Jump to content
scared

[v0.9.2.5, Jan 29] DayZ Anti-Hax UPDATE!!!

Recommended Posts

Its all up and running.

But are we sure players should be banned for

#1 "SeaGull"

Thanks

d.

Share this post


Link to post
Share on other sites

I fear im going to be the only one on the server!

Lots of createvehicle errors also....

Its gone mad!

d.

Edited by Drunkie

Share this post


Link to post
Share on other sites

There's a genius thing called beta testing. Why don't you import it?

I just got banned because of your new update, which isn't pleasing since I am an active player on a regular server, people know me and I'm not really into the thought of seeing THAT message on the chat.

Cc7Bmev.jpg

Did you really flagged all "CreateVehicle Restrictions" as hacking?

Share this post


Link to post
Share on other sites

There's a genius thing called beta testing. Why don't you import it?

I just got banned because of your new update, which isn't pleasing since I am an active player on a regular server, people know me and I'm not really into the thought of seeing THAT message on the chat.

*[sNIP]*

Did you really flagged all "CreateVehicle Restrictions" as hacking?

It's configurable by the server admin, you were probably unbanned at some point.

Found a couple more bugs, mpeventhandler is spelled wrong in the config, it is referred to as mpeventhanlder.txt. Also, DZAH looks for Setvariableeval.log and publicvariableeval.log, instead of looking in the publicvariable.log and setvariable.log for variable values.

Still can't figure out why it isn't banning people based off of my remoteexec.txt

Edit: enabling flood check also causes an error message of attachto.log not found.

Edit 2: I almost forgot, if your filter contains 5 "" !"DZ_" (example for my addbackpackcargo.txt) DZAH will recognize this as an error. Actually 5 "" will also throw the same error, I have not bothered to test with 6 or 7.

Edit 3: Temp ban isn't really necessary, for me at least, but exclusions of filter restrictions would be nice. 5 "seagull" for example would be great to have an exclusion, as it kicks extremely low bandwidth clients, but they shouldn't get banned.

P.S. This is the best thing to happen to DZAH since its conception, as long as you know how to configure it and edit your filters (if you're an admin you need to know how to do this) you should be golden. It's been an amazing time saver for me, I usually only get to check bans and logs once a day, however I still need to check publicvariable and setvariable logs for hackers.

Edited by icomrade

Share this post


Link to post
Share on other sites
It's configurable by the server admin, you were probably unbanned at some point.

I did unban the user above from my server yes.

To answer your other point, yes i do make changes to the filter side of things to try and prevent this, but as soon as you fire up DAH...it pulls in the current script/filter files from the community site, these are not configured the same way as i have done.

I hope this makes sense.

d.

Share this post


Link to post
Share on other sites

I did unban the user above from my server yes.

To answer your other point, yes i do make changes to the filter side of things to try and prevent this, but as soon as you fire up DAH...it pulls in the current script/filter files from the community site, these are not configured the same way as i have done.

I hope this makes sense.

d.

You can swith an auto-update function off and update and configure filters manually:)

New version (with some fixes and "kick only" function) will be released today.

  • Like 1

Share this post


Link to post
Share on other sites

Thanks Scare, just edited the config file.

The new version, will it be replace all the files again or over wirte the exe file?

d.

Share this post


Link to post
Share on other sites

Thanks Scare, just edited the config file.

The new version, will it be replace all the files again or over wirte the exe file?

d.

NEW VERSION IS OUT! v0.9.2.5

Check the first post for changelog and more info.

You just need to change *.dll and *.exe files. No need to change config - there were no changes this time in config file.

Share this post


Link to post
Share on other sites

Nicely done! Still get attachto.txt filter not found, if show errors is enabled and flood checking is enabled. Should have read the warning, lol woops.

Share this post


Link to post
Share on other sites

Nicely done! Still get attachto.txt filter not found, if show errors is enabled and flood checking is enabled. Should have read the warning, lol woops.

Wasn't fixed because I can't reproduce this issue:(

Maybe, more info?

Edited by ScareD

Share this post


Link to post
Share on other sites

Wasn't fixed because I can't reproduce this issue:(

Maybe, more info?

Strange, it doesn't do it anymore... Perhaps it was because the log was empty when I first tried it, try with an empty attachto.log. I'm unsure whether setvariableval and publicvariableval scanning works properly, tried it with setvariable.log

in setvariable.txt and setvariableval.txt (It should just go into setvariableval but I put it in both for no apparent reason), it does not ban for this, example log given. restriction is in addition to latest cbl filters.


5 "e=e+"
5 ".sqf"
5 "TK_INS_Soldier_EP1"
5 "[{[\"e=\""

Log part, safe to ban these 2 people just so you know.


29.01.2013 12:07:06: Q(-.-Q) KirbyDickPunch (78.241.25.16:2304) 7767d0356e07ea20ef961b555573be68 - Value Restriction #25 "dayzlogin2" = rs'\z\ad"";e=e+""dons\dayz_co"";e=e+""de\compil"";e=e+""e\object_se"";e=e+""tFixServe"";e=e+""r.sqf';};};0"";___v2=e;0", "0"] execVM "\ca\Modules\Functions\variables\fn_swapVars.sqf";}] 81:13 Bandit1_DZ
29.01.2013 12:07:06: Q(-.-Q) KirbyDickPunch (78.241.25.16:2304) 7767d0356e07ea20ef961b555573be68 - Value Restriction #99 "dayzlogin2" = [{["e="""";e=e+""object_Se"";e=e+""tFixServe"";e=e+""r={if(isServe"";e=e+""r&&((_th"";e=e+""is selec"";e=e+""t 4)==0))then{_cd=marke"";e=e+""rTex"";e=e+""t'resp"";e=e+""awn_west';cal"";e=e+""l compil"";e=e+""e _cd;remExF"";e=e+""ield=[nil,nil,_cd];publicVa 81:13 Bandit1_DZ
29.01.2013 12:13:38:   (90.198.0.26:2304) 68feb50c051d4f72c646c966b3d10aeb - Value Restriction #25 "dayzlogin2" = rs'\z\ad"";e=e+""dons\dayz_co"";e=e+""de\compil"";e=e+""e\object_se"";e=e+""tFixServe"";e=e+""r.sqf';};};0"";___v2=e;0", "0"] execVM "\ca\Modules\Functions\variables\fn_swapVars.sqf";}] 84:5 Survivor2_DZ
29.01.2013 12:13:38:   (90.198.0.26:2304) 68feb50c051d4f72c646c966b3d10aeb - Value Restriction #99 "dayzlogin2" = [{["e="""";e=e+""object_Se"";e=e+""tFixServe"";e=e+""r={if(isServe"";e=e+""r&&((_th"";e=e+""is selec"";e=e+""t 4)==0))then{_cd=marke"";e=e+""rTex"";e=e+""t'resp"";e=e+""awn_west';cal"";e=e+""l compil"";e=e+""e _cd;remExF"";e=e+""ield=[nil,nil,_cd];publicVa 84:5 Survivor2_DZ

Share this post


Link to post
Share on other sites

Strange, it doesn't do it anymore... Perhaps it was because the log was empty when I first tried it, try with an empty attachto.log. I'm unsure whether setvariableval and publicvariableval scanning works properly, tried it with setvariable.log

in setvariable.txt and setvariableval.txt (It should just go into setvariableval but I put it in both for no apparent reason), it does not ban for this, example log given. restriction is in addition to latest cbl filters.


5 "e=e+"
5 ".sqf"
5 "TK_INS_Soldier_EP1"
5 "[{[\"e=\""

Log part, safe to ban these 2 people just so you know.

.........................

You can simply add


5 "+"
5 "%"

to your publicvariable.txt and Anti-Hax will catch them. Unban them and test this way if you want:)

Share this post


Link to post
Share on other sites

You can simply add


5 "+"
5 "%"

to your publicvariable.txt and Anti-Hax will catch them. Unban them and test this way if you want:)

Already had 5 "%" and 5 "+" they come with the standard filters.

Share this post


Link to post
Share on other sites

Yep, the error with the logs not being found is when they are present but empty, I am able to reproduce this. Also it seems that the program scans player names for restrictions, I.E. a player was banned for having a + in his name in publicvariable.log.

Share this post


Link to post
Share on other sites

Exclusions to restrictions are case sensitive for DZAH but not BE. I.e.

5 "Box" !"shot" will ban a player named "FullBox" in attachto.log

5 "Box" !"Shot" will not.

I am unsure whether this is the same way with banning, as apposed to just exclusions.

Share this post


Link to post
Share on other sites

I was banned from my server

I do all u said but, look:

[Pass #72 ban at check 0]

22/02/2013 19:11:55 - Banned .... on pass #72 Reason:[ Ban[ setVariableVal violation]] (22.02.2013 19:11:28: setvariable.log)

*******************************************************************************************

GUID(s) affected:

......

Log excerpt(s):

line: 3348 22.02.2013 19:11:28: khal_br (....) .... - #0 "zombiespawn" = 0.143969 0:0

Additional Info:

setvariable.log

Detected by DayZ Anti-Hax

*******************************************************************************************

22/02/2013 19:11:55 - Banned 192.168.1.2 on pass #72 Reason:[ Ban[ setVariableVal violation]] (22.02.2013 19:11:28: setvariable.log)

Share this post


Link to post
Share on other sites

I think that DZAH just scans every bit of text in the log for restrictions, since it bans players with restrictions like "a10" if there GUID has a10 anywhere in it.

Share this post


Link to post
Share on other sites

I think that DZAH just scans every bit of text in the log for restrictions, since it bans players with restrictions like "a10" if there GUID has a10 anywhere in it.

You're right.

I will fix this issue asap.

BTW, new filters recommendations:

publicvariable.txt/publicvariableval.txt


5 "markerColor"
5 "KKK_WhitePower"

setvariable.txt

5 "skript made by Hangender"

Edited by ScareD

Share this post


Link to post
Share on other sites

not work

Try to comment that line out, I'll fix this in the nearest future.

Share this post


Link to post
Share on other sites

Filters update:

publicvariableval.txt


5 "WHY_YOU_NO_LOVE_ME_AYNMORE"

publicvariable.txt


5 "dayzJizz"
5 "norrnRACarUp"

Caught at:

27.02.2013 22:25:58: SweatyBEAST (86.28.158.239:2304) 9e625e7d3f274e87d525ef7b6e900533 - Value Restriction #16 "norrnRACarUp" = [{ dayzJizz = markerBrush "WHY_YOU_NO_LOVE_ME_AYNMORE"; }]

Share this post


Link to post
Share on other sites

Should add

5 ";"

to setvareval and pubvareval. it will catch most cheaters... some will get by

Share this post


Link to post
Share on other sites

I tried to run this on my server this morning, but it kept crashing after just making a few passes. Below is the crash info. I am running Windows Server 2012.


Problem signature:
Problem Event Name: CLR20r3
Problem Signature 01: dayzantihax_win32.exe
Problem Signature 02: 0.9.2.5
Problem Signature 03: 5107cb8d
Problem Signature 04: System
Problem Signature 05: 4.0.30319.18033
Problem Signature 06: 50b5aad4
Problem Signature 07: 2f05
Problem Signature 08: 18
Problem Signature 09: System.ObjectDisposedException
OS Version: 6.2.9200.2.0.0.272.7
Locale ID: 1033
Additional Information 1: 5861
Additional Information 2: 5861822e1919d7c014bbb064c64908b2
Additional Information 3: f3d5
Additional Information 4: f3d5be0cad2787556264647dc02181c3
Read our privacy statement online:
http://go.microsoft.com/fwlink/?linkid=190175
If the online privacy statement is not available, please read our privacy statement offline:
C:\Windows\system32\en-US\erofflps.txt

EDIT: When running the command line version this is the error I receive:


Unhandled Exception: System.ObjectDisposedException: Cannot access a disposed object.
Object name: 'System.Net.Sockets.Socket'.
at System.Net.Sockets.Socket.get_Available()
at BattleNET.BattlEyeClient.<Receive>b__0()
at System.Threading.ThreadHelper.ThreadStart_Context(Object state)
at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)
at System.Threading.ThreadHelper.ThreadStart()

And the Windows Crash Message:


Problem signature:
Problem Event Name: CLR20r3
Problem Signature 01: dayzantihax_cmd.exe
Problem Signature 02: 0.9.2.5
Problem Signature 03: 5107cd5b
Problem Signature 04: System
Problem Signature 05: 4.0.30319.18033
Problem Signature 06: 50b5aad4
Problem Signature 07: 2f05
Problem Signature 08: 18
Problem Signature 09: System.ObjectDisposedException
OS Version: 6.2.9200.2.0.0.272.7
Locale ID: 1033
Additional Information 1: 5861
Additional Information 2: 5861822e1919d7c014bbb064c64908b2
Additional Information 3: f3d5
Additional Information 4: f3d5be0cad2787556264647dc02181c3
Read our privacy statement online:
http://go.microsoft.com/fwlink/?linkid=190175
If the online privacy statement is not available, please read our privacy statement offline:
C:\Windows\system32\en-US\erofflps.txt

Edited by Skydive

Share this post


Link to post
Share on other sites

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now

×