Jump to content
DayZ Forums
Loque

Relentless cheating... nothing I can do - hands are tied for everyone on public hive?

By Loque, in Mod Servers & Private Hives

Recommended Posts

Loque    13

Loque
Posted

Today I saw our server get popular at 3 different intervals, each time it attracts hackers and I see a wave of disconnects in DaRT with a few expletives, I check the logs and there is nothing in there - I can't kick or ban without the data there, I can't even get a name. This has happened almost every single day since the update.

I am also aware that it is not possible to equip admins with proper tools in-case they are abused. So... what am I to do? What do you do?

I must say my first temptation is to look into scripting myself so I can spectate players, of-course this could be abused but it is not in my interest, the only reason I pay for a Day Z server is so that people can play the game the way it was meant to be played and is not in my interest to abuse these features in any way.... this is just my word though and I am sure there are people who would say the same, but actually abuse it.

It would be really nice to be able to do something until the stand-alone comes out.

</blergh>

Share this post

Link to post
Share on other sites

Venzire    76

Venzire
Posted

This is why I don't run a public HIVE even though mine had no hackers and I had it relativelly clean, it was still full of duped gear I couldn't remove.

So now I run a Private HIVE server and I'm working on my own mission file / map and mod for the server. And I have new buildings working with loot!

Share this post

Link to post
Share on other sites

xXdom    5

xXdom
Posted

Today I saw our server get popular at 3 different intervals, each time it attracts hackers and I see a wave of disconnects in DaRT with a few expletives, I check the logs and there is nothing in there - I can't kick or ban without the data there, I can't even get a name.

I find it odd that you can't find anything in the logs. Someone teleporting? Check setpos.log for multiple entries and drastic changes in their coords over short durations of time. The following is an example of someone teleporting from around Elektro to NWAF then back down near Pavlovo. All of this occurring within 40 minutes.


01.11.2012 18:58:06: NAME (IPADDRESS) GUID - 33:5 [9922,2472,68]
01.11.2012 19:09:22: NAME (IPADDRESS) GUID - 33:5 [5549,8605,321]
01.11.2012 19:11:32: NAME (IPADDRESS) GUID - 33:220 [4269,10329,338]
01.11.2012 19:23:50: NAME (IPADDRESS) GUID - 33:220 [4649,10496,338]
01.11.2012 19:32:02: NAME (IPADDRESS) GUID - 33:220 [4587,9758,339]
01.11.2012 19:33:45: NAME (IPADDRESS) GUID - 33:220 [2559,3183,129]
01.11.2012 19:37:04: NAME (IPADDRESS) GUID - 33:220 [2984,3253,141]

Check setdamage.log for anyone with a value of 1.000000. Example:


01.11.2012 19:27:39: NAME (IPADDRESS) GUID - #0 1.000000 33:262
01.11.2012 19:27:39: NAME (IPADDRESS) GUID - #1 1.000000 33:262
01.11.2012 19:27:39: NAME (IPADDRESS) GUID - #0 1.000000 33:264
01.11.2012 19:27:39: NAME (IPADDRESS) GUID - #1 1.000000 33:264
01.11.2012 19:27:39: NAME (IPADDRESS) GUID - #0 1.000000 33:266
01.11.2012 19:27:39: NAME (IPADDRESS) GUID - #1 1.000000 33:266

If someone is spawning vehicles/items, they'll show up in remoteexec.log and mpeventhandler.log. For the most part any entries in either of these is grounds for a ban, minus aireffects for UH1H crashes. Then of course createvehicle.log, which is easy to parse for suspicious activity. Check all the logs, if someone stands out on one, cross reference the others for further proof. Both of the examples above are from the same player. Another way to catch people sometimes is parsing direct chat in serverconsole.log. You'd be surprised how many cheaters don't use mics and actually type out incriminating evidence.

All of this is assuming you keep your filters up to date. The logs will catch any remotely executed script.

  • Like 1

Share this post

Link to post
Share on other sites

machomanugget    26

machomanugget
Posted

sadly yes.. after 5 months struggling fighting a daily battle with hackers and logs i gave up..

moving to private hive gave me the tools and renewed love for the mod..

try it you wont be dissapointed

Share this post

Link to post
Share on other sites

Loque    13

Loque
Posted (edited)

Thanks for the replies:

@xXdom:

Our server is hosted with multiplay - the only log file I have which you mention is the remoteexec.log - the last entries of which are from two months ago. Previously I tried using the arma2oaserver.RPT but this really doesn't give me much (that I know of).

I manually update the filters from the community banlist and filters, but yea - I get nothing :-(. I'll ask multiplay about the files you mentioned and if we can get access to them.

@machoman & Venzire:

I am going to open up a support request with Multiplay today about setting up on a private hive, and or getting better tools for dealing with the hackers. Would love to put our server on a private hive at the moment, its all I personally play on.

If anything, at the moment, our server is more of a honeypot for hackers with no consequence and apart from the random abuse I can throw at them, there is nothing I can do.

Thanks for the suggestions and support all.

Edited by Loque

Share this post

Link to post
Share on other sites

Gooober    34

Gooober
Posted

I was attempting to track hackers too, but leaning towards shutting down the server and moving on...... Save myself gettng teleported and srewed by this new combat system..... I wanted to host because i was sick of working on my base and servers shutting down and starting over on a new one... unfortunately im doing it to someone thats been playin in my server :(

I played this game for enjoyment, but the lack of support has turned it into a job..

Kinda reminds me of Nexon Combat Arms.. We know we have hackers in one hand, but ignore that hand and look at our other hand with new updates......

Share this post

Link to post
Share on other sites

Pegz    49

Pegz
Posted

I find it odd that you can't find anything in the logs. Someone teleporting? Check setpos.log for multiple entries and drastic changes in their coords over short durations of time. The following is an example of someone teleporting from around Elektro to NWAF then back down near Pavlovo. All of this occurring within 40 minutes.


01.11.2012 18:58:06: NAME (IPADDRESS) GUID - 33:5 [9922,2472,68]
01.11.2012 19:09:22: NAME (IPADDRESS) GUID - 33:5 [5549,8605,321]
01.11.2012 19:11:32: NAME (IPADDRESS) GUID - 33:220 [4269,10329,338]
01.11.2012 19:23:50: NAME (IPADDRESS) GUID - 33:220 [4649,10496,338]
01.11.2012 19:32:02: NAME (IPADDRESS) GUID - 33:220 [4587,9758,339]
01.11.2012 19:33:45: NAME (IPADDRESS) GUID - 33:220 [2559,3183,129]
01.11.2012 19:37:04: NAME (IPADDRESS) GUID - 33:220 [2984,3253,141]

Check setdamage.log for anyone with a value of 1.000000. Example:


01.11.2012 19:27:39: NAME (IPADDRESS) GUID - #0 1.000000 33:262
01.11.2012 19:27:39: NAME (IPADDRESS) GUID - #1 1.000000 33:262
01.11.2012 19:27:39: NAME (IPADDRESS) GUID - #0 1.000000 33:264
01.11.2012 19:27:39: NAME (IPADDRESS) GUID - #1 1.000000 33:264
01.11.2012 19:27:39: NAME (IPADDRESS) GUID - #0 1.000000 33:266
01.11.2012 19:27:39: NAME (IPADDRESS) GUID - #1 1.000000 33:266

If someone is spawning vehicles/items, they'll show up in remoteexec.log and mpeventhandler.log. For the most part any entries in either of these is grounds for a ban, minus aireffects for UH1H crashes. Then of course createvehicle.log, which is easy to parse for suspicious activity. Check all the logs, if someone stands out on one, cross reference the others for further proof. Both of the examples above are from the same player. Another way to catch people sometimes is parsing direct chat in serverconsole.log. You'd be surprised how many cheaters don't use mics and actually type out incriminating evidence.

All of this is assuming you keep your filters up to date. The logs will catch any remotely executed script.

That is true for the script kiddies that aren't using a proper bypass. If you have a scripter on your server that has a working bypass nothing shows up in the logs, so really there isn't anything you can do besides check inventories of players but on a global hive that would not be enough to ban someone. Private hive is the way to go, much more control and customization.

Share this post

Link to post
Share on other sites

Loque    13

Loque
Posted

That is true for the script kiddies that aren't using a proper bypass. If you have a scripter on your server that has a working bypass nothing shows up in the logs, so really there isn't anything you can do besides check inventories of players but on a global hive that would not be enough to ban someone. Private hive is the way to go, much more control and customization.

Ahur, thanks for pointing this out (I had a feeling this was the case but my understanding of it is limited). I do keep and eye on inventories on users connecting however I noticed the cunning hackers keep legit items (normally a Mk48 or similar).

If anyone has some solid reading on how the kiddies are getting away with this please do PM me so I can read up on it.

Thanks again all.

Share this post

Link to post
Share on other sites

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
Go To Topic Listing Mod Servers & Private Hives
×