(OCN)Vortech

There are multiple logs now: cfgdayz\ arma2oaserver.RPT - Was gimped and doesn't provide much more then supplemental information. cfgdayz\BattlEye\ scripts.log - Execution log based on respective .txt, if cheater is utilizing a BE bypass then there won't be anything here. createvehicle.log - Spawn log based on respective .txt, you'll be looking for the entries listed with a 5 infront from the .txt file. remoteexec.log - Remote Execution/Spawn log based on respective .txt, basically ban anything here except BIS_Effects. YOURBECDIR\ Be_YYYY-MM-DD - BattlEye Extended Controls log, basically incident reporter. Think of it as a catchall, combines events from scripts, createvehicle, and remotexec .log files. You should look into renaming and relocating directories to further secure your server. I'd recommend Cheat Finder by disorder if you didn't have BEC installed at the time of the incident.

Ok well that's good but try not to forget about the rest of us.

Are you doing anything to automate that? If so mind sharing?

There is currently nothing much we can do about radar/ESP, teleporting, and infinite ammo. Basically any cheater utilizing a functional bypass can do anything they like client side. I also believe we still can't do anything about remote executions to/on other players. I'm hopeful we can eventually defeat all script based stuff, we'll likely never defeat anything utilizing DirectX.

No need to spread misinformation, we've got more control to police our servers. I think you'd be best served looking into your fellow admins actions rather then leaving your players wide open to cheats. Personally I'd like BE to scan the *.RPT periodically and kick if a blacklisted weapon is in a players inventory. When I review over our logs for a suspect a players entries due to other behavior that got them flagged when I see a blacklisted weapon it only further decreases their chances of legitimacy in my eyes. In most cases they fully understand the message they're sending, they're semi-indirectly condoning cheating. I believe if we could kick players periodically with such weapons it would be another great deterrent to cheaters.

kcuestag and his mates are solid, anyone who has a ping worthy of connection should check them out

Would you consider allowing administrators the control/ability to practice their own ideology? Possibly provide a tool rather then a solution, while your solution is fine.. I imagine more administrator would benefit by opening things up a bit more?

Key there was "used to hack".. They're done for now. With the tools BIS has given us, and the tools our community is developing we have the upper hand now. They can teleport, but we can see them move easier then ever now. They execute anything bypass or not we see it.. They inject items into lefit *.sqf and we can see it.. They get kicked before the first crack of Thunder. BIS, BE, and our community is doing ok ATM. They'll always be cheats but the rampant disruptions seems to be over.

No it's part of ArmA 2, but admins can block it in the configuration of the server. We choose to block it on ours as it can negatively effect performance for our players and the only people doing it early on were griefing and the less desirable.

Bad admins can be bypassed. There is no hiding the execution from server side logs. The only stuff we can't see are real DX based ESP and aimbots. Their the external map got detected within hours :D Why don't you enlighten us though.

You went on the wrong server.. If a server is utilizing the new tools BIS has given us then most cheaters are kicked the instant they attempt to execute a script.

We have multiple active instances and got denied once on two new ones.. Same config as our other boxes only difference was we changed the first and last name on the account from a real name to Gameserver Moderator. We changed the name back, resubmitted, and in less then an hr had two more instance IDs. Doesn't make much sense and now we have two blanks in our list of instances. We also once had a ticket open for 20+ days that was never responded to asking for a simple instance ID IP reassignment. It took less then an hour for a representative to ask us how to resubmit the requests differently. They NEVER replied once we did though.. lol! We had to go about things on our own, don't expect much help.

Search this thread for ShadowDuke.

Would you care to share your tweaks with the community?

Nicely done! You've got some nice tools in the works. A few requests for future builds if not already planned: - Ability to sort by name and cord columns - Ability to run results against blacklisted items - Identify login vs logoff possibly: login = + (ex. + Username) logoff = - (ex. - Username) This is a great supplemental tool for any admin who isn't already parsing their RPT to help them determine if a player is cheating.

I agree with not confusing fellow admins, we all agree the context was lost. That bit about guys in a chopper and on the ground "would have been banned" I don't follow though since you say you don't have a compatible patch running? Gotta give him credit for trying, I bet in a hurry that could get overlooked. Make sure to submit him to the CBL and his thinking outside the box ass.

You're missing a bit but yeah it looks good http://code.google.com/p/dayz-community-banlist/issues/detail?id=20

Timestamp, inventory size, and cords are the keys there. Custom skins smell of a cheater but aren't an absolute red flag, FYI you can disable them all together. Disabling them can act as an indirect deterrent, it will also prevent them from effecting other players in respect of load times/overall performance. Obviously admins shouldn't be banning on sight of PipeBomb but the frequency is an indicator. If it wasn't for the cords I'd actually track him a bit more before a ban, but you can see with that last one he is teleporting as well. Make sure to submit him to the CBL (link in my sig).

1. Edit your NAME.ArmA2OAProfile to set the difficulty up, the setting you're asking about in particular is map=#; 2. To auto restart use BEC, the functionality is in there called scheduler. 3. Global messages will also be BEC by way of the scheduler. Good luck.

I imagine they determine legitimacy based on the best practices provided by BIS namely Dwarden. While a text file could be edited the damage a rouge admin could do it much less then a cheating player. Think about the specifics and lengths an admin would have to go through to fraudulently get a player committed. What requirements do they need beyond submitting them? I like the idea of two lists but I think it should be an addition.. Someone needs to provide a minecraft-style MCBans MCBouncer'ish banning solutions to this community. I know BEC has a streaming GUID service we utilize on our servers but at this point the CBL is more valuable and current. I know the dev behind Dart is planning something similar, hopefully we'll see a number of people combine their resources and provide us a complete service/solution. The CBL is not the system that banned you, the admin that banned you is. The CBL is a repository of banned players, while I've see they are checking bans before committing them, they are the last line of defense not the determining detection. If you feel you were banned wrongfully then open a dispute ticket with the CBL and they'll look into the ban, possibly provide proof by log, and you can work out a resolution. These logs are a work in progress, their interpretation by admins is all across the board, be patient. The new logs and the CBL are doing good work, interruptions due to cheaters have been massively reduced.

Did you even attempt to read my post or just throw your arms up at the first sign of aggression? :/ Please keep up, the context was lost through replies :P createVehicle command, not the log itself.

Sounds like a solid update. I just tried to run it and it's immensely slower parsing, I actually had to force close it as CF was intermittently not responding. In this condition 1.7 is unusable for us, the log in questions was only 4,977KB at 127k lines. CF 1.6 can parse the same log without issue in the same environment.

lol, nice try. Show us your "huge investigation" or take your misinformation somewhere else. Don't just ban on sight, there are a few things that pop up. Also you need to watch for remote exectuions, especially in the createvehicle. Here is an example of a remoteexec I wouldn't ban for: 19.08.2012 07:41:03: Username (x.x.x.x:port) GUIDGUIDGUIDGUIDGUIDGUIDGUIDGUID - #38 "[this] spawn BIS_Effects_AirDestruction" 19.08.2012 07:41:03: Username (x.x.x.x:port) GUIDGUIDGUIDGUIDGUIDGUIDGUIDGUID - #38 "[this, 8.07061, 13132.9]spawn BIS_Effects_AirDestructionStage2" 19.08.2012 07:41:05: Username (x.x.x.x:port) GUIDGUIDGUIDGUIDGUIDGUIDGUIDGUID - #38 "[this, 8.07061, 13132.9,false,true]spawn BIS_Effects_Burn" These logs are a work in progress, changing daily.. sometimes hourly. As an admin it is our job to perform our due diligence before banning anyone. Some situations are easier then others, we need to stay on top of things, share, and communicate with one another.

The logs are still messy.. GUID with a10 and other flagged strings appear at length. I also am encountering a bug where the output contains previously scanned logs until I close the program. It doesn't matter if I remove or clear the source files, the log just grows. I've been using your tool to look over my logs looking for a new method I read about. Here are my results: 19.08.2012 14:38:44: username (X.X.X.X:PORT) GUIDGUIDGUIDGUIDGUIDGUIDGUID - #106 "a\ui\scripts\handleGear.sqf'; _dummy; player addweapon "BAF_AS50_scoped"; player addMagazine "10Rnd_" 19.08.2012 14:38:44: username (X.X.X.X:PORT) GUIDGUIDGUIDGUIDGUIDGUIDGUID - #115 "yer addMagazine "10Rnd_127x99_m107"; player addBackPack"DZ_Backpack_EP1"; " The user is injecting spawned items into legit sqf files. So while still a wip your tool helped me identify this cheater. Thank you.

As an update keep an eye on your scripts.log, it looks like a new method is somehow attaching spawned items to legit sqf files: 19.08.2012 14:38:44: username (X.X.X.X:PORT) GUIDGUIDGUIDGUIDGUIDGUIDGUID - #106 "a\ui\scripts\handleGear.sqf'; _dummy; player addweapon "BAF_AS50_scoped"; player addMagazine "10Rnd_" 19.08.2012 14:38:44: username (X.X.X.X:PORT) GUIDGUIDGUIDGUIDGUIDGUIDGUID - #115 "yer addMagazine "10Rnd_127x99_m107"; player addBackPack"DZ_Backpack_EP1"; " While very much a WIP Cheat Finder helps parse the noise http://dayzmod.com/forum/index.php?/topic/42702-cheat-finder-script-parser-for-admins