scared 28 Posted January 11, 2013 (edited) Hello, guys!I'm a server admin, and I met a huge growth of cheaters since my server got to the top150 of gametracker servers.I've been using the DayZ Anti-Hax for about 4 months, but for last two of them it worked only for updating community bans.So I decided to update it, make it compatible with new filter files, more flexible, and more fast. And I did it. Three days of testing, and it works like I wanted.Here is a link to the google code project page (the source is also open, of course):http://code.google.c...ihax-continued/^^^You can find an archive with the final version in the Download sectionSome changes since the previous (v.0.9.2.0) version:[v0.9.2.5]*Fixed an empty restricted expression (like 5 "") issue. It works now*Filter ban can now be ignored. Just add "//ignore" at the next line of one you want to be ignored by DAH and it will work*Fixed IndexOutOfBounds exception for filter scanning function*publicvariableval and setvariableval filters are used in a correct way now (for publicvaraible.log and setvariable.log)*fixed typo in config.cfg (mpeventhanlder.txt instead of mpeventhandler.txt)TO PREVENT FAKE BANS, ADD SOME EXCEPTIONS FOR "spawn" in publicvariableval.txt:5 "spawn" !="zombiespawn"5 "\"spawn\"" !="zombiespawn"I would like to credit to authours of the previous version (http://code.google.c.../dayz-anti-hax/) of this tool:GreyEcho,Muppet1856 andk4n30Thanks and good luck! Edited January 29, 2013 by ScareD 3 Share this post Link to post Share on other sites
icomrade 201 Posted January 11, 2013 (edited) Would be nice if it didn't crash if a log is not present. Also I can't get it to work, all filters start with 3 "" instead of 1"" to broadcast over the network and to my log as well. Numers 1,2,3 is logging only 1 is log only 2 is network only 3 is both. 4 kick only 5 log + kick 6 is kick + log over network 7 is kick + log over network + to file.The error message is:See the end of this message for details on invokingjust-in-time (JIT) debugging instead of this dialog box.************** Exception Text **************System.IndexOutOfRangeException: Index was outside the bounds of the array.at DayZAntiHax.LogFile.checkForFlood()at DayZAntiHax.Process.FindGuidsToBan()at DayZAntiHax.Process.Execute(Object state)at DayZAntiHax.MainForm.TimerEventProcessor(Object myObject, EventArgs myEventArgs)at System.Windows.Forms.Timer.OnTick(EventArgs e)at System.Windows.Forms.Timer.TimerNativeWindow.WndProc(Message& m)at System.Windows.Forms.NativeWindow.Callback(IntPtr hWnd, Int32 msg, IntPtr wparam, IntPtr lparam)************** Loaded Assemblies **************mscorlibAssembly Version: 4.0.0.0Win32 Version: 4.0.30319.296 (RTMGDR.030319-2900)CodeBase: file:///C:/Windows/Microsoft.NET/Framework/v4.0.30319/mscorlib.dll----------------------------------------DayZAntiHax_Win32Assembly Version: 0.9.0.0Win32 Version: 0.9CodeBase: file:///PATH/DayZAntiHax_Win32.exe----------------------------------------System.Windows.FormsAssembly Version: 4.0.0.0Win32 Version: 4.0.30319.278 built by: RTMGDRCodeBase: file:///C:/Windows/Microsoft.Net/assembly/GAC_MSIL/System.Windows.Forms/v4.0_4.0.0.0__b77a5c561934e089/System.Windows.Forms.dll----------------------------------------System.DrawingAssembly Version: 4.0.0.0Win32 Version: 4.0.30319.282 built by: RTMGDRCodeBase: file:///C:/Windows/Microsoft.Net/assembly/GAC_MSIL/System.Drawing/v4.0_4.0.0.0__b03f5f7f11d50a3a/System.Drawing.dll----------------------------------------SystemAssembly Version: 4.0.0.0Win32 Version: 4.0.30319.296 built by: RTMGDRCodeBase: file:///C:/Windows/Microsoft.Net/assembly/GAC_MSIL/System/v4.0_4.0.0.0__b77a5c561934e089/System.dll----------------------------------------DayZAntiHaxAssembly Version: 0.9.0.0Win32 Version: 0.9CodeBase: file:///PATH/DayZAntiHax.DLL----------------------------------------BattleNETAssembly Version: 1.0.0.0Win32 Version: 1.0.0.0CodeBase: file:///PATH/BattleNET.DLL----------------------------------------System.ConfigurationAssembly Version: 4.0.0.0Win32 Version: 4.0.30319.1 (RTMRel.030319-0100)CodeBase: file:///C:/Windows/Microsoft.Net/assembly/GAC_MSIL/System.Configuration/v4.0_4.0.0.0__b03f5f7f11d50a3a/System.Configuration.dll----------------------------------------System.XmlAssembly Version: 4.0.0.0Win32 Version: 4.0.30319.233 built by: RTMGDRCodeBase: file:///C:/Windows/Microsoft.Net/assembly/GAC_MSIL/System.Xml/v4.0_4.0.0.0__b77a5c561934e089/System.Xml.dll----------------------------------------System.CoreAssembly Version: 4.0.0.0Win32 Version: 4.0.30319.233 built by: RTMGDRCodeBase: file:///C:/Windows/Microsoft.Net/assembly/GAC_MSIL/System.Core/v4.0_4.0.0.0__b77a5c561934e089/System.Core.dll----------------------------------------************** JIT Debugging **************To enable just-in-time (JIT) debugging, the .config file for thisapplication or computer (machine.config) must have thejitDebugging value set in the system.windows.forms section.The application must also be compiled with debuggingenabled.For example:<configuration><system.windows.forms jitDebugging="true" /></configuration>When JIT debugging is enabled, any unhandled exceptionwill be sent to the JIT debugger registered on the computerrather than be handled by this dialog box.Hopefully you can resolve this as I really wanted more filters checked, and the way the auto ban list is populated is nice as well. Edited January 11, 2013 by icomrade Share this post Link to post Share on other sites
scared 28 Posted January 11, 2013 (edited) Would be nice if it didn't crash if a log is not present. Also I can't get it to work, all filters start with 3 "" instead of 1"" to broadcast over the network and to myHopefully you can resolve this as I really wanted more filters checked, and the way the auto ban list is populated is nice as well.Hello, man!Do you use 7 instead of 5 then (like 3 instead of 1)?The solution for you is to download filters from the project page, rename them and use new named filters in your config.cfg. Edited January 11, 2013 by ScareD Share this post Link to post Share on other sites
scared 28 Posted January 11, 2013 Version 0.9.0.1(hotfix) is out!List of fixes:*Fixed crash when there were no filters/logs present*DAH will now parse bannable objects with "7", not only with "5" marker (as an option in BattlEye syntax)Download page:http://code.google.com/p/dayz-antihax-continued/downloads/list 1 Share this post Link to post Share on other sites
oppa (DayZ) 46 Posted January 11, 2013 nice nice, thx Share this post Link to post Share on other sites
ameo_koradi@hotmail.com 103 Posted January 11, 2013 (edited) Nice, I ll test it. Thx. Edited January 11, 2013 by Ameo Share this post Link to post Share on other sites
icomrade 201 Posted January 11, 2013 (edited) Works well, thanks. Found another "issue" where if there are two spaces after the BE action number in the FILTER.txt it will ban all players that show up in that log. For example, my addmagazinecargo.txt contained an error where 5 "_GP25" was actually written as5 "_GP25" notice the two spaces after the 5. Consequently everyone in the addmagazinecargo.log was banned.\P.S. this is a good way to empty a full server, lol. Edited January 11, 2013 by icomrade 1 Share this post Link to post Share on other sites
scared 28 Posted January 12, 2013 (edited) Works well, thanks. Found another "issue".....Will be fixed today, thanks for your feedback, man.And I really feel sorry for your empty server:D Edited January 12, 2013 by ScareD Share this post Link to post Share on other sites
scared 28 Posted January 12, 2013 New version is out! v0.9.1.0Changelog:*Added new filters: addweaponcargo and publicvariableval*Added new function: multiple public banlist download (check a new config.cfg for more info)*minor fixes and improvementsLink:http://code.google.com/p/dayz-antihax-continued/downloads/list Share this post Link to post Share on other sites
icomrade 201 Posted January 13, 2013 (edited) Double post...... Edited January 13, 2013 by icomrade Share this post Link to post Share on other sites
icomrade 201 Posted January 13, 2013 (edited) Suggestion: add count restriction auto ban (toggleable).I.e. if a player comes up in the log as 12.01.2013 07:20:07: Elliot (IP:2304) GUID - Count Restriction "Binocular_Vector" 0:0He is hacking, although the item is legit. This can occur with these logs only:SetPosCreateVehicleSetDamageAddWeaponCargoAddMagizineCargoAddBackpackCargoEdit: adding 5 "Count Restriction" works. Edited January 13, 2013 by icomrade Share this post Link to post Share on other sites
icomrade 201 Posted January 13, 2013 Random crashes, I have a feeling this happens if the log or filter is being written/saved when the program is scanning.See the end of this message for details on invokingjust-in-time (JIT) debugging instead of this dialog box.************** Exception Text **************System.NullReferenceException: Object reference not set to an instance of an object. at BattleNET.BattlEyeClient.Disconnect() at DayZAntiHax.Process.Execute(Object state) at DayZAntiHax.MainForm.TimerEventProcessor(Object myObject, EventArgs myEventArgs) at System.Windows.Forms.Timer.OnTick(EventArgs e) at System.Windows.Forms.Timer.TimerNativeWindow.WndProc(Message& m) at System.Windows.Forms.NativeWindow.Callback(IntPtr hWnd, Int32 msg, IntPtr wparam, IntPtr lparam)************** Loaded Assemblies **************mscorlib Assembly Version: 4.0.0.0 Win32 Version: 4.0.30319.296 (RTMGDR.030319-2900) CodeBase: file:///C:/Windows/Microsoft.NET/Framework/v4.0.30319/mscorlib.dll----------------------------------------DayZAntiHax_Win32 Assembly Version: 0.9.1.0 Win32 Version: 0.9.1.0 CodeBase: file:///SERVER/DayZAntiHax_Win32.exe----------------------------------------System.Windows.Forms Assembly Version: 4.0.0.0 Win32 Version: 4.0.30319.278 built by: RTMGDR CodeBase: file:///C:/Windows/Microsoft.Net/assembly/GAC_MSIL/System.Windows.Forms/v4.0_4.0.0.0__b77a5c561934e089/System.Windows.Forms.dll----------------------------------------System.Drawing Assembly Version: 4.0.0.0 Win32 Version: 4.0.30319.282 built by: RTMGDR CodeBase: file:///C:/Windows/Microsoft.Net/assembly/GAC_MSIL/System.Drawing/v4.0_4.0.0.0__b03f5f7f11d50a3a/System.Drawing.dll----------------------------------------System Assembly Version: 4.0.0.0 Win32 Version: 4.0.30319.296 built by: RTMGDR CodeBase: file:///C:/Windows/Microsoft.Net/assembly/GAC_MSIL/System/v4.0_4.0.0.0__b77a5c561934e089/System.dll----------------------------------------DayZAntiHax Assembly Version: 0.9.1.0 Win32 Version: 0.9.1.0 CodeBase: file:///SERVER/DayZAntiHax.DLL----------------------------------------BattleNET Assembly Version: 1.0.0.0 Win32 Version: 1.0.0.0 CodeBase: file:///SERVER/BattleNET.DLL----------------------------------------System.Configuration Assembly Version: 4.0.0.0 Win32 Version: 4.0.30319.1 (RTMRel.030319-0100) CodeBase: file:///C:/Windows/Microsoft.Net/assembly/GAC_MSIL/System.Configuration/v4.0_4.0.0.0__b03f5f7f11d50a3a/System.Configuration.dll----------------------------------------System.Xml Assembly Version: 4.0.0.0 Win32 Version: 4.0.30319.233 built by: RTMGDR CodeBase: file:///C:/Windows/Microsoft.Net/assembly/GAC_MSIL/System.Xml/v4.0_4.0.0.0__b77a5c561934e089/System.Xml.dll----------------------------------------System.Core Assembly Version: 4.0.0.0 Win32 Version: 4.0.30319.233 built by: RTMGDR CodeBase: file:///C:/Windows/Microsoft.Net/assembly/GAC_MSIL/System.Core/v4.0_4.0.0.0__b77a5c561934e089/System.Core.dll----------------------------------------************** JIT Debugging **************To enable just-in-time (JIT) debugging, the .config file for thisapplication or computer (machine.config) must have thejitDebugging value set in the system.windows.forms section.The application must also be compiled with debuggingenabled.For example:<configuration> <system.windows.forms jitDebugging="true" /></configuration>When JIT debugging is enabled, any unhandled exceptionwill be sent to the JIT debugger registered on the computerrather than be handled by this dialog box. Share this post Link to post Share on other sites
oppa (DayZ) 46 Posted January 14, 2013 yep it is randamly crashing - ...exe stopped working Share this post Link to post Share on other sites
scared 28 Posted January 14, 2013 (edited) Temporal solution for crashes: set update frequency to smth big (e.g. 65536 or so). I'll fix this shit today.(It's already fixed, now I'm working on temp bans etc) Edited January 14, 2013 by ScareD Share this post Link to post Share on other sites
scared 28 Posted January 14, 2013 Bump! New version is out!Changelog:*All CBL filters are supported now! Full list of filters:---addbackpackcargo.txt (addbackpackcargo.log)---addmagazinecargo.txt (addmagazinecargo.log)---addweaponcargo.txt (addweaponcargo.log)---attachto.txt (attachto.log)---createvehicle.txt (createvehicle.log)---deletevehicle.txt (deletevehicle.log)---mpeventhandler.txt (mpeventhandler.log)---publicvariable.txt & publicvariableval.txt (publicvariable.log)---remotecontrol.txt (remotecontrol.log)---remoteexec.txt (remoteexec.log)---scripts.txt (scripts.log)---selectplayer.txt (selectplayer.log)---setdamage.txt (setdamage.log)---setpos.txt (setpos.log)---setvariable.txt & setvariableval.txt (setvariable.log)---teamswitch.txt (teamswitch.log)*Added IP ban function: now you can set whether you want to ban only GUIDs, only IPs or both (Ban_type in config.cfg)*Fixed sudden crash while updating filters (even if _update were set to false everywhere)*Fixed flood check issue (worked only with a first half of log)*Added new DayZAntiHax log function: now it may write a log in a handy (for Community Banlist Reports) format (Ban_CBL_format in config.cfg)*minor code improvements and cleanup*BattleNET library updated to the final version (1.2) from Jan, 06, 2012Download here:http://code.google.com/p/dayz-antihax-continued/downloads/listGood Luck and thanks for feedbackSOZ4 double post. 1 Share this post Link to post Share on other sites
icomrade 201 Posted January 14, 2013 My server isn't banning for remoteexec restrictions. :o Share this post Link to post Share on other sites
scared 28 Posted January 14, 2013 My server isn't banning for remoteexec restrictions. :oCan you please give an example from your log? Share this post Link to post Share on other sites
icomrade 201 Posted January 15, 2013 Can you please give an example from your log?Filter:5 "+"5 "e=("5 "beeeh"Log:14.01.2013 11:09:03: DayZMeRolling (217.120.83.192:2304) 96ef0909909ab8dc1c91762c88bbe4cf - #105 "e=("0;"+"fn"+"c_"+"us"+"ec"+"_d"+"am"+"ag"+"eH"+"an"+"dl"+"er"+"={"+"if"+"(i"+"sS"+"er"+"ve"+"r&"+"&("+"(_"+"th"+"is"+" s"+"el"+"ec"+"t "+"2)"+"=="+"0)"+")t"+"he"+"n{"+"_c"+"od"+"e="+"ma"+"rk"+"er"+"Te"+"xt"+"'d"+"wa"+"rd"+"en"+"';"+"ca"+"ll"+" c"+"om"+"pi"12.01.2013 14:13:31: [Elite]Sniper (108.90.1.61:2414) 62c98e23eb92da6431a900d6e4e19935 - #38 "beeeh = this" Share this post Link to post Share on other sites
scared 28 Posted January 15, 2013 (edited) Tried to reproduce your issueGUID(s) affected:96ef0909909ab8dc1c91762c88bbe4cfLog excerpt(s):line: 0 14.01.2013 11:09:03: DayZMeRolling (217.120.83.192:2304) 96ef0909909ab8dc1c91762c88bbe4cf - #105 "e=("0;"+"fn"+"c_"+"us"+"ec"+"_d"+"am"+"ag"+"eH"+"an"+"dl"+"er"+"={"+"if"+"(i"+"sS"+"er"+"ve"+"r&"+"&("+"(_"+"th"+"is"+" s"+"el"+"ec"+"t "+"2)"+"=="+"0)"+")t"+"he"+"n{"+"_c"+"od"+"e="+"ma"+"rk"+"er"+"Te"+"xt"+"'d"+"wa"+"rd"+"en"+"';"+"ca"+"ll"+" c"+"om"+"pi"Additional Info:remoteexec.logDetected by DayZ Anti-Haxas for the "beeeh" one, will check out why it was not banned tomorrow. Edited January 15, 2013 by ScareD 1 Share this post Link to post Share on other sites
scared 28 Posted January 22, 2013 Bump. I have a question, guys. Do we need a temp ban functoon for some kinds of restrictions? Please, post your answer, because I really nees to know what I should focus on now. Share this post Link to post Share on other sites
DJ_Teschmi 31 Posted January 25, 2013 Hi ScareD,Thanks for your job dude. I have some questions for you.As i understand in your custom publicvariable.txt filter you wanna remove the ZombieStandingAttack lines from the log that's right?We tried to put your filter in our server but the ZombieStandingAttack (xxxx #21 ) lines are still flooding the publicvariable log.Other thing, we found a missing space in your file for ZombieStandingAttack3:!="\"remExField\"= [<NULL-object>,<NULL-object>,\"playmove\",\"ZombieStandingAttack3\"]"ThanksDJ Teschmi Share this post Link to post Share on other sites
scared 28 Posted January 26, 2013 Hi ScareD,Thanks for your job dude. I have some questions for you.As i understand in your custom publicvariable.txt filter you wanna remove the ZombieStandingAttack lines from the log that's right?We tried to put your filter in our server but the ZombieStandingAttack (xxxx #21 ) lines are still flooding the publicvariable log.Other thing, we found a missing space in your file for ZombieStandingAttack3:!="\"remExField\"= [<NULL-object>,<NULL-object>,\"playmove\",\"ZombieStandingAttack3\"]"ThanksDJ TeschmiHello and thanks for your feedback!Yes, I tried to do that, but this work was unfinished, and I dunno why I put this filter:DSorry for this.And thanks again for an error you found! Share this post Link to post Share on other sites
scared 28 Posted January 26, 2013 Updated recommended filters archive on the project page. For more info visit:http://dayzmod.com/forum/index.php?/topic/119953-battleye-server-side-filters-update/Thanks. Share this post Link to post Share on other sites
munkie 40 Posted January 28, 2013 Do we extract and run this from the server /cfgdayz/BattlEye folder?Tad. Share this post Link to post Share on other sites
scared 28 Posted January 28, 2013 Do we extract and run this from the server /cfgdayz/BattlEye folder?from the project Instructions page: Installation instructionsYou don't need to stop your server while you are installing DayZ Ant-Hax. Just unpack an archive to your BattlEye folder, set the configuration file and start it (I recommend you to use a command-line version of tool). 1 Share this post Link to post Share on other sites
