for any sign of hacking. Kicking is never done for killing, only for side channel abuse etc. The server's usually attracting a lot of players, but for some reason the last few days we've had low population counts. Myself is using the server for creating new anti-hack features, and other cool stuff is coming in a while. The rest of your requirements are all ticked as well, no starting gear, decent amount of vehicles, etc. Admins don't have the power to teleport and/or give gear etc (can be good and bad, but I simply can't because the server's with Vilayer and their hive). If you're interested, give it a shot!

Sorry for off topic, but as seeing as there's a lot more people wanting to know this, maybe it's time for someone to write a comprehensive tutorial on how to find suspicious behaviour? I could do it myself, but at the moment my time is limited. It'll have to wait a week at least. Maybe someone else with more time, and/or split up the work? I'd write up something for you, but it's simply too much to just do it in a reply.

I think I see those fairly often in my logs, coming from people I know aren't hacking too. Maybe it's something a hacker puts on every player, but I wouldn't go banning people for this one just yet.

Hello, I've been getting a couple of dozen of these kind of logs from about 3 players from the createVehicle.log: 07.01.2013 04:33:45: <name> (<ip>) <guid> - #0 "CMflare_Chaff_Ammo" 19:163 2:484 C130J_US_EP1 [4601,7614,6] [13,28,0] Now they are related to spawning a C130J_US_EP1 (some kind of plane), so someone is hacking. But should I ban everyone that has these logs? Anyone seen them before? Thanks in advance.

Yup you're completely right on that. I haven't banned anyone for this incident. However, people who are clearly collaborating with scripters do get a ban from me. It's also in the server rules which are iterated every 45 minutes on my server. Chance someone missed that is slim, plus one can think that doing that will not be good. I don't particularly mind people who fly a hacked plane for all I care, it's the ones that teleport themselves / others around and go on a killing spree that I loathe.

My server is still online, but the ACP layer has been offline since saturday evening at least. I've made a ticket and see what the response is, but I too haven't received an e-mail about possible downtime or hardware migration.

Basically looking for people who know how to read logs, and want to create a plugin to take action against said log (or logs). So for example, if I know that pattern abcd is a known hack, you could write a plugin that bans for pattern abcd. This and much more is possible, but that's a simple example for starters. Edit: I tried to make something that detects log bypassing, and it would work if the bypass worked that way. But I don't think so, plus it gets false positives. The problem is that I don't know exactly what a bypasser logs and what not :P

Still looking for people to help us out!

But you didn't? ;) I almost got those two working, just finishing up the combat log ban code as we speak. If you're interested in writing a plugin, let me know! Can be anything you want / deem useful to the community. Edit: And thanks by the way! Still looking for developers, don't be shy :]

Wow, wise words right there. Although I'm not religious, I see where you're coming from. I definately learnt from it, a) not to kick/ban someone for doing anything that's allowed in-game (such as shooting even saying you're friendly), b ) never to give anyone rides, haha.

Thank you, 2 more down (although they will probably have tons of CD keys)

This is quite an old topic and it is resolved. I admit I was at fault here, I just didn't think anyone could sink this low. Lying about it on the forums about what happened is what I should still ban him for, but he is unbanned now since the last post that was made by me.

I had the same issue yesterday and notified the appropriate people, but they were already working on it. It was fixed yesterday, but apparently it came back. I'll again notify them!

This is stuff for BEC, don't know if you got that installed on your server: <job id="0"> <time>05:45</time> <day>1,2,3,4,5,6,7</day> <loop>1</loop> <cmd>say -1 Server auto-restarting in 15 minutes.</cmd> <cmdtype>0</cmdtype> </job> <job id="1"> <time>05:50</time> <day>1,2,3,4,5,6,7</day> <loop>1</loop> <cmd>say -1 Server auto-restarting in 10 minutes.</cmd> <cmdtype>0</cmdtype> </job> <job id="2"> <time>05:55</time> <day>1,2,3,4,5,6,7</day> <loop>1</loop> <cmd>say -1 Server auto-restarting in 5 minutes.</cmd> <cmdtype>0</cmdtype> </job> <job id="3"> <time>05:59</time> <day>1,2,3,4,5,6,7</day> <loop>1</loop> <cmd>say -1 Server auto-restarting in 1 minute. Log out to prevent item loss!</cmd> <cmdtype>0</cmdtype> </job> <job id="4"> <time>06:00</time> <day>1,2,3,4,5,6,7</day> <loop>1</loop> <cmd>#restart</cmd> <cmdtype>0</cmdtype> </job> If you're with Vilayer and have the ACPLayer (which I think is the same as the TCAdmin), you can set up Scheduled Service Restarts there (main page).

This is exactly my thought on the case. If I see any of the guys doing such a thing again they'll get a ban (the plane is gone now after multiple restarts since then).

Grabbing flares that have been ignited (or similar) causes a log in setPos.log containing "shot" or "Shot", it is harmless and shouldn't be banned for. However, Gotcha anti-hack bans for the latter one still, you'll have to wait untill they fixed that.