Magotchi

Already banned at about the time you posted this. REMOVED ********************************** INFO dayz_disco. LOL. Wasn't much in the logs for him around the actual time of the goating, though. Make a report ok. Personal details in public forum not ok. EDIT: I have put the person concerned under Moderator control on these Forums.

I'm the main technical admin, and I was there too. I alt-f4'ed right away, but I'm not sure if I'm safe or what yet. I'm reviewing the logs, but as usual, there probably isn't much in them to look at.

That first script in your first post is excellent. After a lot of Googling and experimenting with other scripts, I came across that, and it's just what I needed. My middle finger thanks you.

The current URL for official server files is http://serverhosters...nu/.dayzhosters (as of an email to server hosters on the 23rd). The username and password are available in Client Area --> My Services --> View Details --> Server Files. Once in the file repository, the scripts.txt is in the "battleyeconfig" directory.

1am Mountain Daylight Time, 07-25. Everyone just got teleported to a roof in cherno. I hadn't seen any hacks in two days, and just about a half hour after updating the server to 1.62, all hell broke loose. I don't know if it's related. I'm the admin, and I'm looking into it, but like other times, there likely isn't a great deal in the logs.

The new version of Arma 2 (1.62, not a beta build) was apparently just deployed via Steam (and elsewhere to install manually). That's likely it.

Many people are using the latest version of the official one that's had some massive changes in the last couple days.

I do basically that, but I just throw BEC's directory into the Arma 2 directory (and don't use a shortcut), and I kill BEC before running it, just in case it's open: Extract BEC to ARMA2OA_DIR\Bec . Before or after the "start Expansion\beta\arma2oaserver.exe ..." line, put taskkill /im Bec.exe start /D Bec\ Bec\Bec.exe -f Config.cfg Also, to fix the bug in R4z0r49's script which causes it to spawn an extra Arma 2 server process any time it sees (and kills) ANY hanging process (rather than just when arma2oaserver.exe is hung), change: taskkill /f /fi "status eq not responding" to: taskkill /f /fi "status eq not responding" /im arma2oaserver.exe Also, since the URLs of the scripts.txt, ban.txt, and bans.txt have all changed, I did the following: In Dayz_LaunchConfig.cfg, change the bottom section to: |=== Dayz Global Ban/Script files === banfile=http://serverhosters.dayz.nu/.dayzhosters/battleyeconfig/ban.txt bansfile=http://serverhosters.dayz.nu/.dayzhosters/battleyeconfig/bans.txt scriptsfile=http://serverhosters.dayz.nu/.dayzhosters/battleyeconfig/scripts.txt dayzfilesusername=THEUSERNAME dayzfilespassword=THEPASSWORD Don't forget to put the right passwords in. In Start_Dayz_ServerV2.6.bat , replace all occurences of "wget.exe" with "wget.exe --user=%dayzfilesusername% --password=%dayzfilespassword%"

Nice. Another one, this time for me: 23.07.2012 13:35:45: Mister_Magotchi (24.116.146.10:2304) d269b44f2ae25b3c0242817bd80c9a8b - #140 dummy"]; _dummy = [_this,"players"] execVM "\ca\ui\scripts\dedicatedServerInterface.sqf"; 13:35:45 Player Mister_Magotchi kicked off by BattlEye: Script Restriction #140 13:35:45 Player Mister_Magotchi disconnected. Apparently using Server Control at all kicks people. I guess that's a good workaround, as a lot of hackers do replace that script with nasty ones, but still.

Your prerogative. You'll likely find the same on other servers at about the same frequency at this point.

7:54pm Mountain Daylight Time: Everyone was killed simultaneously. :-(

Yep: a hacker.

He's saying I'm brown-nosing the DayZ dev. team, likely in reference to other threads.

Call me what you want, but the DayZ team did say it's alright to ban, as long as you send them proof.

As a server admin, is it possible to detect the BattlEye bypass method which involves editing the Arma 2 client in RAM and setting a custom script to run when the in-game Server Control button is clicked? If not, then DayZ is nearly unplayable at the moment. A simple perusal of the Cheat Reporting forum reveals it's an epidemic. On my server, in the last 24 hours, at one point every vehicle in the server exploded simultaneously, then hours later everyone got teleported to a lighthouse and sniped, then hours later a helicopter flew overhead, then a bit later, a person with godmode teleported around the map, killing everyone (while spamming things like "friendly" and "Why are you shooting at me?" in Direct). Can anyone recommend current best practices for preventing hacks and catching hackers with the current state of DayZ, Arma 2, and BattlEye?

Excession: With the method I described above (and would link if it weren't against the rules), only the script ran through the method doesn't show up in the scripts log. All other scripts ran as normal parts of the hackers gameplay still show up.

Normally you would see the equivalent of "PLAYER X executed 'nuke script'", but at this point, all but the dumbest of hackers are using a method to bypass BattlEye's script logging feature, as I described in the OP.

I'd be banning them like crazy if there was evidence of their hacks in the logs. With the BattlEye bypass method I described, it seems admins are basically powerless at this point, unless there's some way to detect the bypass.

While I highly appreciate the DayZ team and the work they've done so far (for free with regard to me), something must be done about this hacking epidemic.

Thanks, man. Things are just getting nuts at this point, though. I just want to make sure I'm doing everything I can to keep the hacks to a minimum with what I have available.

False.

I'm just getting off of work at the moment and looking into this (and last night's stuff) is my top priority. If you look through the Cheat Reporting forum, it looks like everyone's getting hit pretty hard in the last couple days. Update: I'm doing a lot more research into the BattlEye bypasses, but since the most common one is done by directly editing Arma 2's executable in memory to replace the path to the Server Control screen's script with a custom one, it doesn't look very hopeful that there's going to be much in the logs to detect that sort of thing.

False. You can ban all the hackers you want, as long as you submit the evidence to the DayZ team.

I'm responding to it already here: http://dayzmod.com/forum/index.php?/topic/35014-us-303-dallas-clansmnet-admin-abuse/ That's just the thread I saw first.

Thanks for the report. I'm responding to it in the other thread I saw first (the one about purported admin abuse). I'm sorry this kind of crap has to happen. I wish the anti-cheat was more mature. Edit: http://dayzmod.com/forum/index.php?/topic/35014-us-303-dallas-clansmnet-admin-abuse/ is the other thread.