BanZ Union - Banned on one, banned on ALL

[deren93@hotmail.com 95]

I will see what I can do.

The problem I currently have is that if I include the reason the ban list is already too big and the server crashes.

I will probably include it once that bug is fixed.

You can see it here: http://forum.swisscr...s&community=yes

That looks great. If the length is still a big issue, I think maybe "banzunion.com (ID:123)" would work, but it is nice seeing the whole thing. I can set up a seperate URL for you that only has it in that format if you want.

[Ander (DayZ) 530]

Hey guys.

Been working on a global blacklister for trusted "honeypot" servers.

If any of you guys got some really god anticheat scripts , send them my way and I can run them on our honeypot servers that are collecting bans.

Send me a PM (remember, no executables without sourcecode that can be built in compiler for security reasons).

The anticheat scripts will not be redistributed without permission, but will be run on approved honeypot servers run by dayz devs and staff.

// Ander

[deren93@hotmail.com 95]

Hey guys.

Been working on a global blacklister for trusted "honeypot" servers.

If any of you guys got some really god anticheat scripts , send them my way and I can run them on our honeypot servers that are collecting bans.

Send me a PM (remember, no executables without sourcecode that can be built in compiler for security reasons).

The anticheat scripts will not be redistributed without permission, but will be run on approved honeypot servers run by dayz devs and staff.

// Ander

Hi Ander,

With the availability of bypassers these days, catching script execution by using an anticheat script is increasingly difficult, you'll be lucky to catch the odd copy/paste script kid. Even then, anything caught by that can also be detected by analysis of your script logs. One programme i use is pyBEscanner created by torndeco. It relies on scanning your script logs and parsing them for known cheats with the ability of automatically banning the individual, this is one of my favourite tools. Other detection methods I use initially rely on database analysis to begin with. I use a method created by Peep to insert any character data updated into a history log. When you need to analyse data, it's handy to see the history of individuals as large changes in coordinates / changes in equipment can flag somebody for further investigation. Ontop of that, I run a simple SQL query I created to manage vehicles in the database. Any illegitimate vehicle is tracked to show details of nearby players and their actions every given interval and is automatically despawned on server restart. As extras I also use dayzmapper, gcam and other admin tools to allow myself and other admins to investigate incidents better. If you are looking for a complete server-side script that will ban every script kiddie, then I am afraid one simply doesn't exist and probably never will. There are,however, variations of scripts created by a popular cheat-script creator who shall remain nameless. These are bypassable to anyone with some coding knowledge, but if you want the link to them, please sent me a PM, as I do not feel comfortable posting what is essentially a hack on here.

Doc

[attorney1977 311]

Re: Large changes in co-ordinates;

Do you check for the x,y difference, or with respect to time?

I read that hacks often use an incremental TP, so if someone wants to teleport 10 km, their script will break it down into say 100 teleports of 100 metres.

[deren93@hotmail.com 95]

Ofcourse, time is the most important factor. I use some basic math (pythagoras) to work out changes in linear distance between each incremental point, use the timestamps in some mechanics/SUVAT equeations with it to get a rough speed in m/s then compare the speeds.

[vonlinchen 26]

I both like & dislike this kind of community ban list.

Likes:

Once a hacker is caught, they are caught on every server (obvious)

Dislikes:

- It is open to abuse from bad admins

- Bans can be false positives

- When banning a hacker from my server, I don't often have the time to record & submit evidence. I want them off my server ASAP

Things also tend to become cloudy when hackers are influencing other players(eg, spawning items for them, teleporting them, etc)

The only time my admin group has banned someone who wasn't hacking is due to a player picking out of a hacker box.

I'm not sure what to make of this to be honest. :/

Edited January 21, 2013 by vonlinchen

[Ramboness (DayZ) 15]

Can you appeal?

[ameo_koradi@hotmail.com 103]

Possible to register ? (already had the BanZ ban list on my server).

[Wotuu 11]

Hey guys.

Been working on a global blacklister for trusted "honeypot" servers.

If any of you guys got some really god anticheat scripts , send them my way and I can run them on our honeypot servers that are collecting bans.

Send me a PM (remember, no executables without sourcecode that can be built in compiler for security reasons).

The anticheat scripts will not be redistributed without permission, but will be run on approved honeypot servers run by dayz devs and staff.

// Ander

I recommend getting Gotcha, and keeping it up-to-date. When the next update hits it should have better anti-hack protection. If you do not want to run Gotcha for whatever reason, let me know and I'll see what I can do when handing over my own anti-cheat code. Can't guarantee I'll do that though.

[-Gews- 7443]

I'm banned on one server by an admin who either

[a] didn't look into things closely or

flat-out made up some bullshit copy-pasta logs.

http://dayzmod.com/f...ed-from-us-843/

I didn't do jack shit. I would be most unpleased if I was dumped onto some "ban list" by a "reputable" admin, and that's the problem I have with it.

Edited January 22, 2013 by Gews

[WalkerDown (DayZ) 296]

I recommend getting Gotcha, and keeping it up-to-date. When the next update hits it should have better anti-hack protection. If you do not want to run Gotcha for whatever reason, let me know and I'll see what I can do when handing over my own anti-cheat code. Can't guarantee I'll do that though.

Gotcha floods the RCON ... making it almost unusable. I'm not sure how ppl didn't realized it yet.. but maybe 99% of those "admins" installs it in the hope of having a cheater free server without em around (so they won't notice what i'm talking about...).

[Wotuu 11]

Gotcha floods the RCON ... making it almost unusable. I'm not sure how ppl didn't realized it yet.. but maybe 99% of those "admins" installs it in the hope of having a cheater free server without em around (so they won't notice what i'm talking about...).

How does Gotcha flood the RCON? It only receives, and sends minimal data.

[domistyle 221]

How does Gotcha flood the RCON? It only receives, and sends minimal data.

All the logs flood the RCon.

[deren93@hotmail.com 95]

Those with issues regarding previous ban from other lists, do not let your past experiences cloud your judgement and have prejudice on your opinions. Every ban on banz follows our guidelines on being beyond any reasonable doubt that the individual executed the piece of code question. On the bans list you download, you only see a brief reason, but behind every ban is a comprehensive note which contains all the evidence that justifies the ban. The evidence for all bans is viewable by all union members for review, all of these admins have also been tested on their ability to justify bans. Even after all this process, I still check each ban individually. So, maintaining a good quality bans list is not easy, but rest assured that we have taken every step possible to make sure every ban is justified. If we are ever unsure, we do not ban. Hackers will always come back another day, so there is no need to risk putting potentially innocent players on banz. In the unlikely event where an innocent player is banned, they can appeal whereby the notes and evidence are reviewed again. This has not yet happened and I hope it does not. I personally have a private bans list for the occasions where I know someone is hacking but cannot gather enough evidence for banz.

So, next time you see a ban added to banz, you can understand the effort and input behind that ban. It is not a 'for the hell of it' type of affair. ;)

Edited January 22, 2013 by DocTolly

[Wotuu 11]

All the logs flood the RCon.

Can you elaborate? I thought I was clear the first time I asked. What do you mean with "flooding the RCON" anyways?

[ameo_koradi@hotmail.com 103]

He means all the logs come from the rcon protocol.

Just use a simple RCon client, you ll see all of them flooding.

Dart and others are filtering them.

Gotcha use the ' 2 "" ' on txt filters, means log to network (' 1 "" ' is local log).

[domistyle 221]

Can you elaborate? I thought I was clear the first time I asked. What do you mean with "flooding the RCON" anyways?

He means all the logs come from the rcon protocol.

Just use a simple RCon client, you ll see all of them flooding.

Dart and others are filtering them.

Gotcha use the ' 2 "" ' on txt filters, means log to network (' 1 "" ' is local log).

What he said. In that sense Gotcha doesn't spam.

BattlEye does it for Gotcha.

I wouldn't recommend setting a 2 "" to log everything but that is just my opinion.

[WalkerDown (DayZ) 296]

Yup, lemme elaborate: to make goctha working (parsing the data) you need to pass (most of) the log file (it would be better to call it "debug") to the remote console (RCON), but the remote console is not designed to handle that amount of data (there's not enough bandwidth dedicate to it), and in fact after few minutes your console will be flooded and delayed (with the server running for 5 minutes you may experience 1 minute delay; with the server running ofr hours you may experience up to 10 minutes or more!), since all those log messages will be bufferized... assuming you have a fair number of users on your server. Again, i'm surprised how only few admins have realized this.

[Wotuu 11]

Yup, lemme elaborate: to make goctha working (parsing the data) you need to pass (most of) the log file (it would be better to call it "debug") to the remote console (RCON), but the remote console is not designed to handle that amount of data (there's not enough bandwidth dedicate to it), and in fact after few minutes your console will be flooded and delayed (with the server running for 5 minutes you may experience 1 minute delay; with the server running ofr hours you may experience up to 10 minutes or more!), since all those log messages will be bufferized... assuming you have a fair number of users on your server. Again, i'm surprised how only few admins have realized this.

Clear, but this is more user error than Gotcha error. I've been running it perfectly fine for a while now. You just need to fix your xxxx.txt and not put 2 "" in everything, because that causes the problem you're facing. Gotcha is not to blame here.

(Edit: fyi, you don't have to tell me how it works, I help developing it, alongside my own RCON tool)

Edited January 22, 2013 by Wotuu

[shibdib 2]

Clear, but this is more user error than Gotcha error. I've been running it perfectly fine for a while now. You just need to fix your xxxx.txt and not put 2 "" in everything, because that causes the problem you're facing. Gotcha is not to blame here.

(Edit: fyi, you don't have to tell me how it works, I help developing it, alongside my own RCON tool)

What files do you recommend putting the 2"" in. Because this is what basically cripples my server when it fills up.

Edited January 23, 2013 by shibdib

[ameo_koradi@hotmail.com 103]

What he said. In that sense Gotcha doesn't spam.

BattlEye does it for Gotcha.

I wouldn't recommend setting a 2 "" to log everything but that is just my opinion.

Yes that's it.

I use Gotcha recommandations: createvehicle.txt, remoteexec.txt, publicvariable.txt, setpos.txt and setdamage.txt.

I got delays from times to times, but not happenning very often.

[Wotuu 11]

What files do you recommend putting the 2"" in. Because this is what basically cripples my server when it fills up.

attachTo.txt

3 "" !="BoltSteelF"

addMagazineCargo.txt

Replace all '1' with '3'

deleteVehicle.txt

3 "" !="_this spawn fnc_plyrHit;"

createvehicle.txt

If you use teleport detection, leave it at 2 "". Otherwise, replace all '1 "" xxxxxx' with '3 "" xxxxxx'. 3 means log to file and over network

remoteexec.txt

2 "" !="this enableSimulation false;this allowDammage false;this disableAI 'FSM';this disableAI 'ANIM';this disableAI 'MOVE';" !="_this spawn fnc_plyrHit;"

remoteControl.txt

2 ""

publicvariable.txt

2 "" !="remExField" !="drn" !="dayzHumanity" !="dayzHit" !="dayzLogin" !="usecBleed" !="usecBandage" !="usecPainK" !="usecTransfuse" !="usecEpi" !="dayzSetFix" !="dayzDeleteObj"

selectPlayer.txt

2 ""

setpos.txt

2 "" !="shot" !="Shot" !="FunctionsManager"

scripts.txt

NO 2's or 3's.

setdamage.txt

2 "1.000000"

I never get delays, got much headroom even when the server is filled up (40 players). Hope that helps.

[R.J. 70]

Is an updated list coming out? Noticed it was the same version for two days.

[WalkerDown (DayZ) 296]

Clear, but this is more user error than Gotcha error. I've been running it perfectly fine for a while now. You just need to fix your xxxx.txt and not put 2 "" in everything, because that causes the problem you're facing. Gotcha is not to blame here.

(Edit: fyi, you don't have to tell me how it works, I help developing it, alongside my own RCON tool)

If you filter only certain strings, you don't need gotcha at all (ie: BE can already kick for it).

Btw the weapon and ammo verification is already enough (and it needs a certain level of log) to flood the RCON and delay the RCON, that's why Gotcha (and any usage of it) doesn't work good.

Feel free to develop anything you want of course.. but we really need a server side solution, without using this RCON crap, that is designed for something else... IMO.

[ravey 24]

Hey Doc,

I was just reading over your homepage and something you ask is for union members to show their affiliation by placing a [bANZ] tag onto their server name. This is fine but affiliation works both ways! Could you add a list to your homepage of the servers currently using the Banz Union? It should have the server name, address, and an associated forum address (if the server has one)

Doing this well let players see at first glance who uses your information and the safest servers to join.

I'm not sure if our server is in your union yet but ill get a head admin to check you out and apply.